diff --git a/backend/api/main.py b/backend/api/main.py
index b0efafc..13e8e04 100644
--- a/backend/api/main.py
+++ b/backend/api/main.py
@@ -247,4 +247,4 @@ async def health():
 
 if __name__ == "__main__":
     import uvicorn
-    uvicorn.run(app, host="0.0.0.0", port=8002)
+    uvicorn.run(app, host="0.0.0.0", port=8001)
diff --git a/backend/api/routes/accounts.py b/backend/api/routes/accounts.py
index f3469f6..6b87e3f 100644
--- a/backend/api/routes/accounts.py
+++ b/backend/api/routes/accounts.py
@@ -194,6 +194,8 @@ async def update_credentials(account_id: int, payload: AccountCredentialsUpdate,
 
 @router.post("/{account_id}/trading/ensure-program")
 async def ensure_trading_program(account_id: int, user: Dict[str, Any] = Depends(get_current_user)):
+    if int(account_id) <= 0:
+        raise HTTPException(status_code=400, detail="account_id 必须 >= 1")
     # 允许管理员或该账号 owner 执行（owner 用于“我重建配置再启动”）
     if (user.get("role") or "user") != "admin":
         require_account_owner(int(account_id), user)
@@ -214,6 +216,8 @@ async def ensure_trading_program(account_id: int, user: Dict[str, Any] = Depends
 @router.get("/{account_id}/trading/status")
 async def trading_status_for_account(account_id: int, user: Dict[str, Any] = Depends(get_current_user)):
     # 有访问权即可查看状态
+    if int(account_id) <= 0:
+        raise HTTPException(status_code=400, detail="account_id 必须 >= 1")
     require_account_access(int(account_id), user)
     program = program_name_for_account(int(account_id))
     try:
@@ -248,6 +252,8 @@ async def trading_tail_for_account(
     """
     读取该账号交易进程日志尾部（用于排障）。仅 owner/admin 可读。
     """
+    if int(account_id) <= 0:
+        raise HTTPException(status_code=400, detail="account_id 必须 >= 1")
     require_account_owner(int(account_id), user)
     program = program_name_for_account(int(account_id))
     try:
@@ -259,6 +265,8 @@ async def trading_tail_for_account(
 
 @router.post("/{account_id}/trading/start")
 async def trading_start_for_account(account_id: int, user: Dict[str, Any] = Depends(get_current_user)):
+    if int(account_id) <= 0:
+        raise HTTPException(status_code=400, detail="account_id 必须 >= 1")
     require_account_owner(int(account_id), user)
     program = program_name_for_account(int(account_id))
     try:
@@ -285,6 +293,8 @@ async def trading_start_for_account(account_id: int, user: Dict[str, Any] = Depe
 
 @router.post("/{account_id}/trading/stop")
 async def trading_stop_for_account(account_id: int, user: Dict[str, Any] = Depends(get_current_user)):
+    if int(account_id) <= 0:
+        raise HTTPException(status_code=400, detail="account_id 必须 >= 1")
     require_account_owner(int(account_id), user)
     program = program_name_for_account(int(account_id))
     try:
@@ -298,6 +308,8 @@ async def trading_stop_for_account(account_id: int, user: Dict[str, Any] = Depen
 
 @router.post("/{account_id}/trading/restart")
 async def trading_restart_for_account(account_id: int, user: Dict[str, Any] = Depends(get_current_user)):
+    if int(account_id) <= 0:
+        raise HTTPException(status_code=400, detail="account_id 必须 >= 1")
     require_account_owner(int(account_id), user)
     program = program_name_for_account(int(account_id))
     try:
diff --git a/trading_system/config.py b/trading_system/config.py
index fd925c4..8f60ea3 100644
--- a/trading_system/config.py
+++ b/trading_system/config.py
@@ -7,13 +7,15 @@ import os
 from typing import Optional
 from pathlib import Path
 
-# 加载 .env 文件（优先从 trading_system/.env，其次从项目根目录/.env）
+# 加载 .env 文件（优先从 trading_system/.env，其次从 backend/.env，再到项目根目录/.env）
 try:
     from dotenv import load_dotenv
     trading_system_dir = Path(__file__).parent
     project_root = trading_system_dir.parent
+    backend_dir = project_root / "backend"
     env_files = [
         trading_system_dir / '.env',  # trading_system/.env
+        backend_dir / '.env',         # backend/.env（线上常见放这里：DB/REDIS/ATS_MASTER_KEY）
         project_root / '.env',        # 项目根目录/.env
     ]
     for env_file in env_files:
@@ -80,13 +82,13 @@ def _init_config_manager():
         
         # 尝试导入
         try:
-            print(f"[配置管理器] 尝试导入config_manager...")
-            from config_manager import config_manager
-            print(f"[配置管理器] ✓ 导入成功")
+            print("[配置管理器] 尝试导入config_manager...")
+            from config_manager import config_manager  # type: ignore
+            print("[配置管理器] ✓ 导入成功")
             
             # 测试数据库连接
             try:
-                print(f"[配置管理器] 测试数据库连接...")
+                print("[配置管理器] 测试数据库连接...")
                 config_manager.reload()
                 print(f"[配置管理器] ✓ 数据库连接成功，已加载 {len(config_manager._cache)} 个配置项")
                 
@@ -97,7 +99,7 @@ def _init_config_manager():
                 
                 _config_manager = config_manager
                 USE_DB_CONFIG = True
-                print(f"[配置管理器] ✓ 配置管理器初始化成功，将从数据库读取配置")
+                print("[配置管理器] ✓ 配置管理器初始化成功，将从数据库读取配置")
                 return config_manager
             except Exception as db_error:
                 print(f"[配置管理器] ⚠ 数据库连接失败: {db_error}")