Fix unbounded AI conversation history causing token explosion and DoW abuse

[dheeraj12347]

Summary

This PR fixes unbounded AI conversation history growth in /api/ask-ai, which could previously allow excessive token consumption and denial-of-wallet style abuse.

Changes Made

• Added maximum history length limits
• Implemented sliding conversation windowing
• Added request payload size validation
• Added lightweight token estimation before inference
• Added context size validation
• Added history sanitization and truncation
• Prevented oversized follow-up payloads from reaching Groq inference

Security Improvements

This mitigates:

• excessive token consumption
• backend memory amplification
• latency degradation
• large payload abuse
• multi-model fallback amplification risks

Fixes #222

[vercel]

@dheeraj12347 is attempting to deploy a commit to the Karan Mani Tripathi 's projects Team on Vercel.

A member of the Team first needs to authorize it.

[knoxiboy]

Technical Review

Hi @dheeraj12347! Thank you for your contribution to DoubtDesk.

The code changes look good. Before we can complete the technical review, approve, and merge this pull request, we have one final requirement for all contributors: Please star the DoubtDesk repository.

Once you have starred the repository, please drop a comment here saying "done" (or we will automatically detect it) and we will proceed with approving and merging your PR. Thank you.

[dheeraj12347]

Technical Review

Hi @dheeraj12347! Thank you for your contribution to DoubtDesk.

The code changes look good. Before we can complete the technical review, approve, and merge this pull request, we have one final requirement for all contributors: Please star the DoubtDesk repository.

Once you have starred the repository, please drop a comment here saying "done" (or we will automatically detect it) and we will proceed with approving and merging your PR. Thank you.

hi @knoxiboy , "done" :)

[knoxiboy]

Automated review: Thank you for starring the repository! The PR is approved.