fix: add JWT auth to application config API calls

Raw fetch() had no auth headers, causing 401s that silently broke tracing toggle.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

ui/src/api/queries/commands.ts

@@ -1,5 +1,6 @@
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { api } from '../client'
+import { useAuthStore } from '../../auth/auth-store'
 
 // ── Application Config ────────────────────────────────────────────────────
 
@@ -14,11 +15,20 @@ export interface ApplicationConfig {
   tracedProcessors: Record<string, string>
 }
 
+/** Authenticated fetch using the JWT from auth store */
+function authFetch(url: string, init?: RequestInit): Promise<Response> {
+  const token = useAuthStore.getState().accessToken
+  const headers = new Headers(init?.headers)
+  if (token) headers.set('Authorization', `Bearer ${token}`)
+  headers.set('X-Cameleer-Protocol-Version', '1')
+  return fetch(url, { ...init, headers })
+}
+
 export function useApplicationConfig(application: string | undefined) {
   return useQuery({
     queryKey: ['applicationConfig', application],
     queryFn: async () => {
-      const res = await fetch(`/api/v1/config/${application}`)
+      const res = await authFetch(`/api/v1/config/${application}`)
       if (!res.ok) throw new Error('Failed to fetch config')
       return res.json() as Promise<ApplicationConfig>
     },
@@ -30,7 +40,7 @@ export function useUpdateApplicationConfig() {
   const queryClient = useQueryClient()
   return useMutation({
     mutationFn: async (config: ApplicationConfig) => {
-      const res = await fetch(`/api/v1/config/${config.application}`, {
+      const res = await authFetch(`/api/v1/config/${config.application}`, {
         method: 'PUT',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify(config),