@meshxdata/fops 0.1.55 → 0.1.58

package/CHANGELOG.md

@@ -1,5 +1,194 @@
-## [0.1.55] - 2026-03-26
+# Changelog
+
+All notable changes to @meshxdata/fops (Foundation Operator CLI) are documented here.
 
+## [0.1.58] - 2026-03-26
+
+- bump storage (a1a5761)
+- restore all missing services (pgpool, exporters, grafana, etc), add loki to k3s profile, always activate loki profile in fops up (4e2744a)
+- fix: grafana alert-rules provisioning, ENVIRONMENT_NAME from --url, k3s secret sync, vm-sizes endpoint, project root resolution (9839052)
+- feat(azure): add 'fops azure reconcile <name>' command for VM drift fix (79ba6e2)
+- fix(otel,loki): remove duplicate spanmetrics dimensions, use .env for loki S3 creds (e3d1def)
+- fix(loki): pass S3 credentials from .env so loki works without vault-init (c57906d)
+- fix(azure): improve VM provisioning reliability (2ddd669)
+- cluster discovery (009257d)
+- feat(storage): add loki container to provisioning (898c544)
+- feat(azure): add ping command to check backend health (8336825)
+- operator cli bump 0.1.52 (f052cb5)
+- fix(doctor): set KUBECONFIG for k3s kubectl commands (db9359b)
+- fix(azure): move --landscape to test run command, not separate subcommand (4b9b089)
+- feat(azure): add test integration command with landscape support (b2990a0)
+- fix(fleet): skip VMs without public IPs in fleet exec (39acbaa)
+- feat(azure): detect and fix External Secrets identity issues (f907d11)
+- operator cli bump 0.1.51 (db55bdc)
+- feat: add postgres-exporter and Azure tray menu improvements (2a337ac)
+- operator cli plugin fix (4dae908)
+- operator cli plugin fix (25620cc)
+- operator cli test fixes (1d1c18f)
+- feat(test): add setup-users command for QA test user creation (b929507)
+- feat(aks): show HA standby clusters with visual grouping (8fb640c)
+- refactor(provision): extract VM provisioning to dedicated module (af321a7)
+- refactor(provision): extract post-start health checks to dedicated module (6ed5f2d)
+- fix: ping timeout 15s, fix prometheus sed escaping (d11ac14)
+- refactor(vm): extract terraform HCL generation to dedicated module (896a64b)
+- refactor(keyvault): extract key operations to dedicated module (716bbe4)
+- refactor(azure): extract swarm functions to azure-fleet-swarm.js (4690e34)
+- refactor(azure): extract SSH/remote functions to azure-ops-ssh.js (e62b8f0)
+- refactor(azure): split azure-ops.js into smaller modules (4515425)
+- feat(aks): add --ha flag for full cross-region HA setup (ece68c5)
+- feat(fops): inject ENVIRONMENT_NAME on VM provisioning (6ef2a27)
+- fix(postgres): disable SSL mode to fix connection issues (c789ae9)
+- feat(trino): add caching configuration for docker-compose (3668224)
+- fix(fops-azure): run pytest directly instead of missing scripts (29f8410)
+- add -d detach option for local frontend dev, remove hive cpu limits (3306667)
+- release 0.1.49 (dcca32b)
+- release 0.1.48 (9b195e5)
+- stash on updates (2916c01)
+- stash on updates (b5c14df)
+- stash on updates (d0453d1)
+- frontend dev fixes (0ca7b00)
+- fix: update azure test commands (77c81da)
+- default locust to CLI mode, add --web for UI (ca35bff)
+- add locust command for load testing AKS clusters (1278722)
+- update spot node pool default autoscaling to 1-20 (617c182)
+- module for aks (3dd1a61)
+- add hive to PG_SERVICE_DBS for fops pg-setup (afccb16)
+- feat(azure): enhance aks doctor with ExternalSecrets and PGSSLMODE checks (8b14861)
+- add foundation-postgres ExternalName service to reconciler (ea88e11)
+- new flux templates (0e2e372)
+- feat(azure): add storage-engine secrets to Key Vault (a4f488e)
+- feat(azure-aks): add AUTH0_DOMAIN to template rendering variables (216c37e)
+- feat(azure): add storage account creation per cluster (aa1b138)
+- bump watcher (ab24473)
+- fix: concurrent compute calls (#66) (03e2edf)
+- bump backend version (5058ff5)
+- bump fops to 0.1.44 (8c0ef5d)
+- Mlflow and azure plugin fix (176881f)
+- fix lifecycle (a2cb9e7)
+- callback url for localhost (821fb94)
+- disable 4 scaffolding plugin by default. (bfb2b76)
+- jaccard improvements (b7494a0)
+- refactor azure plugin (68dfef4)
+- refactor azure plugin (b24a008)
+- fix trino catalog missing (4928a55)
+- v36 bump and changelog generation on openai (37a0440)
+- v36 bump and changelog generation on openai (a3b02d9)
+- bump (a990058)
+- status bar fix and new plugin for ttyd (27dde1e)
+- file demo and tray (1a3e704)
+- electron app (59ad0bb)
+- compose and fops file plugin (1cf0e81)
+- bump (346ffc1)
+- localhost replaced by 127.0.0.1 (82b9f30)
+- .29 (587b0e1)
+- improve up down and bootstrap script (b79ebaf)
+- checksum (22c8086)
+- checksum (96b434f)
+- checksum (15ed3c0)
+- checksum (8a6543a)
+- bump embed trino linksg (8440504)
+- bump data (765ffd9)
+- bump (cb8b232)
+- broken tests (c532229)
+- release 0.1.18, preflight checks (d902249)
+- fix compute display bug (d10f5d9)
+- cleanup packer files (6330f18)
+- plan mode (cb36a8a)
+- bump to 0.1.16 - agent ui (41ac1a2)
+- bump to 0.1.15 - agent ui (4ebe2e1)
+- bump to 0.1.14 (6c3a7fa)
+- bump to 0.1.13 (8db570f)
+- release 0.1.12 (c1c79e5)
+- bump (11aa3b0)
+- git keep and bump tui (be1678e)
+- skills, index, rrf, compacted context (100k > 10k) (7b2fffd)
+- cloudflare and token consumption, graphs indexing (0ad9eec)
+- bump storage default (22c83ba)
+- storage fix (68a22a0)
+- skills update (7f56500)
+- v9 bump (3864446)
+- bump (c95eedc)
+- rrf (dbf8c95)
+- feat: warning when running predictions (95e8c52)
+- feat: support for local predictions (45cf26b)
+- feat: wip support for predictions + mlflow (3457052)
+- add Reciprocal Rank Fusion (RRF) to knowledge and skill retrieval (61549bc)
+- validate CSV headers in compute_run readiness check (a8c7a43)
+- fix corrupted Iceberg metadata: probe tables + force cleanup on re-apply (50578af)
+- enforce: never use foundation_apply to fix broken products (2e049bf)
+- update SKILL.md with complete tool reference for knowledge retrieval (30b1924)
+- add storage read, input DP table probe, and compute_run improvements (34e6c4c)
+- skills update (1220385)
+- skills update (bb66958)
+- some tui improvement andd tools apply overwrite (e90c35c)
+- skills update (e9227a1)
+- skills update (669c4b3)
+- fix plugin pre-flight checks (f741743)
+- increase agent context (6479aaa)
+- skills and init sql fixes (5fce35e)
+- checksum (3518b56)
+- penging job limit (a139861)
+- checksum (575d28c)
+- bump (92049ba)
+- fix bug per tab status (0a33657)
+- fix bug per tab status (50457c6)
+- checksumming (0ad842e)
+- shot af mardkwon overlapping (51f63b9)
+- add spark dockerfile for multiarch builds (95abbd1)
+- fix plugin initialization (16b9782)
+- split index.js (50902a2)
+- cloudflare cidr (cc4e021)
+- cloduflare restrictions (2f6ba2d)
+- sequential start (86b496e)
+- sequential start (4930fe1)
+- sequential start (353f014)
+- qa tests (2dc6a1a)
+- bump sha for .85 (dc2edfe)
+- preserve env on sudo (7831227)
+- bump sha for .84 (6c052f9)
+- non interactive for azure vms (0aa8a2f)
+- keep .env if present (d072450)
+- bump (7a8e732)
+- ensure opa is on compose if not set (f4a5228)
+- checksum bump (a2ccc20)
+- netrc defensive checks (a0b0ccc)
+- netrc defensive checks (ae37403)
+- checksum (ec45d11)
+- update sync and fix up (7f9af72)
+- expand test for azure and add new per app tag support (388a168)
+- checksum on update (44005fc)
+- cleanup for later (15e5313)
+- cleanup for later (11c9597)
+- switch branch feature (822fecc)
+- add pull (d1c19ab)
+- Bump hono from 4.11.9 to 4.12.0 in /operator-cli (ad25144)
+- tests (f180a9a)
+- cleanup (39c49a3)
+- registry (7b7126a)
+- reconcile kafka (832d0db)
+- gh login bug (025886c)
+- cleanup (bb96cab)
+- strip envs from process (2421180)
+- force use of gh creds not tokens in envs var (fff7787)
+- resolve import between npm installs and npm link (79522e1)
+- fix gh scope and azure states (afd846c)
+- refactoring (da50352)
+- split fops repo (d447638)
+- aks (b791f8f)
+- refactor azure (67d3bad)
+- wildcard (391f023)
+- azure plugin (c074074)
+- zap (d7e6e7f)
+- fix knock (cf89c05)
+- azure (4adec98)
+- Bump tar from 7.5.7 to 7.5.9 in /operator-cli (e41e98e)
+- azure stack index.js split (de12272)
+- Bump ajv from 8.17.1 to 8.18.0 in /operator-cli (76da21f)
+
+## [0.1.57] - 2026-03-26
+
+- restore all missing services (pgpool, exporters, grafana, etc), add loki to k3s profile, always activate loki profile in fops up (4e2744a)
+- fix: grafana alert-rules provisioning, ENVIRONMENT_NAME from --url, k3s secret sync, vm-sizes endpoint, project root resolution (9839052)
 - feat(azure): add 'fops azure reconcile <name>' command for VM drift fix (79ba6e2)
 - fix(otel,loki): remove duplicate spanmetrics dimensions, use .env for loki S3 creds (e3d1def)
 - fix(loki): pass S3 credentials from .env so loki works without vault-init (c57906d)
@@ -178,14 +367,12 @@
 - azure stack index.js split (de12272)
 - Bump ajv from 8.17.1 to 8.18.0 in /operator-cli (76da21f)
 - packer (9665fbc)
-- remove stack api (db0fd4d)
-- packer cleanup (fe1bf14)
 
 # Changelog
 
 All notable changes to @meshxdata/fops (Foundation Operator CLI) are documented here.
 
-## [0.1.54] - 2026-03-26
+## [0.1.56] - 2026-03-26
 
 - feat(azure): add 'fops azure reconcile <name>' command for VM drift fix (79ba6e2)
 - fix(otel,loki): remove duplicate spanmetrics dimensions, use .env for loki S3 creds (e3d1def)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meshxdata/fops",
-  "version": "0.1.55",
+  "version": "0.1.58",
   "description": "CLI to install and manage data mesh platforms",
   "keywords": [
     "fops",
@@ -17,7 +17,6 @@
     "fops.mjs",
     "src/",
     "!src/**/*.test.js",
-    "!src/**/node_modules",
     "!scripts/",
     "README.md",
     "CHANGELOG.md"

package/src/commands/index.js

@@ -7,6 +7,7 @@ import { registerPluginCommands } from "./plugin-cmd.js";
 import { registerIntegrationCommands } from "./integration-cmd.js";
 import { registerCompletionCommand } from "./completion.js";
 import { registerEditCommands } from "./edit-cmd.js";
+import { registerK3sCommands } from "./k3s-cmd.js";
 import { configureColorHelp } from "./help.js";
 
 export function registerCommands(program, registry) {
@@ -43,5 +44,6 @@ export function registerCommands(program, registry) {
   registerPluginCommands(program, registry);
   registerIntegrationCommands(program, registry);
   registerEditCommands(program);
+  registerK3sCommands(program);
   registerCompletionCommand(program);
 }

package/src/commands/k3s-cmd.js

@@ -0,0 +1,124 @@
+import path from "node:path";
+import chalk from "chalk";
+import { requireRoot } from "../project.js";
+
+const DIM = chalk.dim;
+const OK = chalk.green;
+const ERR = chalk.red;
+const WARN = chalk.yellow;
+
+const K3S_KUBECTL = ["exec", "-e", "KUBECONFIG=/etc/rancher/k3s/k3s.yaml", "k3s-server", "kubectl"];
+const K3S_KUBECTL_I = ["exec", "-i", "-e", "KUBECONFIG=/etc/rancher/k3s/k3s.yaml", "k3s-server", "kubectl"];
+
+async function kubectlApply(execa, args) {
+  const create = await execa("docker", [
+    ...K3S_KUBECTL, "create", ...args, "--dry-run=client", "-o", "yaml",
+  ], { timeout: 15000, reject: false });
+  if (create.exitCode !== 0) throw new Error(`kubectl create failed: ${create.stderr}`);
+  const apply = await execa("docker", [
+    ...K3S_KUBECTL_I, "apply", "-f", "-",
+  ], { input: create.stdout, timeout: 15000, reject: false });
+  if (apply.exitCode !== 0) throw new Error(`kubectl apply failed: ${apply.stderr}`);
+}
+
+async function syncSecrets(root) {
+  const { execa } = await import("execa");
+  const { loadEnvFromFile } = await import("../utils/load-env.js");
+
+  // Check k3s is running
+  const { exitCode, stdout } = await execa("docker", [
+    ...K3S_KUBECTL, "get", "nodes",
+  ], { timeout: 10000, reject: false });
+  if (exitCode !== 0 || !/Ready/.test(stdout)) {
+    console.error(ERR("  k3s cluster is not reachable. Is it running?"));
+    console.error(DIM("  Start it with: fops up --k3s"));
+    return;
+  }
+
+  // Load credentials from .env (same resolution as setup-kubernetes.sh)
+  const env = loadEnvFromFile(path.join(root, ".env"));
+  const s3Id = env.BOOTSTRAP_STORAGE_ACCESS_KEY || env.AUTH_IDENTITY || "minio";
+  const s3Pw = env.BOOTSTRAP_STORAGE_SECRET_KEY || env.AUTH_CREDENTIAL || "minio123";
+
+  console.log(DIM(`  Storage credentials: ${s3Id} / ${"*".repeat(Math.min(s3Pw.length, 8))}`));
+
+  // 1. storage-secret in foundation namespace
+  console.log(DIM("  Creating storage-secret (foundation)..."));
+  await kubectlApply(execa, [
+    "secret", "generic", "storage-secret",
+    `--from-literal=ACCESS_KEY=${s3Id}`,
+    `--from-literal=SECRET_KEY=${s3Pw}`,
+    "--namespace=foundation",
+  ]);
+  console.log(OK("  ✓ storage-secret"));
+
+  // 2. foundation-storage-engine-auth in foundation namespace
+  console.log(DIM("  Creating foundation-storage-engine-auth (foundation)..."));
+  await kubectlApply(execa, [
+    "secret", "generic", "foundation-storage-engine-auth",
+    `--from-literal=AUTH_IDENTITY=${s3Id}`,
+    `--from-literal=AUTH_CREDENTIAL=${s3Pw}`,
+    "--namespace=foundation",
+  ]);
+  console.log(OK("  ✓ foundation-storage-engine-auth"));
+
+  // 3. Default storage system secret for Spark jobs
+  const sparkSecretName = "00000000-0000-0000-0000-000000000001-secret";
+  console.log(DIM(`  Creating ${sparkSecretName} (spark-jobs)...`));
+  await kubectlApply(execa, [
+    "secret", "generic", sparkSecretName,
+    `--from-literal=AWS_ACCESS_KEY_ID=${s3Id}`,
+    `--from-literal=AWS_SECRET_ACCESS_KEY=${s3Pw}`,
+    `--from-literal=AWS_SECRET_ACCESS_KEY_ID=${s3Pw}`,
+    "--from-literal=AWS_ENDPOINT_LOCATION=http://foundation-storage-engine:8080",
+    "--from-literal=AWS_REGION=me-central-1",
+    "--from-literal=MLFLOW_S3_ENDPOINT_URL=http://foundation-storage-engine:8080",
+    "--namespace=spark-jobs",
+  ]);
+
+  // Re-apply label
+  await execa("docker", [
+    ...K3S_KUBECTL, "label", "secret", sparkSecretName,
+    "foundation.io/data-system=storage",
+    "--namespace=spark-jobs", "--overwrite",
+  ], { timeout: 10000, reject: false });
+  console.log(OK(`  ✓ ${sparkSecretName} (with label)`));
+
+  console.log(OK("\n  ✓ All storage secrets synced to k3s"));
+}
+
+export function registerK3sCommands(program) {
+  const k3s = program
+    .command("k3s")
+    .description("Manage local k3s Kubernetes cluster");
+
+  k3s
+    .command("sync-secrets")
+    .description("Sync storage secrets from .env into k3s (fixes S3 AccessDenied)")
+    .action(async () => {
+      const root = requireRoot(program);
+      try {
+        await syncSecrets(root);
+      } catch (err) {
+        console.error(ERR(`  ✗ ${err.message}`));
+        process.exitCode = 1;
+      }
+    });
+
+  k3s
+    .command("exec [cmd...]")
+    .description("Run a command inside k3s (default: interactive shell)")
+    .option("-n, --namespace <ns>", "Kubernetes namespace", "spark-jobs")
+    .action(async (cmd, opts) => {
+      const { execaNode } = await import("execa");
+      const { execSync } = await import("node:child_process");
+      const args = cmd.length
+        ? [...K3S_KUBECTL, "-n", opts.namespace, ...cmd]
+        : ["exec", "-it", "-e", "KUBECONFIG=/etc/rancher/k3s/k3s.yaml", "k3s-server", "/bin/sh"];
+      try {
+        execSync(`docker ${args.map(a => a.includes(" ") ? `"${a}"` : a).join(" ")}`, { stdio: "inherit" });
+      } catch (err) {
+        if (err.status) process.exitCode = err.status;
+      }
+    });
+}

package/src/commands/lifecycle.js

@@ -562,6 +562,12 @@ async function runUp(program, registry, opts) {
       fs.writeFileSync(envPath, envContent);
       console.log(chalk.dim(`  FOUNDATION_PUBLIC_URL=${publicUrl} written to .env`));
     }
+    // Derive and set ENVIRONMENT_NAME from URL (e.g. https://staging.meshx.app → Staging)
+    const envName = publicUrl.replace(/https?:\/\//, "").split(".")[0] || "Local";
+    const environmentName = envName.charAt(0).toUpperCase() + envName.slice(1);
+    envContent = envContent.replace(/^ENVIRONMENT_NAME=.*\n?/m, "");
+    envContent = envContent.trimEnd() + `\nENVIRONMENT_NAME=${environmentName}\n`;
+    fs.writeFileSync(envPath, envContent);
   } else {
     // Local: only inject localhost fallback if not already set
     if (!/^FOUNDATION_PUBLIC_URL=/m.test(envContent)) {
@@ -577,6 +583,7 @@ async function runUp(program, registry, opts) {
   const envProfiles = (process.env.COMPOSE_PROFILES || "").split(",").map(s => s.trim()).filter(Boolean);
   const activeProfiles = new Set(envProfiles);
   if (opts.k3s) activeProfiles.add("k3s");
+  activeProfiles.add("loki");
   if (publicUrl) {
     if (opts.traefik) activeProfiles.add("traefik");
     try {

package/src/plugins/builtins/docker-compose.js

@@ -486,60 +486,42 @@ You manage Docker Compose stacks: inspect containers, read logs, restart service
 ## Role
 You investigate alerts, diagnose service failures, and suggest fixes. You have direct access to Docker containers, logs, and system metrics. You are called by the Glue bot when monitoring alerts fire.
 
-## CRITICAL: Always Use Tools — Never Guess
-You MUST use your tools to investigate. NEVER give generic checklists or ask the user to check things manually.
-- Don't say "check the logs for X" — run compose_logs and find X yourself.
-- Don't say "verify auth config" — run compose_inspect or compose_exec to read the actual config.
-- Don't say "correlate with metrics" — run compose_stats and report the numbers.
-- If you need to grep logs, use compose_exec with grep/jq inside the container.
-- Every finding in your response must be backed by tool output, not speculation.
-
 ## Tools Available
 - **compose_ps**: List all containers and their status (start here)
-- **compose_logs**: Read container logs (check for errors, crashes, OOM). Use the tail parameter to get recent logs, and grep for specific patterns.
+- **compose_logs**: Read container logs (check for errors, crashes, OOM)
 - **compose_inspect**: Get container details (health checks, env vars, mounts, restarts)
 - **compose_stats**: CPU/memory/network usage per container
-- **compose_exec**: Run commands inside containers (e.g. grep logs, check disk, curl endpoints, read config files, test connectivity)
+- **compose_exec**: Run commands inside containers (e.g. check disk, network, processes)
 - **compose_images**: List images and versions
-- **compose_restart**: Restart specific services (only after diagnosing the issue)
+- **compose_restart**: Restart specific services
 - **embeddings_search**: Search docs, configs, and past knowledge for context
 
 ## Investigation Approach
 1. **Triage**: Run compose_ps to see overall stack health. Identify unhealthy/restarting containers.
-2. **Deep dive**: For each affected container, use MULTIPLE tools:
-   - compose_logs with tail=200 to find errors, then grep for specific patterns (4xx, 5xx, OOM, connection refused, timeout)
-   - compose_exec to grep logs for specific status codes: e.g. grep -c "HTTP/1.1 4" or check config files
-   - compose_inspect for health check failures, restart count, resource limits, env vars
-   - compose_stats for CPU/memory — report actual numbers (e.g. "backend: 450MB/512MB, 85% memory")
-3. **Correlate**: If you see errors, trace them to the root service. Check dependencies (postgres, kafka, storage-engine).
-4. **Root cause**: State the specific cause with evidence from tool output.
-5. **Fix**: Take action if safe (restart a crashed container) or give a specific command to run.
+2. **Diagnose**: For each affected container:
+   - compose_logs to find errors, exceptions, OOM kills, crash traces
+   - compose_inspect for health check failures, restart count, resource limits
+   - compose_stats for CPU/memory spikes
+3. **Context**: Use embeddings_search to find relevant docs or known issues.
+4. **Root cause**: Correlate findings — is it a code bug, resource exhaustion, dependency failure, config issue?
+5. **Fix**: Suggest specific actions (restart, config change, scale, rollback).
 
 ## Output Format
-Structure your response with blank lines between each section:
-
-**Status:** One-line summary (e.g. "Processor container restarting due to OOM")
-
-**Findings:** Specific evidence from tools (include actual log lines, numbers, status codes)
-
-**Root Cause:** Most likely cause, backed by evidence
-
-**Actions:** Specific steps to fix (commands, not vague suggestions)
-
-**Prevention:** How to avoid this in the future
+Structure your response as:
+- **Status**: One-line summary (e.g. "Processor container restarting due to OOM")
+- **Findings**: What you discovered from each tool
+- **Root Cause**: Most likely cause
+- **Actions**: Specific steps to fix
+- **Prevention**: How to avoid this in the future
 
 ## Rules
 - Always check compose_ps first.
-- USE TOOLS AGGRESSIVELY. Run 5-10 tool calls per investigation, not 1-2.
 - Check logs BEFORE suggesting restarts.
-- When investigating HTTP errors: grep the actual logs for status codes and show the top error endpoints.
-- When investigating performance: show actual CPU/memory numbers from compose_stats.
 - Look for patterns: repeated restarts, OOM kills, connection refused, timeout errors.
 - If a dependency is down (postgres, kafka), flag it — fixing the dependency fixes the dependent.
 - Be concise — this output goes into a Glue chat thread.
 - Never suggest 'docker compose down' — prefer targeted restarts.
-- After restarting, verify with compose_ps.
-- IMPORTANT: Always put a blank line between sections in your response so they render as separate paragraphs.`,
+- After restarting, verify with compose_ps.`,
     });
 
     // ── Doctor check: Trivy ───────────────────────────────────────────

package/src/plugins/bundled/fops-plugin-azure/lib/azure-openai.js

@@ -55,9 +55,6 @@ async function ensureAzAuth(execa, { subscription } = {}) {
 /** Resolve Foundation project root (directory with docker-compose). Exported for use by azure agent sync. */
 export function findProjectRoot() {
   const cwd = process.cwd();
-  if (process.env.FOUNDATION_ROOT && fs.existsSync(process.env.FOUNDATION_ROOT)) {
-    return path.resolve(process.env.FOUNDATION_ROOT);
-  }
   try {
     const cfgPath = path.join(process.env.HOME || process.env.USERPROFILE || "", ".fops.json");
     if (fs.existsSync(cfgPath)) {

package/src/plugins/bundled/fops-plugin-azure/lib/commands/vm-cmds.js

@@ -263,7 +263,7 @@ export function registerVmCommands(azure, api, registry) {
       if (opts.dai) opts.k3s = true;
       const {
         lazyExeca, ensureAzCli, ensureAzAuth, resolveGithubToken, verifyGithubToken,
-        reconcileVm, DEFAULTS,
+        reconcileVm, DEFAULTS, buildDefaultUrl,
       } = await import("../azure.js");
       const { resolveCfToken } = await import("../cloudflare.js");
       const { readVmState, writeVmState } = await import("../azure-state.js");
@@ -279,7 +279,10 @@ export function registerVmCommands(azure, api, registry) {
         process.exit(1);
       }
       const rg = tracked.resourceGroup;
-      const desiredUrl = opts.url || tracked.publicUrl;
+      const storedUrl = tracked.publicUrl;
+      // If the stored URL is IP-based, prefer the default domain-based URL
+      const isIpUrl = storedUrl && /^https?:\/\/\d+\.\d+\.\d+\.\d+/.test(storedUrl);
+      const desiredUrl = opts.url || (isIpUrl ? buildDefaultUrl(name) : storedUrl);
       const cfToken = resolveCfToken(opts.cfToken);
       const { publicIp, publicUrl, rg: actualRg } = await reconcileVm(execa, {
         vmName: name, rg, sub, subId, location: tracked.location || DEFAULTS.location,

package/src/plugins/bundled/fops-plugin-cloud/api.js

@@ -333,6 +333,20 @@ export function createCloudApi(registry) {
     return c.json(providers);
   });
 
+  // ── VM Sizes ────────────────────────────────────────────
+
+  app.get("/vm-sizes", (c) => {
+    return c.json([
+      "Standard_D4s_v5",
+      "Standard_D8s_v5",
+      "Standard_D16s_v5",
+      "Standard_D32s_v5",
+      "Standard_D48s_v5",
+      "Standard_D64s_v5",
+      "Standard_D96s_v5",
+    ]);
+  });
+
   // ── Resources ───────────────────────────────────────────
 
   app.get("/resources", async (c) => {

package/src/project.js

@@ -32,8 +32,8 @@ function saveProjectRoot(root) {
   const configPath = path.join(os.homedir(), ".fops.json");
   let config = {};
   try { config = JSON.parse(fs.readFileSync(configPath, "utf8")); } catch {}
-  if (config.projectRoot === root) return; // already saved
-  config.projectRoot = root;
+  if (config.foundationRoot === root || config.projectRoot === root) return; // already saved
+  config.foundationRoot = root;
   try {
     fs.mkdirSync(path.dirname(configPath), { recursive: true });
     fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
@@ -41,14 +41,19 @@ function saveProjectRoot(root) {
 }
 
 export function rootDir(cwd = process.cwd()) {
+
+  // Check FOUNDATION_ROOT env var first (explicit override)
   const envRoot = process.env.FOUNDATION_ROOT;
-  if (envRoot && fs.existsSync(envRoot)) return path.resolve(envRoot);
+  if (envRoot && isFoundationRoot(envRoot)) {
+    return path.resolve(envRoot);
+  }
 
-  // Check ~/.fops.json for saved project root
+  // Check ~/.fops.json for saved project root (projectRoot or foundationRoot)
   try {
     const fopsConfig = JSON.parse(fs.readFileSync(path.join(os.homedir(), ".fops.json"), "utf8"));
-    if (fopsConfig.projectRoot && isFoundationRoot(fopsConfig.projectRoot)) {
-      return path.resolve(fopsConfig.projectRoot);
+    const configRoot = fopsConfig.foundationRoot || fopsConfig.projectRoot;
+    if (configRoot && isFoundationRoot(configRoot)) {
+      return path.resolve(configRoot);
     }
   } catch {}
 
@@ -104,7 +109,7 @@ export function requireRoot(program) {
     console.error(
       chalk.red("Not a Foundation project (no docker-compose + Makefile).")
     );
-    console.error(chalk.dim("  Run `fops init` to set up, or set FOUNDATION_ROOT."));
+    console.error(chalk.dim("  Run `fops init` to set up, or run from the foundation-compose directory."));
     program.error("", { exitCode: 1 });
   }
   return r;

package/src/plugins/bundled/fops-plugin-cloud/ui/postcss.config.cjs

@@ -1,5 +0,0 @@
-module.exports = {
-  plugins: {
-    "@tailwindcss/postcss": {},
-  },
-};

package/src/plugins/bundled/fops-plugin-cloud/ui/src/App.jsx

@@ -1,32 +0,0 @@
-import React, { useEffect } from "react";
-import { Routes, Route, useLocation } from "react-router-dom";
-
-import "./css/style.css";
-
-import Resources from "./pages/Resources";
-import CreateResource from "./pages/CreateResource";
-import Fleet from "./pages/Fleet";
-import Costs from "./pages/Costs";
-import Audit from "./pages/Audit";
-
-function App() {
-  const location = useLocation();
-
-  useEffect(() => {
-    document.querySelector("html").style.scrollBehavior = "auto";
-    window.scroll({ top: 0 });
-    document.querySelector("html").style.scrollBehavior = "";
-  }, [location.pathname]);
-
-  return (
-    <Routes>
-      <Route exact path="/" element={<Resources />} />
-      <Route path="/resources/new" element={<CreateResource />} />
-      <Route path="/fleet" element={<Fleet />} />
-      <Route path="/costs" element={<Costs />} />
-      <Route path="/audit" element={<Audit />} />
-    </Routes>
-  );
-}
-
-export default App;