fix(ci): clear signal and docs guard blockers (#85693)

* fix(signal): use lint-safe test api export

* docs: avoid private key sentinel example

docs/reference/secret-placeholder-conventions.md

@@ -18,7 +18,7 @@ Use placeholders that are human-readable but do not resemble real secrets.
 
 ## Avoid these patterns in docs
 
-- Private key sentinels such as `-----BEGIN PRIVATE KEY-----`.
+- Literal PEM private-key header or footer text.
 - Prefixes that resemble live credentials, for example `sk-...`, `xoxb-...`, `AKIA...`.
 - Realistic-looking bearer tokens copied from runtime logs.
 

extensions/signal/src/daemon.test.ts

@@ -1,12 +1,12 @@
 import os from "node:os";
 import path from "node:path";
 import { describe, expect, it } from "vitest";
-import { __testing } from "./daemon.js";
+import { testApi } from "./daemon.js";
 
 describe("signal daemon args", () => {
   it("expands home-relative configPath before passing it to signal-cli", () => {
     expect(
-      __testing.buildDaemonArgs({
+      testApi.buildDaemonArgs({
         cliPath: "signal-cli",
         configPath: "~/.openclaw/signal-cli",
         httpHost: "127.0.0.1",

extensions/signal/src/daemon.ts

@@ -163,7 +163,7 @@ export function spawnSignalDaemon(opts: SignalDaemonOpts): SignalDaemonHandle {
   };
 }
 
-export const __testing = {
+export const testApi = {
   buildDaemonArgs,
   resolveSignalCliConfigPath,
 } as const;