Skip to content

Cod3ddy/mulonda

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
cmd
cmd
 
 
data
data
 
 
docs
docs
 
 
internal
internal
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Taskfile.yml
Taskfile.yml
 
 
config.example.yml
config.example.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

⚠This is work in pogress

mulonda

Mulonda Logo

Mulonda — from Tonga (Malawi), meaning "a guard."

A small tool that intercepts shell commands and asks you before execution.

The Problem

The terminal doesn't protect you from yourself.

rm -rf ./        # wrong directory. everything gone.
mv config.yml /etc/nginx/  # silently overwrites the original
cp -r src/ backup/         # clobbers your backup, no warning

No trash bin. No undo. Just gone.

What Mulonda Does

Mulonda sits between you and your shell's commands. Before anything runs, it stops and asks:

touch /tmp/demo-file

go run . chmod 777 /tmp/demo-file

You'll get:

mulonda: chmod 777 /tmp/demo-file
warning: Setting world-writable permissions
Proceed? [y/N]: y

the output for y ofcourse will just be whatever cmd result that binary that went through gives you, but for the N option, you'll be presented this:

aborted: command not executed
exit status 1

It works via shell aliases — no daemon, no background process, no kernel magic. Just a fast Go binary that intercepts, prompts, then passes through to the real command if you confirm.

Safe commands and non-interactive contexts (scripts, CI pipelines) are passed through silently with zero overhead.

Watchlist

Mulonda ships with somewhat sensible defaults (rm, mv, cp and more to be added soon). Users will be able to add or remove some rules a YAML watchlist:

rules:
  - command: chmod
    args_match: ["777", "a+rwx"]
    warning: "Setting world-writable permissions"

  - command: rm
    flags_contain: ["-rf"]
    warning: "Recursive force delete"

Usage

mulonda install          # inject aliases into your shell
mulonda add "chmod"      # add a command to your watchlist
mulonda remove "chmod"   # remove a command
mulonda list             # show active rules
mulonda uninstall        # remove all aliases

Future Plans

  • v2 — eBPF mode: intercept every command system-wide via kernel-level execve() hooking. No aliases needed. Works in any shell or context.
  • Community watchlist presets (Docker, Kubernetes, database tooling)
  • Dry-run mode — show what would be intercepted without prompting
  • Audit log — keep a record of intercepted commands
  • If it's cp or overwriting a file, show them diffs? or ask them if they meant to rewrite file x to y

Please be reminded, this is still in development, you might sometimes not get the desired outcome.

About

A lightweight tool that intercepts destructive shell commands and asks you before execution.

Resources

Readme

License

View license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages