Lets Claude Code recover from a protected-branch block as a single tool call.

- gx pivot "<task>" "<agent>" — wraps agent-branch-start + dirty-tree
  migration; emits machine-parseable WORKTREE_PATH=/BRANCH=/NEXT_STEP= trailer
  AI agents can parse to know exactly where to cd. Short-circuits inside an
  existing agent/* worktree so it's safe to call as a no-op.
- gx ship — alias for gx finish --via-pr --wait-for-merge --cleanup, injecting
  any of those flags the caller forgot. Encodes the non-negotiable Claude
  finish rule.
- skill_guard: widen SHELL_ALLOWED_SEGMENTS to allow git pull --ff-only,
  git pull --rebase, git stash list/show, git push origin agent/...,
  the full gh pr / gh issue / gh workflow surface, any gx <subcommand>, and
  agent-branch-finish.sh / agent-pivot.sh.
- BLOCKED messages now point at gx pivot first and clarify that the override
  envs must be exported in the harness env, not as a command prefix.

Tests: test/pivot.test.js (2 cases) — protected-branch pivot trailer + agent
worktree short-circuit. Whitelist regex covered by inline self-test (19/19).