Security: Fix critical vulnerabilities before public release

- Restrict CORS to specific allowed origins (was wildcard *)
- Add path traversal protection in agentgraph.py
- Remove error detail leakage in 46 API endpoints (no longer expose str(e))

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/app.py

@@ -47,13 +47,22 @@ logger = logging.getLogger("agent_monitoring_server")
 # Create FastAPI app
 app = FastAPI(title="Agent Monitoring System", version="1.0.0")
 
+# Define allowed CORS origins (security fix: restrict from wildcard)
+ALLOWED_ORIGINS = [
+    "http://localhost:3001",
+    "http://localhost:5280",
+    "http://localhost:7860",
+    "https://holistic-ai-agentgraph.hf.space",
+    "https://huggingface.co",
+]
+
 # Add CORS middleware (first, so it's outermost)
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],
+    allow_origins=ALLOWED_ORIGINS,
     allow_credentials=True,
-    allow_methods=["*"],
-    allow_headers=["*"],
+    allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+    allow_headers=["Content-Type", "Authorization"],
 )
 
 # IMPORTANT: Middleware runs in REVERSE order of add_middleware() calls!

backend/routers/agentgraph.py

@@ -1,15 +1,29 @@
 from fastapi import APIRouter, Request
 from fastapi.responses import HTMLResponse, FileResponse, JSONResponse
-import os
+from pathlib import Path
 
 router = APIRouter()
 
+# Security: Define base directories for path traversal protection
+DIST_DIR = Path("frontend/dist").resolve()
+ASSETS_DIR = Path("frontend/dist/assets").resolve()
+
+
+def is_safe_path(base_dir: Path, requested_path: Path) -> bool:
+    """Check if the requested path is within the allowed base directory"""
+    try:
+        resolved = requested_path.resolve()
+        return str(resolved).startswith(str(base_dir))
+    except (OSError, ValueError):
+        return False
+
+
 @router.get("/agentgraph", response_class=HTMLResponse)
 async def agentgraph_interface(request: Request):
     """Serve the React-based AgentGraph interface (requires authentication)"""
     # Serve the built React app from the new location
-    dist_path = "frontend/dist/index.html"
-    if os.path.exists(dist_path):
+    dist_path = DIST_DIR / "index.html"
+    if dist_path.exists():
         with open(dist_path, 'r') as f:
             content = f.read()
         return HTMLResponse(content=content)
@@ -20,29 +34,45 @@ async def agentgraph_interface(request: Request):
             status_code=503
         )
 
+
 @router.get("/agentgraph/{path:path}")
 async def agentgraph_assets(path: str):
-    """Serve static assets for the React app"""
-    file_path = f"frontend/dist/{path}"
-    if os.path.exists(file_path):
-        return FileResponse(file_path)
-    else:
-        return JSONResponse(content={"error": "File not found"}, status_code=404)
+    """Serve static assets for the React app with path traversal protection"""
+    requested_path = (DIST_DIR / path).resolve()
+
+    # Security: Prevent path traversal attacks
+    if not is_safe_path(DIST_DIR, requested_path):
+        return JSONResponse(
+            content={"error": "Access denied"},
+            status_code=403
+        )
+
+    if requested_path.is_file():
+        return FileResponse(requested_path)
+    return JSONResponse(content={"error": "File not found"}, status_code=404)
+
 
 @router.get("/assets/{path:path}")
 async def serve_assets(path: str):
-    """Serve React assets from /assets/ path"""
-    file_path = f"frontend/dist/assets/{path}"
-    if os.path.exists(file_path):
-        return FileResponse(file_path)
-    else:
-        return JSONResponse(content={"error": "Asset not found"}, status_code=404)
+    """Serve React assets from /assets/ path with path traversal protection"""
+    requested_path = (ASSETS_DIR / path).resolve()
+
+    # Security: Prevent path traversal attacks
+    if not is_safe_path(ASSETS_DIR, requested_path):
+        return JSONResponse(
+            content={"error": "Access denied"},
+            status_code=403
+        )
+
+    if requested_path.is_file():
+        return FileResponse(requested_path)
+    return JSONResponse(content={"error": "Asset not found"}, status_code=404)
+
 
 @router.get("/vite.svg")
 async def serve_vite_svg():
     """Serve the vite.svg favicon"""
-    file_path = "frontend/dist/vite.svg"
-    if os.path.exists(file_path):
+    file_path = DIST_DIR / "vite.svg"
+    if file_path.exists():
         return FileResponse(file_path)
-    else:
-        return JSONResponse(content={"error": "Favicon not found"}, status_code=404) 
+    return JSONResponse(content={"error": "Favicon not found"}, status_code=404)

backend/routers/graph_comparison.py

@@ -103,7 +103,7 @@ async def list_available_graphs(db: Session = Depends(get_db)):
         
     except Exception as e:
         logger.error(f"Error listing graphs: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to list graphs: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while listing graphs")
 
 def _format_graph_data(graph: KnowledgeGraph) -> Dict[str, Any]:
     """Helper function to format graph data consistently"""
@@ -250,7 +250,7 @@ async def compare_graphs(
         raise
     except Exception as e:
         logger.error(f"Error comparing graphs {graph1_id} and {graph2_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to compare graphs: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while comparing graphs")
 
 @router.get("/compare/{graph1_id}/{graph2_id}")
 async def get_comparison(
@@ -359,7 +359,7 @@ async def get_graph_details(graph_id: int, db: Session = Depends(get_db)):
         raise
     except Exception as e:
         logger.error(f"Error getting graph details for {graph_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to get graph details: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while getting graph details")
 
 @router.get("/cache/info")
 async def get_cache_info():
@@ -381,7 +381,7 @@ async def get_cache_info():
         
     except Exception as e:
         logger.error(f"Error getting cache info: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to get cache info: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while getting cache info")
 
 @router.delete("/cache/clear")
 async def clear_cache():
@@ -408,4 +408,4 @@ async def clear_cache():
         raise
     except Exception as e:
         logger.error(f"Error clearing cache: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to clear cache: {str(e)}") 
+        raise HTTPException(status_code=500, detail="An internal error occurred while clearing cache") 

backend/routers/knowledge_graphs.py

@@ -54,7 +54,7 @@ async def get_knowledge_graphs(db: Session = Depends(get_db_session)):
     except Exception as e:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Error fetching knowledge graphs: {str(e)}"
+            detail="An internal error occurred while fetching knowledge graphs"
         )
 
 
@@ -86,7 +86,7 @@ async def get_latest_knowledge_graph(db: Session = Depends(get_db_session)):
             raise e
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Error retrieving knowledge graph: {str(e)}"
+            detail="An internal error occurred while retrieving knowledge graph"
         )
 
 
@@ -112,7 +112,7 @@ async def download_latest_knowledge_graph(db: Session = Depends(get_db_session))
             raise e
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Error retrieving knowledge graph: {str(e)}"
+            detail="An internal error occurred while retrieving knowledge graph"
         )
 
 
@@ -153,7 +153,7 @@ async def get_knowledge_graph(graph_id: str, db: Session = Depends(get_db_sessio
         logger.error(f"Database error fetching graph {graph_id}: {str(e)}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Database error fetching knowledge graph: {str(e)}"
+            detail="An internal error occurred while fetching knowledge graph"
         )
 
 
@@ -168,7 +168,7 @@ async def get_platform_stats(db: Session = Depends(get_db_session)):
     except Exception as e:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Error fetching platform statistics: {str(e)}"
+            detail="An internal error occurred while fetching platform statistics"
         )
 
 
@@ -500,7 +500,7 @@ def get_knowledge_graph(
             raise e
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Error retrieving knowledge graph: {str(e)}"
+            detail="An internal error occurred while retrieving knowledge graph"
         )
 
 
@@ -529,7 +529,7 @@ def download_knowledge_graph(
             raise e
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Error retrieving knowledge graph: {str(e)}"
+            detail="An internal error occurred while retrieving knowledge graph"
         )
 
 
@@ -588,7 +588,7 @@ async def download_knowledge_graph_by_id_or_filename(
         logger.error(f"Error downloading knowledge graph: {str(e)}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Error downloading knowledge graph: {str(e)}"
+            detail="An internal error occurred while downloading knowledge graph"
         )
 
 
@@ -780,7 +780,7 @@ async def delete_knowledge_graph_by_id(
         logger.error(f"Error deleting knowledge graph: {str(e)}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Error deleting knowledge graph: {str(e)}"
+            detail="An internal error occurred while deleting knowledge graph"
         ) 
 
 # Helper function to sanitize JSON data
@@ -911,7 +911,7 @@ async def analyze_knowledge_graph(kg_id: str, background_tasks: BackgroundTasks,
         raise http_ex
     except Exception as e:
         logger.error(f"Error scheduling causal analysis: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Error scheduling causal analysis: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while scheduling causal analysis")
 
 @router.get("/knowledge-graphs/{kg_id}/status")
 async def get_knowledge_graph_status(kg_id: str, session: Session = Depends(get_db)):
@@ -1117,7 +1117,7 @@ async def get_stage_results(kg_id: str, stage: str, session: Session = Depends(g
     
     except Exception as e:
         logger.error(f"Error retrieving stage results: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Error retrieving stage results: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while retrieving stage results")
 
 @router.delete("/knowledge-graphs/{kg_id}/stage-results/{stage}")
 async def clear_stage_results(kg_id: str, stage: str, session: Session = Depends(get_db)):
@@ -1210,7 +1210,7 @@ async def clear_stage_results(kg_id: str, stage: str, session: Session = Depends
     except Exception as e:
         session.rollback()
         logger.error(f"Error clearing stage {stage} for KG {kg_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Error clearing stage results: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while clearing stage results")
 
 @router.put("/knowledge-graphs/{kg_id}/update-prompt-reconstruction")
 async def update_prompt_reconstruction(kg_id: str, session: Session = Depends(get_db)):
@@ -1266,4 +1266,4 @@ async def reset_knowledge_graph(kg_id: str, session: Session = Depends(get_db)):
         }
     except Exception as e:
         logger.error(f"Error resetting knowledge graph: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Error resetting knowledge graph: {str(e)}") 
+        raise HTTPException(status_code=500, detail="An internal error occurred while resetting knowledge graph") 

backend/routers/methods.py

@@ -48,7 +48,7 @@ async def get_available_methods(method_type: Optional[str] = None, schema_type:
             }
         }
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Error retrieving methods: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while retrieving methods")
 
 
 # Removed separate production/baseline endpoints - use unified /available endpoint with filtering
@@ -72,7 +72,7 @@ async def get_default_method() -> Dict[str, Any]:
             "method_info": method_info
         }
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Error retrieving default method: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while retrieving default method")
 
 
 @router.get("/{method_name}")
@@ -102,7 +102,7 @@ async def get_method_info(method_name: str) -> Dict[str, Any]:
     except HTTPException:
         raise
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Error retrieving method info: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while retrieving method info")
 
 
 @router.post("/{method_name}/validate")
@@ -133,7 +133,7 @@ async def validate_method(method_name: str) -> Dict[str, Any]:
             "method_info": validation_result["method_info"]
         }
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Error validating method: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while validating method")
 
 
 @router.get("/{method_name}/schema-compatibility")
@@ -163,7 +163,7 @@ async def get_method_schema_compatibility(method_name: str) -> Dict[str, Any]:
     except HTTPException:
         raise
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Error retrieving compatibility info: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while retrieving compatibility info")
 
 
 # Removed separate filter endpoints - use unified /available endpoint with query parameters 

backend/routers/observability.py

@@ -150,7 +150,7 @@ def test_langfuse_connection(public_key: str, secret_key: str, host: Optional[st
         return True
     except Exception as e:
         logger.error(f"Failed to connect to Langfuse: {str(e)}")
-        raise HTTPException(status_code=400, detail=f"Failed to connect to Langfuse: {str(e)}") from e
+        raise HTTPException(status_code=400, detail="Failed to connect to Langfuse") from e
 
 def test_langsmith_connection(api_key: str) -> bool:
     """Test LangSmith connection by listing projects"""
@@ -161,7 +161,7 @@ def test_langsmith_connection(api_key: str) -> bool:
         return True
     except Exception as e:
         logger.error(f"Failed to connect to LangSmith: {str(e)}")
-        raise HTTPException(status_code=400, detail=f"Failed to connect to LangSmith: {str(e)}") from e
+        raise HTTPException(status_code=400, detail="Failed to connect to LangSmith") from e
 
 def get_connection_projects(platform: str, public_key: str, secret_key: str, host: Optional[str]) -> List[Dict]:
     """Get projects for a platform connection"""
@@ -309,7 +309,7 @@ def fetch_langsmith_traces(connection: ObservabilityConnection, db: Session, pro
             logger.info(f"Found {len(projects)} projects")
         except Exception as e:
             logger.error(f"Error listing projects: {e}")
-            raise HTTPException(status_code=500, detail=f"Error listing projects: {str(e)}") from e
+            raise HTTPException(status_code=500, detail="An internal error occurred while listing projects") from e
         
         # Export runs from specific project only
         all_traces = []
@@ -426,7 +426,7 @@ def fetch_langsmith_traces(connection: ObservabilityConnection, db: Session, pro
         
     except Exception as e:
         logger.error(f"Error fetching LangSmith traces: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to fetch traces: {str(e)}") from e
+        raise HTTPException(status_code=500, detail="An internal error occurred while fetching traces") from e
 
 # Request/Response Models
 class ConnectionRequest(BaseModel):
@@ -674,7 +674,7 @@ async def fetch_traces_by_connection(
         
     except Exception as e:
         logger.error(f"Failed to fetch traces from connection {connection_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to fetch traces: {str(e)}") from e
+        raise HTTPException(status_code=500, detail="An internal error occurred while fetching traces") from e
 
 @router.post("/connections/{connection_id}/import")
 async def import_traces_by_connection(
@@ -837,7 +837,7 @@ async def import_traces_by_connection(
         
     except Exception as e:
         logger.error(f"Failed to import traces from connection {connection_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to import traces: {str(e)}") from e
+        raise HTTPException(status_code=500, detail="An internal error occurred while importing traces") from e
 
 @router.get("/traces/{trace_id}/download")
 async def download_trace_by_id(trace_id: str, db: Session = Depends(get_db)):  # noqa: B008
@@ -859,7 +859,7 @@ async def get_resource_usage():
         return {"cpu_usage": cpu_usage, "memory_usage": memory_usage}
     except Exception as e:
         logger.error(f"Error retrieving resource usage: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Error retrieving resource usage: {str(e)}") from e
+        raise HTTPException(status_code=500, detail="An internal error occurred while retrieving resource usage") from e
 
 @router.post("/clean-up")
 async def clean_up(session: Session = Depends(get_db)):  # noqa: B008
@@ -870,7 +870,7 @@ async def clean_up(session: Session = Depends(get_db)):  # noqa: B008
         return {"success": True, "message": "Resources cleaned up successfully"}
     except Exception as e:
         logger.error(f"Error cleaning up resources: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Error cleaning up resources: {str(e)}") from e
+        raise HTTPException(status_code=500, detail="An internal error occurred while cleaning up resources") from e
 
 @router.get("/environment")
 async def get_environment():
@@ -994,4 +994,4 @@ async def cleanup_stuck_tasks():
         return {"success": True, "cleaned_tasks": cleaned_tasks}
     except Exception as e:
         logger.error(f"Error cleaning up stuck tasks: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Error cleaning up stuck tasks: {str(e)}") from e
+        raise HTTPException(status_code=500, detail="An internal error occurred while cleaning up stuck tasks") from e

backend/routers/temporal_graphs.py

@@ -118,7 +118,7 @@ async def get_temporal_graph_data(trace_id: str, processing_run_id: str = None,
         raise
     except Exception as e:
         logger.error(f"Error getting temporal graph data for trace {trace_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Internal server error: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred")
 
 
 @router.get("/traces-with-windows")
@@ -195,7 +195,7 @@ async def get_traces_with_windows(db: Session = Depends(get_db)):
         
     except Exception as e:
         logger.error(f"Error getting traces with windows: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Internal server error: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred")
 
 
 @router.get("/trace/{trace_id}/processing-runs")
@@ -264,4 +264,4 @@ async def get_processing_runs_for_trace(trace_id: str, db: Session = Depends(get
         
     except Exception as e:
         logger.error(f"Error getting processing runs for trace {trace_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Internal server error: {str(e)}") 
+        raise HTTPException(status_code=500, detail="An internal error occurred") 

backend/routers/traces.py

@@ -247,7 +247,7 @@ async def upload_trace(
     except Exception as e:
         logger = logging.getLogger("agent_monitoring_server")
         logger.error(f"Error uploading trace: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Error uploading trace: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while uploading trace")
 
 @router.get("/{trace_id}")
 async def get_trace_by_id(trace_id: str, db: Session = Depends(get_db)):
@@ -516,7 +516,7 @@ async def get_knowledge_graphs_for_trace_id(trace_id: str, db: Session = Depends
     except Exception as e:
         logger = logging.getLogger("agent_monitoring_server")
         logger.error(f"Error retrieving knowledge graphs for trace {trace_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Error retrieving knowledge graphs: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while retrieving knowledge graphs")
 
 @router.get("/{trace_id}/content")
 async def get_trace_content(trace_id: str, db: Session = Depends(get_db)):
@@ -646,7 +646,7 @@ async def regenerate_trace_metadata(
     except Exception as e:
         logger = logging.getLogger("agent_monitoring_server")
         logger.error(f"Error regenerating metadata for trace {trace_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to regenerate metadata: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while regenerating metadata")
 
 
 @router.post("/{trace_id}/fix-long-lines")
@@ -705,7 +705,7 @@ async def fix_long_lines(
     except Exception as e:
         logger = logging.getLogger("agent_monitoring_server")
         logger.error(f"Error applying line splitting to trace {trace_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to apply line splitting: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while applying line splitting")
 
 @router.get("/{trace_id}/content-numbered")
 async def get_trace_content_numbered(trace_id: str, db: Session = Depends(get_db)):
@@ -761,7 +761,7 @@ async def create_context_document(
     except ValueError as e:
         raise HTTPException(status_code=400, detail=str(e))
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Failed to create context document: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while creating context document")
 
 
 @router.get("/{trace_id}/context")
@@ -777,7 +777,7 @@ async def get_context_documents(
     except ValueError as e:
         raise HTTPException(status_code=404, detail=str(e))
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Failed to retrieve context documents: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while retrieving context documents")
 
 
 @router.put("/{trace_id}/context/{context_id}")
@@ -803,7 +803,7 @@ async def update_context_document(
     except ValueError as e:
         raise HTTPException(status_code=404, detail=str(e))
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Failed to update context document: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while updating context document")
 
 
 @router.delete("/{trace_id}/context/{context_id}")
@@ -823,7 +823,7 @@ async def delete_context_document(
     except ValueError as e:
         raise HTTPException(status_code=404, detail=str(e))
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Failed to delete context document: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while deleting context document")
 
 
 @router.post("/{trace_id}/context/upload")
@@ -871,7 +871,7 @@ async def upload_context_file(
     except ValueError as e:
         raise HTTPException(status_code=400, detail=str(e))
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Failed to upload context file: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while uploading context file")
 
 
 @router.post("/{trace_id}/context/auto-generate")
@@ -918,7 +918,7 @@ async def auto_generate_context_documents_endpoint(
     except Exception as e:
         logger = logging.getLogger("agent_monitoring_server")
         logger.error(f"Error auto-generating context documents for trace {trace_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to auto-generate context documents: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while auto-generating context documents")
  
 @router.get("/{trace_id}/enhanced-statistics")
 async def get_enhanced_trace_statistics(trace_id: str, db: Session = Depends(get_db)):
@@ -1062,7 +1062,7 @@ async def get_enhanced_trace_statistics(trace_id: str, db: Session = Depends(get
     except Exception as e:
         logger = logging.getLogger("agent_monitoring_server")
         logger.error(f"Error generating enhanced statistics for trace {trace_id}: {str(e)}")
-        raise HTTPException(status_code=500, detail=f"Failed to generate enhanced statistics: {str(e)}")
+        raise HTTPException(status_code=500, detail="An internal error occurred while generating enhanced statistics")
 
 class ChunkingConfig(BaseModel):
     min_chunk_size: Optional[int] = None
@@ -1132,5 +1132,5 @@ async def process_trace(
         logger.error(f"Error starting trace processing task: {e}")
         raise HTTPException(
             status_code=500, 
-            detail=f"Error starting trace processing: {str(e)}"
+            detail="An internal error occurred while starting trace processing"
         )