Reject caller-supplied execution identity fields at /api/deepchat boundary
>>> [!note] Migrated issue
<!-- Drupal.org comment -->
<!-- Migrated from issue #3574662. -->
Reported by: [scott falconer](https://www.drupal.org/user/52557)
Related to !1227
>>>
<p><strong> Problem/Motivation<br>
</strong><br>
As part of <a href="https://www.drupal.org/project/ai/issues/3573899">https://www.drupal.org/project/ai/issues/3573899</a> (Execution Principal / execution envelope), outside-in API boundaries must not accept caller-supplied execution identity fields.</p>
<p>The /api/deepchat endpoint currently processes request payloads without explicitly rejecting reserved identity fields. This allows caller-supplied fields like executor_uid / initiator_uid to pass the boundary and only fail later on unrelated validation (for example invalid assistant ID).</p>
<p>We need explicit boundary enforcement so caller payloads cannot influence execution principal resolution.</p>
<p><strong>Proposed resolution<br>
</strong> </p>
<p>In ai_chatbot:</p>
<p> 1. Add an early guard in DeepChatApi::api() to reject caller-supplied reserved identity fields:</p>
<p> - executor_uid<br>
- initiator_uid<br>
- initiator_subject</p>
<p> 2. Keep response semantics consistent with existing endpoint validation style (422), but return a specific reserved-field error message.<br>
3. Add kernel coverage that proves ordering:</p>
<p> - Baseline payload (invalid assistant_id, no reserved fields) returns the existing assistant validation error.<br>
- Same payload + reserved field returns reserved-field error instead, proving boundary rejection happens<br>
before assistant validation/business logic.</p>
<p><strong> Acceptance criteria<br>
</strong><br>
- /api/deepchat rejects caller-supplied executor_uid.<br>
- /api/deepchat rejects caller-supplied initiator_uid.<br>
- /api/deepchat rejects caller-supplied initiator_subject.<br>
- Rejection happens before assistant validation/business logic.<br>
- Tests cover baseline-vs-reserved-field ordering and pass in CI.</p>
<p><strong> Remaining tasks<br>
</strong><br>
- Add/adjust kernel tests under modules/ai_chatbot/tests/src/Kernel/Controller/.<br>
- Add reserved-field boundary guard in modules/ai_chatbot/src/Controller/DeepChatApi.php.<br>
- Run PHPCS and targeted PHPUnit.<br>
- Open/update MR and set issue to Needs review.</p>
<p><strong> API changes<br>
</strong> Yes. /api/deepchat will now explicitly reject reserved execution identity fields in the request payload.</p>
<p><strong> Data model changes<br>
</strong> None.</p>
<p> AI usage<br>
The code and issue drafting for this change are AI-assisted, with human review of scope, implementation, and test results.</p>
> Related issue: [Issue #3573899](https://www.drupal.org/node/3573899)
issue