#20945: fix: strip thinking blocks with field-name signatures from OpenAI-compat sessions

## Summary - Problem: Some providers (e.g. OpenAI-compat APIs) return thinking blocks where the field name itself is used as a signature marker, causing poisoned session history when replayed. - Why it matters: Poisoned thinking blocks in session transcripts break subsequent completions and waste tokens. - What changed: Added `stripCompletionsReasoningFieldSignatures` to transcript policy and a new sanitizer in `pi-embedded-helpers/openai.ts` that strips these blocks. Wired into Google provider path. - What did NOT change (scope boundary): Core Copilot SDK, model catalog, auth flows — those are in separate PRs. Split out from #17333. ## Change Type (select all) - [x] Bug fix - [ ] Feature - [ ] Refactor - [ ] Docs - [ ] Security hardening - [ ] Chore/infra ## Scope (select all touched areas) - [ ] Gateway / orchestration - [x] Skills / tool execution - [ ] Auth / tokens - [ ] Memory / storage - [ ] Integrations - [ ] API / contracts - [ ] UI / DX - [ ] CI/CD / infra ## Linked Issue/PR - Related #17333 ## User-visible / Behavior Changes Sessions that previously accumulated poisoned thinking blocks will now have them stripped before replay. No config change required. ## Security Impact (required) - New permissions/capabilities? No - Secrets/tokens handling changed? No - New/changed network calls? No - Command/tool execution surface changed? No - Data access scope changed? No ## Evidence - [x] Failing test/log before + passing after - 139 lines of new tests in `pi-embedded-helpers.strip-completions-reasoning.test.ts` - 45 lines of new tests in `transcript-policy.test.ts` ## Compatibility / Migration - Backward compatible? Yes - Config/env changes? No - Migration needed? No ## Risks and Mitigations - Risk: Over-stripping legitimate content that matches thinking block patterns. - Mitigation: Pattern matching is narrow (field-name-as-signature only); existing tests cover edge cases. ## Failure Recovery (if this breaks) - Revert this commit; session replay reverts to passing through thinking blocks as-is. <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds sanitization for thinking blocks with field-name signatures in OpenAI-compatible sessions. When `@github-copilot` sessions replay through Anthropic's API, thinking blocks where `pi-ai` stored reasoning field names (`reasoning_text`, `reasoning_content`, `reasoning`) as `thinkingSignature` cause 400 errors. The new `stripCompletionsReasoningFieldSignatures` function removes these poisoned blocks before replay. - Added `stripCompletionsReasoningFieldSignatures` to strip thinking blocks with field-name signatures - Wired into transcript policy for `github-copilot` provider using OpenAI-compatible APIs - 139 lines of test coverage in new test file - 45 lines of test coverage for policy resolution - Narrow pattern matching prevents over-stripping legitimate signatures <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The implementation is well-tested with 184 lines of new tests covering all edge cases, the logic is narrow and defensive (only strips specific field-name signatures), and the change is scoped to a specific provider path. The code follows TypeScript best practices with proper null checks and type guards. - No files require special attention _{Last reviewed commit: 3b8a06e} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->