diff --git a/pkgs/core/supabase/seed.sql b/pkgs/core/supabase/seed.sql
index 90e53e9ae..6b3f1ecad 100644
--- a/pkgs/core/supabase/seed.sql
+++ b/pkgs/core/supabase/seed.sql
@@ -13,6 +13,7 @@ BEGIN
   DELETE FROM pgflow.deps;
   DELETE FROM pgflow.steps;
   DELETE FROM pgflow.flows;
+  DELETE FROM pgflow.worker_functions;
 
   -- Also clear the realtime.messages table if it exists
   BEGIN
diff --git a/pkgs/core/supabase/tests/ensure_workers/credentials_from_vault.test.sql b/pkgs/core/supabase/tests/ensure_workers/credentials_from_vault.test.sql
index 9fc63cde4..1d5c2ef18 100644
--- a/pkgs/core/supabase/tests/ensure_workers/credentials_from_vault.test.sql
+++ b/pkgs/core/supabase/tests/ensure_workers/credentials_from_vault.test.sql
@@ -1,6 +1,6 @@
 -- Test: ensure_workers() retrieves credentials from Vault
 begin;
-select plan(2);
+select plan(4);
 select pgflow_tests.reset_db();
 
 -- Setup: Create Vault secrets
@@ -43,5 +43,37 @@ select ok(
   'Vault credentials allow HTTP invocation in production mode'
 );
 
+-- TEST: HTTP request URL uses base URL from Vault
+update pgflow.worker_functions
+set last_invoked_at = now() - interval '10 seconds';
+
+-- Store result in temp table to ensure ensure_workers() executes before we query the queue
+select * into temporary test3_result from pgflow.ensure_workers();
+
+select ok(
+  (select url = 'http://vault-configured-url.example.com/functions/v1/my-function'
+   from net.http_request_queue
+   where id = (select request_id from test3_result limit 1)),
+  'HTTP request URL is constructed from Vault pgflow_function_base_url'
+);
+
+drop table test3_result;
+
+-- TEST: HTTP request Authorization header uses service role key from Vault
+update pgflow.worker_functions
+set last_invoked_at = now() - interval '10 seconds';
+
+-- Store result in temp table to ensure ensure_workers() executes before we query the queue
+select * into temporary test4_result from pgflow.ensure_workers();
+
+select ok(
+  (select headers->>'Authorization' = 'Bearer test-service-role-key-from-vault'
+   from net.http_request_queue
+   where id = (select request_id from test4_result limit 1)),
+  'HTTP request Authorization header contains Vault service role key'
+);
+
+drop table test4_result;
+
 select finish();
 rollback;
diff --git a/pkgs/core/supabase/tests/ensure_workers/credentials_local_fallback.test.sql b/pkgs/core/supabase/tests/ensure_workers/credentials_local_fallback.test.sql
index 8c73911fb..09aa1c681 100644
--- a/pkgs/core/supabase/tests/ensure_workers/credentials_local_fallback.test.sql
+++ b/pkgs/core/supabase/tests/ensure_workers/credentials_local_fallback.test.sql
@@ -1,6 +1,6 @@
 -- Test: ensure_workers() uses local fallback credentials when Vault is empty
 begin;
-select plan(2);
+select plan(4);
 select pgflow_tests.reset_db();
 
 -- Ensure no Vault secrets exist
@@ -36,5 +36,37 @@ select ok(
   'Local fallback credentials allow HTTP invocation'
 );
 
+-- TEST: HTTP request URL uses local fallback base URL
+update pgflow.worker_functions
+set last_invoked_at = now() - interval '10 seconds';
+
+-- Store result in temp table to ensure ensure_workers() executes before we query the queue
+select * into temporary test3_result from pgflow.ensure_workers();
+
+select ok(
+  (select url = 'http://kong:8000/functions/v1/my-function'
+   from net.http_request_queue
+   where id = (select request_id from test3_result limit 1)),
+  'HTTP request URL uses local fallback (http://kong:8000/functions/v1)'
+);
+
+drop table test3_result;
+
+-- TEST: HTTP request has no Authorization header in local mode
+update pgflow.worker_functions
+set last_invoked_at = now() - interval '10 seconds';
+
+-- Store result in temp table to ensure ensure_workers() executes before we query the queue
+select * into temporary test4_result from pgflow.ensure_workers();
+
+select ok(
+  (select headers->>'Authorization' is null
+   from net.http_request_queue
+   where id = (select request_id from test4_result limit 1)),
+  'HTTP request has no Authorization header in local mode'
+);
+
+drop table test4_result;
+
 select finish();
 rollback;
diff --git a/pkgs/core/supabase/tests/ensure_workers/http_request_queued.test.sql b/pkgs/core/supabase/tests/ensure_workers/http_request_queued.test.sql
index fe0cedc6a..0faffd1b2 100644
--- a/pkgs/core/supabase/tests/ensure_workers/http_request_queued.test.sql
+++ b/pkgs/core/supabase/tests/ensure_workers/http_request_queued.test.sql
@@ -1,6 +1,6 @@
 -- Test: ensure_workers() queues HTTP request via pg_net
 begin;
-select plan(4);
+select plan(5);
 select pgflow_tests.reset_db();
 
 -- Clear any existing HTTP requests
@@ -44,6 +44,22 @@ select ok(
   'HTTP request was queued (request_id returned)'
 );
 
+-- TEST: HTTP request URL format is correct (base_url/function_name)
+update pgflow.worker_functions
+set last_invoked_at = now() - interval '10 seconds';
+
+-- Store result in temp table to ensure ensure_workers() executes before we query the queue
+select * into temporary test_url_result from pgflow.ensure_workers();
+
+select ok(
+  (select url LIKE '%/functions/v1/my-function'
+   from net.http_request_queue
+   where id = (select request_id from test_url_result limit 1)),
+  'HTTP request URL ends with /functions/v1/{function_name}'
+);
+
+drop table test_url_result;
+
 -- TEST: Multiple functions each get their own request
 select pgflow.track_worker_function('function-two');
 update pgflow.worker_functions