fix: scrub hardcoded test credentials (#477 )

Replace literal passwords in two testing-agent code samples with environment-variable reads — the secure, idiomatic pattern for each framework rather than a placeholder string: - testing-api-tester.md: 'secure_password' -> process.env.TEST_USER_PASSWORD - testing-performance-benchmarker.md: 'password123' -> __ENV.TEST_USER_PASSWORD (k6) Removes the weak-credential examples flagged in #477 and models good secrets hygiene for anyone copying these snippets. Closes #477 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
docs: sync roster to 218 agents + fix install.sh --list (#570 )
2026-06-10 21:24:56 +03:00 · 2026-06-06 17:34:04 -05:00 · 2026-06-06 17:30:49 -05:00
2 changed files with 2 additions and 2 deletions
@@ -74,7 +74,7 @@ describe('User API Comprehensive Testing', () => {
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({
        email: 'test@example.com',
-        password: 'secure_password'
+        password: process.env.TEST_USER_PASSWORD
      })
    });
    const data = await response.json();
@@ -90,7 +90,7 @@ export default function () {
  // Test critical user journey
  const loginResponse = http.post(`${baseUrl}/api/auth/login`, {
    email: 'test@example.com',
-    password: 'password123'
+    password: __ENV.TEST_USER_PASSWORD
  });
  
  check(loginResponse, {