destructive_command_guard 0.4.3

A Claude Code hook that blocks destructive commands before they execute
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

{
  "hookSpecificOutput": {
    "allowOnceCode": "<DYNAMIC>",
    "allowOnceFullHash": "<DYNAMIC>",
    "hookEventName": "PreToolUse",
    "packId": "core.git",
    "permissionDecision": "deny",
    "permissionDecisionReason": "BLOCKED by dcg\n\nTip: dcg explain \"git reset --hard\"\n\nReason: git reset --hard destroys uncommitted changes. Use 'git stash' first.\n\nExplanation: git reset --hard discards ALL uncommitted changes in your working directory AND staging area. This is one of the most dangerous git commands because changes that were never committed cannot be recovered by any means.\n             \n             What gets destroyed:\n             - All modified files revert to the target commit\n             - All staged changes are lost\n             - Untracked files remain (use git clean to remove those)\n             \n             Safer alternatives:\n             - git reset --soft <ref>: Move HEAD but keep all changes staged\n             - git reset --mixed <ref>: Move HEAD, unstage changes, keep working dir (default)\n             - git stash: Save changes before resetting\n             \n             Preview what would be lost:\n               git status && git diff\n\nRule: core.git:reset-hard\n\nCommand: git reset --hard\n\nIf this operation is truly needed, ask the user for explicit permission and have them run the command manually.",
    "remediation": {
      "allowOnceCommand": "dcg allow-once <DYNAMIC>",
      "explanation": "git reset --hard discards ALL uncommitted changes in your working directory AND staging area. This is one of the most dangerous git commands because changes that were never committed cannot be recovered by any means.\n\nWhat gets destroyed:\n- All modified files revert to the target commit\n- All staged changes are lost\n- Untracked files remain (use git clean to remove those)\n\nSafer alternatives:\n- git reset --soft <ref>: Move HEAD but keep all changes staged\n- git reset --mixed <ref>: Move HEAD, unstage changes, keep working dir (default)\n- git stash: Save changes before resetting\n\nPreview what would be lost:\n  git status && git diff",
      "safeAlternative": "Consider using 'git stash' first to save your changes."
    },
    "ruleId": "core.git:reset-hard",
    "severity": "critical"
  }
}