fix(docker): forward HERMES_RPC_DIR to sandbox containers for execute_code RPC

[Tranquil-Flow]

What does this PR do?

When execute_code runs inside a Docker sandbox, hermes_tools.py needs HERMES_RPC_DIR to communicate tool calls back to the host. Previously, HERMES_RPC_DIR was only set inline for the python3 script.py process, not in the container's persistent environment — so the RPC polling thread and any child processes couldn't read it, resulting in tool_calls_made: 0.

Related Issue

Closes #13142

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 🔒 Security fix
• 📝 Documentation update
• ✅ Tests (adding or improving test coverage)
• ♻️ Refactor (no behavior change)
• 🎯 New skill (bundled or hub)

Changes Made

Three-file fix:

• tools/environments/docker.py: New get_docker_rpc_dir(task_id) function that returns a deterministic, task-scoped path under $TMPDIR/hermes_rpc/<safe_task_id>. Task ID is sanitized for filesystem safety.
• tools/code_execution_tool.py: For Docker environments, uses the task-scoped RPC dir (not nested under the sandbox dir). Creates it explicitly, passes it via env prefix, and cleans it up separately.
• tools/terminal_tool.py: Injects HERMES_RPC_DIR into docker_env via setdefault so all container exec calls see it. Respects explicit overrides already set in config.

How to Test

1. Run:

   pytest tests/tools/test_docker_rpc_dir.py tests/tools/test_code_execution.py -v

2. 8 focused tests (70 total including existing): Docker env injection, existing var preservation, explicit override protection, empty config handling, task-specific dirs, local env unaffected, and end-to-end _execute_remote with task-scoped RPC dir.
3. Tested on: macOS 15 (Apple Silicon)

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix/feature (no unrelated commits)
• I've run pytest tests/ -q and all tests pass
• I've added tests for my changes (required for bug fixes, strongly encouraged for features)
• I've tested on my platform: macOS 15 (Darwin 24.6.0)

Documentation & Housekeeping

• I've updated relevant documentation (README, docs/, docstrings) — or N/A
• I've updated cli-config.yaml.example if I added/changed config keys — or N/A
• I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
• I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
• I've updated tool descriptions/schemas if I changed tool behavior — or N/A

Screenshots / Logs

pytest tests/tools/test_docker_rpc_dir.py tests/tools/test_code_execution.py -v
# 70 tests including 8 new focused tests, all pass