destructive_command_guard — What is it?

The Destructive Command Guard (dcg) is a high-performance hook designed to block destructive git and shell commands from being executed by AI coding agents, protecting code from accidental deletion.

⭐ 1,787 Stars 🍴 70 Forks Rust NOASSERTION Author: Dicklesworthstone
Source: README View on GitHub →

Why it matters

dcg is gaining attention due to its unique focus on preventing accidental destructive actions in AI-assisted coding environments. It addresses the pain point of catastrophic command execution by AI coding agents, fills the gap in safety features for these tools, and stands out with its performance optimizations and extensive support for various AI coding agents.

Source: Synthesis of README and project traits

Core Features

Zero-Config Protection

Blocks dangerous git/filesystem commands out of the box, providing immediate protection without additional configuration.

Source: README
50+ Security Packs

Includes a variety of security packs for databases, Kubernetes, Docker, cloud services, and more, offering comprehensive protection against a wide range of destructive actions.

Source: README
Sub-Millisecond Latency

Achieves sub-millisecond latency through SIMD-accelerated filtering and lazy-compiled regex patterns, ensuring minimal impact on coding workflows.

Source: README
Smart Context Detection

Detects and blocks destructive commands based on context, allowing for more nuanced protection without blocking legitimate commands.

Source: README
Rich Terminal Output

Provides clear explanations and suggestions on stderr when blocking commands, aiding users in understanding why a command was blocked and how to proceed safely.

Source: README
Agent-Safe Streams

Separates machine-readable hook output from rich UI output, ensuring compatibility with various AI coding agents and environments.

Source: README
Native Codex Support

Supports Codex CLI as a first-class hook target, ensuring seamless integration and compatibility with the tool's expected behavior.

Source: README
Graceful Degradation

Fallbacks to plain output for CI, pipes, dumb terminals, and no-color environments, ensuring functionality across different systems.

Source: README
Scan Mode for CI

Integrates with pre-commit hooks and CI systems to catch dangerous commands before they are committed, enhancing code safety in the development process.

Source: README
Fail-Open Design

Never blocks the workflow due to timeouts or parse errors, ensuring that the tool does not inadvertently disrupt development processes.

Source: README
Explain Mode

Allows users to understand why a command is blocked by providing detailed explanations with `dcg explain "command"`.

Source: README

Architecture

The architecture of dcg is modular, with a three-tier architecture that includes a core engine for command interception and blocking, a set of security packs for specific contexts, and a user interface for configuration and interaction. The data flow involves command input, context analysis, rule evaluation, and output generation.

Source: Code tree + dependency files

Project Knowledge Graph

Knowledge graph: project (center) + core features (inner hexagons) + key dependencies (outer chips) serde regex aho-corasick tokio Zero-Config ProtectionZero-Config Protect… 50+ Security Packs Sub-Millisecond LatencySub-Millisecond Lat… Smart Context DetectionSmart Context Detec… Rich Terminal Output Agent-Safe Streams Native Codex Support Graceful Degradation destructive_command_… Project Core feature Key dependency

Center: project; inner ring: core feature modules; outer ring: key dependencies. Auto-generated from core_features and tech_stack.key_deps.

Tech Stack

LanguageRustFrameworkSerde, serde_json, schemars, serde_yaml, toml, toml_edit, chrono, fancy-regex, regex, memchr, aho-corasick, smallvec, colored, dirs, glob, clap, clap_complete, once_cell, base64, async-trait, rust-mcp-sdk, tokio, rayon
serderegexaho-corasicktokio
Not enough information.
Source: Dependency files + code tree

Quick Start

```bash curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/install.sh?$(date +%s)" | bash -s -- --easy-mode ```
Source: README Installation/Quick Start

Use Cases

dcg is suitable for developers using AI coding agents such as Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, Cursor IDE, Hermes Agent, Grok (xAI), and related tools. It is useful in scenarios where code safety is critical, such as in development environments where AI coding agents are used to assist with coding tasks, and in CI/CD pipelines to prevent accidental destructive actions before code is committed.

Source: README

Strengths & Limitations

Strengths

  • Strength 1: Provides comprehensive protection against destructive commands in AI coding environments.
  • Strength 2: Offers a high level of configurability and support for various AI coding agents.
  • Strength 3: Implements performance optimizations to minimize impact on coding workflows.

Limitations

  • Limitation 1: The project is relatively new and may not have been widely tested in all possible scenarios.
  • Limitation 2: The lack of a detailed documentation on the internal workings of the security packs may limit understanding of how specific rules are applied.
Source: Synthesis of README, code structure and dependencies

Latest Release

v0.6.5 (2026-07-03): Bumped actions/cache dependency version.

Source: GitHub Releases

Verdict

Destructive Command Guard is a valuable tool for developers using AI coding agents, offering a robust solution for preventing accidental destructive actions. Its focus on performance and configurability makes it a strong choice for teams looking to enhance code safety in their development workflows.

Frequently Asked Questions

What is destructive_command_guard?

The Destructive Command Guard (dcg) is a high-performance hook designed to block destructive git and shell commands from being executed by AI coding agents, protecting code from accidental deletion.

What are the main features of destructive_command_guard?

destructive_command_guard's core features include: Zero-Config Protection, 50+ Security Packs, Sub-Millisecond Latency, Smart Context Detection, Rich Terminal Output.

Why is destructive_command_guard trending?

dcg is gaining attention due to its unique focus on preventing accidental destructive actions in AI-assisted coding environments.

What is destructive_command_guard used for?

dcg is suitable for developers using AI coding agents such as Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, Cursor IDE, Hermes Agent, Grok (xAI), and related tools.

Transparency Notice
This page is auto-generated by AI (a large language model) from the following public materials: GitHub README, code tree, dependency files and release notes. Analyzed at: 2026-07-11 18:38. Quality score: 85/100.

Data sources: README, GitHub API, dependency files