fix(agent): address CRITICAL/HIGH security and validation issues

- Fix SSE JSON injection: use json.dumps for safe serialization
- Add tool validation to dispatcher with allowlist
- Add field validation to tool_registry with proper error handling
- Add run_id consistency check (409 on mismatch)
- Add RunAgentInput constraints: min_length, extra=forbid
- Fix crewai_flow: use Field(default_factory), prefix unused params

backend/src/v1/agent/schemas.py

@@ -3,18 +3,20 @@ from __future__ import annotations
 from typing import Any
 from uuid import UUID
 
-from pydantic import BaseModel, Field
+from pydantic import BaseModel, ConfigDict, Field
 
 
 class RunAgentInput(BaseModel):
-    threadId: str
-    runId: str
-    parentRunId: str | None = None
-    state: dict[str, Any]
-    messages: list[dict[str, Any]]
-    tools: list[dict[str, Any]]
-    context: list[dict[str, Any]]
-    forwardedProps: dict[str, Any]
+    model_config = ConfigDict(extra="forbid")
+
+    threadId: str = Field(min_length=1, max_length=255)
+    runId: str = Field(min_length=1, max_length=255)
+    parentRunId: str | None = Field(default=None, max_length=255)
+    state: dict[str, Any] = Field(default_factory=dict)
+    messages: list[dict[str, Any]] = Field(default_factory=list)
+    tools: list[dict[str, Any]] = Field(default_factory=list)
+    context: list[dict[str, Any]] = Field(default_factory=list)
+    forwardedProps: dict[str, Any] = Field(default_factory=dict)
     resume: dict[str, Any] | None = None