fix: sanitize tool schema property keys with invalid characters

[rupjae]

Summary

• Adds sanitizePropertyKey() to loadTools.ts that converts < to _lt, > to _gt, and strips other characters not matching ^[a-zA-Z0-9_.-]{1,64}$
• Applies sanitization to all three code paths where OpenAPI property keys become tool schema keys (operation parameters, request body properties, nested object properties)
• Adds test covering the angle bracket sanitization case

Problem

Twilio's OpenAPI spec contains 24 parameter names with angle brackets (StartTime<, EndTime>, DateCreated<, etc.) for date range filtering. LLM tool-use APIs (e.g., Anthropic) validate property keys against ^[a-zA-Z0-9_.-]{1,64}$ and reject the entire request if any key is invalid.

Since all tools are sent with every API request, a single invalid key causes every message to fail — completely bricking the session:

API Error: 400 {"type":"error","error":{"type":"invalid_request_error","message":"tools.30.custom.input_schema.properties: Property keys should match pattern '^[a-zA-Z0-9_.-]{1,64}'"}}

Fixes #53

Test plan

• Added unit test for sanitization of angle brackets in property keys
• Existing tests should continue to pass (all property keys that were valid before remain unchanged)
• Verified via scanning all 1407 tools: 0 invalid property keys after fix (was 24 before)

🤖 Generated with Claude Code

[konpap94]

Can we please get this merged in? There's a few open issues here #58

[ayushmudgal]

+1 to the sentiment above 🙏

cc. @ktalebian @nmogil-tw @bpartridge83

[RJFerguson]

Hi @rupjae, thanks for the PR! I've approved #50 as it includes the reverse mapping needed so sanitized keys are restored before Twilio API calls (waiting on the small linter fix if that doesn't come relatively soon I'll merge as is). #50 doesn't cover nested object properties inside toSchema which your PR does address — if you need that, feel free to open a follow-up rebased on top of #50 or main if we get it in quickly.