@meshxdata/fops 0.1.59 → 0.1.61

package/CHANGELOG.md

@@ -1,3 +1,373 @@
+## [0.1.61] - 2026-03-26
+
+- feat(k3s): add 'fops k3s sync' — syncs secrets + refreshes service endpoint IPs from running containers (7cb7680)
+- fix(provision): detect and repair broken submodule mounts from Docker (548422f)
+- fix(provision): recheck Docker after install failure instead of blocking (d7bc11c)
+- bump cli vm lifecycle (a3521ac)
+- fix(k3s): remove minio123 fallback from sync-secrets (e185cb9)
+- fix: add frontend-prod profile to fopsUpCmd, FOUNDATION_ROOT always wins in rootDir (a412709)
+- bump storage (a1a5761)
+- restore all missing services (pgpool, exporters, grafana, etc), add loki to k3s profile, always activate loki profile in fops up (4e2744a)
+- fix: grafana alert-rules provisioning, ENVIRONMENT_NAME from --url, k3s secret sync, vm-sizes endpoint, project root resolution (9839052)
+- feat(azure): add 'fops azure reconcile <name>' command for VM drift fix (79ba6e2)
+- fix(otel,loki): remove duplicate spanmetrics dimensions, use .env for loki S3 creds (e3d1def)
+- fix(loki): pass S3 credentials from .env so loki works without vault-init (c57906d)
+- fix(azure): improve VM provisioning reliability (2ddd669)
+- cluster discovery (009257d)
+- feat(storage): add loki container to provisioning (898c544)
+- feat(azure): add ping command to check backend health (8336825)
+- operator cli bump 0.1.52 (f052cb5)
+- fix(doctor): set KUBECONFIG for k3s kubectl commands (db9359b)
+- fix(azure): move --landscape to test run command, not separate subcommand (4b9b089)
+- feat(azure): add test integration command with landscape support (b2990a0)
+- fix(fleet): skip VMs without public IPs in fleet exec (39acbaa)
+- feat(azure): detect and fix External Secrets identity issues (f907d11)
+- operator cli bump 0.1.51 (db55bdc)
+- feat: add postgres-exporter and Azure tray menu improvements (2a337ac)
+- operator cli plugin fix (4dae908)
+- operator cli plugin fix (25620cc)
+- operator cli test fixes (1d1c18f)
+- feat(test): add setup-users command for QA test user creation (b929507)
+- feat(aks): show HA standby clusters with visual grouping (8fb640c)
+- refactor(provision): extract VM provisioning to dedicated module (af321a7)
+- refactor(provision): extract post-start health checks to dedicated module (6ed5f2d)
+- fix: ping timeout 15s, fix prometheus sed escaping (d11ac14)
+- refactor(vm): extract terraform HCL generation to dedicated module (896a64b)
+- refactor(keyvault): extract key operations to dedicated module (716bbe4)
+- refactor(azure): extract swarm functions to azure-fleet-swarm.js (4690e34)
+- refactor(azure): extract SSH/remote functions to azure-ops-ssh.js (e62b8f0)
+- refactor(azure): split azure-ops.js into smaller modules (4515425)
+- feat(aks): add --ha flag for full cross-region HA setup (ece68c5)
+- feat(fops): inject ENVIRONMENT_NAME on VM provisioning (6ef2a27)
+- fix(postgres): disable SSL mode to fix connection issues (c789ae9)
+- feat(trino): add caching configuration for docker-compose (3668224)
+- fix(fops-azure): run pytest directly instead of missing scripts (29f8410)
+- add -d detach option for local frontend dev, remove hive cpu limits (3306667)
+- release 0.1.49 (dcca32b)
+- release 0.1.48 (9b195e5)
+- stash on updates (2916c01)
+- stash on updates (b5c14df)
+- stash on updates (d0453d1)
+- frontend dev fixes (0ca7b00)
+- fix: update azure test commands (77c81da)
+- default locust to CLI mode, add --web for UI (ca35bff)
+- add locust command for load testing AKS clusters (1278722)
+- update spot node pool default autoscaling to 1-20 (617c182)
+- module for aks (3dd1a61)
+- add hive to PG_SERVICE_DBS for fops pg-setup (afccb16)
+- feat(azure): enhance aks doctor with ExternalSecrets and PGSSLMODE checks (8b14861)
+- add foundation-postgres ExternalName service to reconciler (ea88e11)
+- new flux templates (0e2e372)
+- feat(azure): add storage-engine secrets to Key Vault (a4f488e)
+- feat(azure-aks): add AUTH0_DOMAIN to template rendering variables (216c37e)
+- feat(azure): add storage account creation per cluster (aa1b138)
+- bump watcher (ab24473)
+- fix: concurrent compute calls (#66) (03e2edf)
+- bump backend version (5058ff5)
+- bump fops to 0.1.44 (8c0ef5d)
+- Mlflow and azure plugin fix (176881f)
+- fix lifecycle (a2cb9e7)
+- callback url for localhost (821fb94)
+- disable 4 scaffolding plugin by default. (bfb2b76)
+- jaccard improvements (b7494a0)
+- refactor azure plugin (68dfef4)
+- refactor azure plugin (b24a008)
+- fix trino catalog missing (4928a55)
+- v36 bump and changelog generation on openai (37a0440)
+- v36 bump and changelog generation on openai (a3b02d9)
+- bump (a990058)
+- status bar fix and new plugin for ttyd (27dde1e)
+- file demo and tray (1a3e704)
+- electron app (59ad0bb)
+- compose and fops file plugin (1cf0e81)
+- bump (346ffc1)
+- localhost replaced by 127.0.0.1 (82b9f30)
+- .29 (587b0e1)
+- improve up down and bootstrap script (b79ebaf)
+- checksum (22c8086)
+- checksum (96b434f)
+- checksum (15ed3c0)
+- checksum (8a6543a)
+- bump embed trino linksg (8440504)
+- bump data (765ffd9)
+- bump (cb8b232)
+- broken tests (c532229)
+- release 0.1.18, preflight checks (d902249)
+- fix compute display bug (d10f5d9)
+- cleanup packer files (6330f18)
+- plan mode (cb36a8a)
+- bump to 0.1.16 - agent ui (41ac1a2)
+- bump to 0.1.15 - agent ui (4ebe2e1)
+- bump to 0.1.14 (6c3a7fa)
+- bump to 0.1.13 (8db570f)
+- release 0.1.12 (c1c79e5)
+- bump (11aa3b0)
+- git keep and bump tui (be1678e)
+- skills, index, rrf, compacted context (100k > 10k) (7b2fffd)
+- cloudflare and token consumption, graphs indexing (0ad9eec)
+- bump storage default (22c83ba)
+- storage fix (68a22a0)
+- skills update (7f56500)
+- v9 bump (3864446)
+- bump (c95eedc)
+- rrf (dbf8c95)
+- feat: warning when running predictions (95e8c52)
+- feat: support for local predictions (45cf26b)
+- feat: wip support for predictions + mlflow (3457052)
+- add Reciprocal Rank Fusion (RRF) to knowledge and skill retrieval (61549bc)
+- validate CSV headers in compute_run readiness check (a8c7a43)
+- fix corrupted Iceberg metadata: probe tables + force cleanup on re-apply (50578af)
+- enforce: never use foundation_apply to fix broken products (2e049bf)
+- update SKILL.md with complete tool reference for knowledge retrieval (30b1924)
+- add storage read, input DP table probe, and compute_run improvements (34e6c4c)
+- skills update (1220385)
+- skills update (bb66958)
+- some tui improvement andd tools apply overwrite (e90c35c)
+- skills update (e9227a1)
+- skills update (669c4b3)
+- fix plugin pre-flight checks (f741743)
+- increase agent context (6479aaa)
+- skills and init sql fixes (5fce35e)
+- checksum (3518b56)
+- penging job limit (a139861)
+- checksum (575d28c)
+- bump (92049ba)
+- fix bug per tab status (0a33657)
+- fix bug per tab status (50457c6)
+- checksumming (0ad842e)
+- shot af mardkwon overlapping (51f63b9)
+- add spark dockerfile for multiarch builds (95abbd1)
+- fix plugin initialization (16b9782)
+- split index.js (50902a2)
+- cloudflare cidr (cc4e021)
+- cloduflare restrictions (2f6ba2d)
+- sequential start (86b496e)
+- sequential start (4930fe1)
+- sequential start (353f014)
+- qa tests (2dc6a1a)
+- bump sha for .85 (dc2edfe)
+- preserve env on sudo (7831227)
+- bump sha for .84 (6c052f9)
+- non interactive for azure vms (0aa8a2f)
+- keep .env if present (d072450)
+- bump (7a8e732)
+- ensure opa is on compose if not set (f4a5228)
+- checksum bump (a2ccc20)
+- netrc defensive checks (a0b0ccc)
+- netrc defensive checks (ae37403)
+- checksum (ec45d11)
+- update sync and fix up (7f9af72)
+- expand test for azure and add new per app tag support (388a168)
+- checksum on update (44005fc)
+- cleanup for later (15e5313)
+- cleanup for later (11c9597)
+- switch branch feature (822fecc)
+- add pull (d1c19ab)
+- Bump hono from 4.11.9 to 4.12.0 in /operator-cli (ad25144)
+- tests (f180a9a)
+- cleanup (39c49a3)
+- registry (7b7126a)
+- reconcile kafka (832d0db)
+- gh login bug (025886c)
+- cleanup (bb96cab)
+- strip envs from process (2421180)
+- force use of gh creds not tokens in envs var (fff7787)
+- resolve import between npm installs and npm link (79522e1)
+- fix gh scope and azure states (afd846c)
+- refactoring (da50352)
+- split fops repo (d447638)
+- aks (b791f8f)
+- refactor azure (67d3bad)
+- wildcard (391f023)
+- azure plugin (c074074)
+
+# Changelog
+
+All notable changes to @meshxdata/fops (Foundation Operator CLI) are documented here.
+
+## [0.1.60] - 2026-03-26
+
+- fix(provision): detect and repair broken submodule mounts from Docker (13269c5)
+- fix(provision): recheck Docker after install failure instead of blocking (d7bc11c)
+- bump cli vm lifecycle (a3521ac)
+- fix(k3s): remove minio123 fallback from sync-secrets (e185cb9)
+- fix: add frontend-prod profile to fopsUpCmd, FOUNDATION_ROOT always wins in rootDir (a412709)
+- bump storage (a1a5761)
+- restore all missing services (pgpool, exporters, grafana, etc), add loki to k3s profile, always activate loki profile in fops up (4e2744a)
+- fix: grafana alert-rules provisioning, ENVIRONMENT_NAME from --url, k3s secret sync, vm-sizes endpoint, project root resolution (9839052)
+- feat(azure): add 'fops azure reconcile <name>' command for VM drift fix (79ba6e2)
+- fix(otel,loki): remove duplicate spanmetrics dimensions, use .env for loki S3 creds (e3d1def)
+- fix(loki): pass S3 credentials from .env so loki works without vault-init (c57906d)
+- fix(azure): improve VM provisioning reliability (2ddd669)
+- cluster discovery (009257d)
+- feat(storage): add loki container to provisioning (898c544)
+- feat(azure): add ping command to check backend health (8336825)
+- operator cli bump 0.1.52 (f052cb5)
+- fix(doctor): set KUBECONFIG for k3s kubectl commands (db9359b)
+- fix(azure): move --landscape to test run command, not separate subcommand (4b9b089)
+- feat(azure): add test integration command with landscape support (b2990a0)
+- fix(fleet): skip VMs without public IPs in fleet exec (39acbaa)
+- feat(azure): detect and fix External Secrets identity issues (f907d11)
+- operator cli bump 0.1.51 (db55bdc)
+- feat: add postgres-exporter and Azure tray menu improvements (2a337ac)
+- operator cli plugin fix (4dae908)
+- operator cli plugin fix (25620cc)
+- operator cli test fixes (1d1c18f)
+- feat(test): add setup-users command for QA test user creation (b929507)
+- feat(aks): show HA standby clusters with visual grouping (8fb640c)
+- refactor(provision): extract VM provisioning to dedicated module (af321a7)
+- refactor(provision): extract post-start health checks to dedicated module (6ed5f2d)
+- fix: ping timeout 15s, fix prometheus sed escaping (d11ac14)
+- refactor(vm): extract terraform HCL generation to dedicated module (896a64b)
+- refactor(keyvault): extract key operations to dedicated module (716bbe4)
+- refactor(azure): extract swarm functions to azure-fleet-swarm.js (4690e34)
+- refactor(azure): extract SSH/remote functions to azure-ops-ssh.js (e62b8f0)
+- refactor(azure): split azure-ops.js into smaller modules (4515425)
+- feat(aks): add --ha flag for full cross-region HA setup (ece68c5)
+- feat(fops): inject ENVIRONMENT_NAME on VM provisioning (6ef2a27)
+- fix(postgres): disable SSL mode to fix connection issues (c789ae9)
+- feat(trino): add caching configuration for docker-compose (3668224)
+- fix(fops-azure): run pytest directly instead of missing scripts (29f8410)
+- add -d detach option for local frontend dev, remove hive cpu limits (3306667)
+- release 0.1.49 (dcca32b)
+- release 0.1.48 (9b195e5)
+- stash on updates (2916c01)
+- stash on updates (b5c14df)
+- stash on updates (d0453d1)
+- frontend dev fixes (0ca7b00)
+- fix: update azure test commands (77c81da)
+- default locust to CLI mode, add --web for UI (ca35bff)
+- add locust command for load testing AKS clusters (1278722)
+- update spot node pool default autoscaling to 1-20 (617c182)
+- module for aks (3dd1a61)
+- add hive to PG_SERVICE_DBS for fops pg-setup (afccb16)
+- feat(azure): enhance aks doctor with ExternalSecrets and PGSSLMODE checks (8b14861)
+- add foundation-postgres ExternalName service to reconciler (ea88e11)
+- new flux templates (0e2e372)
+- feat(azure): add storage-engine secrets to Key Vault (a4f488e)
+- feat(azure-aks): add AUTH0_DOMAIN to template rendering variables (216c37e)
+- feat(azure): add storage account creation per cluster (aa1b138)
+- bump watcher (ab24473)
+- fix: concurrent compute calls (#66) (03e2edf)
+- bump backend version (5058ff5)
+- bump fops to 0.1.44 (8c0ef5d)
+- Mlflow and azure plugin fix (176881f)
+- fix lifecycle (a2cb9e7)
+- callback url for localhost (821fb94)
+- disable 4 scaffolding plugin by default. (bfb2b76)
+- jaccard improvements (b7494a0)
+- refactor azure plugin (68dfef4)
+- refactor azure plugin (b24a008)
+- fix trino catalog missing (4928a55)
+- v36 bump and changelog generation on openai (37a0440)
+- v36 bump and changelog generation on openai (a3b02d9)
+- bump (a990058)
+- status bar fix and new plugin for ttyd (27dde1e)
+- file demo and tray (1a3e704)
+- electron app (59ad0bb)
+- compose and fops file plugin (1cf0e81)
+- bump (346ffc1)
+- localhost replaced by 127.0.0.1 (82b9f30)
+- .29 (587b0e1)
+- improve up down and bootstrap script (b79ebaf)
+- checksum (22c8086)
+- checksum (96b434f)
+- checksum (15ed3c0)
+- checksum (8a6543a)
+- bump embed trino linksg (8440504)
+- bump data (765ffd9)
+- bump (cb8b232)
+- broken tests (c532229)
+- release 0.1.18, preflight checks (d902249)
+- fix compute display bug (d10f5d9)
+- cleanup packer files (6330f18)
+- plan mode (cb36a8a)
+- bump to 0.1.16 - agent ui (41ac1a2)
+- bump to 0.1.15 - agent ui (4ebe2e1)
+- bump to 0.1.14 (6c3a7fa)
+- bump to 0.1.13 (8db570f)
+- release 0.1.12 (c1c79e5)
+- bump (11aa3b0)
+- git keep and bump tui (be1678e)
+- skills, index, rrf, compacted context (100k > 10k) (7b2fffd)
+- cloudflare and token consumption, graphs indexing (0ad9eec)
+- bump storage default (22c83ba)
+- storage fix (68a22a0)
+- skills update (7f56500)
+- v9 bump (3864446)
+- bump (c95eedc)
+- rrf (dbf8c95)
+- feat: warning when running predictions (95e8c52)
+- feat: support for local predictions (45cf26b)
+- feat: wip support for predictions + mlflow (3457052)
+- add Reciprocal Rank Fusion (RRF) to knowledge and skill retrieval (61549bc)
+- validate CSV headers in compute_run readiness check (a8c7a43)
+- fix corrupted Iceberg metadata: probe tables + force cleanup on re-apply (50578af)
+- enforce: never use foundation_apply to fix broken products (2e049bf)
+- update SKILL.md with complete tool reference for knowledge retrieval (30b1924)
+- add storage read, input DP table probe, and compute_run improvements (34e6c4c)
+- skills update (1220385)
+- skills update (bb66958)
+- some tui improvement andd tools apply overwrite (e90c35c)
+- skills update (e9227a1)
+- skills update (669c4b3)
+- fix plugin pre-flight checks (f741743)
+- increase agent context (6479aaa)
+- skills and init sql fixes (5fce35e)
+- checksum (3518b56)
+- penging job limit (a139861)
+- checksum (575d28c)
+- bump (92049ba)
+- fix bug per tab status (0a33657)
+- fix bug per tab status (50457c6)
+- checksumming (0ad842e)
+- shot af mardkwon overlapping (51f63b9)
+- add spark dockerfile for multiarch builds (95abbd1)
+- fix plugin initialization (16b9782)
+- split index.js (50902a2)
+- cloudflare cidr (cc4e021)
+- cloduflare restrictions (2f6ba2d)
+- sequential start (86b496e)
+- sequential start (4930fe1)
+- sequential start (353f014)
+- qa tests (2dc6a1a)
+- bump sha for .85 (dc2edfe)
+- preserve env on sudo (7831227)
+- bump sha for .84 (6c052f9)
+- non interactive for azure vms (0aa8a2f)
+- keep .env if present (d072450)
+- bump (7a8e732)
+- ensure opa is on compose if not set (f4a5228)
+- checksum bump (a2ccc20)
+- netrc defensive checks (a0b0ccc)
+- netrc defensive checks (ae37403)
+- checksum (ec45d11)
+- update sync and fix up (7f9af72)
+- expand test for azure and add new per app tag support (388a168)
+- checksum on update (44005fc)
+- cleanup for later (15e5313)
+- cleanup for later (11c9597)
+- switch branch feature (822fecc)
+- add pull (d1c19ab)
+- Bump hono from 4.11.9 to 4.12.0 in /operator-cli (ad25144)
+- tests (f180a9a)
+- cleanup (39c49a3)
+- registry (7b7126a)
+- reconcile kafka (832d0db)
+- gh login bug (025886c)
+- cleanup (bb96cab)
+- strip envs from process (2421180)
+- force use of gh creds not tokens in envs var (fff7787)
+- resolve import between npm installs and npm link (79522e1)
+- fix gh scope and azure states (afd846c)
+- refactoring (da50352)
+- split fops repo (d447638)
+- aks (b791f8f)
+- refactor azure (67d3bad)
+- wildcard (391f023)
+- azure plugin (c074074)
+- zap (d7e6e7f)
+
 ## [0.1.59] - 2026-03-26
 
 - fix(k3s): remove minio123 fallback from sync-secrets (e185cb9)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meshxdata/fops",
-  "version": "0.1.59",
+  "version": "0.1.61",
   "description": "CLI to install and manage data mesh platforms",
   "keywords": [
     "fops",

package/src/commands/k3s-cmd.js

@@ -84,7 +84,87 @@ export async function syncSecrets(root) {
   ], { timeout: 10000, reject: false });
   console.log(OK(`  ✓ ${sparkSecretName} (with label)`));
 
-  console.log(OK("\n  ✓ All storage secrets synced to k3s"));
+  // 4. Update stale credentials in the database (public.secret table)
+  console.log(DIM("  Updating storage credentials in database..."));
+  const secretKeys = ["AWS_SECRET_ACCESS_KEY", "MY_S3_SECRET", "S3_SECRET", "S3_SECRET_KEY"];
+  const accessKeys = ["AWS_ACCESS_KEY_ID", "MY_S3_ACCESS", "S3_ACCESS", "S3_ACCESS_KEY"];
+  const updateSql = [
+    ...secretKeys.map(k => `UPDATE public.secret SET value = '${s3Pw.replace(/'/g, "''")}' WHERE key = '${k}' AND value != '${s3Pw.replace(/'/g, "''")}';`),
+    ...accessKeys.map(k => `UPDATE public.secret SET value = '${s3Id.replace(/'/g, "''")}' WHERE key = '${k}' AND value != '${s3Id.replace(/'/g, "''")}';`),
+  ].join("\n");
+  const dbResult = await execa("docker", [
+    "compose", "exec", "-T", "postgres",
+    "psql", "-U", "foundation", "-d", "foundation", "-c", updateSql,
+  ], { cwd: root, timeout: 15000, reject: false });
+  if (dbResult.exitCode === 0) {
+    console.log(OK("  ✓ Database secrets updated"));
+  } else {
+    console.log(WARN("  ⚠ Database secret update failed (postgres may not be running)"));
+  }
+
+  console.log(OK("\n  ✓ All storage secrets synced"));
+}
+
+const ENDPOINT_SERVICES = [
+  { name: "foundation-storage-engine", namespace: "spark-jobs", container: "foundation-storage-engine", ports: [{ name: "http", port: 8080 }] },
+  { name: "kafka", namespace: "spark-jobs", container: "kafka", ports: [{ name: "kafka", port: 9092 }, { name: "kafka-internal", port: 29092 }] },
+  { name: "foundation-kafka-kafka-bootstrap", namespace: "spark-jobs", container: "kafka", ports: [{ name: "kafka", port: 9092 }, { name: "kafka-internal", port: 29092 }] },
+];
+
+async function syncEndpoints(root) {
+  const { execa } = await import("execa");
+
+  console.log(DIM("\n  Refreshing k3s service endpoints..."));
+
+  for (const svc of ENDPOINT_SERVICES) {
+    // Get current container IP
+    const { stdout: ip, exitCode } = await execa("docker", [
+      "inspect", svc.container, "--format", "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}",
+    ], { timeout: 5000, reject: false });
+
+    if (exitCode !== 0 || !ip?.trim()) {
+      console.log(WARN(`  ⚠ ${svc.name}: container "${svc.container}" not found, skipping`));
+      continue;
+    }
+
+    const currentIp = ip.trim();
+
+    // Check if endpoint already has the right IP
+    const { stdout: existingIp } = await execa("docker", [
+      ...K3S_KUBECTL, "get", "endpoints", svc.name, "-n", svc.namespace,
+      "-o", "jsonpath={.subsets[0].addresses[0].ip}",
+    ], { timeout: 10000, reject: false });
+
+    if (existingIp?.trim() === currentIp) {
+      console.log(OK(`  ✓ ${svc.name} → ${currentIp} (unchanged)`));
+      continue;
+    }
+
+    // Build endpoint YAML
+    const portsYaml = svc.ports.map(p => `      - name: "${p.name}"\n        port: ${p.port}\n        protocol: TCP`).join("\n");
+    const yaml = `apiVersion: v1
+kind: Endpoints
+metadata:
+  name: ${svc.name}
+  namespace: ${svc.namespace}
+subsets:
+  - addresses:
+      - ip: ${currentIp}
+    ports:
+${portsYaml}`;
+
+    const result = await execa("docker", [
+      ...K3S_KUBECTL_I, "apply", "-f", "-",
+    ], { input: yaml, timeout: 10000, reject: false });
+
+    if (result.exitCode === 0) {
+      console.log(OK(`  ✓ ${svc.name} → ${currentIp} (updated)`));
+    } else {
+      console.log(WARN(`  ⚠ ${svc.name}: failed to update endpoint`));
+    }
+  }
+
+  console.log(OK("\n  ✓ All k3s endpoints refreshed"));
 }
 
 export function registerK3sCommands(program) {
@@ -92,6 +172,20 @@ export function registerK3sCommands(program) {
     .command("k3s")
     .description("Manage local k3s Kubernetes cluster");
 
+  k3s
+    .command("sync")
+    .description("Sync secrets and refresh service endpoints in k3s")
+    .action(async () => {
+      const root = requireRoot(program);
+      try {
+        await syncSecrets(root);
+        await syncEndpoints(root);
+      } catch (err) {
+        console.error(ERR(`  ✗ ${err.message}`));
+        process.exitCode = 1;
+      }
+    });
+
   k3s
     .command("sync-secrets")
     .description("Sync storage secrets from .env into k3s (fixes S3 AccessDenied)")

package/src/plugins/bundled/fops-plugin-azure/lib/azure-provision.js

@@ -95,8 +95,15 @@ export async function configureVm(execa, ip, user, publicUrl, { githubToken, k3s
     if (installExit === 0) {
       if (!quiet) console.log(chalk.green("  ✓ Docker installed"));
     } else {
-      console.log(chalk.red("  ✗ Docker installation failed — container operations will not work"));
-      console.log(chalk.dim(`    SSH in and check: ssh ${user}@${ip} "sudo apt-get install -y docker-ce"`));
+      // apt can fail due to lock conflicts with cloud-init but Docker may have installed anyway
+      const { exitCode: recheck } = await ssh("sudo docker info >/dev/null 2>&1");
+      if (recheck === 0) {
+        if (!quiet) console.log(chalk.yellow("  ⚠ Docker install had warnings but Docker is working"));
+      } else {
+        console.log(chalk.red("  ✗ Docker installation failed — cannot continue provisioning"));
+        console.log(chalk.dim(`    SSH in and check: ssh ${user}@${ip} "sudo apt-get install -y docker-ce"`));
+        throw new Error("Docker installation failed");
+      }
     }
   }
 
@@ -1281,6 +1288,18 @@ async function vmReconcileRepo(ctx) {
 
   const { stdout: exists } = await ssh("[ -d /opt/foundation-compose/.git ] && echo yes || echo no");
   if (exists?.trim() === "yes") {
+    // Fix broken submodule mounts: Docker creates empty dirs when bind-mounting missing files.
+    // Detect and repair: if a submodule dir exists but is empty or has no real files, re-init it.
+    const checkSubs = "cd /opt/foundation-compose && for d in foundation-backend foundation-frontend foundation-watcher foundation-processor foundation-scheduler foundation-storage-engine; do [ -d $d ] && [ ! -f $d/pyproject.toml ] && [ ! -f $d/package.json ] && [ ! -f $d/Makefile ] && echo $d; done";
+    const { stdout: brokenSubs } = await ssh(checkSubs);
+    const broken = (brokenSubs || "").trim().split("\n").filter(Boolean);
+    if (broken.length > 0) {
+      console.log(chalk.yellow(`  ↻ Fixing ${broken.length} broken submodule(s): ${broken.join(", ")}`));
+      for (const sub of broken) {
+        await ssh(`cd /opt/foundation-compose && sudo rm -rf ${sub} && git checkout ${sub} && git submodule update --init --recursive --depth 1 ${sub}`, 60000);
+      }
+      await ssh("sudo chown -R azureuser:azureuser /opt/foundation-compose");
+    }
     reconcileOk("Repository", "/opt/foundation-compose");
     return;
   }

package/src/plugins/bundled/fops-plugin-azure/lib/azure-service.js

@@ -47,6 +47,8 @@ export class AzureService {
       publicIp: vm.publicIp,
       publicUrl: vm.publicUrl,
       subscriptionId: vm.subscriptionId,
+      vmSize: vm.vmSize || null,
+      image: vm.image || null,
       active: name === activeVm,
       createdAt: vm.createdAt || vm.discoveredAt || null,
     }));

package/src/plugins/bundled/fops-plugin-azure/lib/azure-vm-lifecycle.js

@@ -263,7 +263,7 @@ export async function azureUp(opts = {}) {
 
   // Persist IP immediately so it's never lost if later steps fail or user Ctrl+C's
   const publicUrl = opts.url || defaultUrl;
-  writeVmState(vmName, { resourceGroup: rg, location, publicIp, publicUrl, subscriptionId: subId, createdAt: new Date().toISOString() });
+  writeVmState(vmName, { resourceGroup: rg, location, publicIp, publicUrl, subscriptionId: subId, vmSize, image, createdAt: new Date().toISOString() });
 
   hint("Enabling accelerated networking…");
   const nicName = `${vmName}VMNic`;