A new open-source tool called Destructive Command Guard (DCG) intercepts dangerous git and shell commands issued by AI coding agents, preventing accidental data loss. Released on GitHub by developer Dicklesworthstone, DCG works with Claude Code, Codex CLI, Gemini CLI, Copilot CLI, Cursor, and other popular AI-assisted development tools. The tool blocks commands like `git reset --hard`, `rm -rf`, and `DROP TABLE` before they execute, offering safer alternatives.
How DCG Works
DCG installs as a hook that sits between the AI agent and the command line. When an agent tries to run a destructive command, DCG intercepts it, displays a clear explanation of why it was blocked, and suggests a safer alternative. For example, if an agent runs `git reset --hard HEAD~5`, DCG blocks it and recommends using `git stash` first to save uncommitted changes.
The tool uses a modular "pack" system to organize destructive command patterns by category. Packs can be enabled or disabled in the configuration file. By default, DCG enables only the most critical packs: `core.filesystem` (blocks dangerous `rm -rf` outside temp directories), `core.git` (blocks destructive git commands that lose uncommitted work), and `system.disk` (blocks disk operations like `mkfs`, `dd`, `fdisk`, `parted`, `mdadm`, `lvm removal`, and `wipefs`). On Windows, additional packs for `windows.filesystem` and `windows.system` are on by default, blocking commands like `del /s`, `rd /s`, `Remove-Item -Recurse -Force`, `format`, and `vssadmin delete shadows`.
Installation and Configuration
DCG can be installed via a one-liner curl command on Linux, macOS, and Windows through WSL, or via a PowerShell installer for native Windows. The installer auto-detects the platform, downloads the correct binary, and configures hooks for supported agents including Claude Code, Codex CLI 0.125.0+, Gemini CLI, GitHub Copilot CLI, VS Code Copilot Chat, Cursor IDE, Hermes Agent, and Grok (xAI). On Windows, it installs a native `dcg.exe`, verifies the SHA256 checksum and Sigstore/cosign signature when available, adds it to the user PATH, runs a self-test, and configures detected agent hooks.
Users can customize protection by editing `~/.config/dcg/config.toml`. The configuration supports agent-specific settings, so Claude Code can be trusted more with a wider allowlist and fewer packs, while unknown agents get extra paranoid packs and no allowlist bypass. For commands that are genuinely needed, users can set `DCG_BYPASS=1` to disable all protection for a single invocation, or add the command to an allowlist for recurring use.
Supported Agents and Platforms
DCG officially supports Claude Code, Codex CLI 0.125.0+, Gemini CLI, GitHub Copilot CLI, VS Code Copilot Chat, Cursor IDE, Hermes Agent, Grok (xAI) (via native `~/.grok/hooks/` plus a Claude compatibility layer), Antigravity CLI (agy), OpenCode (via community plugin), Pi (via extension recipe), Aider (limited to git hooks only), and Continue (detection only). The tool automatically detects which agent is invoking it and applies agent-specific configuration.
A notable feature is first-class support for Codex CLI. DCG detects Codex payloads from the non-empty `turn_id` field and emits only Codex's documented denial fields, ensuring a blocked command is reported as blocked rather than as a failed hook. The project began as a Python script by Jeffrey Emanuel, who recognized that AI coding agents occasionally run catastrophic commands. Darin Gordon later ported it to Rust with performance optimizations, adding sub-millisecond execution through SIMD-accelerated filtering and lazy-compiled regex patterns. Jeffrey subsequently expanded the Rust codebase with the modular pack system (50+ security packs), heredoc/inline-script scanning, a three-tier architecture, context classification, allowlists, scan mode, and a dual regex engine.
Opt-In Packs for Broader Protection
Beyond the default packs, DCG offers many opt-in packs that users can enable in the configuration file. These include `database.postgresql` (blocks DROP TABLE, TRUNCATE), `kubernetes.kubectl` (blocks `kubectl delete namespace`), `cloud.aws` (blocks `aws ec2 terminate-instances`), `containers.docker` (blocks `docker system prune`), `storage.s3`, and many more. Running `dcg init` writes a starter config that enables `database.postgresql` and `containers.docker` as examples, but no pack is active until explicitly enabled in the config. On Unix, the `windows.*` packs are registered but off by default; they can be enabled to scan committed `.ps1` or `.cmd` scripts in CI.
DCG is designed for developers who use AI coding agents and want a safety net against accidental destruction of work. The tool's combination of high performance, broad agent support, and granular configuration makes it a practical addition to any AI-assisted development workflow.