fix: address PR review comments for agent generator

- Re-raise DatabaseError in get_library_agent_by_id to not swallow DB failures - Add error details sanitization to strip sensitive info (paths, URLs, etc.) - Clean up redundant inline comments in edit_agent.py
2026-04-08 03:00:28 -04:00 · 2026-01-30 07:59:11 -06:00
parent aef705007b
commit 1ad8fde75d
3 changed files with 53 additions and 12 deletions
--- a/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/core.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/core.py
@@ -15,7 +15,7 @@ from backend.data.graph import (
    get_graph,
    get_graph_all_versions,
 )
-from backend.util.exceptions import NotFoundError
+from backend.util.exceptions import DatabaseError, NotFoundError

 from .service import (
    decompose_goal_external,
@@ -151,6 +151,8 @@ async def get_library_agent_by_id(
                input_schema=agent.input_schema,
                output_schema=agent.output_schema,
            )
+    except DatabaseError:
+        raise
    except Exception as e:
        logger.debug(f"Could not fetch library agent by graph_id {agent_id}: {e}")

@@ -168,8 +170,13 @@ async def get_library_agent_by_id(
            )
    except NotFoundError:
        logger.debug(f"Library agent not found by library_id: {agent_id}")
+    except DatabaseError:
+        raise
    except Exception as e:
-        logger.debug(f"Could not fetch library agent by library_id {agent_id}: {e}")
+        logger.warning(
+            f"Could not fetch library agent by library_id {agent_id}: {e}",
+            exc_info=True,
+        )

    return None

--- a/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/errors.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/errors.py
@@ -1,5 +1,42 @@
 """Error handling utilities for agent generator."""

+import re
+
+
+def _sanitize_error_details(details: str) -> str:
+    """Sanitize error details to remove sensitive information.
+
+    Strips common patterns that could expose internal system info:
+    - File paths (Unix and Windows)
+    - Database connection strings
+    - URLs with credentials
+    - Stack trace internals
+
+    Args:
+        details: Raw error details string
+
+    Returns:
+        Sanitized error details safe for user display
+    """
+    # Remove file paths (Unix-style)
+    sanitized = re.sub(
+        r"/[a-zA-Z0-9_./\-]+\.(py|js|ts|json|yaml|yml)", "[path]", details
+    )
+    # Remove file paths (Windows-style)
+    sanitized = re.sub(r"[A-Z]:\\[a-zA-Z0-9_\\.\\-]+", "[path]", sanitized)
+    # Remove database URLs
+    sanitized = re.sub(
+        r"(postgres|mysql|mongodb|redis)://[^\s]+", "[database_url]", sanitized
+    )
+    # Remove URLs with credentials
+    sanitized = re.sub(r"https?://[^:]+:[^@]+@[^\s]+", "[url]", sanitized)
+    # Remove line numbers from stack traces
+    sanitized = re.sub(r", line \d+", "", sanitized)
+    # Remove "File" references from stack traces
+    sanitized = re.sub(r'File "[^"]+",?', "", sanitized)
+
+    return sanitized.strip()
+

 def get_user_message_for_error(
    error_type: str,
@@ -55,12 +92,13 @@ def get_user_message_for_error(
    else:
        base_message = f"Failed to {operation}. Please try again."

-    # Add error details if provided (for debugging, truncated)
+    # Add error details if provided (sanitized and truncated)
    if error_details:
+        # Sanitize to remove sensitive information
+        details = _sanitize_error_details(error_details)
        # Truncate long error details
-        details = (
-            error_details[:200] + "..." if len(error_details) > 200 else error_details
-        )
+        if len(details) > 200:
+            details = details[:200] + "..."
        base_message += f"\n\nTechnical details: {details}"

    return base_message
--- a/autogpt_platform/backend/backend/api/features/chat/tools/edit_agent.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/edit_agent.py
@@ -128,24 +128,20 @@ class EditAgentTool(BaseTool):
                session_id=session_id,
            )

-        # Fetch relevant library and marketplace agents for sub-agent composition
        library_agents = None
        if user_id:
            try:
-                # Use the actual graph ID from current_agent to properly exclude
-                # the agent being edited (agent_id might be a library agent ID)
                exclude_id = current_agent.get("id") or agent_id
                library_agents = await get_all_relevant_agents_for_generation(
                    user_id=user_id,
-                    search_query=changes,  # Use changes as search term
-                    exclude_graph_id=exclude_id,  # Don't include the agent being edited
+                    search_query=changes,
+                    exclude_graph_id=exclude_id,
                    include_marketplace=True,
                )
                logger.debug(
                    f"Found {len(library_agents)} relevant agents for sub-agent composition"
                )
            except Exception as e:
-                # Log but don't fail - agent editing can work without sub-agents
                logger.warning(f"Failed to fetch library agents: {e}")

        # Build the update request with context