AI/TLDR

Dicklesworthstone · 2026-07-13 · major

Destructive Command Guard — Rust hook stops AI agents from rm -rf

Destructive Command Guard (dcg) is a Rust hook that intercepts destructive shell and git commands from AI coding agents before they run. v0.6.6 shipped July 13 and DCG hit #1 on GitHub Trending.

Destructive Command Guard repo card — Rust hook to block dangerous commands from AI agents

A Rust hook that blocks AI coding agents from running commands like rm -rf ./src or git reset --hard.

Key specs

GitHub stars4,000+
Latencysub-millisecond

Quick facts

MakerJeffrey Emanuel (Dicklesworthstone)
LanguageRust (edition 2024)
LicenseMIT
Latest releasev0.6.6, July 13, 2026
Latencysub-millisecond per command
Works withClaude Code, Codex CLI, Cursor, Gemini CLI, Copilot CLI, Aider, OpenCode
How to installcargo install destructive_command_guard, or prebuilt binaries

What is it?

Destructive Command Guard adds a safety net between an AI coding agent and your shell. It runs as a PreToolUse hook: every command the agent wants to execute goes through DCG first, and DCG kills the ones that would destroy work. Version 0.6.6 shipped July 13, 2026 and the repo has ~4,000 stars.

How does it work?

A four-stage pipeline handles each command: JSON parse, normalize (unwrap heredocs and inline scripts), SIMD-accelerated quick reject, and regex against 50+ 'packs' of dangerous patterns. Safe commands are approved in microseconds; dangerous ones are matched against a denylist covering rm, git, database drops, Kubernetes, cloud CLIs, and CI/CD, and returned with a human-readable reason.

Why does it matter?

AI coding agents run shell commands autonomously and sometimes get creative — a rename that becomes rm -rf, a merge that becomes git reset --hard, a schema fix that drops a table. DCG is the seatbelt: cheap to install, hard to misuse, and it plugs into Claude Code, Codex CLI, Cursor, Gemini CLI, Copilot CLI, Aider, OpenCode, and Grok Build CLI without changing how the agent works.

Who is it for?

developers running autonomous AI coding agents in real repos

Frequently asked questions

What does Destructive Command Guard block?
Destructive Command Guard ships with a denylist of dangerous shell and git patterns — rm -rf on source paths, git reset --hard on uncommitted work, git checkout -- ., DROP TABLE, force pushes to protected branches, and more. Everything else passes through by default. The denylist is grouped into modular 'packs' for databases, Kubernetes, cloud providers, and CI/CD.
How does DCG plug into Claude Code and other agents?
DCG runs as a PreToolUse hook that the coding agent calls before executing any shell command. Claude Code, Codex CLI 0.125.0+, Cursor, Gemini CLI, Copilot CLI, Aider, OpenCode, and Grok Build CLI can all call DCG. If the pattern matches a destructive rule, DCG returns a deny with an explanation; otherwise the command runs.
How fast is Destructive Command Guard?
Destructive Command Guard reports sub-millisecond latency per command. A four-stage pipeline — JSON parsing, normalization, SIMD-accelerated quick reject, then regex matching — lets more than 95% of commands pass through in under 10 microseconds, with only commands containing dangerous keywords hitting the expensive regex stage.
Is DCG open source and free to use?
Yes. DCG is MIT-licensed. Prebuilt binaries are available for Linux x86_64 and ARM64, macOS Intel and Apple Silicon, and Windows. The Rust source is on GitHub and the crate is on crates.io. There is no paid tier — the whole tool ships as one static binary you drop into your agent's PreToolUse hook.

Try it

cargo install destructive_command_guard

Sources · 2 outlets

Tags

  • tool
  • repo
  • safety
  • hook
  • rust
  • claude-code
  • codex-cli
  • cursor
  • gemini-cli
  • coding-agent
  • shell
  • git

← All releases · Learn AI