fix: handle legacy OTP format in decodeOTPValue for deploy-time compat

Add guard for OTP values without colon separator (pre-deploy format)
to avoid misparse that would lock out users with in-flight OTPs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/chat/[identifier]/otp/route.ts

@@ -34,10 +34,9 @@ function encodeOTPValue(otp: string, attempts: number): string {
 
 function decodeOTPValue(value: string): { otp: string; attempts: number } {
   const lastColon = value.lastIndexOf(':')
-  return {
-    otp: value.slice(0, lastColon),
-    attempts: Number.parseInt(value.slice(lastColon + 1), 10),
-  }
+  if (lastColon === -1) return { otp: value, attempts: 0 }
+  const attempts = Number.parseInt(value.slice(lastColon + 1), 10)
+  return { otp: value.slice(0, lastColon), attempts: Number.isNaN(attempts) ? 0 : attempts }
 }
 
 /**