Dicklesworthstone / destructive_command_guard
Dicklesworthstone / destructive_command_guard
dcg (Destructive Command Guard) is a high-performance hook for AI coding agents that blocks destructive commands before they execute, protecting your work from accidental deletion across Claude Code, Codex CLI, Gemini CLI, Copilot CLI, VS Code Copilot Chat, Cursor, Hermes Agent, Grok (xAI), and related tools. dcg (Destructive Command Guard) 是一款专为 AI 编程助手设计的高性能钩子(hook),它能在破坏性命令执行前将其拦截,从而保护你的工作成果,防止在 Claude Code、Codex CLI、Gemini CLI、Copilot CLI、VS Code Copilot Chat、Cursor、Hermes Agent、Grok (xAI) 及相关工具中发生意外删除。
Supported: Claude Code, Codex CLI 0.125.0+, Gemini CLI, GitHub Copilot CLI, VS Code Copilot Chat, Cursor IDE, Hermes Agent, Grok (xAI) (native ~/.grok/hooks/ plus Claude compatibility layer), Antigravity CLI (agy) (native ~/.gemini/config/hooks.json via dcg install —agy), OpenCode (via community plugin), Pi (via extension recipe), Aider (limited—git hooks only), Continue (detection only).
支持平台: Claude Code、Codex CLI 0.125.0+、Gemini CLI、GitHub Copilot CLI、VS Code Copilot Chat、Cursor IDE、Hermes Agent、Grok (xAI)(原生 ~/.grok/hooks/ 及 Claude 兼容层)、Antigravity CLI (agy)(通过 dcg install --agy 使用原生 ~/.gemini/config/hooks.json)、OpenCode(通过社区插件)、Pi(通过扩展配方)、Aider(受限,仅限 git hooks)、Continue(仅检测)。
Quick Install
快速安装
curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/install.sh?$(date +%s)" | bash -s -- --easy-mode
Works on Linux, macOS, and Windows via WSL. Auto-detects your platform, downloads the right binary, and configures supported agent hooks including Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, VS Code Copilot Chat (through VS Code’s Claude-hook compatibility), Cursor IDE, Hermes Agent, and Grok (xAI) (via dcg install --grok for a native ~/.grok/hooks/dcg.json, or via the Claude compatibility layer automatically picked up by Grok).
适用于 Linux、macOS 以及 Windows (WSL)。它会自动检测你的平台、下载对应的二进制文件,并配置受支持的代理钩子,包括 Claude Code、Codex CLI、Gemini CLI、GitHub Copilot CLI、VS Code Copilot Chat(通过 VS Code 的 Claude-hook 兼容性)、Cursor IDE、Hermes Agent 以及 Grok (xAI)(通过 dcg install --grok 实现原生的 ~/.grok/hooks/dcg.json,或通过 Grok 自动识别的 Claude 兼容层)。
For native Windows, use the PowerShell installer below. 对于原生 Windows 系统,请使用下方的 PowerShell 安装程序。
& ([scriptblock]::Create((irm "https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/main/install.ps1"))) -EasyMode -Verify
Installs native dcg.exe, verifies the SHA256 checksum (and the Sigstore/cosign signature when cosign is present), adds it to your User PATH (-EasyMode), runs a self-test (-Verify), and configures detected agent hooks for Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, Cursor IDE, and Hermes Agent. Copilot is configured at the user level under %COPILOT_HOME%\hooks (or %USERPROFILE%\.copilot\hooks) so every workspace is protected. On Windows the windows.filesystem and windows.system packs are on by default, so del /s, rd /s, Remove-Item -Recurse -Force, format, and vssadmin delete shadows are blocked out of the box. Pin a version with -Version vX.Y.Z.
该程序会安装原生的 dcg.exe,验证 SHA256 校验和(若存在 cosign 则验证 Sigstore/cosign 签名),将其添加到用户 PATH(-EasyMode),运行自测(-Verify),并为 Claude Code、Codex CLI、Gemini CLI、GitHub Copilot CLI、Cursor IDE 和 Hermes Agent 配置检测到的代理钩子。Copilot 在用户级别配置于 %COPILOT_HOME%\hooks(或 %USERPROFILE%\.copilot\hooks),确保每个工作区都受到保护。在 Windows 上,windows.filesystem 和 windows.system 包默认开启,因此 del /s、rd /s、Remove-Item -Recurse -Force、format 以及 vssadmin delete shadows 等命令开箱即被拦截。可通过 -Version vX.Y.Z 锁定版本。
TL;DR
简而言之
The Problem: AI coding agents (Claude, Codex, Gemini, Copilot, etc.) occasionally run catastrophic commands like git reset --hard, rm -rf ./src, or DROP TABLE users—destroying hours of uncommitted work in seconds.
问题所在: AI 编程助手(Claude、Codex、Gemini、Copilot 等)偶尔会运行灾难性命令,如 git reset --hard、rm -rf ./src 或 DROP TABLE users,在几秒钟内摧毁数小时未提交的工作成果。
The Solution: dcg is a high-performance hook that intercepts destructive commands before they execute, blocking them with clear explanations and safer alternatives.
解决方案: dcg 是一款高性能钩子,它能在破坏性命令执行前进行拦截,并提供清晰的解释和更安全的替代方案。
Why Use dcg?
为什么使用 dcg?
| Feature | What It Does |
|---|---|
| Zero-Config Protection | Blocks dangerous git/filesystem commands out of the box |
| 50+ Security Packs | Databases, Kubernetes, Docker, AWS/GCP/Azure, Terraform, and more |
| Sub-Millisecond Latency | SIMD-accelerated filtering—you won’t notice it’s there |
| Heredoc/Inline Script Scanning | Catches python -c "os.remove(...)" and embedded shell scripts |
| Smart Context Detection | Won’t block grep "rm -rf" (data) but will block rm -rf / (execution) |
| 功能 | 作用 |
|---|---|
| 零配置保护 | 开箱即用,拦截危险的 git/文件系统命令 |
| 50+ 安全包 | 涵盖数据库、Kubernetes、Docker、AWS/GCP/Azure、Terraform 等 |
| 亚毫秒级延迟 | SIMD 加速过滤,几乎感觉不到它的存在 |
| Heredoc/内联脚本扫描 | 捕获 python -c "os.remove(...)" 及嵌入式 shell 脚本 |
| 智能上下文检测 | 不会拦截 grep "rm -rf"(数据查询),但会拦截 rm -rf /(执行操作) |
Quick Example
快速示例
# AI agent tries to run:
$ git reset --hard HEAD~5
# dcg intercepts and blocks:
════════════════════════════════════════════════════════════════
BLOCKED dcg
────────────────────────────────────────────────────────────────
Reason: git reset --hard destroys uncommitted changes
Command: git reset --hard HEAD~5
Tip: Consider using 'git stash' first to save your changes.
════════════════════════════════════════════════════════════════
Agent-Specific Profiles
代理特定配置文件
dcg automatically detects which AI coding agent is invoking it and can apply agent-specific configuration. The trust_level field is an advisory label recorded in JSON output and logs — it does not directly change rule evaluation. Behavioral differences come from the other profile fields:
dcg 会自动检测是哪个 AI 编程助手在调用它,并应用相应的特定配置。trust_level 字段是一个记录在 JSON 输出和日志中的建议性标签,它不会直接改变规则评估。行为差异源于其他配置文件字段:
-
disabled_packs: Removes rule packs from evaluation -
extra_packs: Adds rule packs to evaluation -
additional_allowlist: Adds command patterns that bypass deny rules -
disabled_allowlist: When true, ignores all allowlist entries -
disabled_packs:从评估中移除规则包 -
extra_packs:向评估中添加规则包 -
additional_allowlist:添加绕过拒绝规则的命令模式 -
disabled_allowlist:若为 true,则忽略所有白名单条目
# Trust Claude Code more — wider allowlist, fewer packs
[agents.claude-code]
trust_level = "high"
additional_allowlist = ["npm run build", "cargo test"]
disabled_packs = ["kubernetes"]
# Restrict unknown agents — extra rules, no allowlist bypass
[agents.unknown]
trust_level = "low"
extra_packs = ["paranoid"]
disabled_allowlist = true
Codex Support
Codex 支持
dcg now treats Codex CLI as a first-class hook target, not just a Claude-shaped compatibility path. The installer configures Codex CLI 0.125.0+ automatically when it detects codex on PATH or an existing ~/.codex/ directory.
dcg 现在将 Codex CLI 视为一等钩子目标,而不仅仅是 Claude 兼容路径。当安装程序在 PATH 中检测到 codex 或存在 ~/.codex/ 目录时,会自动配置 Codex CLI 0.125.0+。