hermes - 💡(How to fix) Fix feat(hooks): add transcript_path to pre_tool_call / post_tool_call hook payload [1 pull requests]

Problem

The pre_tool_call and post_tool_call hook payloads do not include conversation history or a reference to it. This means hook scripts can only make "context-blind" decisions — they see the tool name and arguments but not what the user asked for or why the agent decided to make this call.

This is a gap compared to the other two major agent CLI tools:

Both Claude Code and Codex pass transcript_path — a path to a JSON file containing the full conversation transcript. Hook scripts that need context can read it; scripts that don't can ignore it. This enables intent-aware policy decisions without any core changes to the agent loop.

Why it matters

Without conversation context, hooks can only enforce unconditional rules ("always block rm -rf /"). With context, hooks can make intent-aware decisions:

• User says "clean up old branches" → agent runs git push --force → authorized → allow
• User says "fix a bug" → agent runs git push --force → unauthorized → block

Same command, different intent, different outcome. This is exactly what Claude Code's auto mode classifier does, and what external security tools (e.g., NeSy reasoning graph, AgentGuard) already implement via Claude Code/Codex hooks by reading transcript_path.

Current code

The gap is in three places:

1. hermes_cli/plugins.py:1666 — get_pre_tool_call_block_message() does not accept a transcript/history parameter:

def get_pre_tool_call_block_message(
    tool_name, args, task_id, session_id, tool_call_id
)

2. agent/shell_hooks.py:466 — _serialize_payload() does not include transcript_path:

payload = {
    "hook_event_name", "tool_name", "tool_input",
    "session_id", "cwd", "extra"
}

3. Agent loop — calls get_pre_tool_call_block_message() with messages available in scope but does not pass them down.

Proposed solution

Add transcript_path to the hook payload, following the same pattern as Claude Code and Codex:

1. get_pre_tool_call_block_message() gains a transcript_path parameter (or similar reference to conversation history)
2. _serialize_payload() includes it in the JSON payload sent to hook scripts via stdin
3. Agent loop passes the transcript/history reference at the call site

The transcript can be a file path (like Claude Code/Codex), or the session transcript path that Hermes already stores internally. A file path is preferred because:

• Large transcripts don't bloat the payload
• Hook scripts can choose whether to read it
• Consistent with Claude Code / Codex convention — existing hook scripts from those ecosystems can work on Hermes with minimal changes

Impact

• No breaking change: existing hooks that don't use transcript_path continue to work
• Enables cross-agent security tooling: tools like NeSy (github.com/6tizer/nesy-reasoning-mcp) that already read transcript_path from Claude Code hooks could work with Hermes without modification
• Aligns the three agent CLIs: Claude Code, Codex, and Hermes would share the same hook contract for PreToolUse, making security tooling portable across all three

Related

• #25262 — Add pre/post tool-call hooks to the plugin context API (Python plugin API level)
• #11753 — Pre-compression task state preservation hook (mentions precompact trigger exists but is not wired)
• Claude Code hooks reference: https://code.claude.com/docs/en/hooks
• Codex hooks reference: https://developers.openai.com/codex/hooks