fix: exclude #commands from !inviteall

Commands has join_rule=restricted so the join-rule filter didn't catch
it. Added _INVITEALL_BLOCKED set with the Commands room ID — any room
in that set is skipped regardless of join rule. Invite-only rooms
(Management, Cool Kids, Spam and Stuff) are still excluded by the
existing join_rule check.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

matrixbot/commands.py

@@ -3702,6 +3702,13 @@ _MGMT_SPACE_ID    = "!-1ZBnAH-JiCOV8MGSKN77zDGTuI3pgSdy8Unu_DrDyc"
 _MGMT_TEMPLATE_ID = "!wfokQ1-pE896scu_AOcCBA2s3L4qFo-PTBAFTd0WMI0"  # #general
 _MGMT_SERVER_NAME = MATRIX_HOMESERVER.replace("https://", "").replace("http://", "")
 
+# Rooms excluded from !inviteall regardless of their join rule.
+# Commands is restricted (not invite-only) but gives access to bot management,
+# so new members should only be added there deliberately.
+_INVITEALL_BLOCKED: set[str] = {
+    "!ou56mVZQ8ZB7AhDYPmBV5_BR28WMZ4x5zwZkPCqjq1s",  # #commands
+}
+
 
 async def _mx(client: AsyncClient, method: str, path: str, body: dict | None = None) -> dict:
     """Authenticated Matrix Client-Server API request."""
@@ -3945,6 +3952,10 @@ async def cmd_inviteall(client: AsyncClient, room_id: str, sender: str, args: st
 
     for target_room_id in space_rooms:
         try:
+            # Skip rooms on the explicit blocklist (e.g. #commands)
+            if target_room_id in _INVITEALL_BLOCKED:
+                skipped.append(target_room_id)
+                continue
             r = client.rooms.get(target_room_id)
             # Skip invite-only rooms — those are intentionally private
             if r and getattr(r, "join_rule", "invite") == "invite":