Unbounded User Input in Venice API

[Jhonattan2121]

Context

The Venice API route (src/app/api/venice/background/route.ts) takes userInput and sends it to an LLM. While we flagged prompt injection earlier, there's a resource exhaustion risk.

Problem

• DoS (Denial of Service): A user could send a massive text payload (megabytes of text).
• Cost Spike: Processing huge tokens costs money (Venice/LLM API costs).
• Timeout: The serverless function might time out processing a huge string.

Proposed Solution

Validate and truncate input length.

1. Enforce a character limit (e.g., z.string().max(1000)).
2. Reject requests larger than the limit immediately with 400 Bad Request.

Acceptance Criteria

• Sending a payload > 2000 characters returns a 400 error.
• The input is truncated before being logged or sent to the external API.