feat(command-blocker): ✨ Allow nix registry references

Enhanced the command blocker to permit nix registry references in commands. This change ensures that commands using the nix package manager can be executed without being blocked, improving compatibility with nix-based workflows.

- Added test cases for allowing nix registry references.
- Updated the command blocking logic to accommodate nix commands.

Fixes #<issue-number>

Author: knoopx

command-blocker.test.ts

@@ -901,12 +901,20 @@ describe("Command Blocker", () => {
       await expect(
         plugin["tool.execute.before"](input3, output3)
       ).rejects.toThrow();
+    });
 
-      const input4 = { tool: "bash" };
-      const output4 = { args: { command: "nix run my-flake#output" } };
-      await expect(
-        plugin["tool.execute.before"](input4, output4)
-      ).rejects.toThrow();
+    it("should allow nix registry references", async () => {
+      const input1 = { tool: "bash" };
+      const output1 = { args: { command: "nix run nixpkgs#yq" } };
+      await expect(async () => {
+        await plugin["tool.execute.before"](input1, output1);
+      }).not.toThrow();
+
+      const input2 = { tool: "bash" };
+      const output2 = { args: { command: "nix run nixpkgs/unstable#hello" } };
+      await expect(async () => {
+        await plugin["tool.execute.before"](input2, output2);
+      }).not.toThrow();
     });
 
     it("should allow non-nix commands", async () => {

command-blocker.ts

@@ -284,8 +284,7 @@ function checkNixCommand(command: string): void {
         !flakeArg.match(/^git\+https:/) &&
         (flakeArg.startsWith("./") ||
           flakeArg.startsWith("../") ||
-          flakeArg.startsWith("/") ||
-          /^[a-zA-Z0-9._-]+$/.test(flakeArg.split("#")[0]))
+          flakeArg.startsWith("/"))
       ) {
         throw new Error(BLOCKED_COMMAND_MESSAGES["nix"]);
       }
@@ -316,8 +315,7 @@ function checkNixCommand(command: string): void {
             !flakeArg.match(/^git\+https:/) &&
             (flakeArg.startsWith("./") ||
               flakeArg.startsWith("../") ||
-              flakeArg.startsWith("/") ||
-              /^[a-zA-Z0-9._-]+$/.test(flakeArg.split("#")[0]))
+              flakeArg.startsWith("/"))
           ) {
             throw new Error(BLOCKED_COMMAND_MESSAGES["nix"]);
           }