verb

type Spec struct {
	// Name is the dotted verb path used for audit logging, e.g.
	// "aws.route53.change-resource-record-sets" or "lockdown".
	Name string

	// ArgsFunc extracts the user-supplied string arguments from the
	// *cli.Command for validation. Returns named flags and positional args.
	ArgsFunc func(*cli.Command) (args map[string]string, positional []string)

	// Action is the verb's real work. Called only after argv validation passes.
	Action cli.ActionFunc

	// SkipPolicy disables the shell-metacharacter check for this verb. Set
	// true only for pass-throughs whose argv goes straight through execve to
	SkipPolicy bool

	// SkipScope disables --commit-scope resolution for this verb. Set true
	// for read-only or self-referential verbs that would refuse to run
	SkipScope bool

	// OnComplete, if set, runs inside writer.Wrap after Action returns and
	// before the audit record is appended. Receives a pointer to the record
	OnComplete func(*audit.Record)

	// CommitScopeOverride, when non-empty, replaces flag/env resolution and
	// uses this absolute path as the audit row's commit-scope. Set by `coily
	CommitScopeOverride string

	// CommitScopeArgvHint, when set, runs as a fallback resolver before
	// scope.Resolve and only when neither --commit-scope (still at "auto")
	CommitScopeArgvHint func(argv []string) string

	// OnEvaluate, when set, runs after argv validation and before Action.
	// Returning a non-nil *ProfileDecision attaches it to the audit row.
	OnEvaluate func(ctx context.Context, cmd *cli.Command) (*audit.ProfileDecision, error)

	// IDOverride, when non-empty, is used as audit.Record.ID for this
	// invocation in place of the default auto-generated UUID v7. Set by
	IDOverride string

	// ResolveInvokeCWD, when set, returns the operator's invoke-time cwd
	// (distinct from os.Getwd() which captures the post-cd subprocess
	ResolveInvokeCWD func() string
}