From de9986963ec6366eb658380598275153a8391857 Mon Sep 17 00:00:00 2001
From: paisley <8197966+su8su@users.noreply.github.com>
Date: Thu, 4 Dec 2025 16:14:34 +0800
Subject: [PATCH] fix: fix create strategy agent

---
 .../server/api/routers/strategy_agent.py      | 40 +++++++++++++------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/python/valuecell/server/api/routers/strategy_agent.py b/python/valuecell/server/api/routers/strategy_agent.py
index 7452aa9f6..1a122584d 100644
--- a/python/valuecell/server/api/routers/strategy_agent.py
+++ b/python/valuecell/server/api/routers/strategy_agent.py
@@ -54,6 +54,20 @@ async def create_strategy_agent(
         UserRequest JSON, and returns an aggregated JSON response (non-SSE).
         """
         try:
+            # Helper: dump request config without sensitive credentials
+            def _safe_config_dump(req: UserRequest) -> dict:
+                return req.model_dump(
+                    exclude={
+                        "exchange_config": {
+                            "api_key",
+                            "secret_key",
+                            "passphrase",
+                            "wallet_address",
+                            "private_key",
+                        }
+                    }
+                )
+
             # Ensure we only serialize the core UserRequest fields, excluding conversation_id
             user_request = UserRequest(
                 llm_model_config=request.llm_model_config,
@@ -188,7 +202,7 @@ async def create_strategy_agent(
                                 description=None,
                                 user_id=user_input_meta.user_id,
                                 status=status.value,
-                                config=request.model_dump(),
+                                config=_safe_config_dump(request),
                                 metadata=metadata,
                             )
                         except Exception:
@@ -205,16 +219,18 @@ async def create_strategy_agent(
                     code=StatusCode.INTERNAL_ERROR,
                     msg="No status event from orchestrator",
                 )
-            except Exception as exc:
-                # Orchestrator failed; do NOT persist or fallback, return error only
+            except Exception:
+                # Orchestrator failed; do NOT persist or fallback, return generic error only
                 return ErrorResponse.create(
-                    code=StatusCode.INTERNAL_ERROR, msg=str(exc)
+                    code=StatusCode.INTERNAL_ERROR, msg="Internal error"
                 )
 
-        except Exception as e:
-            # As a last resort, log the exception and return error without persistence or fallback.
-            logger.exception(f"Failed to create strategy in API endpoint: {e}")
-            return ErrorResponse.create(code=StatusCode.INTERNAL_ERROR, msg=str(e))
+        except Exception:
+            # As a last resort, log without sensitive details and return generic error.
+            logger.exception("Failed to create strategy in API endpoint")
+            return ErrorResponse.create(
+                code=StatusCode.INTERNAL_ERROR, msg="Internal error"
+            )
 
     @router.post("/test-connection")
     async def test_exchange_connection(request: ExchangeConfig):
@@ -256,11 +272,11 @@ async def test_exchange_connection(request: ExchangeConfig):
             finally:
                 await gateway.close()
 
-        except Exception as e:
-            # If create_ccxt_gateway fails or other error
-            logger.warning(f"Connection test failed: {e}")
+        except Exception:
+            # If create_ccxt_gateway fails or other error, avoid logging sensitive info
+            logger.warning("Connection test failed")
             raise HTTPException(
-                status_code=400, detail=f"Failed, please check your API key: {str(e)}"
+                status_code=400, detail="Failed, please check your API key"
             )
 
     @router.delete("/delete")