diff --git a/backend/auth.py b/backend/auth.py
index 4579141..ed0ef5a 100644
--- a/backend/auth.py
+++ b/backend/auth.py
@@ -15,7 +15,7 @@ from db import get_sync_conn
 _TRADE_ENV = os.getenv("TRADE_ENV", "testnet")
 _jwt_default = "arb-engine-jwt-secret-v2-2026" if _TRADE_ENV == "testnet" else None
 JWT_SECRET = os.getenv("JWT_SECRET") or _jwt_default
-if not JWT_SECRET or len(JWT_SECRET) < 32:
+if not JWT_SECRET or (_TRADE_ENV != "testnet" and len(JWT_SECRET) < 32):
     raise RuntimeError("JWT_SECRET 未配置或长度不足(>=32)，生产环境必须设置环境变量")
 ACCESS_TOKEN_HOURS = 24
 REFRESH_TOKEN_DAYS = 7