Framework: Cobra
4 min readOct 31, 2022


What is Cobra Framework?
What is Cobra Framework?

Cobra is a CLI framework for Go. It contains a library for creating powerful modern CLI applications and a tool to generate Cobra-based applications and command files. It has been adopted by some of the most well-known and famous Go projects. It is built on the structure of commands, arguments and flags.

It also provides special libraries for CLI application design, which support POSIX-compliant flags, subcommands, suggestions, autocompletion and the like. It comfortably integrates with Viper and includes a boilerplate code generator, which helps to focus on tool business logic. A number of tools have also been created with the Cobra framework, such as Kubernetes, Openshift, Podman, Hugo and Docker.

Cobra commands

Commands are the ‘heart’ of an application, representing every supported interaction.

Cobra’s command list includes the Cobra Generator (a program which allows to add as many commands as possible, and helps to incorporate Cobra with the application worked upon).

With the help of the Cobra library, the user can introduce additional commands (after creating main.go and rootCmd files. They are stored in cmd/ directory). Creating new commands requires no additional tools.

Cobra also automatically adds a help command, which covers all other commands in the system by adding a ‘help’ flag to each one of them.

Cobra flags

Flags modify the way how a command operates. Flags set for a command are passed down to children commands and ones which are available to that command. Those flags are stored in the ‘pflag’ library (a derivative of common standard libraries, which inherited their interface). Flags offer modifiers to control how a command operates. The library includes global, local and cascading flags. There are two ways to assign the flag to work with.

  • Persistent flags. It is a type of flag which applies not only to the command, but also to every command under the main one. Being assigned by the root, it is called a ‘Global flag’.
Persistent flag — Source
  • Local flags. These flags are assigned locally and apply only to one particular command. In case of a parent command being flagged, ‘Command.TraverseChildren’ should be enabled for Cobra to parse local flags on other local commands before executing the target command. Otherwise, local flags on parent commands would be ignored.
Local flag — Source

Cobra validators

Cobra also includes several inbuilt validators:

  • ‘NoArgs’ (reports an error when there are positional arguments)
  • ‘ArbitraryArgs’ (accepts the arguments)
  • ‘OnlyValidArgs’ (reports an error, if there are positional arguments, which are not enlisted in the ‘ValidArgs’ field of Command)
  • ‘MinimumNArgs(int)’ (reports an error when the number of positional arguments is less than N (stated or necessary)
  • ‘MaximumNArgs(int)’ (reports an error when the number of arguments is bigger than N)
  • ‘ExactArgs(int)’ (reports an error, when the number of positional arguments does not equal N)
  • ‘ExactValidArgs(int)’ (reports an error if there the number of positional arguments is not exactly N or there are positional arguments, which are not in the ‘ValidArgs field of Command’)
  • ‘RangeArgs(min, max)’ (reports an error if the quantity of arguments does not fall within the range between minimum and maximum number of expected arguments)

Cobra features

As other frameworks, Cobra has its own list of special features, which make it useful and attractive. These include:

  • Easy subcommand-based CLIs, such as ‘app server’ or ‘app fetch’
  • Fully POSIX-compliant flags, including short and long versions
  • Nested subcommands
  • Easy generation of applications and commands with ‘cobra init appname’ and ‘cobra add cmdname’
  • Automatic help generation for commands and flags
  • Automatic help flag recognition of ‘-h’, ‘-help’, etc.
  • Automatically generated bash autocomplete for the application
  • Command aliases, which allow to change parts without breaking them
  • Optional tight integration with Viper for 12-factor apps
SmartState: Web3 security easier than ever
SmartState: Web3 security easier than ever

About SmartState

Launched in 2019 and based in Dubai, SmartState is one of the leading DeFi security auditing firms. We conduct security tests and check the code core, smart contracts and blockchain for all types of errors, vulnerabilities and other issues.

Although SmartState gave a start to operations with smart contract auditing of DLT-projects, from the very beginning, we made our services surpass the classic purview of smart contract audit and security testing. We specialize in manual testing, so the SmartState’s tech team of white-hat security professionals measure up a project’s git and offer guidelines and recommendations for its further advancement. Security audit reports review the threats and vulnerabilities with which codebases may be exploited in the future, as the network achieves scalability and expands to accommodate more use cases and functionality.

Stay tuned and find more about us and what we provide on our:

· Website

· Twitter

· LinkedIn

· Telegram



🇦🇪 Dubai-based enterprise level Web3 security company. Top-notch smart contract audits & blockchain security solutions 🚀🔒