Security: redact PII from user-facing LLM error messages

[dgarson]

Summary\n- redact common PII patterns (email, phone, SSN, payment card numbers) from user-facing provider error text\n- suppress long prompt/input echo payloads with a privacy-safe generic message\n- keep existing HTTP/type/request-id framing so debugging context remains useful\n\n## Testing\n- pnpm -C /Users/openclaw/.openclaw/workspace/clawdbot exec vitest src/agents/pi-embedded-helpers.formatassistanterrortext.test.ts\n\n## Work Item\n- dgarson/clawdbot#20279\n

[dgarson]

✅ Overall assessment: solid security improvement, ready to merge

Summary

This PR adds privacy-focused sanitization to user-facing LLM/API error text by redacting common PII (email, phone, SSN, likely card numbers) and suppressing long input/prompt echo payloads. It preserves useful troubleshooting context (HTTP code/type/request_id framing).

What I checked

• Redaction logic placement and call paths (formatRawAssistantErrorForUi)
• Card detection approach (Luhn check to reduce false positives)
• Existing UX/error-shape behavior preserved for non-sensitive errors
• New regression tests for PII redaction and prompt-echo suppression

Concerns / issues

• No blocking issues found.

Suggestions

• Optional follow-up: add a test case confirming request_id formatting remains unchanged while message content is redacted.
• Optional follow-up: add a test for card-like numeric strings that fail Luhn to document expected non-redaction behavior.

Blocking issues

• None.