feat(api): add input validation to AI endpoints

Add prompt validation to ai-event (non-empty string, max 2000 chars)
and events array length validation to ai-summary (max 100 items)
to prevent abuse and injection attacks.

src/app/api/ai-event/route.ts

@@ -16,6 +16,20 @@ export async function POST(request: Request) {
 
 	const { prompt } = await request.json();
 
+	// Validate prompt input
+	if (!prompt || typeof prompt !== "string" || prompt.trim().length === 0) {
+		return NextResponse.json(
+			{ error: "Prompt is required and must be a non-empty string" },
+			{ status: 400 }
+		);
+	}
+	if (prompt.length > 2000) {
+		return NextResponse.json(
+			{ error: "Prompt must be less than 2000 characters" },
+			{ status: 400 }
+		);
+	}
+
 	const systemPrompt = `
 You are an assistant that converts natural language into an ARRAY of calendar events.
 TypeScript type: