Keeping Your Code Safe from Autonomous Agents: Meet dcg

AI coding assistants are transforming software engineering by writing code, managing git branches, and executing terminal commands. But giving an AI model full terminal access carries significant risks. A single misunderstood instruction, logic loop, or prompt injection attack could lead to a catastrophic command like rm -rf / or a destructive git history reset.
destructive_command_guard (dcg) is an open-source security tool designed to solve this exact vulnerability. It acts as a high-performance firewall for your terminal, checking commands generated by AI agents and blocking them before they run.
What is Destructive Command Guard?
dcg is a lightweight pre-execution hook. It integrates into your CLI tools and developer environments (such as Claude Code, Cursor, or Gemini CLI). When an AI agent attempts to run a terminal command, dcg intercepts it, parses the syntax, and blocks it if it matches known dangerous patterns.
Key Protections Offered by dcg
1. Dangerous Git Commands
AI agents frequently manage code changes using Git. However, commands like git reset --hard or force-pushing overrides can wipe out uncommitted code or delete important history. dcg intercepts and prevents these destructive overrides.
2. Filesystem Deletions
Accidental recursive deletes (rm -rf) or cleanups that target critical directories can break your environment. dcg blocks filesystem operations that could result in data loss.
3. Language-Specific Execution Scripts
AI agents sometimes run scripts (like python or shell execution commands) that spawn child processes. dcg blocks dangerous system execution commands (like os.system or child_process.execSync) to prevent stealth attacks or escaping sandbox controls.
Universal Support
One of the best features of dcg is its wide compatibility. Out of the box, it supports integrations for:
- Claude Code and Gemini CLI
- Cursor IDE and GitHub Copilot CLI
- Aider, Continue, and OpenCode
Conclusion
As developers move towards fully autonomous AI agents, security guardrails are becoming essential. By blocking dangerous terminal actions before they execute, tools like destructive_command_guard ensure that developers can leverage the speed of AI agents without risking their codebases or local machines.
Want to secure your terminal? Check out the destructive_command_guard GitHub Repository.
Top comments (0)