A plugin that integrates Destructive Command Guard (dcg) with OpenCode, protecting your codebase from destructive commands.

This plugin intercepts bash commands before execution and validates them through dcg. Destructive commands are blocked with clear explanations and safer alternatives.

Blocked commands include:

• rm -rf on root/home paths (allows /tmp)
• git reset --hard
• git push --force (suggests --force-with-lease)
• git checkout -- (without --staged)
• git clean -f
• git branch -D
• dd to block devices
• And many more via dcg's modular pack system

1. OpenCode installed and working
2. dcg installed:

   curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh" | bash

# Clone this repo
git clone https://github.com/jms830/opencode-dcg-plugin.git ~/.config/opencode/opencode-dcg-plugin

# Symlink the plugin
ln -sf ~/.config/opencode/opencode-dcg-plugin/plugin/dcg-guard.js ~/.config/opencode/plugin/dcg-guard.js

# Restart OpenCode

# Create plugin directory if it doesn't exist
mkdir -p ~/.config/opencode/plugin

# Download the plugin directly
curl -fsSL https://raw.githubusercontent.com/jms830/opencode-dcg-plugin/main/plugin/dcg-guard.js \
  -o ~/.config/opencode/plugin/dcg-guard.js

# Restart OpenCode

After restarting OpenCode, test that dcg is protecting you:

# This should be BLOCKED
rm -rf ~/test-dcg-protection

# This should be BLOCKED
git reset --hard HEAD~5

# This should be ALLOWED (safe command)
echo "dcg is working!"

You should see detailed block messages with explanations and safer alternatives.

OpenCode's plugin system supports tool.execute.before hooks. This plugin:

1. Intercepts all bash tool calls
2. Spawns dcg with the command as JSON on stdin
3. Reads dcg's exit code (0 = allow, non-zero = block)
4. Throws an error with dcg's explanation if blocked

// Simplified flow
tool.execute.before: async (input, output) => {
  if (input.tool !== 'bash') return;
  
  const result = await callDcg({ tool: 'bash', args: { command: output.args.command }});
  
  if (result.blocked) {
    throw new Error(`dcg blocked: ${result.explanation}`);
  }
}

dcg configuration is managed through dcg itself, not this plugin. See dcg documentation for:

• Enabling/disabling packs
• Custom rules
• Allowlists/blocklists

1. Check the plugin file exists:

   ls -la ~/.config/opencode/plugin/dcg-guard.js

2. Restart OpenCode completely (not just the session)

3. Check for syntax errors:

   node --check ~/.config/opencode/plugin/dcg-guard.js

Ensure dcg is in your PATH:

which dcg
dcg --version

If not found, reinstall dcg:

curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh" | bash

1. Verify dcg works standalone:

   echo '{"tool":"bash","args":{"command":"rm -rf /"}}' | dcg
   # Should output block message

2. Check if the command is in dcg's blocklist:

   dcg explain "your command here"

rm ~/.config/opencode/plugin/dcg-guard.js
rm -rf ~/.config/opencode/opencode-dcg-plugin  # if cloned

• dcg (Destructive Command Guard) - The underlying protection engine
• OpenCode - Open-source AI coding assistant
• Superpowers - Skills framework for coding agents

MIT License - See LICENSE

Issues and PRs welcome! Please test changes with the verification commands above before submitting.