fix(oauth): strip whitespace from HTTP header values on Linux

[RealKai42]

Summary

• Strip trailing whitespace/newlines from ASCII header values in _ascii_header_value() to fix connection errors on certain Linux systems (e.g. kernel 6.8.0-101) where platform.version() returns strings with trailing newlines
• Add regression tests for header value sanitization

Test plan

• pytest tests/auth/test_ascii_header.py — 5 tests pass

Checklist

• I have read the CONTRIBUTING document.
• I have linked the related issue, if any.
• I have added tests that prove my fix is effective or that my feature works.
• I have run make gen-changelog to update the changelog.
• I have run make gen-docs to update the user documentation.

---

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 1 additional finding.

[Copilot]

Pull request overview

This PR hardens OAuth HTTP header generation by sanitizing ASCII header values to avoid connection errors when Linux platform metadata (notably platform.version()) contains trailing whitespace/newlines.

Changes:

• Strip leading/trailing whitespace from ASCII header values in _ascii_header_value().
• Add regression tests covering newline/whitespace sanitization in _ascii_header_value() and _common_headers().
• Document the fix in the English/Chinese release notes and root changelog.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/kimi_cli/auth/oauth.py	Trims ASCII header values before building common OAuth headers.
tests/auth/test_ascii_header.py	Adds regression coverage for header sanitization and whitespace-free common headers.
docs/zh/release-notes/changelog.md	Adds unreleased note describing the Linux header whitespace fix (ZH).
docs/en/release-notes/changelog.md	Adds unreleased note describing the Linux header whitespace fix (EN).
CHANGELOG.md	Adds unreleased entry for the header sanitization fix.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

_ascii_header_value() now strips whitespace for ASCII-only values, but unlike the Unicode-sanitization path it does not fall back when the stripped result becomes empty (e.g., value is only whitespace). Consider returning fallback when value.strip() is empty as well, to keep behavior consistent and avoid emitting empty header values.

[Copilot]

This new test module is missing from __future__ import annotations, which appears to be used consistently across the existing test suite. Adding it keeps test files stylistically consistent and avoids surprises with forward references in type hints.

[Copilot]

The test patches the entire kimi_cli.auth.oauth.platform module, but only configures node() and version(). Because _common_headers() also calls _device_model() (which calls platform.system(), platform.machine(), etc.), those calls become MagicMocks and can take unintended branches (e.g., system == "Darwin" evaluating truthy), making the test less robust. Prefer patching only platform.node/platform.version, or explicitly set system()/machine()/release() return values to deterministic strings.

Suggested change

	mock_platform.version.return_value = "#101-Ubuntu SMP\n"
	mock_platform.version.return_value = "#101-Ubuntu SMP\n"
	mock_platform.system.return_value = "Linux"
	mock_platform.machine.return_value = "x86_64"
	mock_platform.release.return_value = "6.8.0-101"