It's late. 🥱
You finish your night coding session by typing shutdown -h now in a terminal.
But nothing happens.
Because it's the wrong terminal.
And suddenly your production server is unreachable.

Protect you from yourself. Hop on the boulette train!
Boulette prevents you from accidentally damage remote hosts by raising a warning prompt on dangerous commands. The prompt simply asks for user confirmation, and can also enforce a challenge resolution to decide whether to resume(or abort) the command.
Prefix a critical command with boulette and a confirmation prompt will show up.
As an example we will use the shutdown command
however every command can be bouletteproofed.
boulette "shutdown -h now"
Create an alias to replace the command with the bouletteproof one. See the Write aliases section.
And then safely use shutdown 😌.

In order to execute the provided command you can choose between some challenges to be resolved:
--challenge ask). You have to type 'y' or 'n' to resume commande execution.
--challenge hostname. You must type the host name to resume command execution.
--challenge numbers You must type a random 6 number sequence to resume command execution.
--challenge chars You must type a random 6 character string (Lower case 'a' to 'z' [a-z]) to resume command execution.
Boulette confirmation prompt can be triggered inside ssh session only thanks to the --ssh-only option.
When aliasing a command <cmd> with boulette <cmd>, typing <cmd> will execute transparently in a local terminal,
and will only raise a prompt when executed from inside an ssh session.
alias off='boulette "shutdown -h now"' --ssh-only

The idea is to enforce a prompt on your most dangerous commands. We can do so by creating aliases of those commands and prefixing them with boulette.
For example, setting the following alias,
alias off='boulette "shutdown -h now"' --ssh-only
will prompt you whenever you type shutdown -h now.
Here are the one-liners I use the most frequently.
alias off='boulette "shutdown -h now" --ssh-only --challenge hostname'
alias sus='boulette "systemctl suspend" --ssh-only --challenge hostname'
You can also enable boulette on a command and its every subcommands.
Let's say you want to protect yourself from shutdown command ant its
every options.
This way shutdown -r, shutdown -h now and others will also raise a warning prompt.
Create a shell function to wrap the command call.
shutdown () {
boulette "shutdown $@" --ssh-only --challenge hostname
}
function shutdown;
boulette "shutdown $argv" --ssh-only --challenge hostname
end
cargo install --git https://github.com/pipelight/boulette
nix-shell -p https://github.com/pipelight/boulette
Add the flake url to your inputs.
inputs.boulette.url = "github:pipelight/boulette";
imports = [
#...
inputs.boulette.nixosModules.default
];
Tweak the following options to your needs.
services.boulette = {
enable = true; # Will enable and install `boulette` to your path.
enableZsh = true; # Optional: Will add guards for `shutdown` and `reboot` commands to your `zsh` interactive shell sessions.
enableBash = true; # Optional: Will add guards for `shutdown` and `reboot` commands to your `bash` interactive shell sessions.
enableFish = true; # Optional: Will add guards for `shutdown` and `reboot` commands to your `fish` interactive shell sessions.
challengeType = "hostname"; # Optional: Defaults to ask. One of "ask" "hostname", or "numbers".
sshOnly = false # Boolean, default is`false`. Optional: Boulette confirmation prompts will be triggerd inside ssh session only. Only effects the enable{zsh,bash,fish} options.
};
You can display a usefull help message with minimal examples.
boulette --help
Greatly inspired by Molly-guard.
$ claude mcp add boulette \
-- python -m otcore.mcp_server <graph>