core/command-guard — block a dangerous command

Stop a shell command before it runs. This one works on the command the agent is about to execute, not on a file.

What it catches

A command matching a banned pattern — a force-push to a protected branch, a recursive delete, a destructive reset. Because it fires before the command runs, it can prevent the irreversible.

Config

rules:
  - id: no-force-push-main
    use: core/command-guard
    ban:
      - "git\\s+push\\s+.*--force(?!-with-lease).*\\bmain\\b"
      - "rm\\s+-rf\\s+/"
    message: "Force-pushing main is blocked. Use --force-with-lease on a feature branch."
Field What it does
ban A regex, or list, matched against the command string. A match blocks it. (No on: — the target is the command, not a path.)
message The reason, shown on a block.
git push origin feature/x           ✓ passes
git push --force origin main        ✗ blocked

When you need live state, write a script. Some guards must reason about the world — e.g. “is this git checkout -- about to wipe uncommitted changes?”. That needs to inspect git status, beyond a regex, so it’s a small own-script rather than a config-only command-guard. Use core/command-guard for the clear-cut, state-free bans.