#14098: Sanitize JSON tool-call payload text

## Summary - add stripJsonToolCallText helper to remove raw tool-call JSON payloads before they reach user surfaces - call the helper from extractAssistantText, sanitizeTextContent, and the streaming pipeline so Ollama/local providers can no longer leak blobs when tool downgrades happen - add regression tests covering the helper and ensuring extractAssistantText drops JSON payloads but retains normal JSON blobs ## Testing - corepack pnpm vitest run src/agents/pi-embedded-utils.test.ts <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> Adds defense against raw JSON tool-call payload leakage in text content. When local/Ollama providers downgrade tool calls to text (due to incompatibility or errors), the raw JSON can leak into user-facing surfaces. This PR introduces `stripJsonToolCallText()` helper that detects and removes JSON objects/arrays matching tool-call structure (having `name` + one of: `arguments`, `args`, `input`, `tool_input`, `parameters`, `payload`). The helper is integrated into the streaming pipeline (`pi-embedded-subscribe.ts`), text extraction (`extractAssistantText`), and message sanitization (`sanitizeTextContent`). Test coverage includes both removal of tool payloads and preservation of legitimate JSON blobs. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The implementation is defensive and well-tested. The helper function includes both strict JSON parsing validation and a fallback regex pattern. All integration points (streaming, extraction, sanitization) are covered. Test cases verify both positive (removing tool payloads) and negative (preserving legitimate JSON) scenarios. The change only affects text sanitization paths and cannot break tool call functionality. - No files require special attention <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->