Fluid Forge Docs Baseline: CLI 0.8.10
Release Date: June 8, 2026 Status: Superseded by 0.8.11 (supersedes 0.8.9)
Headline
0.8.10 makes the CLI introspectable and hardens day-2 operations. fluid describe --self now returns a complete, machine-readable picture of the installed CLI — version, schema, providers, build engines, templates, capabilities, and the full command tree — so tooling can render the live CLI surface without lagging it. Alongside it: opt-in (default-OFF) usage telemetry, BigQuery fluid rollback support, broader fluid generate iac cloud detection, and a batch of security fixes. No contract-schema change — contracts stay at fluidVersion: 0.7.4.
Who should upgrade
Everyone on 0.8.x. The security fixes in this release (#215) close injection / RCE / RLS findings across generated Airflow DAGs, the Redshift external-schema emit, and the MCP query tools — upgrading is recommended for any production deployment.
What changed in v0.8.10
Added
fluid describe --selfcapability introspection. Library-callablefluid_build.describe.self_describe()returnsfluid_version,schema_version,providers,build_engines,templates,capabilities, and the full command tree (every subcommand + its flags), consumed viaGET /api/v1/forge/capabilitiesso a UI can render the CLI surface without lagging it. (#220)- Opt-in usage telemetry, default OFF. Nothing is emitted unless you explicitly opt in; honours
FLUID_TELEMETRY=0and theDO_NOT_TRACKstandard, and the resolved state is surfaced influid doctor. (#217) - Reuse an existing LLM API key during AI setup.
fluidAI setup now offers to persist a recognised built-in-provider key already present in your environment — read-only, explicit confirmation, never logged. (#217) - Contract diff before writing on refine/regenerate. The refine/preview flow now shows what changed (reusing the changelog differ) before the contract is written. (#217)
Fixed
- BigQuery rollback restore.
fluid rollbacknow restores BigQuery products (previously Snowflake only), replaying the snapshot'sCREATE OR REPLACE TABLE … AS SELECTvia the BigQuery client with agcpdispatch alias. (#217) fluid generate iac --provider autodetection broadened. The target cloud is now detected from top-levelbinding.{provider,platform},builds[].provider, and the runtime platform — not justexposes[].binding.platform— fixing the common single-binding contract that previously errored as "could not detect a supported cloud".local/ DuckDB now raises an actionablegenerate_iac_local_targeterror. (#211)odpsexport fails loud.fluid generate standard --format odps-v4.1/fluid odps exportnow error instead of silently writing the literal[]to disk while exiting 0. (#211)- CI resilient to transient OpenTofu registry outages —
tofu init504 / network failures convert to skips while realtofu validateschema errors still fail. (#218)
Changed
- Renamed
providers/snowflake/provider_enhanced.py→provider.py(canonicalSnowflakeProvider); class name and entry points are unchanged. (#217) - Added a startup-budget perf gate (
fluid --helpmodule-count + cold wall-time in clean subprocesses) to catch CLI-startup regressions. (#217)
Security
- Fixed injection / RCE / RLS findings across the platform. (#215)
- Code-injection (RCE) in generated Airflow DAGs — untrusted contract values are now routed through repr-escaped literals / sanitised identifiers.
- Shell-RCE + SQL injection in the Redshift external-schema emit — closed.
- Multi-tenant row-level-security bypass in the MCP
query/query_sqltools — they now applypolicy.rowFilters[]and fail closed on missing caller identity.