Dicklesworthstone · 2026-07-13 · major
Destructive Command Guard — Rust hook stops AI agents from rm -rf
Destructive Command Guard (dcg) is a Rust hook that intercepts destructive shell and git commands from AI coding agents before they run. v0.6.6 shipped July 13 and DCG hit #1 on GitHub Trending.
A Rust hook that blocks AI coding agents from running commands like rm -rf ./src or git reset --hard.
Key specs
| GitHub stars | 4,000+ |
|---|---|
| Latency | sub-millisecond |
Quick facts
| Maker | Jeffrey Emanuel (Dicklesworthstone) |
|---|---|
| Language | Rust (edition 2024) |
| License | MIT |
| Latest release | v0.6.6, July 13, 2026 |
| Latency | sub-millisecond per command |
| Works with | Claude Code, Codex CLI, Cursor, Gemini CLI, Copilot CLI, Aider, OpenCode |
| How to install | cargo install destructive_command_guard, or prebuilt binaries |
What is it?
Destructive Command Guard adds a safety net between an AI coding agent and your shell. It runs as a PreToolUse hook: every command the agent wants to execute goes through DCG first, and DCG kills the ones that would destroy work. Version 0.6.6 shipped July 13, 2026 and the repo has ~4,000 stars.
How does it work?
A four-stage pipeline handles each command: JSON parse, normalize (unwrap heredocs and inline scripts), SIMD-accelerated quick reject, and regex against 50+ 'packs' of dangerous patterns. Safe commands are approved in microseconds; dangerous ones are matched against a denylist covering rm, git, database drops, Kubernetes, cloud CLIs, and CI/CD, and returned with a human-readable reason.
Why does it matter?
AI coding agents run shell commands autonomously and sometimes get creative — a rename that becomes rm -rf, a merge that becomes git reset --hard, a schema fix that drops a table. DCG is the seatbelt: cheap to install, hard to misuse, and it plugs into Claude Code, Codex CLI, Cursor, Gemini CLI, Copilot CLI, Aider, OpenCode, and Grok Build CLI without changing how the agent works.
Who is it for?
developers running autonomous AI coding agents in real repos
Frequently asked questions
- What does Destructive Command Guard block?
- Destructive Command Guard ships with a denylist of dangerous shell and git patterns — rm -rf on source paths, git reset --hard on uncommitted work, git checkout -- ., DROP TABLE, force pushes to protected branches, and more. Everything else passes through by default. The denylist is grouped into modular 'packs' for databases, Kubernetes, cloud providers, and CI/CD.
- How does DCG plug into Claude Code and other agents?
- DCG runs as a PreToolUse hook that the coding agent calls before executing any shell command. Claude Code, Codex CLI 0.125.0+, Cursor, Gemini CLI, Copilot CLI, Aider, OpenCode, and Grok Build CLI can all call DCG. If the pattern matches a destructive rule, DCG returns a deny with an explanation; otherwise the command runs.
- How fast is Destructive Command Guard?
- Destructive Command Guard reports sub-millisecond latency per command. A four-stage pipeline — JSON parsing, normalization, SIMD-accelerated quick reject, then regex matching — lets more than 95% of commands pass through in under 10 microseconds, with only commands containing dangerous keywords hitting the expensive regex stage.
- Is DCG open source and free to use?
- Yes. DCG is MIT-licensed. Prebuilt binaries are available for Linux x86_64 and ARM64, macOS Intel and Apple Silicon, and Windows. The Rust source is on GitHub and the crate is on crates.io. There is no paid tier — the whole tool ships as one static binary you drop into your agent's PreToolUse hook.
Try it
cargo install destructive_command_guard