# Destructive Command Guard (dcg): Protecting AI Agents from Dangerous Commands

This repository profile is provided by osrepos.com, an open source repository discovery platform.

Source: osrepos.com
Repository profile: https://osrepos.com/repo/dicklesworthstone-destructive_command_guard
Generated for open source discovery and AI-assisted research.

The Destructive Command Guard (dcg) is a high-performance hook designed to prevent AI coding agents from executing dangerous git and shell commands. Built in Rust, dcg intercepts and blocks catastrophic operations like `git reset --hard` or `rm -rf`, offering clear explanations and safer alternatives. It provides a crucial safety layer for developers working with tools like Claude Code, Codex CLI, and GitHub Copilot.

GitHub: https://github.com/Dicklesworthstone/destructive_command_guard
OSRepos URL: https://osrepos.com/repo/dicklesworthstone-destructive_command_guard

## Summary

The Destructive Command Guard (dcg) is a high-performance hook designed to prevent AI coding agents from executing dangerous git and shell commands. Built in Rust, dcg intercepts and blocks catastrophic operations like `git reset --hard` or `rm -rf`, offering clear explanations and safer alternatives. It provides a crucial safety layer for developers working with tools like Claude Code, Codex CLI, and GitHub Copilot.

## Topics

- ai-agents
- cli
- developer-tools
- git
- rust
- safety
- security
- automation

## Repository Information

Last analyzed by OSRepos: Sat Jul 11 2026 13:55:49 GMT+0100 (Western European Summer Time)
Detail views: 2
GitHub clicks: 0

## Safety Notice

OSRepos shares public repositories for knowledge and discovery only. Review source code, dependencies, licenses, and security implications before running or installing anything.

## Content

## Introduction

AI coding agents, while incredibly powerful, can sometimes execute catastrophic commands, leading to accidental data loss or irreversible changes. The Destructive Command Guard (dcg) is a robust solution built in Rust to act as a protective shield, blocking dangerous git and shell commands before they can cause harm. It integrates seamlessly as a PreToolUse hook for various AI agents, ensuring your work remains safe from unintended destruction.

![Destructive Command Guard - Protecting your code from accidental destruction](https://socialify.git.ci/dicklesworthstone/destructive_command_guard/image?owner=1&language=1&stargazers=1&forks=1&issues=1&pulls=1&description=0&pattern=Plus&theme=Light&font=Inter)

dcg is designed for high performance, offering sub-millisecond latency and intelligent context detection to differentiate between dangerous commands and safe data. It supports a wide array of agents including Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, Cursor IDE, Hermes Agent, and Grok (xAI).

## Installation

The quickest way to get `dcg` up and running is by using the provided install script. This script automatically detects your platform, downloads the correct binary, and configures hooks for supported AI agents on Linux, macOS, and Windows (via WSL or native PowerShell).

**Quick Install (Linux, macOS, WSL):**

bash
curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/install.sh?$(date +%s)" | bash -s -- --easy-mode


**Windows (native, PowerShell):**

powershell
& ([scriptblock]::Create((irm "https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/install.ps1"))) -EasyMode -Verify


After installation, it is recommended to run `dcg setup` to add a shell startup check that warns you if the dcg hook is ever silently removed from your agent's configuration.

To update `dcg`, simply run:

bash
dcg update


For uninstallation, use the dedicated script:

bash
curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/uninstall.sh | bash


## Examples

When an AI agent attempts to run a destructive command, `dcg` intercepts it and provides a clear explanation along with suggestions for safer alternatives. Here's a quick example:

bash
# AI agent tries to run:
$ git reset --hard HEAD~5

# dcg intercepts and blocks:
????????????????????????????????????????????????????????????????
BLOCKED  dcg
????????????????????????????????????????????????????????????????
Reason:  git reset --hard destroys uncommitted changes

Command: git reset --hard HEAD~5

Tip: Consider using 'git stash' first to save your changes.
????????????????????????????????????????????????????????????????


You can also test commands manually without executing them using `dcg test`:

bash
dcg test "rm -rf ./build"


## Why Use dcg?

dcg offers a comprehensive set of features to safeguard your development workflow:

*   **Zero-Config Protection**: Blocks dangerous git and filesystem commands out of the box, requiring minimal setup.
*   **50+ Security Packs**: Extends protection to databases, Kubernetes, Docker, AWS/GCP/Azure, Terraform, and more through modular packs that can be enabled or disabled.
*   **Sub-Millisecond Latency**: Utilizes SIMD-accelerated filtering and a dual regex engine for high performance, ensuring it won't slow down your workflow.
*   **Smart Context Detection**: Intelligently distinguishes between dangerous commands meant for execution and similar strings appearing as data, preventing false positives.
*   **Rich Terminal Output**: Provides human-readable denial panels with clear reasons, rule context, and actionable suggestions on stderr.
*   **Agent-Safe Streams**: Ensures machine-readable hook output stays on stdout for agents, while rich UI is directed to stderr for human readability.
*   **Fail-Open Design**: Prioritizes workflow continuity, allowing commands to proceed with a warning if `dcg` cannot safely analyze them due to timeouts or parse errors.
*   **Explain Mode**: Use `dcg explain "command"` to get a detailed trace of why a command was blocked or allowed, invaluable for debugging and understanding policy.

## Links

For more detailed documentation, advanced configuration, and to contribute to the project, visit the official GitHub repository:

*   **GitHub Repository**: [Dicklesworthstone/destructive_command_guard](https://github.com/Dicklesworthstone/destructive_command_guard "Destructive Command Guard GitHub Repository" target="_blank")