Destructive Command Guard (dcg): Protecting AI Agents from Dangerous Commands
This repository profile is provided by osrepos.com, an open source repository discovery platform.
Summary
The Destructive Command Guard (dcg) is a high-performance hook designed to prevent AI coding agents from executing dangerous git and shell commands. Built in Rust, dcg intercepts and blocks catastrophic operations like `git reset --hard` or `rm -rf`, offering clear explanations and safer alternatives. It provides a crucial safety layer for developers working with tools like Claude Code, Codex CLI, and GitHub Copilot.
Repository Information
Topics
Click on any tag to explore related repositories
Use at your own risk
OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of code from these repositories is the user's own responsibility. Always review the repository, source code, dependencies, licenses, and security implications before running or installing anything. OSRepos is not responsible for issues, damages, or losses resulting from third-party repositories.
Introduction
AI coding agents, while incredibly powerful, can sometimes execute catastrophic commands, leading to accidental data loss or irreversible changes. The Destructive Command Guard (dcg) is a robust solution built in Rust to act as a protective shield, blocking dangerous git and shell commands before they can cause harm. It integrates seamlessly as a PreToolUse hook for various AI agents, ensuring your work remains safe from unintended destruction.
dcg is designed for high performance, offering sub-millisecond latency and intelligent context detection to differentiate between dangerous commands and safe data. It supports a wide array of agents including Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, Cursor IDE, Hermes Agent, and Grok (xAI).
Installation
The quickest way to get dcg up and running is by using the provided install script. This script automatically detects your platform, downloads the correct binary, and configures hooks for supported AI agents on Linux, macOS, and Windows (via WSL or native PowerShell).
Quick Install (Linux, macOS, WSL):
curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/install.sh?$(date +%s)" | bash -s -- --easy-mode
Windows (native, PowerShell):
& ([scriptblock]::Create((irm "https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/install.ps1"))) -EasyMode -Verify
After installation, it is recommended to run dcg setup to add a shell startup check that warns you if the dcg hook is ever silently removed from your agent's configuration.
To update dcg, simply run:
dcg update
For uninstallation, use the dedicated script:
curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/uninstall.sh | bash
Examples
When an AI agent attempts to run a destructive command, dcg intercepts it and provides a clear explanation along with suggestions for safer alternatives. Here's a quick example:
# AI agent tries to run:
$ git reset --hard HEAD~5
# dcg intercepts and blocks:
????????????????????????????????????????????????????????????????
BLOCKED dcg
????????????????????????????????????????????????????????????????
Reason: git reset --hard destroys uncommitted changes
Command: git reset --hard HEAD~5
Tip: Consider using 'git stash' first to save your changes.
????????????????????????????????????????????????????????????????
You can also test commands manually without executing them using dcg test:
dcg test "rm -rf ./build"
Why Use dcg?
dcg offers a comprehensive set of features to safeguard your development workflow:
- Zero-Config Protection: Blocks dangerous git and filesystem commands out of the box, requiring minimal setup.
- 50+ Security Packs: Extends protection to databases, Kubernetes, Docker, AWS/GCP/Azure, Terraform, and more through modular packs that can be enabled or disabled.
- Sub-Millisecond Latency: Utilizes SIMD-accelerated filtering and a dual regex engine for high performance, ensuring it won't slow down your workflow.
- Smart Context Detection: Intelligently distinguishes between dangerous commands meant for execution and similar strings appearing as data, preventing false positives.
- Rich Terminal Output: Provides human-readable denial panels with clear reasons, rule context, and actionable suggestions on stderr.
- Agent-Safe Streams: Ensures machine-readable hook output stays on stdout for agents, while rich UI is directed to stderr for human readability.
- Fail-Open Design: Prioritizes workflow continuity, allowing commands to proceed with a warning if
dcgcannot safely analyze them due to timeouts or parse errors. - Explain Mode: Use
dcg explain "command"to get a detailed trace of why a command was blocked or allowed, invaluable for debugging and understanding policy.
Links
For more detailed documentation, advanced configuration, and to contribute to the project, visit the official GitHub repository:
- GitHub Repository: Dicklesworthstone/destructive_command_guard
Related repositories
Similar repositories that may be relevant next.

Loop Engineering: Orchestrating AI Agents with Practical Patterns and Tools
June 25, 2026
Loop Engineering is a GitHub repository offering practical patterns, starters, and CLI tools for building robust AI coding agent systems. It shifts the focus from individual prompt crafting to designing control systems that orchestrate agents over time. This project empowers developers to create autonomous, iterative AI workflows for various development tasks.
My Virtual World: A Self-Hosted 3D AI Virtual World for Agent Harnesses
June 16, 2026
My Virtual World is an innovative self-hosted 3D AI virtual environment designed for agent harnesses such as OpenClaw and Hermes. It allows AI agents to live, work, move between buildings, and interact with objects in a persistent voxel-style world. This project offers a unique platform for developing and observing AI agent behaviors in a rich, customizable 3D setting.
Deliberation: Multi-Agent LLM Consensus for Code and Plan Review
June 15, 2026
Deliberation is an innovative GitHub repository that enables Claude Code to leverage multiple LLMs like GPT, Gemini, Grok, and 400+ OpenRouter models for expert second opinions and arbiter-mediated consensus. It provides specialized AI agents for tasks such as code review, security analysis, and architectural design, ensuring comprehensive and reliable feedback. This project helps developers get diverse perspectives and achieve higher quality in their work.

Zeroboot: Sub-millisecond VM Sandboxes for AI Agents
June 11, 2026
Zeroboot is an innovative open-source project that delivers sub-millisecond VM sandboxes, primarily designed for AI agents and other applications requiring extremely fast, isolated code execution environments. It leverages copy-on-write forking and Firecracker microVMs to achieve hardware-enforced isolation with minimal overhead. This approach enables rapid, secure code execution, ideal for high-performance AI applications.
Source repository
Open the original repository on GitHub.