messages: sanitize visible DCP metadata output

[ricatix]

Summary

• stop appending DCP message-id tags directly into completed tool output during assistant message injection
• sanitize visible tool output and assistant text via shared output sanitization hooks
• add regression coverage for message-id and system-reminder stripping in visible output paths

Why

Internal DCP metadata should not leak into user-visible OpenCode output. This patch moves message-id injection away from completed tool output and sanitizes the visible render paths that can still surface DCP tags.

Testing

• bun run test
• bun run typecheck
• bun run build
• manually reproduced the prior leak locally and verified the same sanitization behavior before upstreaming

Notes

• sanitizeVisibleOutput() also collapses 3+ newlines to 2 and trims trailing whitespace after metadata removal

[Tarquinen]

wow yea this actually looks really good. Can I ask what the motivation was for removing IDs from tool parts? I think you're right its probably better because its cleaner, but did you have something else in mind?

Also I don't understand what you mean by IDs leaking into user visible tool outputs. Do you have a picture of what this looks like? I've never seen it or had any other reports of this happening. Tool outputs are user created, so I don't really see how any DCP xml tagged hallucinations could end up there. The other hallucination stripping logic was because some models would hallucinate responses that looked exactly like DCP injections because they had it in their context. I thought having the IDs in the tools maybe reduces this as well, because it would mean less injections into text parts for the model to be influenced by into hallucinations.

What do you think? Is there some client other than TUI that is affected by DCP injections into tool outputs?