Why
The proxy currently accepts arbitrary JSON for /v1/chat/completions after parse. A small validation layer would catch malformed requests early and reduce confusing upstream failures.
Scope
Validate a conservative OpenAI-compatible subset:
messages must be an array when present;model must be a string if present;- numeric limits such as
max_tokens and temperature must be bounded when present;
- reject obviously unsafe or unsupported shapes with a 400 response.
Acceptance criteria
- Invalid JSON still returns 400.
- Malformed chat body returns 400 before upstream fetch.
- Valid OpenAI-compatible requests still pass through.
- Tests ensure no prompt/response data is logged or persisted during validation errors.
Why
The proxy currently accepts arbitrary JSON for
/v1/chat/completionsafter parse. A small validation layer would catch malformed requests early and reduce confusing upstream failures.Scope
Validate a conservative OpenAI-compatible subset:
messagesmust be an array when present;modelmust be a string if present;max_tokensandtemperaturemust be bounded when present;Acceptance criteria