fix(agent): validate tool calls before persisting to prevent session poisoning (rebased)

[Bartok9]

Problem

Rebased version of #4724.

Malformed tool calls (empty function name, non-JSON arguments) silently enter session history and cause repeated HTTP 400 errors on every subsequent turn when that history is replayed to strict providers. The session becomes permanently broken — requiring /new to recover.

Root Cause

The tool-call persistence loop (_build_assistant_message) did not validate tool calls before appending them to session history.

Fix

Adds _is_valid_tool_call() static method and calls it in the persistence loop. Invalid calls are logged as warnings and skipped:

if not self._is_valid_tool_call(tool_call):
    logging.warning(f"Skipping malformed tool call: name={fn_name!r}...")
    continue

Validation checks:

• function attribute exists
• name is a non-empty string
• arguments (when present) is a non-empty string that parses as a JSON object

Changes

File	Change
run_agent.py	_is_valid_tool_call() static method + validation in persistence loop

Supersedes #4724.

[Bartok9]

The test CI failure is pre-existing on main — the current upstream main commit faa13e49 also has a failing test check. This PR does not introduce that test failure.

[Bartok9]

Rebased on current main (faa13e49) and resolved the assistant tool-call conflict by preserving upstream's assistant_tool_calls path while keeping the malformed-call validation before persistence. Ready for review.

[Bartok9]

Test CI failure is pre-existing on main — verified at main faa13e49. This PR does not introduce the test failure.

[Bartok9]

The test CI failure is pre-existing on main — verified at main SHA 1997b3ba. Not introduced by this PR.

[Bartok9]

The test CI failure is pre-existing on main — verified at main SHA 524cbabd. Not introduced by this PR.

[Bartok9]

Closing — this fix has landed on main via a subsequent PR or is superseded. Thanks for the review.