// Agent profile
Dicklesworthstone/destructive_command_guard (dcg) is a Rust-based PreToolUse hook that intercepts shell commands before AI coding agents execute them, blocking destructive operations like `git reset --hard`, `rm -rf`, database drops, and cloud resource deletions. It uses SIMD-accelerated regex filtering for sub-millisecond latency, scans heredocs and inline scripts (e.g., `python -c "os.remove(...)"`) for hidden destructive patterns, and ships 50+ modular security packs covering git, filesystem, PostgreSQL, Docker, Kubernetes, AWS, GCP, and Azure. The tool supports native hook integration with Claude Code, Codex CLI, Gemini CLI, Cursor, Copilot, and other agent platforms. A layered configuration system (system, user, project, environment) with permanent and temporary allowlists lets teams fine-tune blocking policies per project. Stats as of July 2026: 3.2K stars, 120 forks, actively maintained. Built for teams running AI agents autonomously where a single destructive command could wipe hours of uncommitted work.
Destructive Command Guard (dcg) is a Rust-based safety hook from Dicklesworthstone that sits between AI coding agents and the shell, intercepting commands before execution and blocking anything that could destroy data. When an agent like Claude Code attempts to run git reset --hard, rm -rf ./, DROP TABLE users, or kubectl delete namespace production, dcg catches it, outputs a JSON denial to the agent, and prints a human-readable warning to stderr. The agent gets the feedback it needs to try a safer approach; the developer’s work stays intact.
Speed that disappears: dcg is written in Rust with SIMD-accelerated regex and a quick-reject path that skips 99% of safe commands in O(n) substring filtering. The result is sub-millisecond latency — agents don’t notice it’s there until it saves them from something catastrophic.
Deep command analysis: Beyond simple string matching, dcg normalizes commands (stripping paths like /usr/bin/git to git), detects smart context (blocking execution but not comments or data strings), and scans heredocs and inline scripts. A command like python -c "import shutil; shutil.rmtree('.')" gets caught because dcg parses the inline script content, not just the python invocation.
50+ security packs: Core protections for git and filesystem are always on. Optional packs add coverage for PostgreSQL (DROP, TRUNCATE), Docker (docker system prune -a), Kubernetes (kubectl delete namespace), AWS/GCP/Azure resource deletion, and Windows-specific commands (format C:, vssadmin delete shadows). Packs are YAML-defined and extensible for organization-specific tools.
Multi-agent support: Native hook configurations ship for Claude Code, Codex CLI 0.125.0+, Gemini CLI, GitHub Copilot CLI, Cursor, Hermes, Grok, and others. Each agent gets appropriate JSON protocol compliance and configurable trust levels.
AI coding agents running autonomously can execute hundreds of shell commands per session. One wrong git reset --hard or rm -rf wipes hours of uncommitted work with no undo. The problem compounds with autonomous/overnight runs where no human is watching. dcg provides the safety net — a last line of defense that costs nothing in latency but prevents the catastrophic tail events that make teams afraid to let agents run unsupervised.
Teams running Claude Code or Codex in autonomous mode install dcg as a mandatory safety hook before granting agents shell access. DevOps teams use the extended security packs to prevent agents from accidentally deleting Kubernetes namespaces or cloud resources during infrastructure automation. CI pipelines use dcg scan mode to audit Dockerfiles, GitHub Actions workflows, and Terraform configs for destructive patterns before merge. Organizations with compliance requirements use the layered configuration to enforce policy across all developer machines while allowing project-level exceptions.
dcg follows a fail-open philosophy — parse timeouts and errors allow commands rather than blocking them, prioritizing workflow continuity over maximum safety. This is the right tradeoff for most teams but means dcg is a defense-in-depth layer, not a hard security boundary. The modular pack system means teams need to consciously opt into protections beyond core git/filesystem — database and cloud packs are not enabled by default. Requires Rust nightly for building from source, though pre-built binaries and a one-line installer cover most platforms.
dcg is built for any team that runs AI coding agents with shell access — especially those moving toward autonomous or overnight agent runs. It suits engineering organizations that want guardrails without friction: the sub-millisecond latency means developers and agents never notice dcg until it prevents a disaster. Pairs naturally with agent orchestration tools like Ruflo and template systems like Claude Code Templates for a full safety-aware agent stack.
Builder.io's open-source framework for building agent-native applications — shared actions, SQL-backed state, identity, tools, skills, jobs, observability, and UI surfaces that all work together.
CLI orchestration tool that installs and configures platform connectors for 16+ social and web sources — Twitter/X, Reddit, YouTube, GitHub, Bilibili, and more. Zero API fees.
Persistent memory layer for AI coding agents — benchmark-backed (95.2% on LongMemEval-S), 92% fewer tokens per session vs full-context pasting, zero manual memory.add() calls.