fix: validate unicode in model apikey or headers

[uinstinct]

Description

model's api key or any of the request headers should not contain unicode characters

closes #9910
resolves CON-5307

AI Code Review

• Team members only: AI review runs automatically when PR is opened or marked ready for review
• Team members can also trigger a review by commenting @continue-review

Checklist

• [] I've read the contributing guide
• [] The relevant docs, if any, have been updated or created
• [] The relevant tests, if any, have been updated or created

Screen recording or screenshot

Tests

[ What tests were added or updated to ensure the changes work as expected? ]

---

Summary by cubic

Add validation to block unicode characters in model API keys and request headers in config-yaml. This prevents invalid auth/headers from reaching LLM APIs and fulfills CON-5307 and issue #9910.

• Bug Fixes
  • Check model.apiKey and requestOptions.headers (names and values) for non-ASCII; raise fatal errors with clear messages.
  • Enforce ASCII-only keys and header values to match HTTP/LLM API requirements.

^{Written for commit 8160711. Summary will update on new commits.}

[cubic-dev-ai]

1 issue found across 1 file

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="packages/config-yaml/src/validation.ts">

<violation number="1" location="packages/config-yaml/src/validation.ts:50">
P2: Header unicode validation only checks values, not header names. HTTP header field-names must be ASCII tokens; unicode header keys will pass validation and can still fail in downstream HTTP clients.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}