Remove system directory write blocks from dangerous-command-blocker

The redirect patterns matched text content inside command arguments
(e.g. PR body text containing example paths), causing false positives.
Write location enforcement is the scope guard's responsibility, not
the dangerous-command-blocker's.

Author: AnExiledDev

container/.devcontainer/CHANGELOG.md

@@ -7,6 +7,10 @@
 - Fix false positives blocking writes to system paths (`/dev/null`, `/usr/`, `/etc/`, `$HOME/`) — scope guard now only enforces isolation between workspace projects
 - Remove complex system-command exemption logic (no longer needed)
 
+### Dangerous Command Blocker
+
+- Remove system directory write redirect blocks (`> /usr/`, `> /etc/`, `> /bin/`, `> /sbin/`) — caused false positives on text content in command arguments (e.g. PR body text containing paths); write location enforcement is the scope guard's responsibility
+
 ### CLI Integration
 
 - Add codeforge-cli devcontainer feature — installs the CodeForge CLI (`codeforge` command) globally via npm

container/.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/scripts/block-dangerous.py

@@ -55,11 +55,6 @@
         r"\bgit\s+push\s+--force\s+(origin\s+)?(main|master)\b",
         "Blocked: force push to main/master destroys history",
     ),
-    # System directory modification
-    (r">\s*/usr/", "Blocked: writing to /usr system directory"),
-    (r">\s*/etc/", "Blocked: writing to /etc system directory"),
-    (r">\s*/bin/", "Blocked: writing to /bin system directory"),
-    (r">\s*/sbin/", "Blocked: writing to /sbin system directory"),
     # Disk formatting
     (r"\bmkfs\.\w+", "Blocked: disk formatting command"),
     (r"\bdd\s+.*of=/dev/", "Blocked: dd writing to device"),

container/tests/plugins/test_block_dangerous.py

@@ -118,26 +118,7 @@ def test_bare_force_push(self, cmd: str) -> None:
 
 
 # ---------------------------------------------------------------------------
-# 5. System directory writes
-# ---------------------------------------------------------------------------
-
-
-class TestSystemDirectoryWrites:
-    @pytest.mark.parametrize(
-        "cmd,dir_name",
-        [
-            ("> /usr/foo", "/usr"),
-            ("> /etc/foo", "/etc"),
-            ("> /bin/foo", "/bin"),
-            ("> /sbin/foo", "/sbin"),
-        ],
-    )
-    def test_redirect_to_system_dir(self, cmd: str, dir_name: str) -> None:
-        assert_blocked(cmd, substr=dir_name)
-
-
-# ---------------------------------------------------------------------------
-# 6. Disk operations
+# 5. Disk operations
 # ---------------------------------------------------------------------------
 
 
@@ -229,6 +210,9 @@ class TestSafeCommands:
             "cat /etc/hosts",
             "echo hello",
             "git status",
+            "echo '> /usr/local/bin/foo' | gh pr create --body-file -",
+            "echo x > /usr/local/bin/tool",
+            "echo x > /etc/myconfig",
         ],
     )
     def test_safe_commands_allowed(self, cmd: str) -> None: