Finding · flue

Authentication headers in `flue logs`, WebSocket runId inspection, and FlueApiError export

What Changed

Three new capabilities: (1) flue logs now accepts --header 'Name: value' flags (repeatable) to send application-owned headers; redirects rejected for credential safety. (2) WebSocket clients can inspect WorkflowSocket.runId after admission but before workflow result. (3) @flue/sdk now exports FlueApiError with HTTP status and parsed response body.

Operator Implication

Operators can now send authenticated log inspection requests and handle SDK HTTP errors more explicitly.

Receipt

From CHANGELOG.md v0.9.0 (2026-06-02): 'Forward authentication headers with flue logs. Repeat --header 'Name: value' to send application-owned headers...';

Finding metadata

Confidence: high
Actionability: test
Accessibility impact: low

Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

Finding ID: 2026-06-01-flue-v090-auth-headers-websocket-runid

Source links

Primary links, including exact changelog lines when available.

Flue
release_noteFrom CHANGELOG.md v0.9.0 (2026-06-02): 'Forward authentication headers with `flue logs`. Repeat `--header 'Name: value'` to send application-owned headers...'; 'Inspect admitted workflow runs from Webwithastro/flue · CHANGELOG.md

Authentication headers in flue logs, WebSocket runId inspection, and FlueApiError export

What Changed

Operator Implication

Receipt

Authentication headers in `flue logs`, WebSocket runId inspection, and FlueApiError export