Refs #576: Reject C1 controls in deploy settings

[Squirbie]

Refs #576

Summary

• Add a deploy-settings control-character helper that rejects C0, DEL, and C1 controls.
• Apply it to required deploy values and secret validation.
• Add regression coverage for internal C1 controls in database URL, public base URL, OAuth client ID, and deploy secrets.

Evidence

Before the fix, a local probe showed internal \x85 values in deploy strings such as MERGEWORK_ADMIN_TOKEN, MERGEWORK_GITHUB_OAUTH_CLIENT_ID, and MERGEWORK_DATABASE_URL did not produce the existing control-character validation error.

Validation

• uv run --extra dev python -m pytest tests/test_deploy_readiness.py::test_deploy_readiness_rejects_c1_control_characters -q -> 1 passed
• uv run --extra dev python -m pytest tests/test_deploy_readiness.py -q -> 28 passed
• uv run --extra dev python -m pytest -q -> 483 passed, 1 warning
• uv run --extra dev ruff check app/config.py tests/test_deploy_readiness.py -> passed
• uv run --extra dev ruff format --check app/config.py tests/test_deploy_readiness.py -> 2 files already formatted
• uv run --extra dev mypy app/config.py -> success
• uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok
• git diff --check -> clean

No private data, secrets, admin token values, wallet material, production mutation, price/liquidity/exchange/bridge/off-ramp claims, or fabricated payout claims are included.

Summary by CodeRabbit

• Bug Fixes
  • Strengthened validation for configuration settings to reject a broader range of control characters in sensitive values such as database URLs, webhook secrets, OAuth credentials, authentication tokens, and cookie settings. This prevents potential security issues and configuration problems caused by invalid control characters in these critical settings.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: f7ac852e-c370-407c-a5ec-f83a67bf4038

📥 Commits

Reviewing files that changed from the base of the PR and between e00dc75 and afaf2fe.

📒 Files selected for processing (2)

• app/config.py
• tests/test_deploy_readiness.py

---

📝 Walkthrough

Walkthrough

This PR refactors control-character validation in deploy settings by extracting a shared helper function and expanding its detection range. The new _contains_control_character() helper now rejects code points < 32 or 127–159, affecting both secret and required environment value validation. A test verifies the new behavior catches C1 control characters in multiple configuration fields.

Changes

Control Character Validation Refactor

Layer / File(s)	Summary
Control character helper and validation integration app/config.py	New _contains_control_character() helper extracts disallowed control-character logic and is applied in _secret_errors() and _required_env_value_errors(), broadening the rejection range to include C1 control characters.
C1 control character test coverage tests/test_deploy_readiness.py	Test test_deploy_readiness_rejects_c1_control_characters() verifies validation errors when C1 control characters are embedded in deploy-related configuration fields: database URL, public base URL, GitHub webhook/OAuth secrets, admin token, and cookie secret.

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly names the changed surface (C1 controls in deploy settings) and clearly summarizes the main change in the changeset.
Description check	✅ Passed	The description covers all required template sections: Summary with concrete changes, Evidence with specific issue and validation results, and all test checklist items marked as passing.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Mergework Public Artifact Hygiene	✅ Passed	No investment, price, cash-out, payout, or private security claims found. PR modifies only config validation and tests; no README or docs changes.
Bounty Pr Focus	✅ Passed	Diff matches stated surfaces. Control-character helper rejects C0/DEL/C1. Test covers 7 deploy settings. Full validation evidence provided. No scope creep.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}