style: change redaction placeholder to your-key-here for better aesthetics

src/agents/pi-embedded-subscribe.scrubbing.test.ts

@@ -57,7 +57,7 @@ describe("Scrubbing Integration", () => {
 
     expect(onBlockReply).toHaveBeenCalled();
     const lastCall = onBlockReply.mock.calls[0][0];
-    expect(lastCall.text).toContain("[REDACTED]");
+    expect(lastCall.text).toContain("your-key-here");
     expect(lastCall.text).not.toContain("super-secret-token-123");
   });
 
@@ -93,7 +93,7 @@ describe("Scrubbing Integration", () => {
 
     expect(onToolResult).toHaveBeenCalled();
     const lastCall = onToolResult.mock.calls[0][0];
-    expect(lastCall.text).toContain("[REDACTED]");
+    expect(lastCall.text).toContain("your-key-here");
     expect(lastCall.text).not.toContain("db-password-xyz");
   });
 
@@ -132,7 +132,7 @@ describe("Scrubbing Integration", () => {
 
     expect(onReasoningStream).toHaveBeenCalled();
     const lastCall = onReasoningStream.mock.calls[0][0];
-    expect(lastCall.text).toContain("[REDACTED]");
+    expect(lastCall.text).toContain("your-key-here");
     expect(lastCall.text).not.toContain("reasoning-secret-123");
   });
 });

src/security/scrubber.test.ts

@@ -16,8 +16,8 @@ describe("SecretScrubber", () => {
         "Key: sensitive-key-123, Pass: sensitive-password-123, Layout: not-sensitive-123";
       const scrubbed = scrubber.scrub(text);
 
-      expect(scrubbed).toContain("Key: [REDACTED]");
+      expect(scrubbed).toContain("Key: your-key-here");
-      expect(scrubbed).toContain("Pass: [REDACTED]");
+      expect(scrubbed).toContain("Pass: your-key-here");
       expect(scrubbed).toContain("Layout: not-sensitive-123");
     });
 
@@ -31,7 +31,7 @@ describe("SecretScrubber", () => {
       const text = "api: sensitive-api-key, token: sensitive-auth-token";
       const scrubbed = scrubber.scrub(text);
 
-      expect(scrubbed).toBe("api: [REDACTED], token: [REDACTED]");
+      expect(scrubbed).toBe("api: your-key-here, token: your-key-here");
     });
   });
 
@@ -42,20 +42,20 @@ describe("SecretScrubber", () => {
       config.self = config;
 
       expect(() => scrubber.extractFromConfig(config)).not.toThrow();
-      expect(scrubber.scrub("secret-circular")).toBe("[REDACTED]");
+      expect(scrubber.scrub("secret-circular")).toBe("your-key-here");
     });
 
     it("escapes regex special characters in secrets", () => {
       const scrubber = new SecretScrubber(["$ecret.with*chars+"]);
       const text = "My secret is $ecret.with*chars+ now.";
-      expect(scrubber.scrub(text)).toBe("My secret is [REDACTED] now.");
+      expect(scrubber.scrub(text)).toBe("My secret is your-key-here now.");
     });
 
     it("handles overlapping secrets by redacting longer ones first", () => {
       const scrubber = new SecretScrubber(["password", "password123"]);
       const text = "My pass is password123";
-      // If "password" matched first, result would be "[REDACTED]123"
+      // If "password" matched first, result would be "your-key-here123"
-      expect(scrubber.scrub(text)).toBe("My pass is [REDACTED]");
+      expect(scrubber.scrub(text)).toBe("My pass is your-key-here");
     });
   });
 

src/security/scrubber.ts

@@ -88,7 +88,7 @@ export class SecretScrubber {
     if (!text || !this.regex || this.secrets.size === 0) {
       return text;
     }
-    return text.replace(this.regex, "[REDACTED]");
+    return text.replace(this.regex, "your-key-here");
   }
 
   private rebuildRegex(): void {