DestructGuard Command Score
$0.10/callCatch destructive agent commands before they run.
POST /api/agent-services/destructguard/scoreWhat it does
Deterministic risk scorer for autonomous-agent commands. Scores a shell, SQL, or git action for destructive, deployment, and data-mutation risk before execution and returns a risk level, the matched policy rules, and an approve-or-block recommendation. Pure rules, evidence per match, no fabrication.
- Scores shell / SQL / git actions for risk
- Flags force-push, hard-reset, drops, teardown
- Returns an approve-or-block recommendation
Example request
POST /api/agent-services/destructguard/score
{
"command": "rm -rf /",
"repo": "github.com/acme/app",
"cwd": "/workspace/app",
"actor": "codex",
"intent": "cleanup generated files",
"diffStat": "3 files changed, 18 insertions(+), 44 deletions(-)"
}Example response (HTTP 200)
Deterministic — the same inputs always return the same audited output.
{
"status": "scored",
"service": "destructguard-command-score",
"requestId": "dg_<uuid>",
"risk": "critical",
"requiresApproval": true,
"recommendedAction": "block_until_explicit_human_or_policy_approval"
}Input schema
Top-level request fields. Nested shapes are shown in the example above and the OpenAPI spec.
| Field | Type | Required | Description |
|---|---|---|---|
| command | string | Yes | Shell command or agent action to score |
| repo | string | — | |
| cwd | string | — | |
| actor | string | — | |
| intent | string | — | |
| diffStat | string | — |
How to call it over x402
- 1. Send the request. The first unpaid call returns HTTP 402 with an x402 payment challenge — $0.10, USDC on Base, and the recipient.
- 2. Pay per call. Your x402 client signs the USDC payment and retries automatically — no API key, no account, no subscription. New to x402?
- 3. Read the result. HTTP 200 returns the computed values plus evidence-backed findings.
With the x402 fetch client (Node / TypeScript)
import { wrapFetchWithPayment } from "@x402/fetch";
import { privateKeyToAccount } from "viem/accounts";
const account = privateKeyToAccount(process.env.AGENT_WALLET_KEY);
const pay = wrapFetchWithPayment(fetch, account); // USDC on Base
const res = await pay("https://hermesplant.com/api/agent-services/destructguard/score", {
method: "POST",
headers: { "content-type": "application/json" },
body: JSON.stringify({
"command": "rm -rf /",
"repo": "github.com/acme/app",
"cwd": "/workspace/app",
"actor": "codex",
"intent": "cleanup generated files",
"diffStat": "3 files changed, 18 insertions(+), 44 deletions(-)"
}),
});
const result = await res.json();Inspect the 402 with curl
curl -i -X POST https://hermesplant.com/api/agent-services/destructguard/score \
-H "content-type: application/json" \
-d '{"command":"rm -rf /","repo":"github.com/acme/app","cwd":"/workspace/app","actor":"codex","intent":"cleanup generated files","diffStat":"3 files changed, 18 insertions(+), 44 deletions(-)"}'
# → HTTP/1.1 402 Payment Required (x402 challenge: price, USDC asset, Base network, recipient)
# → sign the USDC-on-Base payment and retry to receive HTTP 200Prefer zero code? This endpoint is also exposed as a tool on the Hermes Plant MCP server, so an MCP-capable agent can call it with its own x402 wallet.
Other agent services
NPV, IRR, XIRR & DCF valuation in a single call.
LP/GP distribution waterfalls, solved exactly.
Black-Scholes option pricing with the full Greeks.
Yield, duration, convexity & loan amortization.
Portfolio risk scored straight from holdings.
Wallet AML & compliance risk screening.
Full deal underwriting — DCF, returns, sensitivity & waterfall in one call.
Score an MCP server before your agent installs it.
Route risky agent actions to human approval.
Deterministic email & contact data validation.
Need a calculator that isn’t here yet? contact@hermesplant.com