#12949: fix(bedrock): sanitize tool names for Bedrock Converse API constraints

## Summary Fixes Bedrock models failing with validation errors when tool names contain invalid characters (like `.`) or exceed 64 characters. ## Problem AWS Bedrock Converse API requires tool names to match `[a-zA-Z0-9_-]+` and be ≤64 chars. OpenClaw passes tool names as-is, causing: ``` Value at '...toolUse.name' failed to satisfy constraint: Member must satisfy regular expression pattern: [a-zA-Z0-9_-]+ ``` ## Changes **`src/agents/pi-embedded-runner/bedrock.ts`** (new) - `sanitizeBedrockToolName()` — replaces invalid chars with `_`, truncates to 64 - `sanitizeToolNamesForBedrock()` — applies only for `amazon-bedrock` provider or `bedrock-converse-stream` API **`src/agents/pi-embedded-runner/run/attempt.ts`** - Added Bedrock sanitization after existing Google sanitization **`src/agents/pi-embedded-runner/compact.ts`** - Same Bedrock sanitization for compaction path **`src/agents/pi-embedded-runner/bedrock.test.ts`** (new) - 8 tests covering: valid names unchanged, invalid char replacement, truncation, provider gating, object identity preservation ## Testing - All 8 bedrock tests pass ✅ - 🤖 AI-assisted (Claude) — fully tested Closes #12892 <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds Bedrock-specific tool-name sanitization for the Converse API constraints (allowed chars + 64-char max), and wires it into both the main embedded attempt path and the compaction path right after existing Google tool sanitization. The new `sanitizeToolNamesForBedrock()`/`sanitizeBedrockToolName()` utilities rewrite tool names only when running against the `amazon-bedrock` provider or the `bedrock-converse-stream` model API, and new unit tests cover basic replacement/truncation and provider/model gating. <h3>Confidence Score: 3/5</h3> - This PR is close to mergeable but has a couple of correctness edge cases that can break Bedrock tool calling. - The core sanitization logic and wiring look straightforward and well-tested for basic cases, but it currently doesn’t guarantee uniqueness after sanitization/truncation and can pass through empty names, both of which can cause Bedrock validation failures or ambiguous tool dispatch in practice. - src/agents/pi-embedded-runner/bedrock.ts <!-- greptile_other_comments_section --> <!-- /greptile_comment -->