feat: decrypt API key using ServerEnv.password_decode

- Add API key decryption in _resolve_provider using env.password_decode - Matches project standard for encrypted credentials
2026-05-07 17:31:05 +08:00 · 2026-05-07 17:31:05 +08:00 · e5e6796a4b
commit e5e6796a4b
parent 1dbfd25772
1 changed files with 11 additions and 1 deletions
--- a/harnessed_agent/llm_client.py
+++ b/harnessed_agent/llm_client.py
@ -103,7 +103,9 @@ async def _get_llm_config() -> Dict[str, Any]:
                info(f"[llm_config] DB='{dbname}' rows={len(rows)}")
                if rows:
                    row = rows[0]
-                    info(f"[llm_config] DB='{dbname}' config: llm_provider={repr(row.get('llm_provider'))}, default_model={repr(row.get('default_model'))}, llm_service_url={repr(row.get('llm_service_url'))}")
+                    api_key = row.get('llm_api_key', '')
+                    api_key_show = (api_key[:4] + '...' + api_key[-4:]) if api_key else '(empty)'
+                    info(f"[llm_config] DB='{dbname}' config: llm_provider={repr(row.get('llm_provider'))}, default_model={repr(row.get('default_model'))}, llm_service_url={repr(row.get('llm_service_url'))}, llm_api_key={api_key_show}")
                    return row
                else:
                    warning(f"No rows in harnessed_agent_config in DB '{dbname}' for user_id={repr(user_id)}")
@ -121,6 +123,14 @@ def _resolve_provider(config: Dict[str, Any]) -> Dict[str, str]:
    api_key = config.get('llm_api_key', '')
    model = config.get('default_model', '')

+    # Decrypt API key if encrypted
+    if api_key:
+        try:
+            env = ServerEnv()
+            api_key = env.password_decode(api_key)
+        except Exception:
+            pass
+
    # If provider name is set, use preset URL
    if provider and provider in LLM_PROVIDERS:
        preset = LLM_PROVIDERS[provider]