feat(agent): tool call prefix stripping for proxy providers

[xuandung38]

Summary

Proxy LLM providers like LiteLLM and OpenRouter may prepend a configurable prefix to tool call names returned by the model. For example, if the prefix template is proxy_{tool_name}, the model returns proxy_exec instead of exec.

This broke multiple systems:

• Tool policy validation — proxy_exec not in the allow list → blocked
• Registry lookup — no tool registered as proxy_exec → execution failed
• Hardcoded name checks — team_tasks and spawn detection in serial/parallel paths failed when prefixed

Changes

• StripToolPrefix() in internal/tools/policy.go

  • Supports literal prefix (proxy_) and template pattern (proxy_{tool_name})
  • Template extracts the actual tool name using prefix/suffix matching

• resolveToolCallName() in internal/agent/loop.go

  • Called before permission checks, registry execution, and spawn/team_tasks detection
  • Uses registryName (stripped) for all downstream operations while preserving original tc.Name in logs/spans
  • Applied in both serial and parallel tool execution paths

• Agent config persistence (internal/store/agent_store.go)

  • ParseToolCallPrefix() reads from tool_policy_config.toolCallPrefix
  • Backward compatibility with legacy toolPrefix JSON key

• Frontend (ui/web)

  • Text input in Tool Policy section of agent Config tab
  • Placeholder shows template format: prefix_{tool_name}
  • i18n support for EN, VI, ZH
  • Config save uses spread operator to preserve new fields

Files Changed

File	Change
internal/agent/loop.go	Add resolveToolCallName(), use registryName in serial + parallel paths
internal/config/config_channels.go	Add ToolCallPrefix to ToolPolicySpec
internal/store/agent_store.go	Add ParseToolCallPrefix() with backward compat
internal/tools/policy.go	Add StripToolPrefix() function
ui/web/.../tool-policy-section.tsx	Add prefix input field
ui/web/.../agent-config-tab.tsx	Wire prefix state + save
ui/web/src/types/agent.ts	Add toolCallPrefix to ToolPolicyConfig
ui/web/src/i18n/locales/{en,vi,zh}/agents.json	i18n strings
.gitignore	Ignore AI tool config directories

How It Works

LLM returns: proxy_exec({"command": "ls"})
                ↓
resolveToolCallName("proxy_exec")
                ↓
StripToolPrefix("proxy_{tool_name}", "proxy_exec") → "exec"
                ↓
registryName = "exec"  (used for policy check, registry lookup, spawn detection)
tc.Name = "proxy_exec" (preserved for logs and spans)

Test Plan

• Configure agent with toolCallPrefix: "proxy_{tool_name}"
• Send message that triggers tool calls
• Verify tools execute correctly (prefix stripped before registry lookup)
• Verify tool policy allow/deny works with canonical names
• Verify team_tasks and spawn detection works with prefixed names
• Verify parallel tool execution also strips prefix correctly
• Verify agents without prefix configured still work (no regression)
• UI: prefix input saves and persists across reload