feat(readme): ✨ Allow virtual environment python commands

knoopx · knoopx · commit 8db6f280b75a · 2025-08-28T16:41:22.000+02:00
Updated the Command Blocker Plugin to permit the execution of Python commands from virtual environments. This change enhances usability for developers working with virtual environments while maintaining the integrity of command blocking for other contexts.

- Added exceptions for `.venv/bin/python`, `venv/bin/python`, and `env/bin/python` commands.
- Updated tests to ensure virtual environment commands are allowed.

This improves the development experience without compromising the plugin's primary functionality.
diff --git a/README.md b/README.md
@@ -17,6 +17,10 @@ The plugin blocks various commands to promote better development practices:
 
 - **`pip`** - Blocked in favor of `uv` or `uvx`
 - **`python`**, **`python2`**, **`python3`** - Blocked in favor of `uv` or `uvx`
+  - **Exception**: Virtual environment python commands are allowed:
+    - ✅ `.venv/bin/python`, `.venv/bin/python3`
+    - ✅ `venv/bin/python`, `venv/bin/python3`
+    - ✅ `env/bin/python`, `env/bin/python3`
 
 #### Git Commands
 
@@ -73,6 +77,10 @@ bunx create-react-app my-app
 uv sync
 uvx ruff check .
 
+# Virtual environment python (allowed)
+.venv/bin/python script.py
+venv/bin/python3 -c "print('hello')"
+
 # Git read operations
 git status
 git diff HEAD~1
@@ -90,7 +98,7 @@ nix run github:nix-community/nixpkgs-fmt#nixpkgs-fmt
 node --version
 npm install
 pip install requests
-python script.py
+python script.py  # (but .venv/bin/python is allowed)
 git add .
 nix run ./my-flake#hello
 ```
diff --git a/command-blocker.test.ts b/command-blocker.test.ts
@@ -82,6 +82,44 @@ describe("Command Blocker", () => {
       );
     });
 
+    it("should allow virtual environment python commands", async () => {
+      const input1 = { tool: "bash" };
+      const output1 = { args: { command: ".venv/bin/python script.py" } };
+      await expect(
+        plugin["tool.execute.before"](input1, output1)
+      ).resolves.toBeUndefined();
+
+      const input2 = { tool: "bash" };
+      const output2 = { args: { command: ".venv/bin/python3 -c 'print(\"hello\")'" } };
+      await expect(
+        plugin["tool.execute.before"](input2, output2)
+      ).resolves.toBeUndefined();
+
+      const input3 = { tool: "bash" };
+      const output3 = { args: { command: "venv/bin/python manage.py runserver" } };
+      await expect(
+        plugin["tool.execute.before"](input3, output3)
+      ).resolves.toBeUndefined();
+
+      const input4 = { tool: "bash" };
+      const output4 = { args: { command: "env/bin/python3 -c 'print(\"hello\")'" } };
+      await expect(
+        plugin["tool.execute.before"](input4, output4)
+      ).resolves.toBeUndefined();
+
+      const input5 = { tool: "bash" };
+      const output5 = { args: { command: "./.venv/bin/python test.py" } };
+      await expect(
+        plugin["tool.execute.before"](input5, output5)
+      ).resolves.toBeUndefined();
+
+      const input6 = { tool: "bash" };
+      const output6 = { args: { command: "../venv/bin/python3 script.py" } };
+      await expect(
+        plugin["tool.execute.before"](input6, output6)
+      ).resolves.toBeUndefined();
+    });
+
     it("should allow which/whereis commands", async () => {
       const input1 = { tool: "bash" };
       const output1 = { args: { command: "which node" } };
diff --git a/command-blocker.ts b/command-blocker.ts
@@ -66,6 +66,13 @@ function checkPythonNodeCommand(command: string): void {
   const isWhichOrWhereis: boolean =
     command.includes("which") || command.includes("whereis");
 
+  // Allow python commands from virtual environments
+  const venvPatterns: RegExp[] = [
+    /^[./\\]*\.venv[/\\]bin[/\\]python\d*$/, // .venv/bin/python, .venv/bin/python3
+    /^[./\\]*venv[/\\]bin[/\\]python\d*$/, // venv/bin/python, venv/bin/python3
+    /^[./\\]*env[/\\]bin[/\\]python\d*$/, // env/bin/python, env/bin/python3
+  ];
+
   for (const blockedCmd of BLOCKED_COMMANDS) {
     if (blockedCmd === "git" || blockedCmd === "nix") continue;
 
@@ -109,29 +116,35 @@ function checkPythonNodeCommand(command: string): void {
 
     // Enhanced pattern matching for complex command structures
     if (!isWhichOrWhereis) {
-      // Check for blocked commands in various contexts
-      const patterns: RegExp[] = [
-        // Direct command anywhere
-        new RegExp(`\\b${blockedCmd}\\b`, "g"),
-        // In command substitution $(...)
-        new RegExp(`\\$\\([^)]*\\b${blockedCmd}\\b[^)]*\\)`, "g"),
-        // In backticks `...`
-        new RegExp(`\`[^\`]*\\b${blockedCmd}\\b[^\`]*\``, "g"),
-        // In quoted strings within commands
-        new RegExp(`["'][^"']*\\b${blockedCmd}\\b[^"']*["']`, "g"),
-        // After operators like &&, ||, ;, |
-        new RegExp(`[;&|]{1,2}\\s*\\b${blockedCmd}\\b`, "g"),
-        // In background execution &
-        new RegExp(`\\b${blockedCmd}\\b\\s*&`, "g"),
-        // With redirection
-        new RegExp(`\\b${blockedCmd}\\b\\s*[<>]`, "g"),
-        // Escaped characters
-        new RegExp(`\\b${blockedCmd.replace(/(.)/g, "$1\\\\?")}\\b`, "g"),
-      ];
-
-      for (const pattern of patterns) {
-        if (pattern.test(command)) {
-          throw new Error(BLOCKED_COMMAND_MESSAGES[blockedCmd]);
+      // Check for blocked commands in various contexts, but skip if it's a virtual environment python
+      const isVenvPython =
+        blockedCmd.startsWith("python") &&
+        venvPatterns.some((pattern) => pattern.test(actualFirstCommand));
+
+      if (!isVenvPython) {
+        const patterns: RegExp[] = [
+          // Direct command anywhere
+          new RegExp(`\\b${blockedCmd}\\b`, "g"),
+          // In command substitution $(...)
+          new RegExp(`\\$\\([^)]*\\b${blockedCmd}\\b[^)]*\\)`, "g"),
+          // In backticks `...`
+          new RegExp(`\`[^\`]*\\b${blockedCmd}\\b[^\`]*\``, "g"),
+          // In quoted strings within commands
+          new RegExp(`["'][^"']*\\b${blockedCmd}\\b[^"']*["']`, "g"),
+          // After operators like &&, ||, ;, |
+          new RegExp(`[;&|]{1,2}\\s*\\b${blockedCmd}\\b`, "g"),
+          // In background execution &
+          new RegExp(`\\b${blockedCmd}\\b\\s*&`, "g"),
+          // With redirection
+          new RegExp(`\\b${blockedCmd}\\b\\s*[<>]`, "g"),
+          // Escaped characters
+          new RegExp(`\\b${blockedCmd.replace(/(.)/g, "$1\\\\?")}\\b`, "g"),
+        ];
+
+        for (const pattern of patterns) {
+          if (pattern.test(command)) {
+            throw new Error(BLOCKED_COMMAND_MESSAGES[blockedCmd]);
+          }
         }
       }
     }
@@ -309,12 +322,6 @@ function checkReadOnlyFileEdit(filePath: string): void {
   }
 }
 
-
-
-
-
-
-
 export const CommandBlocker: Plugin = async ({
   app,
   client,
@@ -328,12 +335,8 @@ export const CommandBlocker: Plugin = async ({
 
         if (input.tool === "edit") {
           const newString = output.args.newString || "";
-
-
         } else if (input.tool === "write") {
           const content = output.args.content || "";
-
-
         }
       }
 
