fix: preserve tool-call history across thread hydration (#568)

  Prevent model re-attempts and data inconsistencies when rebuilding
  conversation context from persisted tool-call records.

  - Remove raw tool parameters from persisted tool_calls JSON to prevent
    unredacted sensitive data from being stored in the database. The LLM
    context rebuild only needs call_id + name + result.
  - Make record_tool_error/record_tool_result mutually exclusive in all
    three execution paths (dispatcher, approval, deferred). Previously
    error cases called both methods, violating the TurnToolCall invariant
    and sending contradictory outcomes to the LLM.
  - Unify call_id format to turn{N}_{i} between live sessions and
    persisted hydration to eliminate ID mismatch in the LLM context.
  - Auto-close </tool_output> XML tags after truncate_preview truncation
    to prevent malformed tool output reaching the LLM.

  [skip-regression-check]

Author: reidliu41

src/agent/dispatcher.rs

@@ -743,23 +743,6 @@ impl Agent {
                                         .await;
                                 }
 
-                                // Record result in thread
-                                {
-                                    let mut sess = session.lock().await;
-                                    if let Some(thread) = sess.threads.get_mut(&thread_id)
-                                        && let Some(turn) = thread.last_turn_mut()
-                                    {
-                                        match &tool_result {
-                                            Ok(output) => {
-                                                turn.record_tool_result(serde_json::json!(output));
-                                            }
-                                            Err(e) => {
-                                                turn.record_tool_error(e.to_string());
-                                            }
-                                        }
-                                    }
-                                }
-
                                 // Check for auth awaiting — defer the return
                                 // until all results are recorded.
                                 if deferred_auth.is_none()
@@ -799,6 +782,7 @@ impl Agent {
                                 }
 
                                 // Sanitize and add tool result to context
+                                let is_tool_error = tool_result.is_err();
                                 let result_content = match tool_result {
                                     Ok(output) => {
                                         let sanitized =
@@ -812,6 +796,23 @@ impl Agent {
                                     Err(e) => format!("Tool '{}' failed: {}", tc.name, e),
                                 };
 
+                                // Record sanitized result in thread so messages()
+                                // and persist_tool_calls() use cleaned content.
+                                {
+                                    let mut sess = session.lock().await;
+                                    if let Some(thread) = sess.threads.get_mut(&thread_id)
+                                        && let Some(turn) = thread.last_turn_mut()
+                                    {
+                                        if is_tool_error {
+                                            turn.record_tool_error(result_content.clone());
+                                        } else {
+                                            turn.record_tool_result(serde_json::json!(
+                                                result_content
+                                            ));
+                                        }
+                                    }
+                                }
+
                                 context_messages.push(ChatMessage::tool_result(
                                     &tc.id,
                                     &tc.name,