Commands
Once Blue Spec is set up in your project, your AI agent unlocks a set of slash commands.
The Blue Team flow
These five run in order. Each builds on the previous, so following the list top to bottom is all it takes.
| # | Command | What it does for you | Recommended Minimum Effort |
|---|---|---|---|
| 1 | /bluespec.charter | Sets your project's security rules, proposed for you or shaped by what you say (optional). | Medium |
| 2 | /bluespec.detect | Reads your code and maps what your system does and where the risks are. | High or more (the higher the effort, the better the result) |
| 3 | /bluespec.plan | Turns what detect found into a defense plan, with a fix for each finding. | High |
| 4 | /bluespec.harden | Applies the plan's fixes to your code, safely and one at a time. | High |
| 5 | /bluespec.verify | Proves each applied fix holds and closes out the ones that do. | Medium |
Additional commands
These are not phases in the linear flow. They support it.
| Command | What it does |
|---|---|
/bluespec.skills | Loads an on-demand security sub-skill. |
/bluespec.repair | Repairs Blue Spec's internal tracking. |
/bluespec.list | Lists every finding Blue Spec is tracking, by name. |
Security is an investment
Security is not a cost, it is an investment: what you put in upfront, you save many times over in the incidents you never have 🙋🏻♂️