fix(kiro): harden identity and request normalization

[acking-you]

Summary

Fix two post-merge Kiro review issues from PR #27 and two production 400s seen online:

• Avoid treating normal product/platform implementation requests as identity-conflict probes.
• Keep protected thinking signatures from client-held pre-Bytecat-envelope history verifiable after deploy.
• Accept OpenAI-style developer role messages by promoting them to Anthropic top-level system before validation.
• Normalize historical assistant tool_use.id values to Bedrock-safe [a-zA-Z0-9_-]+ IDs and keep matching tool_result.tool_use_id in sync.

Root cause

The conflict-probe heuristic still allowed product token + platform to trigger canned identity JSON without requiring identity, model, thinking, or runtime-platform intent.

The protected signature verifier recomputed only the newest Bytecat-shaped envelope, so any assistant thinking block signed with the previous envelope could fail validation when clients sent it back in later turns.

The Kiro/Anthropic converter normalized system role noise before validation but left developer role messages untouched, so they reached the strict validator as unsupported roles. Historical tool_use.id values were only rewritten when duplicated, not when they contained characters rejected by Bedrock/Kiro.

What changed

• Require explicit identity/thinking/conflict intent before product/platform mentions can trigger the conflict identity path.
• Keep generating new protected signatures with the current Bytecat-shaped envelope while accepting the previous envelope for verification.
• Promote non-empty developer text instructions into top-level system; reject non-text developer blocks with a targeted invalid-request error.
• Sanitize invalid historical tool_use.id values, avoid collisions, and rewrite matching tool results consistently.
• Add regression tests for identity false positives, legacy signatures, developer-role normalization, invalid tool-use IDs, and ID collision handling.

Tests

• CARGO_TARGET_DIR=/mnt/wsl/data4tb/static-flow-data/cargo-target/static_flow cargo test -p llm-access-kiro --jobs 4
• CARGO_TARGET_DIR=/mnt/wsl/data4tb/static-flow-data/cargo-target/static_flow cargo clippy -p llm-access-kiro --jobs 4 -- -D warnings
• git diff --check

[gemini-code-assist]

Code Review

This pull request refines the platform identity conflict probe detection logic for Chinese and English and adds support for verifying legacy thinking signature envelopes to maintain compatibility with client-held history. The review feedback suggests a performance optimization in both has_platform_identity_intent_zh and has_platform_identity_intent_en by reordering the boolean conditions so that the expensive is_model_identity_probe check is evaluated last, allowing cheaper string checks to short-circuit early.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f78c08c017

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".