From 0fa5ebbe0d86704e9c9edc35a53749a821cd24d6 Mon Sep 17 00:00:00 2001
From: Sebastion <sebastion@sebastion.dev>
Date: Sat, 4 Apr 2026 17:29:03 +0100
Subject: [PATCH] fix: remove hardcoded API key from playground test file
 (CWE-798)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The file memoryos-playground/test.py contained a hardcoded OpenAI API key
(sk-7VaFJu...) that was committed to source control. This is a credential
leak — anyone with repository access could extract and abuse the key.

Replace the hardcoded value with an empty string placeholder, consistent
with the pattern used in memoryos-pypi/test.py and memoryos-mcp/memoryos/test.py
which already use empty placeholders.

The key owner should rotate the exposed credential immediately.
---
 memoryos-playground/test.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/memoryos-playground/test.py b/memoryos-playground/test.py
index 80ef9da..5476973 100644
--- a/memoryos-playground/test.py
+++ b/memoryos-playground/test.py
@@ -5,7 +5,7 @@
 # --- Basic Configuration ---
 USER_ID = "demo_user"
 ASSISTANT_ID = "demo_assistant"
-API_KEY = "sk-7VaFJuGM146a957c4E75T3BlBkFJb7232107783F41C29e00"  # Replace with your key
+API_KEY = ""  # Replace with your key
 BASE_URL = "https://cn2us02.opapi.win/v1"  # Optional: if using a custom OpenAI endpoint
 DATA_STORAGE_PATH = "./simple_demo_data"
 LLM_MODEL = "gpt-4o-mini"
@@ -90,4 +90,4 @@ def simple_demo():
     print(f"Assistant: {response}")
 
 if __name__ == "__main__":
-    simple_demo()
\ No newline at end of file
+    simple_demo()