🎯 Changes

Tools used inside code mode never validated their inputSchema/outputSchema. The normal agent-loop path validates args before execute and the result after (parseWithStandardSchema in activities/chat/tools/tool-calls.ts), but ai-code-mode's toolToBinding only used the schema to build the prompt and forwarded the sandbox's raw args straight through:

const execute = (args, context) => Promise.resolve(toolExecute(args, context))
So external_* tools received unvalidated, un-coerced input and their output went unchecked — a provided schema was effectively just documentation.

This change runs the same Standard Schema validation in toolToBinding's execute: defaults/coercions now apply, and invalid input/output throws an agent-readable error (Input/Output validation failed for tool : …) that surfaces back into the sandbox so the model can self-correct. Added unit tests covering input rejection, coercion/defaults, and output validation.

closes #793

Note: code mode has no existing E2E harness (no driver/route/page in testing/e2e). I've added unit coverage but flagging since CONTRIBUTING lists E2E as required.

✅ Checklist

• I have followed the steps in the Contributing guide.
• I have tested this code locally with pnpm run test:pr.

🚀 Release Impact

• This change affects published code, and I have generated a changeset.
• This change is docs/CI/dev-only (no release).

Summary by CodeRabbit

• Bug Fixes
  • Code mode tools now validate inputs and outputs against their declared schemas to ensure data integrity.
  • Schema-based defaults and coercions are automatically applied to tool inputs for improved consistency.
  • Invalid inputs or outputs generate clear, actionable error messages to aid in debugging and error resolution.