fix(attempt): re-run OpenAI transcript sanitizers after contextEngine.assemble()

[Br1an67]

Summary

Re-apply downgradeOpenAIReasoningBlocks and downgradeOpenAIFunctionCallReasoningPairs after contextEngine.assemble() when the model API is openai-responses or openai-codex-responses. This prevents assembled messages from re-introducing call_id|fc_id pairs that OpenAI Responses rejects.

Change Type

• Bug fix

Scope

• Core (src/)

Linked Issue/PR

Closes #42794

Security Impact

• No security implications

Repro + Verification

• attempt.test.ts (64 tests) all pass
• Build passes

Human Verification

Enable a contextEngine plugin, send messages that trigger function calls, verify no transcript sanitizer bypass errors.

Compatibility / Migration

Backward compatible — only adds post-assemble sanitization for openai-responses/codex models.

Risks and Mitigations

Low risk — mirrors existing sanitization logic from sanitizeSessionHistory().

[greptile-apps]

Greptile Summary

This PR re-applies the two OpenAI Responses-specific transcript sanitizers (downgradeOpenAIReasoningBlocks → downgradeOpenAIFunctionCallReasoningPairs) on the message array produced by contextEngine.assemble(), mirroring the treatment already done in sanitizeSessionHistory. The change is minimal and targeted, addressing issue #42794 where assembled messages could re-introduce call_id|fc_id pairs or incomplete reasoning blocks that the OpenAI Responses API rejects.

• The sanitizer order (downgradeOpenAIReasoningBlocks first, downgradeOpenAIFunctionCallReasoningPairs second) exactly matches the order in sanitizeSessionHistory (google.ts:579-580) and is semantically correct — stripping incomplete reasoning blocks before evaluating whether fc_*-suffixed call IDs need downgrading.
• The API guard (openai-responses / openai-codex-responses) is consistent with all other guards in this file.
• One pre-existing minor asymmetry worth being aware of (not introduced by this PR): the live streamFn wrapper at lines 2001-2022 only wraps downgradeOpenAIFunctionCallReasoningPairs and does not wrap downgradeOpenAIReasoningBlocks. This means incomplete reasoning blocks in messages produced during the agent loop are not stripped there, though in practice in-loop reasoning blocks from OpenAI should always be valid. The post-assembly path added here correctly applies both sanitizers at storage time, which is the right place to handle history from contextEngine.

Confidence Score: 4/5

• Safe to merge — minimal, targeted fix that mirrors an established sanitization pattern with no behavioural changes for non-OpenAI-Responses models.
• The change is small and follows an existing, well-understood pattern (sanitizeSessionHistory in google.ts). Both sanitizer functions are idempotent and the post-assembly path is guarded by a reference-equality check, so there is no risk of over-sanitization. The only uncertainty is in integration behaviour of contextEngine.assemble() across all possible plugin configurations, which requires human verification as noted in the PR description.
• No files require special attention beyond verifying contextEngine plugin behaviour end-to-end.

_{Last reviewed commit: 3cf4bb7}

[Br1an67]

Closing to manage active PR count. Will reopen when slot is available.