
A safety layer that intercepts and blocks potentially irreversible commands before an AI agent or automated tool can run them. It acts as a checkpoint between the agent’s intent and the system, catching operations that could delete data, wipe directories, or overwrite critical files.
How it works
A DCG matches proposed commands against a set of high-risk patterns—things like rm -rf, DROP TABLE, git push --force, or disk-formatting operations. When a match is found, the command is halted and either flagged for human approval or denied outright, depending on policy.
Why it matters
As AI agents gain the ability to execute shell commands and modify systems on their own, a single hallucinated or misinterpreted instruction can cause real, unrecoverable damage. A DCG provides a guardrail that keeps agents productive while preventing catastrophic mistakes.
Example: An agent asked to clean up the temp folder generates rm -rf /. The DCG detects the destructive pattern, blocks execution, and instead requests confirmation.