diff --git a/modules/_ai-tools/no-git.ts b/modules/_ai-tools/no-git.ts
new file mode 100644
index 0000000..a9bad2b
--- /dev/null
+++ b/modules/_ai-tools/no-git.ts
@@ -0,0 +1,190 @@
+/**
+ * No Git Extension
+ *
+ * Blocks direct git invocations and tells the LLM to use jj (Jujutsu) instead.
+ * Mentions of the word "git" in search patterns, strings, comments, etc. are allowed.
+ */
+
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
+
+type ShellToken =
+	| { type: "word"; value: string }
+	| { type: "operator"; value: string };
+
+const COMMAND_PREFIXES = new Set(["env", "command", "builtin", "time", "sudo", "nohup", "nice"]);
+const SHELL_KEYWORDS = new Set(["if", "then", "elif", "else", "do", "while", "until", "case", "in"]);
+const SHELL_INTERPRETERS = new Set(["bash", "sh", "zsh", "fish", "nu"]);
+
+function isAssignmentWord(value: string): boolean {
+	return /^[A-Za-z_][A-Za-z0-9_]*=.*/.test(value);
+}
+
+function tokenizeShell(command: string): ShellToken[] {
+	const tokens: ShellToken[] = [];
+	let current = "";
+	let quote: "'" | '"' | null = null;
+
+	const pushWord = () => {
+		if (!current) return;
+		tokens.push({ type: "word", value: current });
+		current = "";
+	};
+
+	for (let i = 0; i < command.length; i++) {
+		const char = command[i];
+
+		if (quote) {
+			if (quote === "'") {
+				if (char === "'") {
+					quote = null;
+				} else {
+					current += char;
+				}
+				continue;
+			}
+
+			if (char === '"') {
+				quote = null;
+				continue;
+			}
+
+			if (char === "\\") {
+				if (i + 1 < command.length) {
+					current += command[i + 1];
+					i += 1;
+				}
+				continue;
+			}
+
+			current += char;
+			continue;
+		}
+
+		if (char === "'" || char === '"') {
+			quote = char;
+			continue;
+		}
+
+		if (char === "\\") {
+			if (i + 1 < command.length) {
+				current += command[i + 1];
+				i += 1;
+			}
+			continue;
+		}
+
+		if (/\s/.test(char)) {
+			pushWord();
+			if (char === "\n") {
+				tokens.push({ type: "operator", value: "\n" });
+			}
+			continue;
+		}
+
+		const twoCharOperator = command.slice(i, i + 2);
+		if (twoCharOperator === "&&" || twoCharOperator === "||") {
+			pushWord();
+			tokens.push({ type: "operator", value: twoCharOperator });
+			i += 1;
+			continue;
+		}
+
+		if (char === ";" || char === "|" || char === "(" || char === ")") {
+			pushWord();
+			tokens.push({ type: "operator", value: char });
+			continue;
+		}
+
+		current += char;
+	}
+
+	pushWord();
+	return tokens;
+}
+
+function findCommandWord(words: string[]): { word?: string; index: number } {
+	for (let i = 0; i < words.length; i++) {
+		const word = words[i];
+		if (SHELL_KEYWORDS.has(word)) {
+			continue;
+		}
+		if (isAssignmentWord(word)) {
+			continue;
+		}
+		if (COMMAND_PREFIXES.has(word)) {
+			continue;
+		}
+
+		return { word, index: i };
+	}
+
+	return { index: words.length };
+}
+
+function getInlineShellCommand(words: string[], commandIndex: number): string | null {
+	for (let i = commandIndex + 1; i < words.length; i++) {
+		const word = words[i];
+		if (/^(?:-[A-Za-z]*c[A-Za-z]*|--command)$/.test(word)) {
+			return words[i + 1] ?? null;
+		}
+	}
+
+	return null;
+}
+
+function segmentContainsBlockedGit(words: string[]): boolean {
+	const { word, index } = findCommandWord(words);
+	if (!word) {
+		return false;
+	}
+
+	if (word === "git") {
+		return true;
+	}
+
+	if (word === "jj") {
+		return false;
+	}
+
+	if (SHELL_INTERPRETERS.has(word)) {
+		const inlineCommand = getInlineShellCommand(words, index);
+		return inlineCommand ? containsBlockedGitInvocation(inlineCommand) : false;
+	}
+
+	return false;
+}
+
+function containsBlockedGitInvocation(command: string): boolean {
+	const tokens = tokenizeShell(command);
+	let words: string[] = [];
+
+	for (const token of tokens) {
+		if (token.type === "operator") {
+			if (segmentContainsBlockedGit(words)) {
+				return true;
+			}
+			words = [];
+			continue;
+		}
+
+		words.push(token.value);
+	}
+
+	return segmentContainsBlockedGit(words);
+}
+
+export default function (pi: ExtensionAPI) {
+	pi.on("tool_call", async (event, _ctx) => {
+		if (!isToolCallEventType("bash", event)) return;
+
+		const command = event.input.command.trim();
+
+		if (containsBlockedGitInvocation(command)) {
+			return {
+				block: true,
+				reason: "git is not used in this project. Use jj (Jujutsu) instead.",
+			};
+		}
+	});
+}
diff --git a/modules/_ai-tools/no-scripting.ts b/modules/_ai-tools/no-scripting.ts
new file mode 100644
index 0000000..6deb5aa
--- /dev/null
+++ b/modules/_ai-tools/no-scripting.ts
@@ -0,0 +1,28 @@
+/**
+ * No Scripting Extension
+ *
+ * Blocks python, perl, ruby, php, lua, and inline bash/sh scripts.
+ * Tells the LLM to use `nu -c` instead.
+ */
+
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
+
+const SCRIPTING_PATTERN =
+	/(?:^|[;&|]\s*|&&\s*|\|\|\s*|\$\(\s*|`\s*)(?:python[23]?|perl|ruby|php|lua|bash\s+-c|sh\s+-c)\s/;
+
+export default function (pi: ExtensionAPI) {
+	pi.on("tool_call", async (event, _ctx) => {
+		if (!isToolCallEventType("bash", event)) return;
+
+		const command = event.input.command.trim();
+
+		if (SCRIPTING_PATTERN.test(command)) {
+			return {
+				block: true,
+				reason:
+					"Do not use python, perl, ruby, php, lua, or inline bash/sh for scripting. Use `nu -c` instead.",
+			};
+		}
+	});
+}
diff --git a/modules/ai-tools.nix b/modules/ai-tools.nix
index 2dd95fc..80fef04 100644
--- a/modules/ai-tools.nix
+++ b/modules/ai-tools.nix
@@ -20,6 +20,8 @@
 				source = "${pkgs.pi-mcp-adapter}/lib/node_modules/pi-mcp-adapter";
 				recursive = true;
 			};
+			".pi/agent/extensions/no-git.ts".source = ./_ai-tools/no-git.ts;
+			".pi/agent/extensions/no-scripting.ts".source = ./_ai-tools/no-scripting.ts;
 			".pi/agent/extensions/review.ts".source = ./_ai-tools/review.ts;
 			".pi/agent/skills/elixir-dev" = {
 				source = "${inputs.pi-elixir}/skills/elixir-dev";
@@ -29,68 +31,12 @@
 				source = "${inputs.pi-rose-pine}/themes";
 				recursive = true;
 			};
-			".pi/agent/extensions/no-git.ts".text = ''
-				/**
-				 * No Git Extension
-				 *
-				 * Blocks git commands and tells the LLM to use jj (Jujutsu) instead.
-				 */
-
-				import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
-				import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
-
-				export default function (pi: ExtensionAPI) {
-					pi.on("tool_call", async (event, _ctx) => {
-						if (!isToolCallEventType("bash", event)) return;
-
-						const command = event.input.command.trim();
-
-						if (/\bgit\b/.test(command) && !/\bjj\s+git\b/.test(command)) {
-							return {
-								block: true,
-								reason: "git is not used in this project. Use jj (Jujutsu) instead.",
-							};
-						}
-					});
-				}
-			'';
-			".pi/agent/extensions/no-scripting.ts".text = ''
-				/**
-				 * No Scripting Extension
-				 *
-				 * Blocks python, perl, ruby, php, lua, and inline bash/sh scripts.
-				 * Tells the LLM to use `nu -c` instead.
-				 */
-
-				import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
-				import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
-
-				const SCRIPTING_PATTERN =
-					/(?:^|[;&|]\s*|&&\s*|\|\|\s*|\$\(\s*|`\s*)(?:python[23]?|perl|ruby|php|lua|bash\s+-c|sh\s+-c)\s/;
-
-				export default function (pi: ExtensionAPI) {
-					pi.on("tool_call", async (event, _ctx) => {
-						if (!isToolCallEventType("bash", event)) return;
-
-						const command = event.input.command.trim();
-
-						if (SCRIPTING_PATTERN.test(command)) {
-							return {
-								block: true,
-								reason:
-									"Do not use python, perl, ruby, php, lua, or inline bash/sh for scripting. Use `nu -c` instead.",
-							};
-						}
-					});
-				}
-			'';
 			".pi/agent/settings.json".text =
 				builtins.toJSON {
-					lastChangelogVersion = "0.61.1";
 					theme = "rose-pine-dawn";
 					hideThinkingBlock = true;
-					defaultProvider = "anthropic";
-					defaultModel = "claude-opus-4-6";
+					defaultProvider = "openai-codex";
+					defaultModel = "gpt-5.4";
 					defaultThinkingLevel = "high";
 					packages = [
 						{
diff --git a/modules/overlays.nix b/modules/overlays.nix
index ff34417..9a96497 100644
--- a/modules/overlays.nix
+++ b/modules/overlays.nix
@@ -30,17 +30,17 @@
 
 		# cog-cli
 		(final: prev: let
-				version = "0.22.0";
+				version = "0.22.1";
 				srcs = {
 					x86_64-linux =
 						prev.fetchurl {
 							url = "https://github.com/trycog/cog-cli/releases/download/v${version}/cog-linux-x86_64.tar.gz";
-							hash = "sha256-GKCO8kUUPl1OQSVhefRy3CIitdkm//nI7LKifyOx+lk=";
+							hash = "sha256-ET+sNXisUrHShR1gxqdumegXycXcxGzJcQOdTr5005w=";
 						};
 					aarch64-darwin =
 						prev.fetchurl {
 							url = "https://github.com/trycog/cog-cli/releases/download/v${version}/cog-darwin-arm64.tar.gz";
-							hash = "sha256-uFkOoy2uFtRvuS7Cqb7ivKdvuDzV9ERNgMq2wiOHI7k=";
+							hash = "sha256-jcN+DtOqr3or5C71jp7AIAz0wh73FYybCC4FRBykKO4=";
 						};
 				};
 			in {