fix: enforce max_length=128 and validate GET /analyze/batch filter

Closes leeworks-agents/SPARC#1685

- Increase CompanyName max_length from 100 to 128 everywhere (Pydantic
  type, Path constraints, and the inline Query on analyze/patent).
- Add _COMPANY_NAME_FILTER_QUERY reusable Query annotation and apply it
  to the optional company_name filter on GET /analyze/batch so it is
  validated with the same rules as all other endpoints.
- Update tests: rename test_over_100_chars_rejected → 128, add
  test_exactly_128_chars_accepted at the new boundary, fix batch
  too-long test to use 129 chars, update valid-name parametrize to use
  "A"*128, and add five new tests covering GET /analyze/batch filter
  validation (special chars, too-short, too-long, valid, omitted).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/test_company_name_validation.py

@@ -43,12 +43,18 @@ class TestCompanyNameValidation:
 
     # --- Too long ---
 
-    def test_over_100_chars_rejected(self, client, mock_analyzer):
-        """A company name longer than 100 characters should be rejected."""
-        long_name = "A" * 101
+    def test_over_128_chars_rejected(self, client, mock_analyzer):
+        """A company name longer than 128 characters should be rejected."""
+        long_name = "A" * 129
         response = client.get(f"/analyze/{long_name}")
         assert response.status_code == 422
 
+    def test_exactly_128_chars_accepted(self, client, mock_analyzer):
+        """A company name of exactly 128 characters should be accepted."""
+        max_name = "A" * 128
+        response = client.get(f"/analyze/{max_name}")
+        assert response.status_code != 422
+
     # --- Special characters ---
 
     @pytest.mark.parametrize(
@@ -95,7 +101,7 @@ class TestCompanyNameValidation:
             "3M",
             "21st Century Fox",
             "ab",  # minimum length
-            "A" * 100,  # maximum length
+            "A" * 128,  # maximum length
         ],
     )
     def test_valid_names_accepted(self, client, mock_analyzer, valid_name):
@@ -118,7 +124,7 @@ class TestCompanyNameValidation:
         """Batch endpoint should reject company names that are too long."""
         response = client.post(
             "/analyze/batch",
-            json={"companies": ["A" * 101]},
+            json={"companies": ["A" * 129]},
         )
         assert response.status_code == 422
 
@@ -155,3 +161,30 @@ class TestCompanyNameValidation:
             json={"companies": ["-nvidia"]},
         )
         assert response.status_code == 422
+
+    # --- GET /analyze/batch company_name filter validation ---
+
+    def test_batch_filter_special_chars_rejected(self, client, mock_analyzer):
+        """GET /analyze/batch company_name filter rejects disallowed chars."""
+        response = client.get("/analyze/batch", params={"company_name": "nvidia!"})
+        assert response.status_code == 422
+
+    def test_batch_filter_too_short_rejected(self, client, mock_analyzer):
+        """GET /analyze/batch company_name filter rejects names under 2 chars."""
+        response = client.get("/analyze/batch", params={"company_name": "X"})
+        assert response.status_code == 422
+
+    def test_batch_filter_too_long_rejected(self, client, mock_analyzer):
+        """GET /analyze/batch company_name filter rejects names over 128 chars."""
+        response = client.get("/analyze/batch", params={"company_name": "A" * 129})
+        assert response.status_code == 422
+
+    def test_batch_filter_valid_name_accepted(self, client, mock_analyzer):
+        """GET /analyze/batch company_name filter accepts a valid name."""
+        response = client.get("/analyze/batch", params={"company_name": "nvidia"})
+        assert response.status_code != 422
+
+    def test_batch_filter_omitted_accepted(self, client, mock_analyzer):
+        """GET /analyze/batch without company_name filter should work fine."""
+        response = client.get("/analyze/batch")
+        assert response.status_code != 422