fix: Handle sudo flags in command validation

Skip sudo options like -n when validating the actual command.
This allows sudo -n apt-get clean to be properly validated.

Author: hyaku0121

cortex/utils/commands.py

@@ -189,11 +189,17 @@ def validate_command(command: str, strict: bool = True) -> Tuple[bool, Optional[
     # Strict mode: command must start with allowed prefix
     if strict:
         first_word = command.split()[0]
-        # Handle sudo prefix
+        # Handle sudo prefix and its options
         if first_word == 'sudo':
             parts = command.split()
-            if len(parts) > 1:
-                first_word = parts[1]
+            # Skip sudo and any flags (starting with -)
+            actual_command_index = 1
+            while actual_command_index < len(parts) and parts[actual_command_index].startswith('-'):
+                actual_command_index += 1
+            if actual_command_index < len(parts):
+                first_word = parts[actual_command_index]
+            else:
+                return False, "No command found after sudo"
 
         if first_word not in ALLOWED_COMMAND_PREFIXES:
             return False, f"Command '{first_word}' is not in the allowlist"