## Summary
- Add `$(cat ...)` as a safe command substitution pattern in the gh
permission hook, allowing commands like `gh api graphql -f query="$(cat
/tmp/query.graphql)" > /tmp/output.json` to passthrough instead of being
blocked
- Add safe pipe and redirect handling to the python permission hook,
allowing pytest commands with `2>&1 | tail` output formatting patterns
- Move `| cat` from blocked to allowed in python hook tests since `cat`
is a safe read-only command

#skip-bugbot

## Test plan
- [x] All gh permission hook tests pass (572 good commands, 406 bad
commands)
- [x] All python permission hook tests pass (good, bad, passthrough,
security-blocked)
- [x] npm test passes (803 tests)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2653"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Relaxed shell injection checks in GH and Python permission hooks to
allow common read-only patterns like $(cat ...), pipes to safe tools,
and simple redirects. This reduces false blocks while keeping unsafe
substitutions and pipelines guarded.

- **Bug Fixes**
- GH hook: treat $(cat ...) as a safe command substitution and
neutralize it before checks.
- Python hook: allow pipes to common text tools (e.g., tail, grep, cat)
and redirects like 2>&1 and >/dev/null.
- Tests: move python `| cat` to allowed; add cases for gh `$(cat ...)`
and pytest `2>&1 | tail`.

<sup>Written for commit b1695c6e09bdc58288197ae2ab79745947fcca59.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>