fix(cli): dangerous command approval bypass in execute_code RPC threads

[keetyHuang]

[teknium1]

Fixed in PR #34497 (merged to main, commit 3171845).

The execute_code RPC worker threads now propagate the agent turn's approval/session context and the thread-local approval/sudo callbacks via a single audited tools/thread_context.py helper, so the dangerous-command guard fires across every entry point. A one-shot check_execute_code_guard gates whole scripts in gateway/ask/cron-deny before the child spawns (fail-closed), and the env scrub drops the broad HERMES_* passthrough in favor of an operational allowlist + DSN/WEBHOOK secret block.

Thanks @firefly for the consolidated fix.

#34497