Destructive Command Guard is a high-performance safety hook for AI coding agents and command-line workflows. It intercepts shell commands before execution and blocks operations that could erase files, rewrite Git history, destroy infrastructure, or remove data. The Rust implementation uses fast filtering and context-aware rules to distinguish dangerous execution from harmless text matches. Its modular security packs cover Git, filesystems, databases, containers, cloud platforms, Kubernetes, Terraform, and other tools. Users can inspect denials, enable agent-specific profiles, add allowlist entries, or temporarily bypass a rule when necessary. It also provides scan modes for CI and pre-commit checks, while a fail-open design avoids stopping work because of parser errors or timeouts.
Features
- Pre-execution interception of dangerous commands
- More than 50 modular security packs
- Context-aware command classification
- Agent-specific profiles and configurable allowlists
- CI and pre-commit repository scanning
- Fast Rust implementation with fail-open behavior