fix: validate tool calls before persisting to prevent session poisoning

[Bartok9]

Problem

Malformed tool calls can poison a session and cause repeated 400 errors when replayed to strict providers. Once invalid tool calls are persisted in session history, every subsequent request fails because the same malformed history is replayed.

Observed failure mode:

HTTP 400: InternalError.Algo.InvalidParameter: The "function.arguments" parameter of the code model must be in JSON format.

This happens when persisted tool calls contain:

• Empty function.name
• Empty function.arguments string
• Non-JSON or invalid JSON arguments
• JSON arguments that are arrays or primitives instead of objects

Solution

Adds two layers of defense:

1. _is_valid_tool_call() - Validation at persist time

Validates tool calls before persisting to session history in _build_assistant_message(). Invalid tool calls are logged and skipped rather than persisted:

if not self._is_valid_tool_call(tool_call):
    logging.warning(f"Skipping malformed tool call: name={fn_name!r}, arguments=...")
    continue

2. _sanitize_tool_calls_for_strict_api() - Enhanced API-level filtering

Provides a second layer of defense by filtering malformed tool calls when preparing messages for API calls. This helps with existing poisoned sessions.

Validation rules

• Function name must be a non-empty string
• Arguments must be valid JSON object (dict), not array or primitive
• Empty arguments string is invalid (should be "{}" at minimum)
• None arguments are allowed (some providers omit for empty args)

Testing

Added comprehensive test coverage in tests/test_tool_call_validation.py:

• 18 tests covering all validation scenarios
• Tests for both validation function and sanitization function
• All tests pass ✅

Fixes

Fixes #4662

[Bartok9]

Superseded by #14407 — rebased onto current main with full coverage.

[alt-glitch]

Superseded by #14407 (rebased version).