feat(command-safety): per-manager ALLOW_* env vars for package managers

[nichm]

Summary

• Adds COMMAND_SAFETY_ALLOW_* env vars so each package manager can be individually unblocked without touching the others
• All blocking rules remain active by default — this is purely opt-in per manager
• COMMAND_SAFETY_DISABLE_PACKAGE_MANAGERS=true still works as an all-or-nothing kill switch

New vars

Set in ~/.zshrc.local before shell-config is sourced:

# Node/JS — unblock specific managers only
export COMMAND_SAFETY_ALLOW_NPM=true   # unblocks npm (yarn/pnpm still blocked)
export COMMAND_SAFETY_ALLOW_NPX=true   # unblocks npx
export COMMAND_SAFETY_ALLOW_YARN=true  # unblocks yarn
export COMMAND_SAFETY_ALLOW_PNPM=true  # unblocks pnpm

# Python — pip and python/python3 are independently configurable
export COMMAND_SAFETY_ALLOW_PIP=true    # unblocks pip/pip3 (python still blocked)
export COMMAND_SAFETY_ALLOW_PYTHON=true # unblocks python/python3 (pip still blocked)

Tests

21 new regression tests in tests/regression/package-manager-allow-vars.bats cover:

• Each allow var unblocks only its own manager
• All other managers remain blocked when only one allow is set
• Node allow vars don't affect Python rules and vice versa

Closes #2

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist[^1]! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the command safety system by providing more granular control over package manager restrictions. Users can now opt-in to allow specific tools while maintaining the default blocking behavior for others, improving flexibility for specialized project requirements without compromising the overall safety policy.

Highlights

• Granular Command Safety: Introduced environment variables (e.g., COMMAND_SAFETY_ALLOW_NPM, COMMAND_SAFETY_ALLOW_PIP) to allow unblocking specific package managers individually without disabling all safety rules.
• Regression Testing: Added 21 new BATS regression tests to ensure that enabling one allow-flag does not inadvertently unblock other managers and that Node/Python rules remain independent.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[github-actions]

Failed to generate code suggestions for PR

[github-actions]

Failed to generate code suggestions for PR

[github-actions]

Failed to generate code suggestions for PR

[gemini-code-assist]

Code Review

This pull request introduces fine-grained control over package manager safety rules by adding COMMAND_SAFETY_ALLOW_* environment variables. These flags allow users to selectively unblock specific tools like npm, yarn, or pip while keeping others restricted. The changes include updates to the rule definitions, documentation in the settings file, and a comprehensive suite of regression tests. Feedback suggests refactoring the new test file to use helper functions for checking blocked and unblocked states, which would reduce boilerplate and improve maintainability.

[gemini-code-assist]

These tests are great for ensuring correctness, but there's a lot of boilerplate repeated in each @test block. To improve maintainability and make the test suite easier to read and extend, consider using helper functions for the common test patterns.

For example, you could define _test_unblocked and _test_still_blocked helpers:

# Helper to check if a command is NOT blocked when its allow-var is set
_test_unblocked() {
    local var_to_set="$1"; shift
    local -a cmd_to_run=("$@")
    run bash -c "
        export $var_to_set=true
        $(_engine_with_rules)
        _check_command_rules ${cmd_to_run[@]}
    "
    [ "$status" -ne 1 ]
}

# Helper to check if a command IS blocked when another allow-var is set
_test_still_blocked() {
    local var_to_set="$1"; shift
    local -a cmd_to_run=("$@")
    run bash -c "
        export $var_to_set=true
        $(_engine_with_rules)
        _check_command_rules ${cmd_to_run[@]}
    "
    [ "$status" -eq 1 ]
}

With these helpers (placed after _engine_with_rules), your tests become much more concise:

@test "ALLOW_NPM: npm not blocked when COMMAND_SAFETY_ALLOW_NPM=true" {
    _test_unblocked COMMAND_SAFETY_ALLOW_NPM npm install lodash
}

@test "ALLOW_NPM: yarn still blocked when only COMMAND_SAFETY_ALLOW_NPM=true" {
    _test_still_blocked COMMAND_SAFETY_ALLOW_NPM yarn add lodash
}

@test "ALLOW_NPM: pnpm still blocked when only COMMAND_SAFETY_ALLOW_NPM=true" {
    _test_still_blocked COMMAND_SAFETY_ALLOW_NPM pnpm install lodash
}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8ef2b227f1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Exempt python -m pip when ALLOW_PIP is enabled

When COMMAND_SAFETY_ALLOW_PIP=true is set, pip/pip3 are unblocked by skipping their rules, but python -m pip ... and python3 -m pip ... are still blocked because the catch-all PYTHON_DIRECT/PYTHON3_DIRECT rules still match every python/python3 invocation. This breaks a common pip workflow (often the only available one in managed environments) and makes the new per-manager allow flag incomplete for pip usage.

Useful? React with 👍 / 👎.