From 552f02d25c7cd5a7ab623cd1fcf8d3202ca32653 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Wed, 25 Mar 2026 08:19:44 +0100
Subject: [PATCH] fix: add JWT auth to application config API calls

Raw fetch() had no auth headers, causing 401s that silently broke tracing toggle.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 ui/src/api/queries/commands.ts | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/ui/src/api/queries/commands.ts b/ui/src/api/queries/commands.ts
index 2f039603..b761e80e 100644
--- a/ui/src/api/queries/commands.ts
+++ b/ui/src/api/queries/commands.ts
@@ -1,5 +1,6 @@
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { api } from '../client'
+import { useAuthStore } from '../../auth/auth-store'
 
 // ── Application Config ────────────────────────────────────────────────────
 
@@ -14,11 +15,20 @@ export interface ApplicationConfig {
   tracedProcessors: Record<string, string>
 }
 
+/** Authenticated fetch using the JWT from auth store */
+function authFetch(url: string, init?: RequestInit): Promise<Response> {
+  const token = useAuthStore.getState().accessToken
+  const headers = new Headers(init?.headers)
+  if (token) headers.set('Authorization', `Bearer ${token}`)
+  headers.set('X-Cameleer-Protocol-Version', '1')
+  return fetch(url, { ...init, headers })
+}
+
 export function useApplicationConfig(application: string | undefined) {
   return useQuery({
     queryKey: ['applicationConfig', application],
     queryFn: async () => {
-      const res = await fetch(`/api/v1/config/${application}`)
+      const res = await authFetch(`/api/v1/config/${application}`)
       if (!res.ok) throw new Error('Failed to fetch config')
       return res.json() as Promise<ApplicationConfig>
     },
@@ -30,7 +40,7 @@ export function useUpdateApplicationConfig() {
   const queryClient = useQueryClient()
   return useMutation({
     mutationFn: async (config: ApplicationConfig) => {
-      const res = await fetch(`/api/v1/config/${config.application}`, {
+      const res = await authFetch(`/api/v1/config/${config.application}`, {
         method: 'PUT',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify(config),