DrDroid AI: and description:

[sidPhoenix17]

**

Summary

Fixed kubectl command parsing that was breaking subcommands like api-resources and improved approval gating to only require approval for mutating operations.

Changes

• Replaced naive string replacement with regex-based kubectl prefix stripping that preserves subcommands
• Added explicit allowlist for safe read-only kubectl subcommands including api-resources, explain, and version
• Implemented approval gating that distinguishes between mutating and read-only operations
• Enhanced pipe handling to support safe commands while blocking dangerous shell operators
• Created comprehensive unit tests covering all scenarios

Testing

• Added 30 unit tests verifying command parsing and approval logic
• Verified kubectl api-resources executes without being rewritten to kubectl get api-resources
• Confirmed read-only commands with pipes do not require approval
• Validated mutating commands properly require approval
• All tests pass successfully

This PR is created as part of investigation https://aiops.drdroid.io/?investigation_id=10cf3711-716b-47e3-94b3-e9c185704d3e