...It intercepts shell commands before execution and blocks operations that could erase files, rewrite Git history, destroy infrastructure, or remove data. The Rust implementation uses fast filtering and context-aware rules to distinguish dangerous execution from harmless text matches. Its modular security packs cover Git, filesystems, databases, containers, cloud platforms, Kubernetes, Terraform, and other tools. Users can inspect denials, enable agent-specific profiles, add allowlist entries, or temporarily bypass a rule when necessary. It also provides scan modes for CI and pre-commit checks, while a fail-open design avoids stopping work because of parser errors or timeouts.