CliSubprocessCore.GovernedAuthority (CliSubprocessCore v0.2.0)

Copy Markdown View Source

Normalized materialized authority for governed CLI launch.

Standalone callers keep using provider CLI env, local PATH discovery, local config, and native provider defaults. Governed callers pass this bounded launch authority so command, cwd, env, and target metadata come from the materializer for one effect.

Summary

Types

t()

@type t() :: %CliSubprocessCore.GovernedAuthority{
  auth_root: String.t() | nil,
  authority_ref: String.t(),
  base_url: String.t() | nil,
  clear_env?: true,
  command: String.t(),
  command_ref: String.t() | nil,
  config_root: String.t() | nil,
  connector_binding_ref: String.t(),
  connector_instance_ref: String.t(),
  credential_lease_ref: String.t(),
  cwd: String.t() | nil,
  env: %{optional(String.t()) => String.t()},
  native_auth_assertion_ref: String.t(),
  operation_policy_ref: String.t(),
  provider_account_ref: String.t(),
  redaction_ref: String.t() | nil,
  target_ref: String.t()
}

validation_error()

@type validation_error() ::
  :missing_governed_authority
  | {:invalid_governed_authority, term()}
  | {:missing_governed_authority_field, atom()}
  | {:invalid_governed_authority_field, atom(), term()}
  | {:governed_launch_mismatch, atom(), term()}

Functions

command_spec(governed_authority)

@spec command_spec(t()) :: CliSubprocessCore.CommandSpec.t()

enforce_invocation(invocation, authority)

@spec enforce_invocation(CliSubprocessCore.Command.t(), t() | nil) ::
  :ok | {:error, validation_error()}

fetch!(attrs)

@spec fetch!(nil | t() | keyword() | map()) :: t()

launch_options(authority)

@spec launch_options(t()) :: keyword()

new(authority)

@spec new(nil | t() | keyword() | map()) ::
  {:ok, t() | nil} | {:error, validation_error()}

redacted(authority)

@spec redacted(t() | nil) :: map() | nil