Update to use DashScope credentials securely via environment variables

- Modified config.py to load credentials from DASHSCOPE_API_KEY and DASHSCOPE_BASE_URL env vars
- Updated setup_space.py to set HF Space secrets via API without exposing keys in logs
- Updated env_loader.py to validate DashScope credentials securely
- Removed hardcoded API keys from configuration
- Added function to set HF Space secrets programmatically

README.md

@@ -1,10 +0,0 @@
----
-title: Multi Agent System
-emoji: 📉
-colorFrom: indigo
-colorTo: red
-sdk: docker
-pinned: false
----
-
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

base_agent.py

@@ -26,7 +26,7 @@ class BaseAgent:
         self.agent_name = agent_name
         self.system_prompt = system_prompt
         
-        # Initialize OpenRouter client
+        # Initialize DashScope client (OpenAI-compatible API)
         self.client = OpenAI(
             api_key=settings.openrouter_api_key,
             base_url=settings.openrouter_base_url,
@@ -53,7 +53,7 @@ class BaseAgent:
         logger.info(f"{self.agent_name}: Processing inputs")
         
         try:
-            # Call OpenRouter API via OpenAI client
+            # Call DashScope API via OpenAI client
             response = self.client.chat.completions.create(
                 model=settings.model_name,
                 messages=[

config.py

@@ -14,10 +14,10 @@ validate_on_startup()
 class Settings(BaseSettings):
     """Application settings loaded from environment variables."""
 
-    # OpenRouter Configuration
+    # DashScope Configuration (Aliyun Qwen) - loaded from environment
     openrouter_api_key: str = ""
-    openrouter_base_url: str = "https://openrouter.ai/api/v1"
-    model_name: str = "poolside/laguna-m.1:free"
+    openrouter_base_url: str = ""
+    model_name: str = "qwen3.7-plus"
 
     # Hugging Face Configuration
     huggingface_token: str = ""
@@ -52,22 +52,24 @@ class Settings(BaseSettings):
         protected_namespaces = ('settings_',)  # Allow model_ namespace
 
     def __init__(self, **data):
-        # Load from environment with fallbacks
+        # Load DashScope credentials from environment
         if not data.get("openrouter_api_key"):
-            data["openrouter_api_key"] = os.getenv("OPENROUTER_API_KEY", "")
-        if not data.get("huggingface_token"):
-            data["huggingface_token"] = os.getenv("HUGGINGFACE_TOKEN", "")
-        if not data.get("huggingface_dataset"):
-            data["huggingface_dataset"] = os.getenv(
-                "HUGGINGFACE_DATASET", "factorstudios/Pipeline"
-            )
+            data["openrouter_api_key"] = os.getenv("DASHSCOPE_API_KEY", "")
         if not data.get("openrouter_base_url"):
             data["openrouter_base_url"] = os.getenv(
-                "OPENROUTER_BASE_URL", "https://openrouter.ai/api/v1"
+                "DASHSCOPE_BASE_URL", "https://dashscope.aliyuncs.com/compatible-mode/v1"
             )
         if not data.get("model_name"):
             data["model_name"] = os.getenv(
-                "MODEL_NAME", "poolside/laguna-m.1:free"
+                "MODEL_NAME", "qwen3.7-plus"
+            )
+        
+        # Load Hugging Face configuration
+        if not data.get("huggingface_token"):
+            data["huggingface_token"] = os.getenv("HUGGINGFACE_TOKEN", "")
+        if not data.get("huggingface_dataset"):
+            data["huggingface_dataset"] = os.getenv(
+                "HUGGINGFACE_DATASET", "factorstudios/Pipeline"
             )
 
         super().__init__(**data)

env_loader.py

@@ -48,13 +48,16 @@ class EnvironmentLoader:
             True if all required secrets are present, False otherwise
         """
         required_secrets = [
-            "OPENROUTER_API_KEY",
             "HUGGINGFACE_TOKEN",
         ]
 
+        dashscope_secrets = [
+            "DASHSCOPE_API_KEY",
+            "DASHSCOPE_BASE_URL",
+        ]
+
         optional_secrets = [
             "HUGGINGFACE_DATASET",
-            "OPENROUTER_BASE_URL",
             "MODEL_NAME",
         ]
 
@@ -67,16 +70,30 @@ class EnvironmentLoader:
                 logger.error(f"Missing required secret: {secret}")
                 all_valid = False
             else:
-                # Log masked value for debugging
-                masked = value[:10] + "..." if len(value) > 10 else "***"
-                logger.info(f"✓ {secret} configured ({masked})")
+                logger.info(f"✓ {secret} configured")
+
+        # Check DashScope secrets (without exposing values)
+        logger.info("\nDashScope Configuration:")
+        dashscope_valid = True
+        for secret in dashscope_secrets:
+            value = os.getenv(secret)
+            if value:
+                logger.info(f"✓ {secret} configured (***hidden***)")
+            else:
+                logger.warning(f"⚠ {secret} not configured")
+                dashscope_valid = False
+
+        if not dashscope_valid:
+            logger.warning(
+                "\n⚠ DashScope credentials not fully configured. "
+                "They will be set via HF API during Space deployment."
+            )
 
         # Check optional secrets
         for secret in optional_secrets:
             value = os.getenv(secret)
             if value:
-                masked = value[:10] + "..." if len(value) > 10 else "***"
-                logger.info(f"✓ {secret} configured ({masked})")
+                logger.info(f"✓ {secret} configured")
             else:
                 logger.info(f"ℹ {secret} not configured (using default)")
 
@@ -90,12 +107,12 @@ class EnvironmentLoader:
             Dictionary with API configuration
         """
         return {
-            "openrouter_api_key": EnvironmentLoader.get_secret("OPENROUTER_API_KEY"),
+            "openrouter_api_key": os.getenv("DASHSCOPE_API_KEY", ""),
             "openrouter_base_url": os.getenv(
-                "OPENROUTER_BASE_URL", "https://openrouter.ai/api/v1"
+                "DASHSCOPE_BASE_URL", "https://dashscope.aliyuncs.com/compatible-mode/v1"
             ),
-            "model_name": os.getenv("MODEL_NAME", "poolside/laguna-m.1:free"),
-            "huggingface_token": EnvironmentLoader.get_secret("HUGGINGFACE_TOKEN"),
+            "model_name": os.getenv("MODEL_NAME", "qwen3.7-plus"),
+            "huggingface_token": os.getenv("HUGGINGFACE_TOKEN", ""),
             "huggingface_dataset": os.getenv(
                 "HUGGINGFACE_DATASET", "factorstudios/Pipeline"
             ),

setup_space.py

@@ -2,6 +2,7 @@
 import os
 import sys
 import logging
+import requests
 from pathlib import Path
 
 
@@ -18,16 +19,73 @@ def check_environment():
     return is_hf_space
 
 
+def set_hf_space_secrets(hf_token):
+    """Set DashScope credentials as HF Space secrets via API.
+    
+    Args:
+        hf_token: Hugging Face API token
+        
+    Returns:
+        bool: True if secrets were set successfully
+    """
+    space_id = os.getenv("SPACE_ID")
+    if not space_id:
+        logger.info("ℹ Not running in HF Space (no SPACE_ID). Skipping secret configuration.")
+        return True
+    
+    dashscope_key = os.getenv("DASHSCOPE_API_KEY")
+    dashscope_url = os.getenv("DASHSCOPE_BASE_URL")
+    
+    if not dashscope_key or not dashscope_url:
+        logger.warning("ℹ DashScope credentials not found in environment. Skipping HF secret setup.")
+        return True
+    
+    logger.info("Setting up HF Space secrets via API...")
+    
+    headers = {
+        "Authorization": f"Bearer {hf_token}",
+        "Content-Type": "application/json",
+    }
+    
+    secrets = [
+        ("DASHSCOPE_API_KEY", dashscope_key),
+        ("DASHSCOPE_BASE_URL", dashscope_url),
+    ]
+    
+    for secret_name, secret_value in secrets:
+        try:
+            url = f"https://huggingface.co/api/spaces/{space_id}/secrets"
+            payload = {
+                "key": secret_name,
+                "value": secret_value,
+            }
+            
+            response = requests.post(url, json=payload, headers=headers, timeout=10)
+            
+            if response.status_code in [200, 201]:
+                logger.info(f"✓ Secret '{secret_name}' set successfully")
+            else:
+                logger.warning(f"⚠ Failed to set '{secret_name}': {response.status_code}")
+                
+        except Exception as e:
+            logger.warning(f"⚠ Error setting secret '{secret_name}': {e}")
+    
+    return True
+
+
 def validate_secrets():
     """Validate that required secrets are configured."""
     required_secrets = [
-        "OPENROUTER_API_KEY",
         "HUGGINGFACE_TOKEN",
     ]
 
+    dashscope_secrets = [
+        "DASHSCOPE_API_KEY",
+        "DASHSCOPE_BASE_URL",
+    ]
+
     optional_secrets = [
         "HUGGINGFACE_DATASET",
-        "OPENROUTER_BASE_URL",
         "MODEL_NAME",
     ]
 
@@ -44,15 +102,24 @@ def validate_secrets():
             logger.error(f"✗ MISSING: {secret}")
             missing_secrets.append(secret)
         else:
-            masked = value[:10] + "..." if len(value) > 10 else "***"
-            logger.info(f"✓ CONFIGURED: {secret} ({masked})")
+            logger.info(f"✓ CONFIGURED: {secret}")
+
+    # Check DashScope secrets (log without exposing values)
+    logger.info("\nDashScope Configuration:")
+    dashscope_configured = True
+    for secret in dashscope_secrets:
+        value = os.getenv(secret)
+        if value:
+            logger.info(f"✓ CONFIGURED: {secret} (***hidden***)")
+        else:
+            logger.info(f"ℹ NOT SET: {secret}")
+            dashscope_configured = False
 
     # Check optional secrets
     for secret in optional_secrets:
         value = os.getenv(secret)
         if value:
-            masked = value[:10] + "..." if len(value) > 10 else "***"
-            logger.info(f"✓ CONFIGURED: {secret} ({masked})")
+            logger.info(f"✓ CONFIGURED: {secret}")
         else:
             logger.info(f"ℹ NOT SET: {secret} (using default)")
 
@@ -66,7 +133,11 @@ def validate_secrets():
         logger.error("3. Add each missing secret")
         return False
 
-    logger.info("\n✅ All required secrets are configured!")
+    if not dashscope_configured:
+        logger.warning("\n⚠ DashScope credentials not fully configured")
+        logger.warning("The system will attempt to set them via HF API during deployment")
+
+    logger.info("\n✅ Required secrets are configured!")
     return True
 
 
@@ -100,16 +171,20 @@ def print_deployment_info():
         logger.info("ℹ Not running in Hugging Face Space")
         logger.info("ℹ Running locally or in different environment")
 
-    logger.info(f"✓ Model: {os.getenv('MODEL_NAME', 'poolside/laguna-m.1:free')}")
-    logger.info(f"✓ Dataset: {os.getenv('HUGGINGFACE_DATASET', 'factorstudios/Pipeline')}")
-    logger.info(f"✓ Port: {os.getenv('PORT', '7860')}")
+    model = os.getenv("MODEL_NAME", "qwen3.7-plus")
+    dataset = os.getenv("HUGGINGFACE_DATASET", "factorstudios/Pipeline")
+    port = os.getenv("PORT", "7860")
+    
+    logger.info(f"✓ Model: {model}")
+    logger.info(f"✓ Dataset: {dataset}")
+    logger.info(f"✓ Port: {port}")
 
     logger.info("\n" + "=" * 60)
     logger.info("API Endpoints")
     logger.info("=" * 60)
     logger.info("Health: GET /health")
     logger.info("Docs: GET /docs")
-    logger.info("Pipeline: POST /api/v1/pipeline/execute")
+    logger.info("Pipeline: POST /api/pipeline/execute")
     logger.info("=" * 60)
 
 
@@ -117,12 +192,19 @@ def main():
     """Run setup checks."""
     logger.info("Starting Hugging Face Space setup...\n")
 
+    # Get HF token from environment
+    hf_token = os.getenv("HUGGINGFACE_TOKEN")
+
     # Check environment
     is_hf_space = check_environment()
 
     # Validate secrets
     secrets_valid = validate_secrets()
 
+    # Set HF Space secrets via API if running in Space
+    if hf_token and is_hf_space:
+        set_hf_space_secrets(hf_token)
+
     # Create directories
     create_directories()