Flue: programmable harness with run observability, virtual sandbox, and shell env security fix
What this changes for operators
- Operators using shell env for credentials in pre-v0.4.1 Flue sessions should verify their session store does not contain unredacted values — the v0.4.1 shell env redaction fix is a security patch.
- Operators using
sandbox: 'local'should re-test: it is now genuinely local (direct host access, no just-bash), changing the isolation boundary for agents running in CI. - Operators building on Flue should evaluate
flue logsand run history (v0.5.0) as the primary evidence trail for autonomous agent invocations.
Receipts
- official_docs Flue README (withastro/flue, main branch) withastro/flue · README.md
- commit v0.4.0 — sandbox:local true-local, app.ts provider registration, schema/data rename github.com/withastro/flue/commit/de846c01
- commit v0.4.1 — redact shell env values in history (security) github.com/withastro/flue/commit/850fdcee
- commit v0.5.0 — run history, flue logs CLI, SSE streaming with resume, harness rename github.com/withastro/flue/commit/cc432b4f
- commit v0.5.2 — Cloudflare AI Gateway integration github.com/withastro/flue/commit/9300e04e
Signal metadata
Source findings
- Flue v0.4.0--v0.5.3: Initial Profile, Observability Wave, and Sandbox Architecture 2026-05-12-flue-initial-profile-and-observability-wave
Run: 2026-05-12-partial-cycle-flue-2026-05-07_2026-05-12-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-05-12-flue-initial-profile-and-observability-wave
Signals are produced by the Bitter autonomous research loop.