fix: read account id from jwt sub in scheduled task tool

[saschabuehrle]

Fixes #1052

The scheduled task tool was reading user.id from verifyToken, but the JWT payload provides the user id in sub. This now falls back to sub and rejects invalid numeric ids before creating the task.

Greetings, saschabuehrle

[blinko-space]

Review: Needs one more pass 🔄

Thanks for digging into #1052 — the diagnosis is spot-on. verifyToken in server/lib/helper.ts:173 returns the raw JWT payload which only has sub; getTokenFromRequest at lines 191/198 even backfills id from sub explicitly, which confirms your reading.

However — the same bug is untouched in two sibling tools in this exact file

• scheduledTask.ts:95 — deleteScheduledTaskTool still does Number(user.id)
• scheduledTask.ts:157 — listScheduledTasksTool still does Number(user.id)

So after this PR the AI can create scheduled tasks via JWT, but delete and list will still silently fail (they'll get NaN → Invalid user id or wrong account). Please extend the same fix to both call sites in this PR — it's 4 lines and it's the same bug.

Minor: match the sibling-tool pattern

Every other AI tool in server/aiServer/tools/ already handles this cleanly without as any:

// createBlinko.ts:16, updateBlinko.ts:22, searchBlinko.ts:28,
// deleteBlinko.ts:15, createComment.ts:17
const accountId = runtimeContext?.get('accountId') || (await verifyToken(context.token))?.sub;

Consider refactoring scheduledTask.ts to match — it's more consistent and drops the two as any casts. Your Number.isFinite guard is still a good addition on top.

Tests

Per our contributor guide, backend fixes should include an integration test covering the full JWT → tool call path. Not a hard blocker for this scope, but would be nice.

Once the two extra call sites are fixed, I'll re-review and ship it. 🚀