{"name":"Destructive Command Guard (dcg): Protecting AI Agents from Dangerous Commands","description":"The Destructive Command Guard (dcg) is a high-performance hook designed to prevent AI coding agents from executing dangerous git and shell commands. Built in Rust, dcg intercepts and blocks catastrophic operations like `git reset --hard` or `rm -rf`, offering clear explanations and safer alternatives. It provides a crucial safety layer for developers working with tools like Claude Code, Codex CLI, and GitHub Copilot.","github":"https://github.com/Dicklesworthstone/destructive_command_guard","url":"https://osrepos.com/repo/dicklesworthstone-destructive_command_guard","source":"osrepos.com","sourceDescription":"This repository profile is provided by osrepos.com, an open source repository discovery platform.","repositoryProfile":"https://osrepos.com/repo/dicklesworthstone-destructive_command_guard","generatedFor":"open source discovery and AI-assisted research","markdown":"https://osrepos.com/repo/dicklesworthstone-destructive_command_guard.md","json":"https://osrepos.com/repo/dicklesworthstone-destructive_command_guard.json","topics":["ai-agents","cli","developer-tools","git","rust","safety","security","automation"],"keywords":["ai-agents","cli","developer-tools","git","rust","safety","security","automation"],"stars":null,"summary":"The Destructive Command Guard (dcg) is a high-performance hook designed to prevent AI coding agents from executing dangerous git and shell commands. Built in Rust, dcg intercepts and blocks catastrophic operations like `git reset --hard` or `rm -rf`, offering clear explanations and safer alternatives. It provides a crucial safety layer for developers working with tools like Claude Code, Codex CLI, and GitHub Copilot.","content":"## Introduction\n\nAI coding agents, while incredibly powerful, can sometimes execute catastrophic commands, leading to accidental data loss or irreversible changes. The Destructive Command Guard (dcg) is a robust solution built in Rust to act as a protective shield, blocking dangerous git and shell commands before they can cause harm. It integrates seamlessly as a PreToolUse hook for various AI agents, ensuring your work remains safe from unintended destruction.\n\n![Destructive Command Guard - Protecting your code from accidental destruction](https://socialify.git.ci/dicklesworthstone/destructive_command_guard/image?owner=1&language=1&stargazers=1&forks=1&issues=1&pulls=1&description=0&pattern=Plus&theme=Light&font=Inter)\n\ndcg is designed for high performance, offering sub-millisecond latency and intelligent context detection to differentiate between dangerous commands and safe data. It supports a wide array of agents including Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, Cursor IDE, Hermes Agent, and Grok (xAI).\n\n## Installation\n\nThe quickest way to get `dcg` up and running is by using the provided install script. This script automatically detects your platform, downloads the correct binary, and configures hooks for supported AI agents on Linux, macOS, and Windows (via WSL or native PowerShell).\n\n**Quick Install (Linux, macOS, WSL):**\n\nbash\ncurl -fsSL \"https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/install.sh?$(date +%s)\" | bash -s -- --easy-mode\n\n\n**Windows (native, PowerShell):**\n\npowershell\n& ([scriptblock]::Create((irm \"https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/install.ps1\"))) -EasyMode -Verify\n\n\nAfter installation, it is recommended to run `dcg setup` to add a shell startup check that warns you if the dcg hook is ever silently removed from your agent's configuration.\n\nTo update `dcg`, simply run:\n\nbash\ndcg update\n\n\nFor uninstallation, use the dedicated script:\n\nbash\ncurl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/uninstall.sh | bash\n\n\n## Examples\n\nWhen an AI agent attempts to run a destructive command, `dcg` intercepts it and provides a clear explanation along with suggestions for safer alternatives. Here's a quick example:\n\nbash\n# AI agent tries to run:\n$ git reset --hard HEAD~5\n\n# dcg intercepts and blocks:\n????????????????????????????????????????????????????????????????\nBLOCKED  dcg\n????????????????????????????????????????????????????????????????\nReason:  git reset --hard destroys uncommitted changes\n\nCommand: git reset --hard HEAD~5\n\nTip: Consider using 'git stash' first to save your changes.\n????????????????????????????????????????????????????????????????\n\n\nYou can also test commands manually without executing them using `dcg test`:\n\nbash\ndcg test \"rm -rf ./build\"\n\n\n## Why Use dcg?\n\ndcg offers a comprehensive set of features to safeguard your development workflow:\n\n*   **Zero-Config Protection**: Blocks dangerous git and filesystem commands out of the box, requiring minimal setup.\n*   **50+ Security Packs**: Extends protection to databases, Kubernetes, Docker, AWS/GCP/Azure, Terraform, and more through modular packs that can be enabled or disabled.\n*   **Sub-Millisecond Latency**: Utilizes SIMD-accelerated filtering and a dual regex engine for high performance, ensuring it won't slow down your workflow.\n*   **Smart Context Detection**: Intelligently distinguishes between dangerous commands meant for execution and similar strings appearing as data, preventing false positives.\n*   **Rich Terminal Output**: Provides human-readable denial panels with clear reasons, rule context, and actionable suggestions on stderr.\n*   **Agent-Safe Streams**: Ensures machine-readable hook output stays on stdout for agents, while rich UI is directed to stderr for human readability.\n*   **Fail-Open Design**: Prioritizes workflow continuity, allowing commands to proceed with a warning if `dcg` cannot safely analyze them due to timeouts or parse errors.\n*   **Explain Mode**: Use `dcg explain \"command\"` to get a detailed trace of why a command was blocked or allowed, invaluable for debugging and understanding policy.\n\n## Links\n\nFor more detailed documentation, advanced configuration, and to contribute to the project, visit the official GitHub repository:\n\n*   **GitHub Repository**: [Dicklesworthstone/destructive_command_guard](https://github.com/Dicklesworthstone/destructive_command_guard \"Destructive Command Guard GitHub Repository\" target=\"_blank\")","metrics":{"detailViews":2,"githubClicks":0},"dates":{"published":null,"modified":"2026-07-11T12:55:49.000Z"}}