Commit ec070be31471

@@ -68,6 +68,9 @@ const commandRules: CommandRule[] = [
 	{ pattern: /\bnixos-rebuild\s+(switch|boot|test)/, desc: "direct nixos-rebuild", action: "block", suggestion: "Use 'make switch', 'make boot', or 'make host/<hostname>/switch' instead" },
 	{ pattern: /\bhome-manager\s+switch\b/, desc: "direct home-manager switch", action: "block", suggestion: "Use 'make switch' or appropriate make target instead" },
 
+	// gh CLI (confirm: use the github tool instead)
+	{ pattern: /\bgh\s+(pr|issue|run|release|repo)\b/, desc: "gh CLI (use the `github` tool instead for structured output and approval gates)", action: "confirm", suggestion: "Use the `github` tool with the appropriate resource/action instead of direct gh CLI" },
+
 	// Nix commands (confirm)
 	{ pattern: /\bnix\s+eval\b/, desc: "nix eval (arbitrary code execution)", action: "confirm" },
 	{ pattern: /\bnix-build\b/, desc: "nix-build (builds derivations)", action: "confirm" },