docker rm -f — why AI agents must not run it unattended
docker rm -f is a medium-severity command that AI coding agents run without human checkpoints. DestructGuard's strict tier blocks this pattern and logs every approve-or-abort decision to a JSONL audit trail.
docker rm -f
What it does
Force-removes running containers, stopping processes abruptly.
Why agents run it
Autonomous coding agents optimize for task completion. When refactoring, cleaning up, or syncing repositories, agents often reach for docker rm -f because it appears to solve the immediate problem — without surfacing irreversibility to the operator.
Default blocklist tier
DestructGuard's strict rules tier includes docker rm -f by default. Teams on the strict tier also block adjacent patterns. Pair with git pre-commit and pre-push hooks from the Pro Pack for defense in depth.
How to allow with audit
When a blocked command is genuinely needed, DestructGuard prompts for explicit approval and records the decision. Upload the audit log to IncidentScribe to reconstruct what happened before an outage.