Destructive Command Guard

A high-performance Claude Code hook that intercepts and blocks destructive commands before they execute. Written in Rust with SIMD-accelerated filtering via the memchr crate and Aho-Corasick multi-pattern matching for sub-millisecond latency. Assumes agents are well-intentioned but fallible.

Overview

DCG uses a whitelist-first architecture: safe patterns are checked before destructive patterns, and unrecognized commands are allowed by default (fail-safe). This ensures legitimate workflows are never broken while known dangerous patterns are always blocked. DCG runs as a PreToolUse hook in Claude Code, receiving JSON on stdin for each Bash tool invocation and returning exit code 0 (allow) or 2 (block). It only inspects direct Bash tool invocations, not contents of shell scripts.

The processing pipeline has four stages: JSON parsing, command normalization (strips absolute paths like /usr/bin/git), SIMD quick-reject filter (skips regex for commands without git or rm), and pattern matching. The memchr crate provides hardware-accelerated substring search (SSE2/AVX2 on x86_64, NEON on ARM), while Aho-Corasick handles multi-pattern matching in O(n) time regardless of pattern count.

DCG supports 49+ modular security packs organized by category (git, filesystem, databases, containers, Kubernetes, cloud providers, infrastructure tools). Core packs (core.git, core.filesystem) are always enabled; additional packs are configured via ~/.config/dcg/config.toml or the DCG_PACKS environment variable. The dcg scan subcommand can also audit files for destructive command contexts, suitable for CI integration.

DCG is not published on crates.io; it is installed from GitHub via cargo +nightly install or prebuilt binaries for Linux, macOS, and Windows WSL. The threat model assumes agents are well-intentioned but fallible; DCG catches honest mistakes, not adversarial attacks.

Quick Reference