feat: add allowed_commands support to profile security config

[josephgimenez]

Summary

• Adds allowed_commands field to SecurityConfig so profiles can allowlist commands that are blocked by default policy
• Wires allowed_commands into from_profile() capability building, applied before CLI --allow-command overrides
• Passes through allowed_commands from ProfileDef in built-in profile conversion

Closes #158

Changes

File	Change
crates/nono-cli/src/profile/mod.rs	Add allowed_commands: Vec<String> to SecurityConfig with #[serde(default)]
crates/nono-cli/src/capability_ext.rs	Apply profile.security.allowed_commands via caps.add_allowed_command() before CLI overrides
crates/nono-cli/src/policy.rs	Pass through allowed_commands in ProfileDef::to_profile()
CHANGELOG.md	Add feature entry
README.md	Add allowed_commands to Destructive Command Blocking section
crates/nono-cli/README.md	Add profile-based override example to Command Blocking section
docs/cli/usage/flags.mdx	Add allowed_commands profile config example to Command Blocking docs

Usage

{
  "meta": { "name": "rm-test" },
  "filesystem": { "allow": ["/tmp"] },
  "security": { "allowed_commands": ["rm"] }
}

nono run --profile rm-test -- rm /tmp/hello.py
# rm is no longer blocked

Test plan

• make clippy — clean
• make fmt-check — clean
• make test-cli — 286 passed
• New test: test_security_config_allowed_commands_deserializes — verifies JSON deserialization
• New test: test_security_config_allowed_commands_defaults_empty — verifies empty default
• New test: test_from_profile_allowed_commands — verifies end-to-end wiring into CapabilitySet

Manual smoke tests (macOS)

#	Test	Result
1	Profile with allowed_commands: ["rm"] + dry-run	No blocked-command error
2	rm without profile (no allowed_commands)	Blocked as expected
3	rm with profile allowed_commands: ["rm"] (live)	File deleted, exit 0
4	Profile with allowed_commands: ["rm", "chmod"] — run chmod	Exit 0, command allowed
5	Profile without allowed_commands field — run rm	Blocked as expected (defaults empty)

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the security configuration for profiles by introducing a mechanism to explicitly allow specific commands. This provides greater flexibility for users to define exceptions to default security policies within their profiles, allowing certain commands to execute that would otherwise be blocked, while still respecting CLI overrides.

Highlights

• New allowed_commands field: Added an allowed_commands field to SecurityConfig within profiles, enabling allowlisting of commands that are otherwise blocked by default policy.
• Capability wiring: Integrated allowed_commands into the from_profile() capability building process, ensuring these profile-defined allowances are applied before any CLI --allow-command overrides.
• Profile conversion: Ensured allowed_commands are correctly passed through during the conversion of ProfileDef to a built-in profile.

Changelog

• crates/nono-cli/src/capability_ext.rs
  • Applied profile.security.allowed_commands via caps.add_allowed_command() before CLI overrides.
  • Introduced a new test test_from_profile_allowed_commands to verify end-to-end wiring.
• crates/nono-cli/src/policy.rs
  • Passed through allowed_commands from ProfileDef in ProfileDef::to_profile().
• crates/nono-cli/src/profile/mod.rs
  • Added allowed_commands: Vec<String> to SecurityConfig with #[serde(default)].
  • Modified existing tests to use ..Default::default() for SecurityConfig initialization.
  • Added new tests for deserialization and default empty behavior of allowed_commands.

Activity

• Ran make clippy and confirmed it was clean.
• Ran make fmt-check and confirmed it was clean.
• Ran make test-cli with 286 tests passing.
• Added a new test test_security_config_allowed_commands_deserializes to verify JSON deserialization.
• Added a new test test_security_config_allowed_commands_defaults_empty to verify the empty default behavior.
• Added a new test test_from_profile_allowed_commands to verify end-to-end wiring into CapabilitySet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces allowed_commands to security profiles, enabling fine-grained control over command execution policies. The implementation is solid, touching the necessary parts from configuration to capability building. The added tests are thorough, covering both deserialization and the end-to-end logic. I have one suggestion for a minor performance and idiomatic improvement.