Destructive Command Guard blocks risky agent commands
Destructive Command Guard (dcg) is an open-source Rust safety hook that intercepts and blocks dangerous shell and Git commands before AI coding assistants execute them. The tool checks commands in under 10 microseconds using SIMD filtering and parses inline scripts with tree-sitter AST analysis.
As developers grant AI agents command-line access, safety hooks are shifting from optional to essential workspace infrastructure. Destructive Command Guard solves this with parser-level protection rather than brittle regex.
* High Performance: Built in Rust, it checks commands in microseconds, ensuring agent responsiveness is not impacted.
* Deep Inspection: Employs AST-based analysis via tree-sitter to parse inline scripts (e.g., Python execution of OS commands) and heredocs.
* Extensive Coverage: Includes 49+ modular packs to protect database tables, Kubernetes clusters, Docker resources, and cloud environments.
* Agent Safety: Minimizes the risk of catastrophic commands like recursive deletions or hard Git resets.
DISCOVERED
1h ago
2026-07-12
PUBLISHED
1h ago
2026-07-12
RELEVANCE
