@meshxdata/fops 0.1.39 → 0.1.40

package/CHANGELOG.md

@@ -1,3 +1,188 @@
+## [0.1.40] - 2026-03-10
+
+- callback url for localhost (821fb94)
+- disable 4 scaffolding plugin by default. (bfb2b76)
+- jaccard improvements (b7494a0)
+- refactor azure plugin (68dfef4)
+- refactor azure plugin (b24a008)
+- fix trino catalog missing (4928a55)
+- v36 bump and changelog generation on openai (37a0440)
+- v36 bump and changelog generation on openai (a3b02d9)
+- bump (a990058)
+- status bar fix and new plugin for ttyd (27dde1e)
+- file demo and tray (1a3e704)
+- electron app (59ad0bb)
+- compose and fops file plugin (1cf0e81)
+- bump (346ffc1)
+- localhost replaced by 127.0.0.1 (82b9f30)
+- .29 (587b0e1)
+- improve up down and bootstrap script (b79ebaf)
+- checksum (22c8086)
+- checksum (96b434f)
+- checksum (15ed3c0)
+- checksum (8a6543a)
+- bump embed trino linksg (8440504)
+- bump data (765ffd9)
+- bump (cb8b232)
+- broken tests (c532229)
+- release 0.1.18, preflight checks (d902249)
+- fix compute display bug (d10f5d9)
+- cleanup packer files (6330f18)
+- plan mode (cb36a8a)
+- bump to 0.1.16 - agent ui (41ac1a2)
+- bump to 0.1.15 - agent ui (4ebe2e1)
+- bump to 0.1.14 (6c3a7fa)
+- bump to 0.1.13 (8db570f)
+- release 0.1.12 (c1c79e5)
+- bump (11aa3b0)
+- git keep and bump tui (be1678e)
+- skills, index, rrf, compacted context (100k > 10k) (7b2fffd)
+- cloudflare and token consumption, graphs indexing (0ad9eec)
+- bump storage default (22c83ba)
+- storage fix (68a22a0)
+- skills update (7f56500)
+- v9 bump (3864446)
+- bump (c95eedc)
+- rrf (dbf8c95)
+- feat: warning when running predictions (95e8c52)
+- feat: support for local predictions (45cf26b)
+- feat: wip support for predictions + mlflow (3457052)
+- add Reciprocal Rank Fusion (RRF) to knowledge and skill retrieval (61549bc)
+- validate CSV headers in compute_run readiness check (a8c7a43)
+- fix corrupted Iceberg metadata: probe tables + force cleanup on re-apply (50578af)
+- enforce: never use foundation_apply to fix broken products (2e049bf)
+- update SKILL.md with complete tool reference for knowledge retrieval (30b1924)
+- add storage read, input DP table probe, and compute_run improvements (34e6c4c)
+- skills update (1220385)
+- skills update (bb66958)
+- some tui improvement andd tools apply overwrite (e90c35c)
+- skills update (e9227a1)
+- skills update (669c4b3)
+- fix plugin pre-flight checks (f741743)
+- increase agent context (6479aaa)
+- skills and init sql fixes (5fce35e)
+- checksum (3518b56)
+- penging job limit (a139861)
+- checksum (575d28c)
+- bump (92049ba)
+- fix bug per tab status (0a33657)
+- fix bug per tab status (50457c6)
+- checksumming (0ad842e)
+- shot af mardkwon overlapping (51f63b9)
+- add spark dockerfile for multiarch builds (95abbd1)
+- fix plugin initialization (16b9782)
+- split index.js (50902a2)
+- cloudflare cidr (cc4e021)
+- cloduflare restrictions (2f6ba2d)
+- sequential start (86b496e)
+- sequential start (4930fe1)
+- sequential start (353f014)
+- qa tests (2dc6a1a)
+- bump sha for .85 (dc2edfe)
+- preserve env on sudo (7831227)
+- bump sha for .84 (6c052f9)
+- non interactive for azure vms (0aa8a2f)
+- keep .env if present (d072450)
+- bump (7a8e732)
+- ensure opa is on compose if not set (f4a5228)
+- checksum bump (a2ccc20)
+- netrc defensive checks (a0b0ccc)
+- netrc defensive checks (ae37403)
+- checksum (ec45d11)
+- update sync and fix up (7f9af72)
+- expand test for azure and add new per app tag support (388a168)
+- checksum on update (44005fc)
+- cleanup for later (15e5313)
+- cleanup for later (11c9597)
+- switch branch feature (822fecc)
+- add pull (d1c19ab)
+- Bump hono from 4.11.9 to 4.12.0 in /operator-cli (ad25144)
+- tests (f180a9a)
+- cleanup (39c49a3)
+- registry (7b7126a)
+- reconcile kafka (832d0db)
+- gh login bug (025886c)
+- cleanup (bb96cab)
+- strip envs from process (2421180)
+- force use of gh creds not tokens in envs var (fff7787)
+- resolve import between npm installs and npm link (79522e1)
+- fix gh scope and azure states (afd846c)
+- refactoring (da50352)
+- split fops repo (d447638)
+- aks (b791f8f)
+- refactor azure (67d3bad)
+- wildcard (391f023)
+- azure plugin (c074074)
+- zap (d7e6e7f)
+- fix knock (cf89c05)
+- azure (4adec98)
+- Bump tar from 7.5.7 to 7.5.9 in /operator-cli (e41e98e)
+- azure stack index.js split (de12272)
+- Bump ajv from 8.17.1 to 8.18.0 in /operator-cli (76da21f)
+- packer (9665fbc)
+- remove stack api (db0fd4d)
+- packer cleanup (fe1bf14)
+- force refresh token (3a3d7e2)
+- provision shell (2ad505f)
+- azure vm management (91dcb31)
+- azure specific (2b0cca8)
+- azure packer (12175b8)
+- init hashed pwd (db8523c)
+- packer (5b5c7c4)
+- doctor for azure vm (ed524fa)
+- packer and 1pwd (c6d053e)
+- split big index.js (dc85a1b)
+- kafka volume update (21815ec)
+- fix openai azure tools confirmation and flow (0118cd1)
+- nighly fixx, test fix (5e0d04f)
+- open ai training (cdc494a)
+- openai integration in azure (1ca1475)
+- ci (672cea9)
+- refresh ghcr creds (4220c48)
+- cleaned up version (1a0074f)
+- traefik on ghcr and templates (8e31a05)
+- apply fcl (e78911f)
+- demo landscape (dd205fe)
+- smarter login and schema (1af514f)
+- no down before up unless something broke (56b1132)
+- dai, reconcile failed containers (12907fa)
+- reconcile dead container (7da75e4)
+- defensive around storage buckets dir (b98871d)
+- defensive around storage buckets dir (e86e132)
+- gear in for multiarch (bf3fa3e)
+- up autofix (99c7f89)
+- autofix stale containers on up (43c7d0f)
+- shared sessions fix (5de1359)
+- share sessions between ui and tui (8321391)
+- fix chat view display details (e263996)
+- fix chat view display details (9babdda)
+- tui up fixes (86e9f17)
+- fix commands init (442538b)
+- enable k3s profile (b2dcfc8)
+- test up till job creation (656d388)
+- tui fixes (0599779)
+- cleanup (27731f0)
+- train (90bf559)
+- training (f809bf6)
+- training (ba2b836)
+- training (6fc5267)
+- training (4af8ac9)
+- fix build script (bd82836)
+- infra test (5b79815)
+- infra test (3a0ac05)
+- infra test (e5c67b5)
+- tests (ae7b621)
+- tests (c09ae6a)
+- update tui (4784153)
+- training (0a5a330)
+- tui (df4dd4a)
+- pkg builds (4dc9993)
+- also source env for creds (9a17d8f)
+- fcl support (e8a5743)
+- fcl support (8d6b6cd)
+- fcl support (cb76a4a)
+- bump package (df2ee85)
+
 # Changelog
 
 All notable changes to @meshxdata/fops (Foundation Operator CLI) are documented here.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meshxdata/fops",
-  "version": "0.1.39",
+  "version": "0.1.40",
   "description": "CLI to install and manage data mesh platforms",
   "keywords": [
     "fops",

package/src/doctor.js

@@ -873,7 +873,26 @@ export async function runDoctor(opts = {}, registry = null) {
       console.log(chalk.green("  ✓ write:packages and repo scopes added"));
     };
 
+    // Double-check: if hasWritePackages came from netrc fallback, verify the gh CLI token too
+    let ghCliHasPackages = hasWritePackages;
     if (hasWritePackages) {
+      try {
+        const { stdout: tkOut, exitCode: tkExit } = await runGh(["auth", "token"], { timeout: 5000, reject: false });
+        if (tkExit === 0 && tkOut?.trim()) {
+          const { status, scopes } = await ghApiGetWithScopes(tkOut.trim());
+          if (status === 200 && scopes && !scopes.includes("write:packages") && !scopes.includes("read:packages")) {
+            ghCliHasPackages = false;
+          }
+        }
+      } catch {}
+    }
+    if (hasWritePackages && !ghCliHasPackages) {
+      warn(
+        "gh CLI token missing packages scope",
+        "netrc token has it, but gh auth token does not — run: gh auth refresh -h github.com -s write:packages",
+        ghcrRefreshFn,
+      );
+    } else if (hasWritePackages) {
       ok("gh token has write:packages scope");
     } else {
       fail(
@@ -917,32 +936,63 @@ export async function runDoctor(opts = {}, registry = null) {
     }
 
     const ghcrFixFn = async () => {
-      // Ensure write:packages scope is present (implies read:packages)
-      if (!hasWritePackages) {
-        console.log(chalk.cyan("  ▶ gh auth refresh -h github.com -s write:packages -s repo"));
-        console.log(chalk.dim("    (gh CLI will ask for device code auth, then optionally Git credential setup)"));
-        await runGh(["auth", "refresh", "-h", "github.com", "-s", "write:packages", "-s", "repo"], {
-          stdio: "inherit", timeout: 120_000,
-        });
-      }
-
-      // Get fresh token and login to ghcr.io
+      // Find a token with packages scope — prefer gh CLI token, fall back to netrc
       let ghToken = null;
+
+      // 1) Try gh CLI token
       try {
         const { stdout, exitCode } = await runGh(["auth", "token"], { timeout: 5000, reject: false });
-        if (exitCode === 0 && stdout?.trim()) ghToken = stdout.trim();
+        if (exitCode === 0 && stdout?.trim()) {
+          const t = stdout.trim();
+          const { status, scopes } = await ghApiGetWithScopes(t);
+          if (status === 200 && scopes?.includes("write:packages")) {
+            ghToken = t;
+          } else if (status === 200) {
+            // gh token works but lacks packages scope — refresh it
+            console.log(chalk.yellow("  gh CLI token missing write:packages — refreshing…"));
+            console.log(chalk.cyan("  ▶ gh auth refresh -h github.com -s write:packages -s repo"));
+            const { exitCode: refExit } = await runGh(["auth", "refresh", "-h", "github.com", "-s", "write:packages", "-s", "repo"], {
+              stdio: "inherit", timeout: 120_000, reject: false,
+            });
+            if (refExit === 0) {
+              const { stdout: fresh } = await runGh(["auth", "token"], { timeout: 5000, reject: false });
+              if (fresh?.trim()) ghToken = fresh.trim();
+            }
+          }
+        }
       } catch {}
 
+      // 2) Fall back to netrc token if gh CLI token doesn't have the right scopes
+      if (!ghToken) {
+        try {
+          const content = await readFile(netrcPath);
+          const netrcToken = readNetrcToken(content, "github.com");
+          if (netrcToken) {
+            const { status, scopes } = await ghApiGetWithScopes(netrcToken);
+            if (status === 200 && (scopes?.includes("write:packages") || scopes?.includes("read:packages"))) {
+              console.log(chalk.cyan("  Using netrc token (has packages scope)"));
+              ghToken = netrcToken;
+            }
+          }
+        } catch {}
+      }
+
       if (ghToken) {
-        console.log(chalk.cyan("  ▶ Logging into ghcr.io using gh auth token…"));
+        console.log(chalk.cyan("  ▶ Logging into ghcr.io…"));
+        // Login for both current user and root (Docker daemon runs as root)
         await run("sh", ["-c", `echo ${ghToken} | docker login ghcr.io -u x-access-token --password-stdin`], {
           stdio: "inherit", timeout: 15000,
         });
+        try {
+          await execa("sh", ["-c", `echo ${ghToken} | sudo docker login ghcr.io -u x-access-token --password-stdin`], {
+            timeout: 15000, stdio: "pipe",
+          });
+        } catch { /* root login best-effort */ }
       } else {
-        console.log(chalk.yellow("  gh CLI not authenticated — manual login required."));
-        console.log(chalk.dim("  Create a PAT at https://github.com/settings/tokens with write:packages scope, then run:"));
-        console.log(chalk.dim("  docker login ghcr.io -u <your-username>"));
-        throw new Error("Manual GHCR login required");
+        console.log(chalk.yellow("  No token with packages scope found."));
+        console.log(chalk.dim("  Run: gh auth refresh -h github.com -s write:packages -s repo"));
+        console.log(chalk.dim("  Then: echo $(gh auth token) | docker login ghcr.io -u x-access-token --password-stdin"));
+        throw new Error("No token with packages scope — refresh gh auth or create a PAT with write:packages");
       }
     };