[Inference/Web] Add client-side bytecode validation, size guidance, and explicit cancellation

[agorevski]

Finding

Server-side bytecode validation exists, but the browser only checks for non-empty input and provides no explicit cancel control for long-running inference.

Evidence

• Server limits bytecode to WEB_MAX_BYTECODE_HEX_LENGTH (default 200,000 hex chars) and validates hex/odd length only after POST: web/app.py:93-95, web/app.py:181-211.
• The textarea has no maxlength, size guidance, or validation hint beyond a placeholder: web/templates/index.html:50-54.
• Frontend validation checks only empty input before submitting: web/static/app.js:873-882.
• The loading panel has progress UI but no visible Cancel button: web/templates/index.html:90-116.
• The server allows only a small number of concurrent decompiles and returns a generic 429 when busy: web/app.py:96-98, web/app.py:553-556.

Impact

Users discover malformed or too-large inputs only after sending them. For large contracts, a user has no intuitive way to cancel, understand limits, or know whether they are blocked by another job.

Recommended fix

Validate bytecode in the browser before POST, show the configured max size, normalize whitespace/0x, and add an explicit Cancel button wired to AbortController. Add server-side time/function limits and clearer busy/too-large status codes/messages.

Acceptance criteria

• UI rejects odd-length, non-hex, empty, and oversized bytecode before calling /api/decompile.
• Character counter shows current size and configured max.
• Loading panel includes a Cancel button that aborts the fetch and resets UI state.
• Server supports bounded function count/time limit and returns actionable 413/429/timeout errors.

[agorevski]

Resolved in commit e4a1530. Validation: python -m compileall -q train.py download_hf_contracts.py src web scripts tests; uv run pytest -q (521 passed).