From d4634cb00b975404a550ec927412fa20f4e79070 Mon Sep 17 00:00:00 2001
From: daymade <daymadev89@gmail.com>
Date: Fri, 20 Mar 2026 03:41:27 +0800
Subject: [PATCH] security: remove leaked API key from security.py docstring
 examples

Replace real Zhipu GLM API key with fake placeholder in mask_secret()
and SecretStr docstring examples. The real key was exposed in this
PUBLIC repo.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 transcript-fixer/scripts/utils/security.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/transcript-fixer/scripts/utils/security.py b/transcript-fixer/scripts/utils/security.py
index 69e6185..b98cfb9 100644
--- a/transcript-fixer/scripts/utils/security.py
+++ b/transcript-fixer/scripts/utils/security.py
@@ -43,7 +43,7 @@ def mask_secret(secret: str, visible_chars: int = 4) -> str:
         Masked string like "7fb3...DPRR"
 
     Examples:
-        >>> mask_secret("7fb3ab7b186242288fe93a27227b7149.bJCOEAsUfejvWDPR")
+        >>> mask_secret("example-fake-api-key-1234567890abcdef.test")
         '7fb3...DPRR'
 
         >>> mask_secret("short")
@@ -248,7 +248,7 @@ class SecretStr:
     Wrapper for secrets that prevents accidental logging.
 
     Usage:
-        api_key = SecretStr("7fb3ab7b186242288fe93a27227b7149.bJCOEAsUfejvWDPR")
+        api_key = SecretStr("example-fake-api-key-1234567890abcdef.test")
         print(api_key)  # Prints: SecretStr(7fb3...DPRR)
         print(api_key.get())  # Get actual value when needed