[Enh] Add max length validation for user chat messages across REST and WebSocket endpoints

[sharma-sugurthi]

What feature do you want to see added?

Problem

ChatRequest.message currently only validates that the message is not empty (schemas.py:48). there is no upper bound on message length. this means a user can submit an arbitrarily large string (e.g., 1MB) via:

• POST /sessions/{id}/message (REST)
• WS /sessions/{id}/stream (WebSocket — no validation at all on message_data.get("message"))

the oversized input flows directly into the LLM pipeline (generate_answer()), where it either silently overflows the context window (context_length: 2048 in config) or wastes compute on prompt construction, embedding, and retrieval for content that can't be processed.

by contrast, the file upload path already enforces MAX_TEXT_CONTENT_LENGTH = 10000 in file_service.py, so there is precedent for input bounds - but the primary chat path has none.

Proposed fix

1. add a max_length constraint to ChatRequest.message in schemas.py using Pydantic's Field(max_length=...) or a custom @field_validator.
2. add the same check in the WebSocket handler (chatbot_stream) for user_message before calling get_chatbot_reply_stream().
3. make the limit configurable via config.yml (e.g., chat.max_message_length: 5000).
4. return a clear 422 error for REST and a JSON error message for WebSocket when exceeded.

Impact

• prevents resource abuse on the LLM pipeline
• aligns chat input validation with the existing file upload guardrails
• improves API contract clarity for frontend clients

Upstream changes

No response

Are you interested in contributing this feature?

Yes..