aws s3 rm --recursive — why AI agents must not run it unattended
aws s3 rm --recursive is a critical-severity command that AI coding agents run without human checkpoints. DestructGuard's default tier blocks this pattern and logs every approve-or-abort decision to a JSONL audit trail.
aws s3 rm --recursive
What it does
Recursively deletes objects from an S3 bucket prefix.
Why agents run it
Autonomous coding agents optimize for task completion. When refactoring, cleaning up, or syncing repositories, agents often reach for aws s3 rm --recursive because it appears to solve the immediate problem — without surfacing irreversibility to the operator.
Default blocklist tier
DestructGuard's default rules tier includes aws s3 rm --recursive by default. Teams on the strict tier also block adjacent patterns. Pair with git pre-commit and pre-push hooks from the Pro Pack for defense in depth.
How to allow with audit
When a blocked command is genuinely needed, DestructGuard prompts for explicit approval and records the decision. Upload the audit log to IncidentScribe to reconstruct what happened before an outage.