Normalized materialized authority for governed CLI launch.
Standalone callers keep using provider CLI env, local PATH discovery, local config, and native provider defaults. Governed callers pass this bounded launch authority so command, cwd, env, and target metadata come from the materializer for one effect.
Summary
Types
@type t() :: %CliSubprocessCore.GovernedAuthority{ auth_root: String.t() | nil, authority_ref: String.t(), base_url: String.t() | nil, clear_env?: true, command: String.t(), command_ref: String.t() | nil, config_root: String.t() | nil, connector_binding_ref: String.t(), connector_instance_ref: String.t(), credential_lease_ref: String.t(), cwd: String.t() | nil, env: %{optional(String.t()) => String.t()}, native_auth_assertion_ref: String.t(), operation_policy_ref: String.t(), provider_account_ref: String.t(), redaction_ref: String.t() | nil, target_ref: String.t() }
Functions
@spec command_spec(t()) :: CliSubprocessCore.CommandSpec.t()
@spec enforce_invocation(CliSubprocessCore.Command.t(), t() | nil) :: :ok | {:error, validation_error()}
@spec new(nil | t() | keyword() | map()) :: {:ok, t() | nil} | {:error, validation_error()}