Skip to content
/ holup Public

CLI tool that helps stop mistakes when running risky commands, especially in production.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rishabhkailey/holup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/images
.github/images
 
 
README.md
README.md
 
 
example-config.yaml
example-config.yaml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
process.go
process.go
 
 

Repository files navigation

holup ✋

holup is a small CLI tool that helps stop mistakes when running risky commands, especially in production.

It runs before your command.
If the command looks dangerous, it pauses and asks you to confirm.

What it does

  • Watches commands like kubectl and kafkactl
  • You define which commands are risky using patterns
  • Shows a warning before running the command

How risky commands are defined

You must tell holup which commands are dangerous.
This is done using a config file with patterns.

Sample config

~/.holup/config.yaml

# regex named groups that can be used in the confirmation message
global_vars_named_groups:
  - '((-n|--namespace)(=|\s+)(?P<NAMESPACE>[^\s]+))'
  - '((-c|--context)(=|\s+)(?P<CONTEXT>[^\s]+))'

rules:
  - pattern: 'kubectl\s+(delete|replace|edit|drain|patch|label|annotate|rollout\s+(restart|undo)|scale)'
    message: >
      [DANGER] Run "{{.INPUT_CMD}}" on cluster "{{default (exec "kubectl config current-context") .CONTEXT}}"
      in namespace "{{default (exec "kubectl config view --minify --output 'jsonpath={..namespace}'") .NAMESPACE}}"
      ?

What this config does (simple)

  • The pattern matches risky kubectl commands like:
    • delete
    • scale
    • rollout restart
  • It reads:
    • namespace from -n or --namespace
    • cluster from --context or current kube config
  • If the pattern matches, holup stops and shows a warning

Example

Command you type

k delete pod -n test abc --context prod-cluster

What holup shows

failed to load holup example output image

You must press y to continue.
If you press n, the command is stopped.

Environment Variables & Skipping Checks

Sometimes you need to bypass checks (e.g., in automation scripts). You can control holup using the following environment variables:

1. Config Path

Set HOLUP_CONFIG to specify a custom config file location. Defaults to ~/.holup/config.yaml.

export HOLUP_CONFIG=/path/to/config.yaml

2. Skip Always

Set HOLUP_SKIP_USER_INPUT to true or 1. Holup will allow the command to proceed without asking for confirmation.

export HOLUP_SKIP_USER_INPUT=true

3. Skip Temporarily (Snooze)

Set HOLUP_SKIP_USER_INPUT_UNTIL to a Unix Epoch Timestamp. Holup will skip confirmation checks until that time is reached.

Helper Command

To make this easier, you can add a helper function to your shell to skip checks for a specific number of seconds:

# Add to ~/.zshrc or ~/.bashrc
holup_skip() {
    # Sets the variable to current time + N seconds
    export HOLUP_SKIP_USER_INPUT_UNTIL=$(($(date +%s) + $1))
    echo "holup: Skipping checks for the next $1 seconds"
}

Usage:

# Skip checks for 5 minutes (300 seconds)
holup_skip 300

How it works (simple)

  • holup checks your command
  • It compares the command with your defined patterns
  • If a pattern matches:
    • Shows a warning message
    • Waits for confirmation

Installation

1. Build the tool

go build -o holup .
chmod +x holup
sudo mv holup /usr/local/bin/holup

2. Create config file

Create the config directory and file:

mkdir -p ~/.holup

Create ~/.holup/config.yaml with the following content:

global_vars_named_groups: 
  - '((-n|--namespace)(=|\s+)(?P<NAMESPACE>[^\s]+))'
  - '((--context)(=|\s+)(?P<CONTEXT>[^\s]+))'

rules:
  - pattern: 'kubectl\s+(delete|create|apply|replace|edit|drain|patch|label|annotate|rollout\s+(restart|undo)|scale)'
    message: >
      {{color "hired" "[WARNING]"}} Run "{{color "hiyellow" .INPUT_CMD}}" on cluster {{color "hicyan" (default (exec "kubectl config current-context") .CONTEXT)}}
      in namespace {{color "higreen" (default (exec "kubectl config view --minify --output 'jsonpath={..namespace}'") .NAMESPACE)}}?
  
  - pattern: 'kafkactl\s+(delete|attach|create|reset|produce|alter)'
    message: >
      {{color "hired" "[WARNING]"}} Run "{{color "hiyellow" .INPUT_CMD}}" on cluster {{color "hicyan" (default (exec "kafkactl config current-context") .CONTEXT)}}?

This config will:

  • Catch risky kubectl commands (delete, apply, scale, etc.)
  • Catch risky kafkactl commands (delete, create, alter, etc.)
  • Show colorized warnings with cluster and namespace info
  • Extract namespace and context from command flags

3. Set aliases

This makes sure kubectl and kafkactl go through holup.

cat <<EOF | tee ~/holup.sh
alias kubectl="holup kubectl"
alias k="holup kubectl"
alias kafkactl="holup kafkactl"

# Helper to snooze holup for N seconds
holup_skip() {
    export HOLUP_SKIP_USER_INPUT_UNTIL=\$((\$(date +%s) + \$1))
    echo "holup: Skipping checks for the next \$1 seconds"
}
EOF

Add it to your shell config:

echo "source ~/holup.sh" >> ~/.zshrc
# or
echo "source ~/holup.sh" >> ~/.bashrc

Reload your shell:

source ~/.zshrc

That’s it.
Now risky commands will stop and ask before doing damage.

About

CLI tool that helps stop mistakes when running risky commands, especially in production.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages