This patch keeps server-only controls out of tool payload schemas while preserving rich result sidecars for observers.

Runtime tool calls now strip the reserved server_data payload field before generated codecs, service executors, agent-as-tool prompt rendering, and child run arguments see the JSON. That keeps strict tool contracts stable even when a model includes observer-facing controls in a tool call.

What changed:

• Prevents strict payload decoders from rejecting valid tool calls because of reserved server_data controls.
• Keeps child agent runs from inheriting server-only payload keys in their canonical tool arguments.
• Preserves the existing result-side ServerData sidecar contract for UI artifacts, evidence, and internal tool composition.
• Adds regression coverage for both generated-style activity execution and agent-as-tool invocation.

Validation:

• go test ./runtime/agent/runtime
• PR CI passed for build and integration tests.