Service creds management

BUILD_RELEASE.md

@@ -18,18 +18,18 @@ git pull
 ### 2) Create and publish the release
 
 ```bash
-gh release create v0.2.7 --generate-notes
+gh release create v0.2.8 --generate-notes
 ```
 
-This creates the `v0.2.7` tag and publishes the release, which triggers:
+This creates the `v0.2.8` tag and publishes the release, which triggers:
 
 - CLI binary builds (linux + macOS) and uploads to the release.
-- Docker image build and push tagged as `trydirect/stacker:v0.2.7`.
+- Docker image build and push tagged as `trydirect/stacker:v0.2.8`.
 
 ### 3) Verify artifacts
 
 ```bash
-gh release view v0.2.7 --json assets --jq '.assets[].name'
+gh release view v0.2.8 --json assets --jq '.assets[].name'
 ```
 
 ### 4) Check workflows

CHANGELOG.md

@@ -4,6 +4,40 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+## [0.2.8] — 2026-05-12
+
+### Added — Remote service/app target secrets
+
+- `stacker secrets set --scope service --service <target>` now supports real
+  deployable service/app targets, not only the main app code. Valid targets are
+  discovered with `stacker secrets apps`.
+- Stacker.yml `services:` entries are synced as service targets while the main
+  `app:` remains the web target, so remote secrets can be scoped to support
+  services such as `upload`, `worker`, or `postgres`.
+- Image-backed services from `deploy.compose_file` are registered as service
+  targets during cloud/server deploy preparation when they can be represented
+  safely; build-only and platform-managed services are skipped with warnings.
+- Service-scoped remote secrets remain isolated per target and are rendered only
+  into the matching service; metadata APIs and CLI output still never return
+  plaintext Vault values.
+- CLI help and errors now use "deployable service/app target" wording and list
+  available targets when an unknown service code is requested.
+
+### Added — MCP remote service secret tools
+
+- Added MCP tools for the remote service secret lifecycle:
+  `list_remote_secret_targets`, `list_remote_service_secrets`,
+  `get_remote_service_secret`, `set_remote_service_secret`, and
+  `delete_remote_service_secret`.
+- MCP remote secret reads are metadata-only, match the CLI/API target model, and
+  write secret values directly to Vault without returning plaintext values.
+- All MCP tool calls now require explicit per-tool Casbin `CALL` permission under
+  `/mcp/tools/<tool_name>` before the handler executes; marketplace admin tools
+  are granted only to `group_admin`.
+- Sensitive MCP write/destructive operations, including remote secret writes and
+  deletes, additionally require a token or auth profile with verified 2FA/MFA
+  before Vault or deployment state is touched.
+
 ### Added — Cloud provider firewall operations
 
 - Added `stacker cloud firewall add|remove|list` for cloud-provider firewall
@@ -59,6 +93,15 @@ All notable changes to this project will be documented in this file.
   provider firewalls receive app ports such as Coolify's `8000:8080` instead of
   the generic custom-app fallback `8080`.
 
+### Fixed — Deployment IP persistence on paused/failed installs
+
+- Cloud/server deploy status handling now extracts a server IP from installer
+  progress messages such as `178.104.222.170: Copy files is done` when the
+  structured server record has not populated `srv_ip` yet.
+- The CLI saves that fallback IP into the local deployment context, and the MQ
+  listener persists the IP server-side so paused or failed deployments still
+  retain a usable host address for SSH repair and retry workflows.
+
 ### Changed — Agent proxy SSL control
 
 - `stacker agent configure-proxy` now supports `--no-ssl` to create or update a

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "stacker"
-version = "0.2.7"
+version = "0.2.8"
 edition = "2021"
 default-run= "server"
 

DOCKERHUB.md

@@ -1,7 +1,7 @@
 # Stacker — Build, Deploy & Manage Containerised Apps
 
 [![Discord](https://img.shields.io/discord/578119430391988232?label=discord&logo=discord&color=5865F2)](https://discord.gg/mNhsa8VdYX)
-[![Version](https://img.shields.io/badge/version-0.2.7-blue)](https://github.com/trydirect/stacker/releases)
+[![Version](https://img.shields.io/badge/version-0.2.8-blue)](https://github.com/trydirect/stacker/releases)
 [![License](https://img.shields.io/badge/license-MIT-green)](https://github.com/trydirect/stacker/blob/main/LICENSE)
 [![GitHub](https://img.shields.io/badge/source-GitHub-181717?logo=github)](https://github.com/trydirect/stacker)
 
@@ -16,7 +16,7 @@
 │  Stacker CLI │────────▶│  Stacker Server  │────────▶│  Status Panel Agent │
 │              │  REST   │                  │  queue  │  (on target server) │
 │  stacker.yml │  API    │  Stack Builder UI│  pull   │                     │
-│  init/deploy │         │  48+ MCP tools   │◀────────│  health / logs /    │
+│  init/deploy │         │  85+ MCP tools   │◀────────│  health / logs /    │
 │  status/logs │         │  Vault · AMQP    │  HMAC   │  restart / exec /   │
 └──────────────┘         └──────────────────┘         │  deploy_app / proxy │
                                 │                     └─────────────────────┘
@@ -123,12 +123,12 @@ The `trydirect/stacker` image contains the **Stacker Server** — a Rust-built b
 - Role-based access control (Casbin)
 
 ### MCP Server (Model Context Protocol)
-48+ tools exposed over WebSocket, enabling AI agents (Claude, GPT, etc.) to manage infrastructure programmatically:
+85+ tools exposed over WebSocket, enabling AI agents (Claude, GPT, etc.) to manage infrastructure programmatically:
 - Project & deployment management
 - Container operations (start, stop, restart, exec)
 - Log analysis & error summaries
-- Vault config read/write
-- Proxy configuration
+- Vault config and remote service secret management
+- Proxy and firewall configuration
 - Server resource monitoring
 - Docker Compose generation & preview
 
@@ -156,6 +156,8 @@ The CLI (`stacker-cli`) is a standalone binary — no server required for local
 | `stacker deploy` | Build & deploy the stack (local, cloud, or server) |
 | `stacker status` | Show running containers and health |
 | `stacker logs` | View container logs (`--follow`, `--service`, `--tail`) |
+| `stacker secrets` | Manage local `.env` secrets and remote Vault-backed service/server secrets |
+| `stacker cloud firewall` | Manage provider firewall rules without SSH |
 | `stacker destroy` | Tear down the deployed stack |
 | `stacker ai ask` | Ask AI about your stack, or let it modify config |
 | `stacker service add` | Add from 20+ built-in service templates |
@@ -286,7 +288,7 @@ Stacker auto-detects and generates optimised multi-stage Dockerfiles for:
 | Tag | Description |
 |-----|-------------|
 | `latest` | Latest stable release |
-| `x.y.z` | Specific version (e.g. `0.2.7`) |
+| `x.y.z` | Specific version (e.g. `0.2.8`) |
 | `test` | Development/testing builds |
 
 ---

README.md

@@ -1,7 +1,7 @@
 <div align="center">
 
 <a href="https://discord.gg/mNhsa8VdYX"><img alt="Discord" src="https://img.shields.io/discord/578119430391988232?label=discord"></a>
-<img alt="Version" src="https://img.shields.io/badge/version-0.2.7-blue">
+<img alt="Version" src="https://img.shields.io/badge/version-0.2.8-blue">
 <img alt="License" src="https://img.shields.io/badge/license-MIT-green">
 
 <br><br>
@@ -13,6 +13,12 @@
 
 Stacker is a platform for turning any project into a deployable Docker stack. Add a `stacker.yml` to your repo, and Stacker generates Dockerfiles, docker-compose definitions, reverse-proxy configs, and deploys locally or to cloud providers — optionally with AI assistance.
 
+**v0.2.8 highlights:** remote Vault-backed secrets now work for deployable
+service/app targets from `stacker.yml` and supported Compose services, paused or
+failed cloud/server installs retain discovered IP addresses, cloud-provider
+firewalls can be managed without SSH, and MCP now exposes remote service secret
+tools.
+
 
 ## Quick Start
 
@@ -111,7 +117,7 @@ Full schema reference: [docs/STACKER_YML_REFERENCE.md](docs/STACKER_YML_REFERENC
 │  Stacker CLI │────────►│  Stacker Server  │────────►│  Status Panel Agent │
 │              │  REST   │                  │  queue  │  (on target server) │
 │  stacker.yml │  API    │  Stack Builder UI│  pull   │                     │
-│  init/deploy │         │  48+ MCP tools   │◄────────│  health / logs /    │
+│  init/deploy │         │  85+ MCP tools   │◄────────│  health / logs /    │
 │  status/logs │         │  Vault · AMQP    │  HMAC   │  restart / exec /   │
 └──────────────┘         └──────────────────┘         │  deploy_app / proxy │
                                 │                     └─────────────────────┘
@@ -204,7 +210,10 @@ authorizes its public key on the server when possible. The CLI prints a normal
 # Local project .env secret
 stacker secrets set DB_PASSWORD=supersecret
 
-# Remote service secret used at render/deploy time for one app
+# Discover valid remote deployable service/app targets first
+stacker secrets apps
+
+# Remote service secret used at render/deploy time for one target
 stacker secrets set S3_SECRET_KEY \
   --scope service \
   --service uploader \
@@ -220,14 +229,13 @@ stacker secrets set NPM_TOKEN \
 stacker secrets list --scope service --service uploader --json
 stacker secrets get S3_SECRET_KEY --scope service --service uploader --json
 
-# Discover valid remote service app codes for the current stacker.yml project
-stacker secrets apps
 ```
 
 - Local mode remains the default and reads/writes the project `.env` file.
 - Remote mode is enabled only with `--scope service` or `--scope server`.
 - Service-scoped remote commands default `--project` from `stacker.yml -> project.identity`; `--project` still overrides it explicitly.
-- Service-scoped secrets are merged into rendered app env at deploy time.
+- Service-scoped secrets target deployable service/app codes listed by `stacker secrets apps`, including registered `stacker.yml` services and supported image-backed Compose services after a deploy/update sync.
+- Service-scoped secrets are merged only into the matching rendered service/app env at deploy time.
 - Remote `get` and `list` do **not** return plaintext values in v1.
 
 ### Marketplace workflow (for stack developers)
@@ -255,6 +263,7 @@ curl -sL https://marketplace.try.direct/<purchase-token>/install.sh | sh
 - **Auto-detection** — identifies Node, Python, Rust, Go, PHP, static sites from project files
 - **Dockerfile generation** — produces optimised multi-stage Dockerfiles per app type
 - **Docker Compose generation** — wires app + services + proxy + monitoring
+- **Remote service secrets** — Vault-backed service/app target secrets are metadata-only when read and isolated to the selected service
 - **AI-assisted config** — scans project, calls LLM to generate tailored `stacker.yml`
 - **AI troubleshooting** — on deploy failure, suggests fixes via AI or deterministic fallback hints
 - **Service catalog** — 20+ built-in service templates (Postgres, Redis, WordPress, etc.) — add with `stacker service add`
@@ -263,7 +272,8 @@ curl -sL https://marketplace.try.direct/<purchase-token>/install.sh | sh
 - **SSH key management** — generate, view, upload, and repair server SSH keys
   (Vault-backed), with automatic local backup SSH access after cloud deploy
 - **Reverse proxy** — auto-detects Nginx / Nginx Proxy Manager, configures domains + SSL
-- **Cloud deployment** — Hetzner, DigitalOcean, AWS, Linode
+- **Cloud deployment** — Hetzner, DigitalOcean, AWS, Linode, with provider firewall operations and paused/failed install IP retention
+- **MCP Server** — 85+ tools, including deployment, agent control, config, proxy, firewall, and remote service secret management
 - **Marketplace** — submit stacks for review, auto-publish on approval, check status from CLI
 - **Buyer install** — purchase tokens, one-liner install scripts, agent self-registration
 

docs/MCP_SERVER_BACKEND_PLAN.md

@@ -3,6 +3,15 @@
 ## Overview
 This document outlines the implementation plan for adding Model Context Protocol (MCP) server capabilities to the Stacker backend. The MCP server will expose Stacker's functionality as tools that AI assistants can use to help users build and deploy application stacks.
 
+> **Current status:** The original 17-tool MVP has been surpassed. As of
+> v0.2.8 the registry exposes 85+ tools, including remote service secret
+> management (`list_remote_secret_targets`, `list_remote_service_secrets`,
+> `get_remote_service_secret`, `set_remote_service_secret`,
+> `delete_remote_service_secret`) with metadata-only reads and Vault-backed
+> writes. All tool calls require explicit per-tool Casbin `CALL` policies under
+> `/mcp/tools/<tool_name>`; sensitive write/destructive tools additionally
+> require verified 2FA/MFA.
+
 ## Architecture
 
 ```

docs/MCP_SERVER_FRONTEND_INTEGRATION.md

@@ -30,12 +30,45 @@ This document provides comprehensive guidance for integrating the Stacker MCP (M
                      ▼
 ┌──────────────────────────────────────────────────────────────┐
 │  Stacker Backend (MCP Server)                               │
-│  - Tool Registry (17+ tools)                                │
+│  - Tool Registry (85+ tools)                                │
 │  - Session Management                                       │
 │  - OAuth Authentication                                     │
 └──────────────────────────────────────────────────────────────┘
 ```
 
+## Current v0.2.8 Tool Coverage
+
+The MCP server now exposes project/deployment, cloud credential discovery,
+container operations, Status Panel agent control, proxy configuration, guest OS
+firewall tools, Vault config tools, and remote service secret tools. The remote
+secret tools mirror the CLI/API target model:
+
+- `list_remote_secret_targets` — list deployable service/app target codes for a
+  project.
+- `list_remote_service_secrets` — list metadata for Vault-backed service-scope
+  secrets on one target.
+- `get_remote_service_secret` — read metadata for one service secret.
+- `set_remote_service_secret` — write one service secret value to Vault.
+- `delete_remote_service_secret` — delete one service secret.
+
+Remote secret reads are metadata-only; plaintext values are written to Vault but
+never returned to MCP clients.
+
+Every MCP tool call is checked against Casbin before its handler executes. Clients
+must have a `CALL` policy for `/mcp/tools/<tool_name>`. Marketplace admin tools
+are granted only to `group_admin`; regular project, deployment, cloud,
+container, proxy, firewall, Vault, and remote-secret tools use the normal user
+group policies plus their existing project/ownership checks.
+
+`set_remote_service_secret` and `delete_remote_service_secret` are sensitive
+write operations. They also require:
+
+- Casbin permission for `/mcp/tools/set_remote_service_secret` or
+  `/mcp/tools/delete_remote_service_secret` with action `CALL`.
+- A verified 2FA/MFA marker from the authenticated user profile or access token
+  (`mfa_verified`, `two_factor_verified`, `amr` containing `totp`, `otp`,
+  `webauthn`, etc.).
+
 ## Technology Stack
 
 ### Core Dependencies

docs/STACKER_YML_REFERENCE.md

@@ -954,6 +954,7 @@ Configuration issues:
 | `stacker deploy` | Build and deploy the stack; cloud deploys also install a local SSH backup key when possible |
 | `stacker status` | Show container status |
 | `stacker logs` | Show container logs |
+| `stacker secrets` | Manage local `.env` secrets or remote Vault-backed service/server secrets |
 | `stacker destroy` | Tear down the stack |
 | `stacker config validate` | Validate `stacker.yml` |
 | `stacker config show` | Display resolved configuration |
@@ -962,6 +963,9 @@ Configuration issues:
 | `stacker ai ask` | Ask the AI assistant a question |
 | `stacker proxy add` | Add a reverse-proxy domain entry |
 | `stacker proxy detect` | Detect running reverse proxies |
+| `stacker cloud firewall add` | Open cloud-provider firewall ports without SSH |
+| `stacker cloud firewall remove` | Remove Stacker-managed cloud-provider firewall rules |
+| `stacker cloud firewall list` | List cloud-provider firewall rules for a server |
 | `stacker ssh-key generate` | Generate a Vault-backed SSH key pair for a server |
 | `stacker ssh-key show` | Display the public SSH key for a server |
 | `stacker ssh-key upload` | Upload an existing SSH key pair for a server |
@@ -974,7 +978,8 @@ Configuration issues:
 | `stacker agent restart <app>` | Restart a container via the agent |
 | `stacker agent deploy-app` | Deploy or update an app container on the target server |
 | `stacker agent remove-app` | Remove an app container (optional volume/image cleanup) |
-| `stacker agent configure-proxy` | Configure Nginx Proxy Manager via the agent |
+| `stacker agent configure-proxy` | Configure Nginx Proxy Manager via the agent; use `--no-ssl` for plain HTTP hosts |
+| `stacker agent configure-firewall` | Configure guest OS firewall rules via the Status Panel agent |
 | `stacker agent history` | Show recent agent command execution history |
 | `stacker agent exec` | Execute a raw agent command with JSON parameters |
 | `stacker update` | Check for CLI updates |
@@ -1034,6 +1039,32 @@ stacker deploy --force-rebuild         # Force regenerate .stacker/ artifacts
 > local backup key in the user-scoped Stacker config directory and authorizes its
 > public key on the server when possible. It prints a copy-paste-ready `ssh -i`
 > command; the Vault private key is not exported to the CLI.
+> **IP persistence:** If a cloud/server install pauses or fails after the
+> installer has reported an IP address, Stacker saves that discovered IP in the
+> local deployment context and persists it server-side when possible.
+
+### Remote secrets
+
+```bash
+# Discover deployable service/app targets for the current project
+stacker secrets apps
+
+# Store a Vault-backed secret for one service/app target
+stacker secrets set S3_BUCKET \
+  --scope service \
+  --service upload \
+  --body superbucket
+
+# Remote reads return metadata only, never plaintext values
+stacker secrets list --scope service --service upload --json
+stacker secrets get S3_BUCKET --scope service --service upload --json
+```
+
+Service-scoped remote secrets target the codes listed by `stacker secrets apps`.
+Those codes include the main app, registered `stacker.yml` services, and
+supported image-backed services extracted from `deploy.compose_file` during
+cloud/server deploy preparation. A service secret is rendered only into the
+matching service/app target.
 
 ### Other commands