Show HN: Block dangerous Git and shell commands from being executed by agents A developer released a high-performance hook tool called dcg that blocks dangerous Git and shell commands from being executed by AI coding agents, protecting against accidental data loss from commands like git reset --hard or rm -rf. The tool supports multiple agent platforms including Claude Code, Codex CLI, Gemini CLI, and Copilot CLI, and offers zero-config protection with sub-millisecond latency. A high-performance hook for AI coding agents that blocks destructive commands before they execute, protecting your work from accidental deletion across Claude Code, Codex CLI, Gemini CLI, Copilot CLI, VS Code Copilot Chat, Cursor, Hermes Agent, Grok xAI , and related tools. Supported: Claude Code https://claude.ai/code , Codex CLI 0.125.0+ https://github.com/openai/codex , Gemini CLI https://github.com/google-gemini/gemini-cli , GitHub Copilot CLI https://docs.github.com/en/copilot/concepts/agents/coding-agent/about-hooks , VS Code Copilot Chat https://code.visualstudio.com/docs/agent-customization/hooks , Cursor IDE https://cursor.com , Hermes Agent https://github.com/NousResearch/hermes-agent , Grok xAI https://x.ai/news/grok-build-cli native ~/.grok/hooks/ plus Claude compatibility layer , Antigravity CLI agy https://antigravity.google native ~/.gemini/config/hooks.json via dcg install --agy , OpenCode https://opencode.ai via community plugin https://github.com/aspiers/ai-config/blob/main/.config/opencode/plugins/dcg-guard.js , Pi https://github.com/earendil-works/pi via extension recipe /Dicklesworthstone/destructive command guard/blob/main/docs/pi-integration.md , Aider https://aider.chat/ limited—git hooks only , Continue https://continue.dev detection only curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/destructive command guard/main/install.sh?$ date +%s " | bash -s -- --easy-mode Works on Linux, macOS, and Windows via WSL. Auto-detects your platform, downloads the right binary, and configures supported agent hooks including Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, VS Code Copilot Chat through VS Code's Claude-hook compatibility , Cursor IDE, Hermes Agent, and Grok xAI via dcg install --grok for a native ~/.grok/hooks/dcg.json, or via the Claude compatibility layer automatically picked up by Grok . For native Windows, use the PowerShell installer below. & scriptblock ::Create irm "https://raw.githubusercontent.com/Dicklesworthstone/destructive command guard/main/install.ps1" -EasyMode -Verify Installs native dcg.exe, verifies the SHA256 checksum and the Sigstore/cosign signature when cosign is present , adds it to your User PATH -EasyMode , runs a self-test -Verify , and configures detected agent hooks for Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, Cursor IDE, and Hermes Agent. Copilot is configured at the user level under %COPILOT HOME%\hooks or %USERPROFILE%\.copilot\hooks so every workspace is protected. On Windows the windows.filesystem and windows.system packs are on by default, so del /s, rd /s, Remove-Item -Recurse -Force, format, and vssadmin delete shadows are blocked out of the box. Pin a version with -Version vX.Y.Z. The Problem : AI coding agents Claude, Codex, Gemini, Copilot, etc. occasionally run catastrophic commands like git reset --hard , rm -rf ./src , or DROP TABLE users —destroying hours of uncommitted work in seconds. The Solution : dcg is a high-performance hook that intercepts destructive commands before they execute, blocking them with clear explanations and safer alternatives. | Feature | What It Does | |---|---| Zero-Config Protection | Blocks dangerous git/filesystem commands out of the box | 50+ Security Packs | Databases, Kubernetes, Docker, AWS/GCP/Azure, Terraform, and more | Sub-Millisecond Latency | SIMD-accelerated filtering—you won't notice it's there | Heredoc/Inline Script Scanning | Catches python -c "os.remove ... " and embedded shell scripts | Smart Context Detection | Won't block grep "rm -rf" data but will block rm -rf / execution | Rich Terminal Output | Human-readable denial panels, rule context, and suggestions on stderr | Agent-Safe Streams | Machine-readable hook output stays on stdout while rich UI stays on stderr | Native Codex Support | Codex CLI 0.125.0+ receives a minimal stdout JSON denial that current clients enforce reliably | Graceful Degradation | Plain output for CI, pipes, dumb terminals, and no-color environments | Scan Mode for CI | Pre-commit hooks and CI integration to catch dangerous commands in code review | Fail-Open Design | Never blocks your workflow due to timeouts or parse errors | Explain Mode | dcg explain "command" shows exactly why something is blocked | bash AI agent tries to run: $ git reset --hard HEAD~5 dcg intercepts and blocks: ════════════════════════════════════════════════════════════════ BLOCKED dcg ──────────────────────────────────────────────────────────────── Reason: git reset --hard destroys uncommitted changes Command: git reset --hard HEAD~5 Tip: Consider using 'git stash' first to save your changes. ════════════════════════════════════════════════════════════════ ~/.config/dcg/config.toml packs enabled = "database.postgresql", Blocks DROP TABLE, TRUNCATE "kubernetes.kubectl", Blocks kubectl delete namespace "cloud.aws", Blocks aws ec2 terminate-instances "containers.docker", Blocks docker system prune dcg automatically detects which AI coding agent is invoking it and can apply agent-specific configuration. The trust level field is an advisory label recorded in JSON output and logs — it does not directly change rule evaluation. Behavioral differences come from the other profile fields: | Option | Effect | |---|---| disabled packs | Removes rule packs from evaluation | extra packs | Adds rule packs to evaluation | additional allowlist | Adds command patterns that bypass deny rules | disabled allowlist | When true , ignores all allowlist entries | Trust Claude Code more — wider allowlist, fewer packs agents.claude-code trust level = "high" additional allowlist = "npm run build", "cargo test" disabled packs = "kubernetes" Restrict unknown agents — extra rules, no allowlist bypass agents.unknown trust level = "low" extra packs = "paranoid" disabled allowlist = true See docs/agents.md /Dicklesworthstone/destructive command guard/blob/main/docs/agents.md for full documentation on supported agents, trust levels, and configuration options. dcg now treats Codex CLI as a first-class hook target, not just a Claude-shaped compatibility path. The installer configures Codex CLI 0.125.0+ automatically when it detects codex on PATH or an existing ~/.codex/ directory. | Codex behavior | dcg handling | |---|---| | Hook config | Merges a PreToolUse Bash hook into ~/.codex/hooks.json | | Denied command | Exits 0 with a minimal hookSpecificOutput denial on stdout; human warning stays on stderr | | Allowed command | Exits 0 with empty stdout and stderr | | Existing hooks | Preserves coexisting hooks, keeps dcg first for Bash, and refuses to overwrite malformed JSON | | Validation | Covered by subprocess protocol tests plus an opt-in real Codex E2E harness | Codex's hook input is intentionally close to Claude Code's, but Codex rejects unknown fields in hook output. dcg detects Codex payloads from the non-empty turn id field and emits only Codex's documented denial fields so a blocked command is reported as blocked rather than as a failed hook. See docs/codex-integration.md /Dicklesworthstone/destructive command guard/blob/main/docs/codex-integration.md for protocol details, manual probes, and troubleshooting. This project began as a Python script by Jeffrey Emanuel, who recognized that AI coding agents, while incredibly useful, occasionally run catastrophic commands that destroy hours of uncommitted work. The original implementation was a simple but effective hook that intercepted dangerous git and filesystem commands before execution. - Original concept and Python implementation Jeffrey Emanuel https://github.com/Dicklesworthstone source https://github.com/Dicklesworthstone/misc coding agent tips and scripts/blob/main/DESTRUCTIVE GIT COMMAND CLAUDE HOOKS SETUP.md ; substantially expanded the Rust version with the modular pack system 50+ security packs , heredoc/inline-script scanning, the three-tier architecture, context classification, allowlists, scan mode, and the dual regex engine- Initial Rust port with performance optimizations Darin Gordon https://github.com/Dowwie The initial Rust port by Darin maintained pattern compatibility with the original Python implementation while adding sub-millisecond execution through SIMD-accelerated filtering and lazy-compiled regex patterns. Jeffrey subsequently expanded the Rust codebase dramatically to add the features described above. If dcg is blocking something you genuinely need to run: | Method | Scope | How | |---|---|---| Env var bypass | Single command | DCG BYPASS=1