#13976: fix(anthropic): include Anthropic in tool call ID sanitization

#### Summary Anthropic API rejects tool_use IDs that contain underscores (e.g. `toolu_01XYZ`), requiring IDs to match `^[a-zA-Z0-9-]+$`. However, `sanitizeToolCallIds` only covers Google and Mistral — Anthropic is missing. This causes persistent API errors when tool call IDs from other providers contain invalid characters. Fixes #13799 #### Root Cause In `transcript-policy.ts`: ```ts // Before (missing Anthropic) const sanitizeToolCallIds = isGoogle || isMistral; // After const sanitizeToolCallIds = isGoogle || isMistral || isAnthropic; ``` The gateway logs "Tool calls will be sanitized on retry" but since `sanitizeToolCallIds` is false for Anthropic, the retry uses unsanitized IDs too — causing an infinite loop. #### Behavior Changes - Anthropic provider now has `sanitizeToolCallIds: true` with `toolCallIdMode: "strict"` - Tool call IDs with underscores or other invalid chars get sanitized before sending to Anthropic - No change to OpenAI, Google, or Mistral behavior #### Tests 9 new tests in `transcript-policy.test.ts`: ``` ✓ src/agents/transcript-policy.test.ts (9 tests) 5ms ``` Covers sanitizeToolCallIds and toolCallIdMode for Anthropic, Google, Mistral, and OpenAI. lobster-biscuit **Sign-Off** - Models used: Claude Opus 4 - Submitter effort: AI-assisted, verified provider detection logic - Agent notes: One-line fix with significant impact — prevents infinite retry loops on Anthropic <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> Added Anthropic to the list of providers that require tool call ID sanitization. The Anthropic API requires tool call IDs to match `^[a-zA-Z0-9-]+$` (no underscores), but `sanitizeToolCallIds` only covered Google and Mistral, causing retry loops when tool call IDs from other providers contained invalid characters. The one-line fix on `transcript-policy.ts:98` now includes `isAnthropic` in the condition, and comprehensive tests verify the behavior for all major providers (Anthropic via both `provider` and `modelApi`, Google, Mistral, and OpenAI). <h3>Confidence Score: 5/5</h3> - Safe to merge with minimal risk - One-line fix with clear intent, comprehensive test coverage (9 new tests), and consistent with existing provider detection patterns. The change is minimal, well-isolated, and matches the described issue perfectly. - No files require special attention <!-- greptile_other_comments_section --> <!-- /greptile_comment -->