pub struct CommandSpec {
pub name: String,
pub description: String,
pub aliases: Vec<String>,
pub url: String,
pub category: String,
pub researched_version: Option<String>,
pub examples_safe: Vec<String>,
pub examples_denied: Vec<String>,
pub eval_safe: bool,
pub eval_safe_flags: Vec<String>,
pub eval_safe_flag_values: HashMap<String, Vec<String>>,
pub eval_safe_required_flags: Vec<String>,
/* private fields */
}Fields§
§name: String§description: String§aliases: Vec<String>§url: String§category: String§researched_version: Option<String>Upstream version of the underlying tool that was researched
when this spec was last updated. Free-form string — e.g.
"1.9.0", "v5.10.3", "2026-05-08 master",
"@northflank/cli 0.10.15". Internal-only: not rendered in
docs or used at runtime. Surfaces in tests and as a tripwire
when researching newer versions of the same tool.
examples_safe: Vec<String>Sample invocations that the registry test runs through is_safe_command.
Each examples_safe entry must produce Verdict::Allowed.
examples_denied: Vec<String>Sample invocations that must be denied. Use these to lock in security
boundaries (e.g. srb tc --metrics-file=/etc/passwd should always
be denied; recording it here catches regressions).
eval_safe: boolTrue when this command’s bare invocation (no sub) is tagged as
safe-to-eval. Walked by registry::is_eval_safe_invocation().
eval_safe_flags: Vec<String>Flag allowlist extending eval_safe — flags permitted in the
substituted invocation when the walker stops at this node.
eval_safe_flag_values: HashMap<String, Vec<String>>Per-valued-flag value allowlist. When the walker hits a flag
listed here, the value following the flag (separated by = or
space) must be in this list.
eval_safe_required_flags: Vec<String>Flags where at least one must appear in the substituted invocation. Empty = no required-flag constraint.