Concurrent local and remote docker login

Login to the local and remote docker registries concurrently to shave a couple of seconds off a deployment.
Merge pull request #640 from basecamp/local-different-arch
2024-01-11 10:02:04 +00:00 · 2024-01-10 13:28:37 -08:00 · 2024-01-10 13:00:48 -08:00 · 2024-01-10 08:56:34 +00:00 · 2024-01-09 16:45:28 +00:00 · 2024-01-09 16:45:12 +00:00
186 changed files with 8111 additions and 2761 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,5 +1,9 @@
 name: CI
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 jobs:
  tests:
    strategy:
@@ -8,14 +12,29 @@ jobs:
          - "2.7"
          - "3.1"
          - "3.2"
-        continue-on-error: [false]
-
+          - "3.3"
+        gemfile:
+          - Gemfile
+          - gemfiles/ruby_2.7.gemfile
+          - gemfiles/rails_edge.gemfile
+        exclude:
+          - ruby-version: "2.7"
+            gemfile: Gemfile
+          - ruby-version: "2.7"
+            gemfile: gemfiles/rails_edge.gemfile
+          - ruby-version: "3.1"
+            gemfile: gemfiles/ruby_2.7.gemfile
+          - ruby-version: "3.2"
+            gemfile: gemfiles/ruby_2.7.gemfile
+          - ruby-version: "3.3"
+            gemfile: gemfiles/ruby_2.7.gemfile
    name: ${{ format('Tests (Ruby {0})', matrix.ruby-version) }}
    runs-on: ubuntu-latest
-    continue-on-error: ${{ matrix.continue-on-error }}
-
+    continue-on-error: true
+    env:
+      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4

      - name: Install Ruby
        uses: ruby/setup-ruby@v1
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,55 @@
+name: Docker
+
+on:
+  workflow_dispatch:
+    inputs:
+      tagInput:
+        description: 'Tag'
+        required: true
+    
+  release:
+    types: [created]
+    tags:
+      - 'v*'
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Determine version tag
+        id: version-tag
+        run: |
+          INPUT_VALUE="${{ github.event.inputs.tagInput }}"
+          if [ -z "$INPUT_VALUE" ]; then
+            INPUT_VALUE="${{ github.ref_name }}"
+          fi
+          echo "::set-output name=value::$INPUT_VALUE"
+      -
+        name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ghcr.io/basecamp/kamal:latest
+            ghcr.io/basecamp/kamal:${{ steps.version-tag.outputs.value }}
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .byebug_history
 *.gem
 coverage/*
-.DS_Store
+.DS_Store
+gemfiles/*.lock
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,41 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of the Kamal project, we pledge to create a welcoming and inclusive environment for everyone. We value the participation of each member of our community and want all contributors to feel respected and valued.
+
+We are committed to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age, or religion (or lack thereof). We do not tolerate harassment of participants in any form.
+
+This code of conduct applies to all Kamal project spaces, including but not limited to project code, issue trackers, chat rooms, and mailing lists. Violations of this code of conduct may result in removal from the project community.
+
+## Our standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+- The use of sexualized language or imagery and unwelcome sexual attention or advances
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or electronic address, without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned with this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Reporting
+
+If you are subject to or witness unacceptable behavior, or have any other concerns, please notify a project maintainer. All reports will be kept confidential and will be reviewed and investigated promptly.
+
+We will investigate every complaint and take appropriate action. We reserve the right to remove any content that violates this Code of Conduct, or to temporarily or permanently ban any contributor for other behaviors that we deem inappropriate, threatening, offensive, or harmful.
+
+## Attribution
+
+This Code of Conduct is adapted from the Contributor Covenant, version 1.4, available at <https://www.contributor-covenant.org/version/1/4/code-of-conduct.html>.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,49 @@
+# Contributing to Kamal development
+
+Thank you for considering contributing to Kamal! This document outlines some guidelines for contributing to this open source project.
+
+Please make sure to review our [Code of Conduct](CODE_OF_CONDUCT.md) before contributing to Kamal.
+
+There are several ways you can contribute to the betterment of the project:
+
+- **Report an issue?** - If the issue isn’t reported, we can’t fix it. Please report any bugs, feature, and/or improvement requests on the [Kamal GitHub Issues tracker](https://github.com/basecamp/kamal/issues).
+- **Submit patches** - Do you have a new feature or a fix you'd like to share? [Submit a pull request](https://github.com/basecamp/kamal/pulls)!
+- **Write blog articles** - Are you using Kamal? We'd love to hear how you're using it with your projects. Write a tutorial and post it on your blog!
+
+## Issues
+
+If you encounter any issues with the project, please check the [existing issues](https://github.com/basecamp/kamal/issues) first to see if the issue has already been reported. If the issue hasn't been reported, please open a new issue with a clear description of the problem and steps to reproduce it.
+
+## Pull Requests
+
+Please keep the following guidelines in mind when opening a pull request:
+
+- Ensure that your code passes the project's minitests by running ./bin/test.
+- Provide a clear and detailed description of your changes.
+- Keep your changes focused on a single concern.
+- Write clean and readable code that follows the project's code style.
+- Use descriptive variable and function names.
+- Write clear and concise commit messages.
+- Add tests for your changes, if possible.
+- Ensure that your changes don't break existing functionality.
+
+#### Commit message guidelines
+
+A good commit message should describe what changed and why.
+
+## Development
+
+The `main` branch is regularly built and tested, but it is not guaranteed to be completely stable. Tags are created regularly from release branches to indicate new official, stable release versions of Kamal.
+
+Kamal is written in Ruby. You should have Ruby 3.2+ installed on your machine in order to work on Kamal. If that's already setup, run `bundle` in the root directory to install all dependencies. Then you can run `bin/test` to run all tests.
+
+1. Fork the project repository.
+2. Create a new branch for your contribution.
+3. Write your code or make the desired changes.
+4. **Ensure that your code passes the project's minitests by running ./bin/test.**
+5. Commit your changes and push them to your forked repository.
+6. [Open a pull request](https://github.com/basecamp/kamal/pulls) to the main project repository with a detailed description of your changes.
+
+## License
+
+Kamal is released under the MIT License. By contributing to this project, you agree to license your contributions under the same license.
--- a/40
+++ b/40
@@ -0,0 +1,40 @@
+# Use the official Ruby 3.2.0 Alpine image as the base image
+FROM ruby:3.2.0-alpine
+
+# Install  docker/buildx-bin
+COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx
+
+# Set the working directory to /kamal
+WORKDIR /kamal
+
+# Copy the Gemfile, Gemfile.lock into the container
+COPY Gemfile Gemfile.lock kamal.gemspec ./
+
+# Required in kamal.gemspec
+COPY lib/kamal/version.rb /kamal/lib/kamal/version.rb
+
+# Install system dependencies
+RUN apk add --no-cache --update build-base git docker openrc openssh-client-default \
+    && rc-update add docker boot \
+    && gem install bundler --version=2.4.3 \
+    && bundle install
+
+# Copy the rest of our application code into the container.
+# We do this after bundle install, to avoid having to run bundle
+# every time we do small fixes in the source code.
+COPY . .
+
+# Install the gem locally from the project folder
+RUN gem build kamal.gemspec && \
+    gem install ./kamal-*.gem --no-document
+
+# Set the working directory to /workdir
+WORKDIR /workdir
+
+# Tell git it's safe to access /workdir/.git even if
+# the directory is owned by a different user
+RUN git config --global --add safe.directory /workdir
+
+# Set the entrypoint to run the installed binary in /workdir
+# Example:  docker run -it -v "$PWD:/workdir" kamal init
+ENTRYPOINT ["kamal"]
--- a/6
+++ b/6
@@ -2,9 +2,3 @@ source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }

 gemspec
-
-gem "debug"
-gem "mocha"
-gem "railties"
-gem "ed25519"
-gem "bcrypt_pbkdf"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,9 +1,14 @@
 PATH
  remote: .
  specs:
-    mrsk (0.8.2)
+    kamal (1.3.1)
      activesupport (>= 7.0)
+      base64 (~> 0.2)
+      bcrypt_pbkdf (~> 1.0)
+      concurrent-ruby (~> 1.2)
      dotenv (~> 2.8)
+      ed25519 (~> 1.2)
+      net-ssh (~> 7.0)
      sshkit (~> 1.21)
      thor (~> 1.2)
      zeitwerk (~> 2.5)
@@ -11,98 +16,121 @@ PATH
 GEM
  remote: https://rubygems.org/
  specs:
-    actionpack (7.0.4)
-      actionview (= 7.0.4)
-      activesupport (= 7.0.4)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.1.2)
+      actionview (= 7.1.2)
+      activesupport (= 7.1.2)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.4)
-      activesupport (= 7.0.4)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actionview (7.1.2)
+      activesupport (= 7.1.2)
      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (7.0.4)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activesupport (7.1.2)
+      base64
+      bigdecimal
      concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
+      mutex_m
      tzinfo (~> 2.0)
+    base64 (0.2.0)
    bcrypt_pbkdf (1.1.0)
+    bigdecimal (3.1.5)
    builder (3.2.4)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
+    connection_pool (2.4.1)
    crass (1.0.6)
-    debug (1.7.1)
-      irb (>= 1.5.0)
-      reline (>= 0.3.1)
+    debug (1.9.1)
+      irb (~> 1.10)
+      reline (>= 0.3.8)
    dotenv (2.8.1)
+    drb (2.2.0)
+      ruby2_keywords
    ed25519 (1.3.0)
    erubi (1.12.0)
-    i18n (1.12.0)
+    i18n (1.14.1)
      concurrent-ruby (~> 1.0)
-    io-console (0.6.0)
-    irb (1.6.2)
-      reline (>= 0.3.0)
-    loofah (2.19.1)
+    io-console (0.7.1)
+    irb (1.11.0)
+      rdoc
+      reline (>= 0.3.8)
+    loofah (2.22.0)
      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    method_source (1.0.0)
-    minitest (5.17.0)
-    mocha (2.0.2)
+      nokogiri (>= 1.12.0)
+    minitest (5.20.0)
+    mocha (2.1.0)
      ruby2_keywords (>= 0.0.5)
+    mutex_m (0.2.0)
    net-scp (4.0.0)
      net-ssh (>= 2.6.5, < 8.0.0)
-    net-ssh (7.0.1)
-    nokogiri (1.14.0-arm64-darwin)
+    net-ssh (7.2.1)
+    nokogiri (1.16.0-arm64-darwin)
      racc (~> 1.4)
-    nokogiri (1.14.0-x86_64-darwin)
+    nokogiri (1.16.0-x86_64-darwin)
      racc (~> 1.4)
-    nokogiri (1.14.0-x86_64-linux)
+    nokogiri (1.16.0-x86_64-linux)
      racc (~> 1.4)
-    racc (1.6.2)
-    rack (2.2.5)
-    rack-test (2.0.2)
+    psych (5.1.2)
+      stringio
+    racc (1.7.3)
+    rack (3.0.8)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rack-test (2.1.0)
      rack (>= 1.3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.4)
-      loofah (~> 2.19, >= 2.19.1)
-    railties (7.0.4)
-      actionpack (= 7.0.4)
-      activesupport (= 7.0.4)
-      method_source
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.1.2)
+      actionpack (= 7.1.2)
+      activesupport (= 7.1.2)
+      irb
+      rackup (>= 1.0.0)
      rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
-    rake (13.0.6)
-    reline (0.3.2)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rake (13.1.0)
+    rdoc (6.6.2)
+      psych (>= 4.0.0)
+    reline (0.4.2)
      io-console (~> 0.5)
    ruby2_keywords (0.0.5)
-    sshkit (1.21.3)
+    sshkit (1.21.7)
+      mutex_m
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
-    thor (1.2.1)
-    tzinfo (2.0.5)
+    stringio (3.1.0)
+    thor (1.3.0)
+    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
-    zeitwerk (2.6.6)
+    webrick (1.8.1)
+    zeitwerk (2.6.12)

 PLATFORMS
-  arm64-darwin-20
-  arm64-darwin-21
-  arm64-darwin-22
-  x86_64-darwin-20
-  x86_64-darwin-21
-  x86_64-darwin-22
+  arm64-darwin
+  x86_64-darwin
  x86_64-linux

 DEPENDENCIES
-  bcrypt_pbkdf
  debug
-  ed25519
+  kamal!
  mocha
-  mrsk!
  railties

 BUNDLED WITH
--- a/README.md
+++ b/README.md
@@ -1,505 +1,13 @@
-# MRSK
+# Kamal: Deploy web apps anywhere

-MRSK deploys web apps in containers to servers running Docker with zero downtime. It uses the dynamic reverse-proxy Traefik to hold requests while the new application container is started and the old one is stopped. It works seamlessly across multiple hosts, using SSHKit to execute commands. It was built for Rails applications, but works with any type of web app that can be bundled with Docker.
+From bare metal to cloud VMs, deploy web apps anywhere with zero downtime. Kamal has the dynamic reverse-proxy Traefik hold requests while a new app container is started and the old one is stopped. Works seamlessly across multiple hosts, using SSHKit to execute commands. Originally built for Rails apps, Kamal will work with any type of web app that can be containerized with Docker.

-## Installation
+➡️ See [kamal-deploy.org](https://kamal-deploy.org) for documentation on [installation](https://kamal-deploy.org/docs/installation), [configuration](https://kamal-deploy.org/docs/configuration), and [commands](https://kamal-deploy.org/docs/commands).

-Install MRSK globally with `gem install mrsk`. Then, inside your app directory, run `mrsk init` (or `mrsk init --bundle` within Rails apps where you want a bin/mrsk binstub). Now edit the new file `config/deploy.yml`. It could look as simple as this:
+## Contributing to the documentation

-```yaml
-service: hey
-image: 37s/hey
-servers:
-  - 192.168.0.1
-  - 192.168.0.2
-registry:
-  username: registry-user-name
-  password:
-    - MRSK_REGISTRY_PASSWORD
-env:
-  secret:
-    - RAILS_MASTER_KEY
-```
-
-Then edit your `.env` file to add your registry password as `MRSK_REGISTRY_PASSWORD` (and your `RAILS_MASTER_KEY` for production with a Rails app). 
-
-Now you're ready to deploy to the servers:
-
-```
-mrsk deploy
-```
-
-This will:
-
-1. Connect to the servers over SSH (using root by default, authenticated by your loaded ssh key)
-2. Install Docker on any server that might be missing it (using apt-get)
-3. Log into the registry both locally and remotely
-4. Build the image using the standard Dockerfile in the root of the application.
-5. Push the image to the registry.
-6. Pull the image from the registry on the servers.
-7. Ensure Traefik is running and accepting traffic on port 80.
-8. Ensure your app responds with `200 OK` to `GET /up`.
-9. Stop any containers running a previous versions of the app.
-10. Start a new container with the version of the app that matches the current git version hash.
-11. Prune unused images and stopped containers to ensure servers don't fill up.
-
-Voila! All the servers are now serving the app on port 80. If you're just running a single server, you're ready to go. If you're running multiple servers, you need to put a load balancer in front of them.
-
-## Vision
-
-In the past decade+, there's been an explosion in commercial offerings that make deploying web apps easier. Heroku kicked it off with an incredible offering that stayed ahead of the competition seemingly forever. These days we have excellent alternatives like Fly.io and Render. And hosted Kubernetes is making things easier too on AWS, GCP, Digital Ocean, and elsewhere. But these are all offerings that have you renting computers in the cloud at a premium. If you want to run on our own hardware, or even just have a clear migration path to do so, you need to carefully consider how locked in you get to these commercial platforms. Preferably before the bills swallow your business whole!
-
-MRSK seeks to bring the advance in ergonomics pioneered by these commercial offerings to deploying web apps anywhere. Whether that's low-cost cloud options without the managed-service markup from the likes of Digital Ocean, Hetzner, OVH, etc, or it's your own colocated metal. To MRSK, it's all the same. Feed the config file a list of IP addresses with vanilla Ubuntu servers that have seen no prep beyond an added SSH key, and you'll be running in literally minutes.
-
-This structure also gives you enormous portability. You can have your web app deployed on several clouds at ease like this. Or you can buy the baseline with your own hardware, then deploy to a cloud before a big seasonal spike to get more capacity. When you're not locked into a single provider from a tooling perspective, there's a lot of compelling options available.
-
-Ultimately, MRSK is meant to compress the complexity of going to production using open source tooling that isn't tied to any commercial offering. Not to zero, though. You're probably still better off with a fully managed service if basic Linux or Docker is still difficult, but from an early stage when those concepts are familiar.
-
-## Why not just run Capistrano, Kubernetes or Docker Swarm?
-
-MRSK basically is Capistrano for Containers, which allow us to use vanilla servers as the hosts. No need to ensure that the servers have just the right version of Ruby or other dependencies you need. That all lives in the Docker image now. You can boot a brand new Ubuntu (or whatever) server, add it to the deploy servers of MRSK, and it'll be auto-provisioned with Docker, and run right away. Docker's layer caching also allows for quicker deployments with less mucking about on the server. And the images built for MRSK can be used for CI or later introspection.
-
-Kubernetes is a beast. Running it yourself on your own hardware is not for the faint of heart. It's a fine option if you want to run on someone else's platform, either transparently [like Render](https://thenewstack.io/render-cloud-deployment-with-less-engineering/) or explicitly on AWS/GCP, but if you'd like the freedom to move between cloud and your own hardware, or even mix the two, MRSK is much simpler. You can see everything that's going on, it's just basic Docker commands being called.
-
-Docker Swarm is much simpler than Kubernetes, but it's still built on the same declarative model that uses state reconciliation. MRSK is intentionally designed to around imperative commands, like Capistrano.
-
-## Configuration
-
-### Using .env file to load required environment variables
-
-MRSK uses [dotenv](https://github.com/bkeepers/dotenv) to automatically load environment variables set in the `.env` file present in the application root. This file can be used to set variables like `MRSK_REGISTRY_PASSWORD` or database passwords. But for this reason you must ensure that .env files are not checked into Git or included in your Dockerfile! The format is just key-value like:
-
-```bash
-MRSK_REGISTRY_PASSWORD=pw
-DB_PASSWORD=secret123
-```
-
-### Using another registry than Docker Hub
-
-The default registry is Docker Hub, but you can change it using `registry/server`:
-
-```yaml
-registry:
-  server: registry.digitalocean.com
-  username: registry-user-name
-  password: <%= ENV.fetch("MRSK_REGISTRY_PASSWORD") %>
-```
-
-### Using a different SSH user than root
-
-The default SSH user is root, but you can change it using `ssh/user`:
-
-```yaml
-ssh:
-  user: app
-```
-
-### Using a proxy SSH host
-
-If you need to connect to server through a proxy host, you can use `ssh/proxy`:
-
-```yaml
-ssh:
-  proxy: "192.168.0.1" # defaults to root as the user
-```
-
-Or with specific user:
-
-```yaml
-ssh:
-  proxy: "app@192.168.0.1"
-```
-
-### Using env variables
-
-You can inject env variables into the app containers using `env`:
-
-```yaml
-env:
-  DATABASE_URL: mysql2://db1/hey_production/
-  REDIS_URL: redis://redis1:6379/1
-```
-
-### Using secret env variables
-
-If you have env variables that are secret, you can divide the `env` block into `clear` and `secret`:
-
-```yaml
-env:
-  clear:
-    DATABASE_URL: mysql2://db1/hey_production/
-    REDIS_URL: redis://redis1:6379/1
-  secret:
-    - DATABASE_PASSWORD
-    - REDIS_PASSWORD
-```
-
-The list of secret env variables will be expanded at run time from your local machine. So a reference to a secret `DATABASE_PASSWORD` will look for `ENV["DATABASE_PASSWORD"]` on the machine running MRSK. Just like with build secrets.
-
-If the referenced secret ENVs are missing, the configuration will be halted with a `KeyError` exception.
-
-Note: Marking an ENV as secret currently only redacts its value in the output for MRSK. The ENV is still injected in the clear into the container at runtime.
-
-### Using volumes
-
-You can add custom volumes into the app containers using `volumes`:
-
-```yaml
-volumes:
-  - "/local/path:/container/path"
-```
-
-### Using different roles for servers
-
-If your application uses separate hosts for running jobs or other roles beyond the default web running, you can specify these hosts in a dedicated role with a new entrypoint command like so:
-
-```yaml
-servers:
-  web:
-    - 192.168.0.1
-    - 192.168.0.2
-  job:
-    hosts:
-      - 192.168.0.3
-      - 192.168.0.4
-    cmd: bin/jobs
-```
-
-Note: Traefik will only by default be installed and run on the servers in the `web` role (and on all servers if no roles are defined). If you need Traefik on hosts in other roles than `web`, add `traefik: true`:
-
-```yaml
-servers:
-  web:
-    - 192.168.0.1
-    - 192.168.0.2
-  web2:
-    traefik: true
-    hosts:
-      - 192.168.0.3
-      - 192.168.0.4
-```
-
-### Using container labels
-
-You can specialize the default Traefik rules by setting labels on the containers that are being started:
-
-```
-labels:
-  traefik.http.routers.hey.rule: Host(\`app.hey.com\`)
-```
-
-Note: The escaped backticks are needed to ensure the rule is passed in correctly and not treated as command substitution by Bash!
-
-This allows you to run multiple applications on the same server sharing the same Traefik instance and port.
-See https://doc.traefik.io/traefik/routing/routers/#rule for a full list of available routing rules.
-
-The labels can also be applied on a per-role basis:
-
-```yaml
-servers:
-  web:
-    - 192.168.0.1
-    - 192.168.0.2
-  job:
-    hosts:
-      - 192.168.0.3
-      - 192.168.0.4
-    cmd: bin/jobs
-    labels:
-      my-label: "50"
-```
-
-### Using remote builder for native multi-arch
-
-If you're developing on ARM64 (like Apple Silicon), but you want to deploy on AMD64 (x86 64-bit), you can use multi-archecture images. By default, MRSK will setup a local buildx configuration that does this through QEMU emulation. But this can be quite slow, especially on the first build.
-
-If you want to speed up this process by using a remote AMD64 host to natively build the AMD64 part of the image, while natively building the ARM64 part locally, you can do so using builder options:
-
-```yaml
-builder:
-  local:
-    arch: arm64
-    host: unix:///Users/<%= `whoami`.strip %>/.docker/run/docker.sock
-  remote:
-    arch: amd64
-    host: ssh://root@192.168.0.1
-```
-
-Note: You must have Docker running on the remote host being used as a builder. This instance should only be shared for builds using the same registry and credentials.
-
-### Using remote builder for single-arch
-
-If you're developing on ARM64 (like Apple Silicon), want to deploy on AMD64 (x86 64-bit), but don't need to run the image locally (or on other ARM64 hosts), you can configure a remote builder that just targets AMD64. This is a bit faster than building with multi-arch, as there's nothing to build locally.
-
-```yaml
-builder:
-  remote:
-    arch: amd64
-    host: ssh://root@192.168.0.1
-```
-
-### Using native builder when multi-arch isn't needed
-
-If you're developing on the same architecture as the one you're deploying on, you can speed up the build by forgoing both multi-arch and remote building:
-
-```yaml
-builder:
-  multiarch: false
-```
-
-This is also a good option if you're running MRSK from a CI server that shares architecture with the deployment servers.
-
-### Using build secrets for new images
-
-Some images need a secret passed in during build time, like a GITHUB_TOKEN to give access to private gem repositories. This can be done by having the secret in ENV, then referencing it in the builder configuration:
-
-```yaml
-builder:
-  secrets:
-    - GITHUB_TOKEN
-```
-
-This build secret can then be referenced in the Dockerfile:
-
-```dockerfile
-# Copy Gemfiles
-COPY Gemfile Gemfile.lock ./
-
-# Install dependencies, including private repositories via access token (then remove bundle cache with exposed GITHUB_TOKEN)
-RUN --mount=type=secret,id=GITHUB_TOKEN \
-  BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
-  bundle install && \
-  rm -rf /usr/local/bundle/cache
-```
-
-### Using command arguments for Traefik
-
-You can customize the traefik command line:
-
-```yaml
-traefik:
-  args:
-    accesslog: true
-    accesslog.format: json
-```
-
-This will start the traefik container with `--accesslog=true accesslog.format=json`.
-
-### Configuring build args for new images
-
-Build arguments that aren't secret can also be configured:
-
-```yaml
-builder:
-  args:
-    RUBY_VERSION: 3.2.0
-```
-
-This build argument can then be used in the Dockerfile:
-
-```
-# Private repositories need an access token during the build
-ARG RUBY_VERSION
-FROM ruby:$RUBY_VERSION-slim as base
-```
-
-### Using accessories for database, cache, search services
-
-You can manage your accessory services via MRSK as well. The services will build off public images, and will not be automatically updated when you deploy:
-
-```yaml
-accessories:
-  mysql:
-    image: mysql:5.7
-    host: 1.1.1.3
-    port: 3306
-    env:
-      clear:
-        MYSQL_ROOT_HOST: '%'
-      secret:
-        - MYSQL_ROOT_PASSWORD
-    volumes:
-      - /var/lib/mysql:/var/lib/mysql
-  redis:
-    image: redis:latest
-    host: 1.1.1.4
-    port: "36379:6379"
-    volumes:
-      - /var/lib/redis:/data
-```
-
-Now run `mrsk accessory start mysql` to start the MySQL server on 1.1.1.3. See `mrsk accessory` for all the commands possible.
-
-### Using a generated .env file
-
-If you're using a centralized secret store, like 1Password, you can create `.env.erb` as a template which looks up the secrets. Example of a .env.erb file:
-
-```erb
-<% if (session_token = `op signin --account my-one-password-account --raw`.strip) != "" %># Generated by mrsk envify
-GITHUB_TOKEN=<%= `gh config get -h github.com oauth_token`.strip %>
-MRSK_REGISTRY_PASSWORD=<%= `op read "op://Vault/Docker Hub/password" -n --session  #{session_token}` %>
-RAILS_MASTER_KEY=<%= `op read "op://Vault/My App/RAILS_MASTER_SECRET" -n --session #{session_token}` %>
-MYSQL_ROOT_PASSWORD=<%= `op read "op://Vault/My App/MYSQL_ROOT_PASSWORD" -n --session #{session_token}` %>
-<% else raise ArgumentError, "Session token missing" end %>
-```
-
-This template can safely be checked into git. Then everyone deploying the app can run `mrsk envify` when they setup the app for the first time or passwords change to get the correct `.env` file.
-
-If you need separate env variables for different destinations, you can set them with `.env.destination.erb` for the template, which will generate `.env.staging` when run with `mrsk envify -d staging`.
-
-### Using audit broadcasts
-
-If you'd like to broadcast audits of deploys, rollbacks, etc to a chatroom or elsewhere, you can configure the `audit_broadcast_cmd` setting with the path to a bin file that will be passed the audit line as the first argument:
-
-```yaml
-audit_broadcast_cmd:
-  bin/audit_broadcast
-```
-
-The broadcast command could look something like:
-
-```bash
-#!/usr/bin/env bash
-curl -q -d content="[My App] ${1}" https://3.basecamp.com/XXXXX/integrations/XXXXX/buckets/XXXXX/chats/XXXXX/lines
-```
-
-That'll post a line like follows to a preconfigured chatbot in Basecamp:
-
-```
-[My App] [dhh] Rolled back to version d264c4e92470ad1bd18590f04466787262f605de
-```
-
-### Using custom healthcheck path or port
-
-MRSK defaults to checking the health of your application again `/up` on port 3000. You can tailor both with the `healthcheck` setting:
-
-```yaml
-healthcheck:
-  path: /healthz
-  port: 4000
-```
-
-This will ensure your application is configured with a traefik label for the healthcheck against `/healthz` and that the pre-deploy healthcheck that MRSK performs is done against the same path on port 4000.
-
-## Commands
-
-### Running commands on servers
-
-You can execute one-off commands on the servers:
-
-```bash
-# Runs command on all servers
-mrsk app exec 'ruby -v'
-App Host: 192.168.0.1
-ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
-
-App Host: 192.168.0.2
-ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
-
-# Runs command on primary server
-mrsk app exec --primary 'cat .ruby-version'
-App Host: 192.168.0.1
-3.1.3
-
-# Runs Rails command on all servers
-mrsk app exec 'bin/rails about'
-App Host: 192.168.0.1
-About your application's environment
-Rails version             7.1.0.alpha
-Ruby version              ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
-RubyGems version          3.3.26
-Rack version              2.2.5
-Middleware                ActionDispatch::HostAuthorization, Rack::Sendfile, ActionDispatch::Static, ActionDispatch::Executor, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, ActionDispatch::RemoteIp, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::Callbacks, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ContentSecurityPolicy::Middleware, ActionDispatch::PermissionsPolicy::Middleware, Rack::Head, Rack::ConditionalGet, Rack::ETag, Rack::TempfileReaper
-Application root          /rails
-Environment               production
-Database adapter          sqlite3
-Database schema version   20221231233303
-
-App Host: 192.168.0.2
-About your application's environment
-Rails version             7.1.0.alpha
-Ruby version              ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
-RubyGems version          3.3.26
-Rack version              2.2.5
-Middleware                ActionDispatch::HostAuthorization, Rack::Sendfile, ActionDispatch::Static, ActionDispatch::Executor, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, ActionDispatch::RemoteIp, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::Callbacks, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ContentSecurityPolicy::Middleware, ActionDispatch::PermissionsPolicy::Middleware, Rack::Head, Rack::ConditionalGet, Rack::ETag, Rack::TempfileReaper
-Application root          /rails
-Environment               production
-Database adapter          sqlite3
-Database schema version   20221231233303
-
-# Run Rails runner on primary server
-mrsk app exec -p 'bin/rails runner "puts Rails.application.config.time_zone"'
-UTC
-```
-
-### Running interactive commands over SSH
-
-You can run interactive commands, like a Rails console or a bash session, on a server (default is primary, use `--hosts` to connect to another):
-
-```bash
-# Starts a bash session in a new container made from the most recent app image
-mrsk app exec -i bash
-
-# Starts a bash session in the currently running container for the app
-mrsk app exec -i --reuse bash
-
-# Starts a Rails console in a new container made from the most recent app image
-mrsk app exec -i 'bin/rails console'
-```
-
-
-### Running details to show state of containers
-
-You can see the state of your servers by running `mrsk details`:
-
-```
-Traefik Host: 192.168.0.1
-CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                               NAMES
-6195b2a28c81   traefik   "/entrypoint.sh --pr…"   30 minutes ago   Up 19 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   traefik
-
-Traefik Host: 192.168.0.2
-CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                               NAMES
-de14a335d152   traefik   "/entrypoint.sh --pr…"   30 minutes ago   Up 19 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   traefik
-
-App Host: 192.168.0.1
-CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS          PORTS      NAMES
-badb1aa51db3   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   13 minutes ago   Up 13 minutes   3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
-
-App Host: 192.168.0.2
-CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS          PORTS      NAMES
-1d3c91ed1f55   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   13 minutes ago   Up 13 minutes   3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
-```
-
-You can also see just info for app containers with `mrsk app details` or just for Traefik with `mrsk traefik details`.
-
-### Running rollback to fix a bad deploy
-
-If you've discovered a bad deploy, you can quickly rollback by reactivating the old, paused container image. You can see what old containers are available for rollback by running `mrsk app containers`. It'll give you a presentation similar to `mrsk app details`, but include all the old containers as well. Showing something like this:
-
-```
-App Host: 192.168.0.1
-CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS                      PORTS      NAMES
-1d3c91ed1f51   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   19 minutes ago   Up 19 minutes               3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
-539f26b28369   registry.digitalocean.com/user/app:e5d9d7c2b898289dfbc5f7f1334140d984eedae4   "/rails/bin/docker-e…"   31 minutes ago   Exited (1) 27 minutes ago              chat-e5d9d7c2b898289dfbc5f7f1334140d984eedae4
-
-App Host: 192.168.0.2
-CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS                      PORTS      NAMES
-badb1aa51db4   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   19 minutes ago   Up 19 minutes               3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
-6f170d1172ae   registry.digitalocean.com/user/app:e5d9d7c2b898289dfbc5f7f1334140d984eedae4   "/rails/bin/docker-e…"   31 minutes ago   Exited (1) 27 minutes ago              chat-e5d9d7c2b898289dfbc5f7f1334140d984eedae4
-```
-
-From the example above, we can see that `e5d9d7c2b898289dfbc5f7f1334140d984eedae4` was the last version, so it's available as a rollback target. We can perform this rollback by running `mrsk rollback e5d9d7c2b898289dfbc5f7f1334140d984eedae4`. That'll stop `6ef8a6a84c525b123c5245345a8483f86d05a123` and then start `e5d9d7c2b898289dfbc5f7f1334140d984eedae4`. Because the old container is still available, this is very quick. Nothing to download from the registry.
-
-Note that by default old containers are pruned after 3 days when you run `mrsk deploy`.
-
-### Running removal to clean up servers
-
-If you wish to remove the entire application, including Traefik, containers, images, and registry session, you can run `mrsk remove`. This will leave the servers clean.
-
-## Stage of development
-
-This is beta software. Commands may still move around. But we're live in production at [37signals](https://37signals.com).
+Please help us improve Kamal's documentation on the [the basecamp/kamal-site repository](https://github.com/basecamp/kamal-site).

 ## License

-MRSK is released under the [MIT License](https://opensource.org/licenses/MIT).
+Kamal is released under the [MIT License](https://opensource.org/licenses/MIT).
--- a/bin/kamal
+++ b/bin/kamal
@@ -3,14 +3,16 @@
 # Prevent failures from being reported twice.
 Thread.report_on_exception = false

-require "mrsk"
+require "kamal"

 begin
-  Mrsk::Cli::Main.start(ARGV)
+  Kamal::Cli::Main.start(ARGV)
 rescue SSHKit::Runner::ExecuteError => e
-  puts "  \e[31mERROR (#{e.cause.class}): #{e.cause.message}\e[0m"
+  puts "  \e[31mERROR (#{e.cause.class}): #{e.message}\e[0m"
  puts e.cause.backtrace if ENV["VERBOSE"]
+  exit 1
 rescue => e
  puts "  \e[31mERROR (#{e.class}): #{e.message}\e[0m"
  puts e.backtrace if ENV["VERBOSE"]
+  exit 1
 end
--- a/bin/release
+++ b/bin/release
@@ -2,13 +2,13 @@

 VERSION=$1

-printf "module Mrsk\n  VERSION = \"$VERSION\"\nend\n" > ./lib/mrsk/version.rb
+printf "module Kamal\n  VERSION = \"$VERSION\"\nend\n" > ./lib/kamal/version.rb
 bundle
-git add Gemfile.lock lib/mrsk/version.rb
+git add Gemfile.lock lib/kamal/version.rb
 git commit -m "Bump version for $VERSION"
 git push
 git tag v$VERSION
 git push --tags
-gem build mrsk.gemspec
-gem push "mrsk-$VERSION.gem" --host https://rubygems.org
-rm "mrsk-$VERSION.gem"
+gem build kamal.gemspec
+gem push "kamal-$VERSION.gem" --host https://rubygems.org
+rm "kamal-$VERSION.gem"
--- a/gemfiles/rails_edge.gemfile
+++ b/gemfiles/rails_edge.gemfile
@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+git "https://github.com/rails/rails.git" do
+  gem "railties"
+  gem "activesupport"
+end
+
+gemspec path: "../"
--- a/gemfiles/ruby_2.7.gemfile
+++ b/gemfiles/ruby_2.7.gemfile
@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+gemspec path: "../"
+
+gem "nokogiri", "~> 1.15.0"
--- a/kamal.gemspec
+++ b/kamal.gemspec
@@ -0,0 +1,28 @@
+require_relative "lib/kamal/version"
+
+Gem::Specification.new do |spec|
+  spec.name        = "kamal"
+  spec.version     = Kamal::VERSION
+  spec.authors     = [ "David Heinemeier Hansson" ]
+  spec.email       = "dhh@hey.com"
+  spec.homepage    = "https://github.com/basecamp/kamal"
+  spec.summary     = "Deploy web apps in containers to servers running Docker with zero downtime."
+  spec.license     = "MIT"
+  spec.files = Dir["lib/**/*", "MIT-LICENSE", "README.md"]
+  spec.executables = %w[ kamal ]
+
+  spec.add_dependency "activesupport", ">= 7.0"
+  spec.add_dependency "sshkit", "~> 1.21"
+  spec.add_dependency "net-ssh", "~> 7.0"
+  spec.add_dependency "thor", "~> 1.2"
+  spec.add_dependency "dotenv", "~> 2.8"
+  spec.add_dependency "zeitwerk", "~> 2.5"
+  spec.add_dependency "ed25519", "~> 1.2"
+  spec.add_dependency "bcrypt_pbkdf", "~> 1.0"
+  spec.add_dependency "concurrent-ruby", "~> 1.2"
+  spec.add_dependency "base64", "~> 0.2"
+
+  spec.add_development_dependency "debug"
+  spec.add_development_dependency "mocha"
+  spec.add_development_dependency "railties"
+end
--- a/lib/kamal.rb
+++ b/lib/kamal.rb
@@ -1,9 +1,10 @@
-module Mrsk
+module Kamal
 end

+require "active_support"
 require "zeitwerk"

 loader = Zeitwerk::Loader.for_gem
-loader.ignore("#{__dir__}/mrsk/sshkit_with_ext.rb")
+loader.ignore("#{__dir__}/kamal/sshkit_with_ext.rb")
 loader.setup
 loader.eager_load # We need all commands loaded.
--- a/lib/kamal/cli.rb
+++ b/lib/kamal/cli.rb
@@ -0,0 +1,7 @@
+module Kamal::Cli
+  class LockError < StandardError; end
+  class HookError < StandardError; end
+end
+
+# SSHKit uses instance eval, so we need a global const for ergonomics
+KAMAL = Kamal::Commander.new
--- a/lib/kamal/cli/accessory.rb
+++ b/lib/kamal/cli/accessory.rb
@@ -1,33 +1,36 @@
-class Mrsk::Cli::Accessory < Mrsk::Cli::Base
+class Kamal::Cli::Accessory < Kamal::Cli::Base
  desc "boot [NAME]", "Boot new accessory service on host (use NAME=all to boot all accessories)"
-  def boot(name)
-    if name == "all"
-      MRSK.accessory_names.each { |accessory_name| boot(accessory_name) }
-    else
-      with_accessory(name) do |accessory|
-        directories(name)
-        upload(name)
+  def boot(name, login: true)
+    mutating do
+      if name == "all"
+        KAMAL.accessory_names.each { |accessory_name| boot(accessory_name) }
+      else
+        with_accessory(name) do |accessory|
+          directories(name)
+          upload(name)

-        on(accessory.host) do
-          execute *MRSK.auditor.record("Booted #{name} accessory"), verbosity: :debug
-          execute *accessory.run
+          on(accessory.hosts) do
+            execute *KAMAL.registry.login if login
+            execute *KAMAL.auditor.record("Booted #{name} accessory"), verbosity: :debug
+            execute *accessory.run
+          end
        end
-
-        audit_broadcast "Booted accessory #{name}" unless options[:skip_broadcast]
      end
    end
  end

  desc "upload [NAME]", "Upload accessory files to host", hide: true
  def upload(name)
-    with_accessory(name) do |accessory|
-      on(accessory.host) do
-        accessory.files.each do |(local, remote)|
-          accessory.ensure_local_file_present(local)
+    mutating do
+      with_accessory(name) do |accessory|
+        on(accessory.hosts) do
+          accessory.files.each do |(local, remote)|
+            accessory.ensure_local_file_present(local)

-          execute *accessory.make_directory_for(remote)
-          upload! local, remote
-          execute :chmod, "755", remote
+            execute *accessory.make_directory_for(remote)
+            upload! local, remote
+            execute :chmod, "755", remote
+          end
        end
      end
    end
@@ -35,59 +38,77 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base

  desc "directories [NAME]", "Create accessory directories on host", hide: true
  def directories(name)
-    with_accessory(name) do |accessory|
-      on(accessory.host) do
-        accessory.directories.keys.each do |host_path|
-          execute *accessory.make_directory(host_path)
+    mutating do
+      with_accessory(name) do |accessory|
+        on(accessory.hosts) do
+          accessory.directories.keys.each do |host_path|
+            execute *accessory.make_directory(host_path)
+          end
        end
      end
    end
  end

-  desc "reboot [NAME]", "Reboot existing accessory on host (stop container, remove container, start new container)"
+  desc "reboot [NAME]", "Reboot existing accessory on host (stop container, remove container, start new container; use NAME=all to boot all accessories)"
  def reboot(name)
-    with_accessory(name) do |accessory|
-      stop(name)
-      remove_container(name)
-      boot(name)
+    mutating do
+      if name == "all"
+        KAMAL.accessory_names.each { |accessory_name| reboot(accessory_name) }
+      else
+        with_accessory(name) do |accessory|
+          on(accessory.hosts) do
+            execute *KAMAL.registry.login
+          end
+
+          stop(name)
+          remove_container(name)
+          boot(name, login: false)
+        end
+      end
    end
  end

  desc "start [NAME]", "Start existing accessory container on host"
  def start(name)
-    with_accessory(name) do |accessory|
-      on(accessory.host) do
-        execute *MRSK.auditor.record("Started #{name} accessory"), verbosity: :debug
-        execute *accessory.start
+    mutating do
+      with_accessory(name) do |accessory|
+        on(accessory.hosts) do
+          execute *KAMAL.auditor.record("Started #{name} accessory"), verbosity: :debug
+          execute *accessory.start
+        end
      end
    end
  end

  desc "stop [NAME]", "Stop existing accessory container on host"
  def stop(name)
-    with_accessory(name) do |accessory|
-      on(accessory.host) do
-        execute *MRSK.auditor.record("Stopped #{name} accessory"), verbosity: :debug
-        execute *accessory.stop, raise_on_non_zero_exit: false
+    mutating do
+      with_accessory(name) do |accessory|
+        on(accessory.hosts) do
+          execute *KAMAL.auditor.record("Stopped #{name} accessory"), verbosity: :debug
+          execute *accessory.stop, raise_on_non_zero_exit: false
+        end
      end
    end
  end

  desc "restart [NAME]", "Restart existing accessory container on host"
  def restart(name)
-    with_accessory(name) do
-      stop(name)
-      start(name)
+    mutating do
+      with_accessory(name) do
+        stop(name)
+        start(name)
+      end
    end
  end

  desc "details [NAME]", "Show details about accessory on host (use NAME=all to show all accessories)"
  def details(name)
    if name == "all"
-      MRSK.accessory_names.each { |accessory_name| details(accessory_name) }
+      KAMAL.accessory_names.each { |accessory_name| details(accessory_name) }
    else
      with_accessory(name) do |accessory|
-        on(accessory.host) { puts capture_with_info(*accessory.info) }
+        on(accessory.hosts) { puts capture_with_info(*accessory.info) }
      end
    end
  end
@@ -108,15 +129,15 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base

      when options[:reuse]
        say "Launching command from existing container...", :magenta
-        on(accessory.host) do
-          execute *MRSK.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
+        on(accessory.hosts) do
+          execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
          capture_with_info(*accessory.execute_in_existing_container(cmd))
        end

      else
        say "Launching command from new container...", :magenta
-        on(accessory.host) do
-          execute *MRSK.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
+        on(accessory.hosts) do
+          execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
          capture_with_info(*accessory.execute_in_new_container(cmd))
        end
      end
@@ -134,7 +155,7 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base

      if options[:follow]
        run_locally do
-          info "Following logs on #{accessory.host}..."
+          info "Following logs on #{accessory.hosts}..."
          info accessory.follow_logs(grep: grep)
          exec accessory.follow_logs(grep: grep)
        end
@@ -142,27 +163,27 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
        since = options[:since]
        lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set

-        on(accessory.host) do
+        on(accessory.hosts) do
          puts capture_with_info(*accessory.logs(since: since, lines: lines, grep: grep))
        end
      end
    end
  end

-  desc "remove [NAME]", "Remove accessory container and image from host (use NAME=all to remove all accessories)"
+  desc "remove [NAME]", "Remove accessory container, image and data directory from host (use NAME=all to remove all accessories)"
  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
  def remove(name)
-    if name == "all"
-      if options[:confirmed] || ask("This will remove all containers and images for all accessories. Are you sure?", limited_to: %w( y N ), default: "N") == "y"
-        MRSK.accessory_names.each { |accessory_name| remove(accessory_name) }
-      end
-    else
-      if options[:confirmed] || ask("This will remove all containers and images for #{name}. Are you sure?", limited_to: %w( y N ), default: "N") == "y"
-        with_accessory(name) do
-          stop(name)
-          remove_container(name)
-          remove_image(name)
-          remove_service_directory(name)
+    mutating do
+      if name == "all"
+        KAMAL.accessory_names.each { |accessory_name| remove(accessory_name) }
+      else
+        if options[:confirmed] || ask("This will remove all containers, images and data directories for #{name}. Are you sure?", limited_to: %w( y N ), default: "N") == "y"
+          with_accessory(name) do
+            stop(name)
+            remove_container(name)
+            remove_image(name)
+            remove_service_directory(name)
+          end
        end
      end
    end
@@ -170,36 +191,42 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base

  desc "remove_container [NAME]", "Remove accessory container from host", hide: true
  def remove_container(name)
-    with_accessory(name) do |accessory|
-      on(accessory.host) do
-        execute *MRSK.auditor.record("Remove #{name} accessory container"), verbosity: :debug
-        execute *accessory.remove_container
+    mutating do
+      with_accessory(name) do |accessory|
+        on(accessory.hosts) do
+          execute *KAMAL.auditor.record("Remove #{name} accessory container"), verbosity: :debug
+          execute *accessory.remove_container
+        end
      end
    end
  end

  desc "remove_image [NAME]", "Remove accessory image from host", hide: true
  def remove_image(name)
-    with_accessory(name) do |accessory|
-      on(accessory.host) do
-        execute *MRSK.auditor.record("Removed #{name} accessory image"), verbosity: :debug
-        execute *accessory.remove_image
+    mutating do
+      with_accessory(name) do |accessory|
+        on(accessory.hosts) do
+          execute *KAMAL.auditor.record("Removed #{name} accessory image"), verbosity: :debug
+          execute *accessory.remove_image
+        end
      end
    end
  end

  desc "remove_service_directory [NAME]", "Remove accessory directory used for uploaded files and data directories from host", hide: true
  def remove_service_directory(name)
-    with_accessory(name) do |accessory|
-      on(accessory.host) do
-        execute *accessory.remove_service_directory
+    mutating do
+      with_accessory(name) do |accessory|
+        on(accessory.hosts) do
+          execute *accessory.remove_service_directory
+        end
      end
    end
  end

  private
    def with_accessory(name)
-      if accessory = MRSK.accessory(name)
+      if accessory = KAMAL.accessory(name)
        yield accessory
      else
        error_on_missing_accessory(name)
@@ -207,7 +234,7 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
    end

    def error_on_missing_accessory(name)
-      options = MRSK.accessory_names.presence
+      options = KAMAL.accessory_names.presence

      error \
        "No accessory by the name of '#{name}'" +
--- a/lib/kamal/cli/app.rb
+++ b/lib/kamal/cli/app.rb
@@ -0,0 +1,327 @@
+class Kamal::Cli::App < Kamal::Cli::Base
+  desc "boot", "Boot app on servers (or reboot app if already running)"
+  def boot
+    mutating do
+      hold_lock_on_error do
+        say "Get most recent version available as an image...", :magenta unless options[:version]
+        using_version(version_or_latest) do |version|
+          say "Start container with version #{version} using a #{KAMAL.config.readiness_delay}s readiness delay (or reboot if already running)...", :magenta
+
+          on(KAMAL.hosts) do
+            execute *KAMAL.auditor.record("Tagging #{KAMAL.config.absolute_image} as the latest image"), verbosity: :debug
+            execute *KAMAL.app.tag_current_image_as_latest
+
+            KAMAL.roles_on(host).each do |role|
+              app = KAMAL.app(role: role)
+              role_config = KAMAL.config.role(role)
+
+              if role_config.assets?
+                execute *app.extract_assets
+                old_version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
+                execute *app.sync_asset_volumes(old_version: old_version)
+              end
+            end
+          end
+
+          on(KAMAL.hosts, **KAMAL.boot_strategy) do |host|
+            KAMAL.roles_on(host).each do |role|
+              app = KAMAL.app(role: role)
+              auditor = KAMAL.auditor(role: role)
+              role_config = KAMAL.config.role(role)
+
+              if capture_with_info(*app.container_id_for_version(version), raise_on_non_zero_exit: false).present?
+                tmp_version = "#{version}_replaced_#{SecureRandom.hex(8)}"
+                info "Renaming container #{version} to #{tmp_version} as already deployed on #{host}"
+                execute *auditor.record("Renaming container #{version} to #{tmp_version}"), verbosity: :debug
+                execute *app.rename_container(version: version, new_version: tmp_version)
+              end
+
+              old_version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
+
+              execute *app.tie_cord(role_config.cord_host_file) if role_config.uses_cord?
+
+              execute *auditor.record("Booted app version #{version}"), verbosity: :debug
+
+              execute *app.run(hostname: "#{host}-#{SecureRandom.hex(6)}")
+
+              Kamal::Cli::Healthcheck::Poller.wait_for_healthy(pause_after_ready: true) { capture_with_info(*app.status(version: version)) }
+
+              if old_version.present?
+                if role_config.uses_cord?
+                  cord = capture_with_info(*app.cord(version: old_version), raise_on_non_zero_exit: false).strip
+                  if cord.present?
+                    execute *app.cut_cord(cord)
+                    Kamal::Cli::Healthcheck::Poller.wait_for_unhealthy(pause_after_ready: true) { capture_with_info(*app.status(version: old_version)) }
+                  end
+                end
+
+                execute *app.stop(version: old_version), raise_on_non_zero_exit: false
+
+                execute *app.clean_up_assets if role_config.assets?
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+
+  desc "start", "Start existing app container on servers"
+  def start
+    mutating do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          execute *KAMAL.auditor.record("Started app version #{KAMAL.config.version}"), verbosity: :debug
+          execute *KAMAL.app(role: role).start, raise_on_non_zero_exit: false
+        end
+      end
+    end
+  end
+
+  desc "stop", "Stop app container on servers"
+  def stop
+    mutating do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          execute *KAMAL.auditor.record("Stopped app", role: role), verbosity: :debug
+          execute *KAMAL.app(role: role).stop, raise_on_non_zero_exit: false
+        end
+      end
+    end
+  end
+
+  # FIXME: Drop in favor of just containers?
+  desc "details", "Show details about app containers"
+  def details
+    on(KAMAL.hosts) do |host|
+      roles = KAMAL.roles_on(host)
+
+      roles.each do |role|
+        puts_by_host host, capture_with_info(*KAMAL.app(role: role).info)
+      end
+    end
+  end
+
+  desc "exec [CMD]", "Execute a custom command on servers (use --help to show options)"
+  option :interactive, aliases: "-i", type: :boolean, default: false, desc: "Execute command over ssh for an interactive shell (use for console/bash)"
+  option :reuse, type: :boolean, default: false, desc: "Reuse currently running container instead of starting a new one"
+  def exec(cmd)
+    case
+    when options[:interactive] && options[:reuse]
+      say "Get current version of running container...", :magenta unless options[:version]
+      using_version(options[:version] || current_running_version) do |version|
+        say "Launching interactive command with version #{version} via SSH from existing container on #{KAMAL.primary_host}...", :magenta
+        run_locally { exec KAMAL.app(role: KAMAL.primary_role).execute_in_existing_container_over_ssh(cmd, host: KAMAL.primary_host) }
+      end
+
+    when options[:interactive]
+      say "Get most recent version available as an image...", :magenta unless options[:version]
+      using_version(version_or_latest) do |version|
+        say "Launching interactive command with version #{version} via SSH from new container on #{KAMAL.primary_host}...", :magenta
+        run_locally do
+          exec KAMAL.app(role: KAMAL.primary_role).execute_in_new_container_over_ssh(cmd, host: KAMAL.primary_host)
+        end
+      end
+
+    when options[:reuse]
+      say "Get current version of running container...", :magenta unless options[:version]
+      using_version(options[:version] || current_running_version) do |version|
+        say "Launching command with version #{version} from existing container...", :magenta
+
+        on(KAMAL.hosts) do |host|
+          roles = KAMAL.roles_on(host)
+
+          roles.each do |role|
+            execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on app version #{version}", role: role), verbosity: :debug
+            puts_by_host host, capture_with_info(*KAMAL.app(role: role).execute_in_existing_container(cmd))
+          end
+        end
+      end
+
+    else
+      say "Get most recent version available as an image...", :magenta unless options[:version]
+      using_version(version_or_latest) do |version|
+        say "Launching command with version #{version} from new container...", :magenta
+        on(KAMAL.hosts) do |host|
+          roles = KAMAL.roles_on(host)
+
+          roles.each do |role|
+            execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on app version #{version}"), verbosity: :debug
+            puts_by_host host, capture_with_info(*KAMAL.app(role: role).execute_in_new_container(cmd))
+          end
+        end
+      end
+    end
+  end
+
+  desc "containers", "Show app containers on servers"
+  def containers
+    on(KAMAL.hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.app.list_containers) }
+  end
+
+  desc "stale_containers", "Detect app stale containers"
+  option :stop, aliases: "-s", type: :boolean, default: false, desc: "Stop the stale containers found"
+  def stale_containers
+    mutating do
+      stop = options[:stop]
+
+      cli = self
+
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          cli.send(:stale_versions, host: host, role: role).each do |version|
+            if stop
+              puts_by_host host, "Stopping stale container for role #{role} with version #{version}"
+              execute *KAMAL.app(role: role).stop(version: version), raise_on_non_zero_exit: false
+            else
+              puts_by_host host,  "Detected stale container for role #{role} with version #{version} (use `kamal app stale_containers --stop` to stop)"
+            end
+          end
+        end
+      end
+    end
+  end
+
+  desc "images", "Show app images on servers"
+  def images
+    on(KAMAL.hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.app.list_images) }
+  end
+
+  desc "logs", "Show log lines from app on servers (use --help to show options)"
+  option :since, aliases: "-s", desc: "Show lines since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
+  option :lines, type: :numeric, aliases: "-n", desc: "Number of lines to show from each server"
+  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
+  option :follow, aliases: "-f", desc: "Follow log on primary server (or specific host set by --hosts)"
+  def logs
+    # FIXME: Catch when app containers aren't running
+
+    grep = options[:grep]
+
+    if options[:follow]
+      run_locally do
+        info "Following logs on #{KAMAL.primary_host}..."
+
+        KAMAL.specific_roles ||= ["web"]
+        role = KAMAL.roles_on(KAMAL.primary_host).first
+
+        info KAMAL.app(role: role).follow_logs(host: KAMAL.primary_host, grep: grep)
+        exec KAMAL.app(role: role).follow_logs(host: KAMAL.primary_host, grep: grep)
+      end
+    else
+      since = options[:since]
+      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
+
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          begin
+            puts_by_host host, capture_with_info(*KAMAL.app(role: role).logs(since: since, lines: lines, grep: grep))
+          rescue SSHKit::Command::Failed
+            puts_by_host host, "Nothing found"
+          end
+        end
+      end
+    end
+  end
+
+  desc "remove", "Remove app containers and images from servers"
+  def remove
+    mutating do
+      stop
+      remove_containers
+      remove_images
+    end
+  end
+
+  desc "remove_container [VERSION]", "Remove app container with given version from servers", hide: true
+  def remove_container(version)
+    mutating do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          execute *KAMAL.auditor.record("Removed app container with version #{version}", role: role), verbosity: :debug
+          execute *KAMAL.app(role: role).remove_container(version: version)
+        end
+      end
+    end
+  end
+
+  desc "remove_containers", "Remove all app containers from servers", hide: true
+  def remove_containers
+    mutating do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          execute *KAMAL.auditor.record("Removed all app containers", role: role), verbosity: :debug
+          execute *KAMAL.app(role: role).remove_containers
+        end
+      end
+    end
+  end
+
+  desc "remove_images", "Remove all app images from servers", hide: true
+  def remove_images
+    mutating do
+      on(KAMAL.hosts) do
+        execute *KAMAL.auditor.record("Removed all app images"), verbosity: :debug
+        execute *KAMAL.app.remove_images
+      end
+    end
+  end
+
+  desc "version", "Show app version currently running on servers"
+  def version
+    on(KAMAL.hosts) do |host|
+      role = KAMAL.roles_on(host).first
+      puts_by_host host, capture_with_info(*KAMAL.app(role: role).current_running_version).strip
+    end
+  end
+
+  private
+    def using_version(new_version)
+      if new_version
+        begin
+          old_version = KAMAL.config.version
+          KAMAL.config.version = new_version
+          yield new_version
+        ensure
+          KAMAL.config.version = old_version
+        end
+      else
+        yield KAMAL.config.version
+      end
+    end
+
+    def current_running_version(host: KAMAL.primary_host)
+      version = nil
+      on(host) do
+        role = KAMAL.roles_on(host).first
+        version = capture_with_info(*KAMAL.app(role: role).current_running_version).strip
+      end
+      version.presence
+    end
+
+    def stale_versions(host:, role:)
+      versions = nil
+      on(host) do
+        versions = \
+          capture_with_info(*KAMAL.app(role: role).list_versions, raise_on_non_zero_exit: false)
+          .split("\n")
+          .drop(1)
+      end
+      versions
+    end
+
+    def version_or_latest
+      options[:version] || "latest"
+    end
+end
--- a/lib/kamal/cli/base.rb
+++ b/lib/kamal/cli/base.rb
@@ -0,0 +1,184 @@
+require "thor"
+require "dotenv"
+require "kamal/sshkit_with_ext"
+
+module Kamal::Cli
+  class Base < Thor
+    include SSHKit::DSL
+
+    def self.exit_on_failure?() true end
+
+    class_option :verbose, type: :boolean, aliases: "-v", desc: "Detailed logging"
+    class_option :quiet, type: :boolean, aliases: "-q", desc: "Minimal logging"
+
+    class_option :version, desc: "Run commands against a specific app version"
+
+    class_option :primary, type: :boolean, aliases: "-p", desc: "Run commands only on primary host instead of all"
+    class_option :hosts, aliases: "-h", desc: "Run commands on these hosts instead of all (separate by comma, supports wildcards with *)"
+    class_option :roles, aliases: "-r", desc: "Run commands on these roles instead of all (separate by comma, supports wildcards with *)"
+
+    class_option :config_file, aliases: "-c", default: "config/deploy.yml", desc: "Path to config file"
+    class_option :destination, aliases: "-d", desc: "Specify destination to be used for config file (staging -> deploy.staging.yml)"
+
+    class_option :skip_hooks, aliases: "-H", type: :boolean, default: false, desc: "Don't run hooks"
+
+    def initialize(*)
+      super
+      @original_env = ENV.to_h.dup
+      load_envs
+      initialize_commander(options_with_subcommand_class_options)
+    end
+
+    private
+      def load_envs
+        if destination = options[:destination]
+          Dotenv.load(".env.#{destination}", ".env")
+        else
+          Dotenv.load(".env")
+        end
+      end
+
+      def reload_envs
+        ENV.clear
+        ENV.update(@original_env)
+        load_envs
+      end
+
+      def options_with_subcommand_class_options
+        options.merge(@_initializer.last[:class_options] || {})
+      end
+
+      def initialize_commander(options)
+        KAMAL.tap do |commander|
+          if options[:verbose]
+            ENV["VERBOSE"] = "1" # For backtraces via cli/start
+            commander.verbosity = :debug
+          end
+
+          if options[:quiet]
+            commander.verbosity = :error
+          end
+
+          commander.configure \
+            config_file: Pathname.new(File.expand_path(options[:config_file])),
+            destination: options[:destination],
+            version: options[:version]
+
+          commander.specific_hosts    = options[:hosts]&.split(",")
+          commander.specific_roles    = options[:roles]&.split(",")
+          commander.specific_primary! if options[:primary]
+        end
+      end
+
+      def print_runtime
+        started_at = Time.now
+        yield
+        return Time.now - started_at
+      ensure
+        runtime = Time.now - started_at
+        puts "  Finished all in #{sprintf("%.1f seconds", runtime)}"
+      end
+
+      def mutating
+        return yield if KAMAL.holding_lock?
+
+        run_hook "pre-connect"
+
+        ensure_run_directory
+
+        acquire_lock
+
+        begin
+          yield
+        rescue
+          if KAMAL.hold_lock_on_error?
+            error "  \e[31mDeploy lock was not released\e[0m"
+          else
+            release_lock
+          end
+
+          raise
+        end
+
+        release_lock
+      end
+
+      def acquire_lock
+        raise_if_locked do
+          say "Acquiring the deploy lock...", :magenta
+          on(KAMAL.primary_host) { execute *KAMAL.lock.acquire("Automatic deploy lock", KAMAL.config.version), verbosity: :debug }
+        end
+
+        KAMAL.holding_lock = true
+      end
+
+      def release_lock
+        say "Releasing the deploy lock...", :magenta
+        on(KAMAL.primary_host) { execute *KAMAL.lock.release, verbosity: :debug }
+
+        KAMAL.holding_lock = false
+      end
+
+      def raise_if_locked
+        yield
+      rescue SSHKit::Runner::ExecuteError => e
+        if e.message =~ /cannot create directory/
+          on(KAMAL.primary_host) { puts capture_with_debug(*KAMAL.lock.status) }
+          raise LockError, "Deploy lock found"
+        else
+          raise e
+        end
+      end
+
+      def hold_lock_on_error
+        if KAMAL.hold_lock_on_error?
+          yield
+        else
+          KAMAL.hold_lock_on_error = true
+          yield
+          KAMAL.hold_lock_on_error = false
+        end
+      end
+
+      def run_hook(hook, **extra_details)
+        if !options[:skip_hooks] && KAMAL.hook.hook_exists?(hook)
+          details = { hosts: KAMAL.hosts.join(","), command: command, subcommand: subcommand }
+
+          say "Running the #{hook} hook...", :magenta
+          run_locally do
+            KAMAL.with_verbosity(:debug) { execute *KAMAL.hook.run(hook, **details, **extra_details) }
+          rescue SSHKit::Command::Failed
+            raise HookError.new("Hook `#{hook}` failed")
+          end
+        end
+      end
+
+      def command
+        @kamal_command ||= begin
+          invocation_class, invocation_commands = *first_invocation
+          if invocation_class == Kamal::Cli::Main
+            invocation_commands[0]
+          else
+            Kamal::Cli::Main.subcommand_classes.find { |command, clazz| clazz == invocation_class }[0]
+          end
+        end
+      end
+
+      def subcommand
+        @kamal_subcommand ||= begin
+          invocation_class, invocation_commands = *first_invocation
+          invocation_commands[0] if invocation_class != Kamal::Cli::Main
+        end
+      end
+
+      def first_invocation
+        instance_variable_get("@_invocations").first
+      end
+
+      def ensure_run_directory
+        on(KAMAL.hosts) do
+          execute(*KAMAL.server.ensure_run_directory)
+        end
+      end
+    end
+end
--- a/lib/kamal/cli/build.rb
+++ b/lib/kamal/cli/build.rb
@@ -0,0 +1,123 @@
+require "uri"
+
+class Kamal::Cli::Build < Kamal::Cli::Base
+  class BuildError < StandardError; end
+
+  desc "deliver", "Build app and push app image to registry then pull image on servers"
+  def deliver
+    mutating do
+      push
+      pull
+    end
+  end
+
+  desc "push", "Build and push app image to registry"
+  def push
+    mutating do
+      cli = self
+
+      verify_local_dependencies
+      run_hook "pre-build"
+
+      if (uncommitted_changes = Kamal::Git.uncommitted_changes).present?
+        say "The following paths have uncommitted changes:\n #{uncommitted_changes}", :yellow
+      end
+
+      run_locally do
+        begin
+          KAMAL.with_verbosity(:debug) do
+            execute *KAMAL.builder.push
+          end
+        rescue SSHKit::Command::Failed => e
+          if e.message =~ /(no builder)|(no such file or directory)/
+            error "Missing compatible builder, so creating a new one first"
+
+            if cli.create
+              KAMAL.with_verbosity(:debug) { execute *KAMAL.builder.push }
+            end
+          else
+            raise
+          end
+        end
+      end
+    end
+  end
+
+  desc "pull", "Pull app image from registry onto servers"
+  def pull
+    mutating do
+      on(KAMAL.hosts) do
+        execute *KAMAL.auditor.record("Pulled image with version #{KAMAL.config.version}"), verbosity: :debug
+        execute *KAMAL.builder.clean, raise_on_non_zero_exit: false
+        execute *KAMAL.builder.pull
+        execute *KAMAL.builder.validate_image
+      end
+    end
+  end
+
+  desc "create", "Create a build setup"
+  def create
+    mutating do
+      if (remote_host = KAMAL.config.builder.remote_host)
+        connect_to_remote_host(remote_host)
+      end
+
+      run_locally do
+        begin
+          debug "Using builder: #{KAMAL.builder.name}"
+          execute *KAMAL.builder.create
+        rescue SSHKit::Command::Failed => e
+          if e.message =~ /stderr=(.*)/
+            error "Couldn't create remote builder: #{$1}"
+            false
+          else
+            raise
+          end
+        end
+      end
+    end
+  end
+
+  desc "remove", "Remove build setup"
+  def remove
+    mutating do
+      run_locally do
+        debug "Using builder: #{KAMAL.builder.name}"
+        execute *KAMAL.builder.remove
+      end
+    end
+  end
+
+  desc "details", "Show build setup"
+  def details
+    run_locally do
+      puts "Builder: #{KAMAL.builder.name}"
+      puts capture(*KAMAL.builder.info)
+    end
+  end
+
+  private
+    def verify_local_dependencies
+      run_locally do
+        begin
+          execute *KAMAL.builder.ensure_local_dependencies_installed
+        rescue SSHKit::Command::Failed => e
+          build_error = e.message =~ /command not found/ ?
+            "Docker is not installed locally" :
+            "Docker buildx plugin is not installed locally"
+
+          raise BuildError, build_error
+        end
+      end
+    end
+
+    def connect_to_remote_host(remote_host)
+      remote_uri = URI.parse(remote_host)
+      if remote_uri.scheme == "ssh"
+        options = { user: remote_uri.user, port: remote_uri.port }.compact
+        on(remote_uri.host, options) do
+          execute "true"
+        end
+      end
+    end
+end
--- a/lib/kamal/cli/env.rb
+++ b/lib/kamal/cli/env.rb
@@ -0,0 +1,56 @@
+require "tempfile"
+
+class Kamal::Cli::Env < Kamal::Cli::Base
+  desc "push", "Push the env file to the remote hosts"
+  def push
+    mutating do
+      on(KAMAL.hosts) do
+        execute *KAMAL.auditor.record("Pushed env files"), verbosity: :debug
+
+        KAMAL.roles_on(host).each do |role|
+          role_config = KAMAL.config.role(role)
+          execute *KAMAL.app(role: role).make_env_directory
+          upload! StringIO.new(role_config.env_file), role_config.host_env_file_path, mode: 400
+        end
+      end
+
+      on(KAMAL.traefik_hosts) do
+        execute *KAMAL.traefik.make_env_directory
+        upload! StringIO.new(KAMAL.traefik.env_file), KAMAL.traefik.host_env_file_path, mode: 400
+      end
+
+      on(KAMAL.accessory_hosts) do
+        KAMAL.accessories_on(host).each do |accessory|
+          accessory_config = KAMAL.config.accessory(accessory)
+          execute *KAMAL.accessory(accessory).make_env_directory
+          upload! StringIO.new(accessory_config.env_file), accessory_config.host_env_file_path, mode: 400
+        end
+      end
+    end
+  end
+
+  desc "delete", "Delete the env file from the remote hosts"
+  def delete
+    mutating do
+      on(KAMAL.hosts) do
+        execute *KAMAL.auditor.record("Deleted env files"), verbosity: :debug
+
+        KAMAL.roles_on(host).each do |role|
+          role_config = KAMAL.config.role(role)
+          execute *KAMAL.app(role: role).remove_env_file
+        end
+      end
+
+      on(KAMAL.traefik_hosts) do
+        execute *KAMAL.traefik.remove_env_file
+      end
+
+      on(KAMAL.accessory_hosts) do
+        KAMAL.accessories_on(host).each do |accessory|
+          accessory_config = KAMAL.config.accessory(accessory)
+          execute *KAMAL.accessory(accessory).remove_env_file
+        end
+      end
+    end
+  end
+end
--- a/lib/kamal/cli/healthcheck.rb
+++ b/lib/kamal/cli/healthcheck.rb
@@ -0,0 +1,21 @@
+class Kamal::Cli::Healthcheck < Kamal::Cli::Base
+  default_command :perform
+
+  desc "perform", "Health check current app version"
+  def perform
+    raise "The primary host is not configured to run Traefik" unless KAMAL.config.role(KAMAL.config.primary_role).running_traefik?
+    on(KAMAL.primary_host) do
+      begin
+        execute *KAMAL.healthcheck.run
+        Poller.wait_for_healthy { capture_with_info(*KAMAL.healthcheck.status) }
+      rescue Poller::HealthcheckError => e
+        error capture_with_info(*KAMAL.healthcheck.logs)
+        error capture_with_pretty_json(*KAMAL.healthcheck.container_health_log)
+        raise
+      ensure
+        execute *KAMAL.healthcheck.stop, raise_on_non_zero_exit: false
+        execute *KAMAL.healthcheck.remove, raise_on_non_zero_exit: false
+      end
+    end
+  end
+end
--- a/lib/kamal/cli/healthcheck/poller.rb
+++ b/lib/kamal/cli/healthcheck/poller.rb
@@ -0,0 +1,64 @@
+module Kamal::Cli::Healthcheck::Poller
+  extend self
+
+  TRAEFIK_UPDATE_DELAY = 5
+
+  class HealthcheckError < StandardError; end
+
+  def wait_for_healthy(pause_after_ready: false, &block)
+    attempt = 1
+    max_attempts = KAMAL.config.healthcheck["max_attempts"]
+
+    begin
+      case status = block.call
+      when "healthy"
+        sleep TRAEFIK_UPDATE_DELAY if pause_after_ready
+      when "running" # No health check configured
+        sleep KAMAL.config.readiness_delay if pause_after_ready
+      else
+        raise HealthcheckError, "container not ready (#{status})"
+      end
+    rescue HealthcheckError => e
+      if attempt <= max_attempts
+        info "#{e.message}, retrying in #{attempt}s (attempt #{attempt}/#{max_attempts})..."
+        sleep attempt
+        attempt += 1
+        retry
+      else
+        raise
+      end
+    end
+
+    info "Container is healthy!"
+  end
+
+  def wait_for_unhealthy(pause_after_ready: false, &block)
+    attempt = 1
+    max_attempts = KAMAL.config.healthcheck["max_attempts"]
+
+    begin
+      case status = block.call
+      when "unhealthy"
+        sleep TRAEFIK_UPDATE_DELAY if pause_after_ready
+      else
+        raise HealthcheckError, "container not unhealthy (#{status})"
+      end
+    rescue HealthcheckError => e
+      if attempt <= max_attempts
+        info "#{e.message}, retrying in #{attempt}s (attempt #{attempt}/#{max_attempts})..."
+        sleep attempt
+        attempt += 1
+        retry
+      else
+        raise
+      end
+    end
+
+    info "Container is unhealthy!"
+  end
+
+  private
+    def info(message)
+      SSHKit.config.output.info(message)
+    end
+end
--- a/lib/kamal/cli/lock.rb
+++ b/lib/kamal/cli/lock.rb
@@ -0,0 +1,46 @@
+class Kamal::Cli::Lock < Kamal::Cli::Base
+  desc "status", "Report lock status"
+  def status
+    handle_missing_lock do
+      on(KAMAL.primary_host) do
+        execute *KAMAL.server.ensure_run_directory
+        puts capture_with_debug(*KAMAL.lock.status)
+      end
+    end
+  end
+
+  desc "acquire", "Acquire the deploy lock"
+  option :message, aliases: "-m", type: :string, desc: "A lock message", required: true
+  def acquire
+    message = options[:message]
+    raise_if_locked do
+      on(KAMAL.primary_host) do
+        execute *KAMAL.server.ensure_run_directory
+        execute *KAMAL.lock.acquire(message, KAMAL.config.version), verbosity: :debug
+      end
+      say "Acquired the deploy lock"
+    end
+  end
+
+  desc "release", "Release the deploy lock"
+  def release
+    handle_missing_lock do
+      on(KAMAL.primary_host) do
+        execute *KAMAL.server.ensure_run_directory
+        execute *KAMAL.lock.release, verbosity: :debug
+      end
+      say "Released the deploy lock"
+    end
+  end
+
+  private
+    def handle_missing_lock
+      yield
+    rescue SSHKit::Runner::ExecuteError => e
+      if e.message =~ /No such file or directory/
+        say "There is no deploy lock"
+      else
+        raise
+      end
+    end
+end
--- a/lib/kamal/cli/main.rb
+++ b/lib/kamal/cli/main.rb
@@ -0,0 +1,265 @@
+class Kamal::Cli::Main < Kamal::Cli::Base
+  desc "setup", "Setup all accessories, push the env, and deploy app to servers"
+  def setup
+    print_runtime do
+      mutating do
+        say "Ensure Docker is installed...", :magenta
+        invoke "kamal:cli:server:bootstrap"
+
+        say "Push env files...", :magenta
+        invoke "kamal:cli:env:push"
+
+        invoke "kamal:cli:accessory:boot", [ "all" ]
+        deploy
+      end
+    end
+  end
+
+  desc "deploy", "Deploy app to servers"
+  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  def deploy
+    runtime = print_runtime do
+      mutating do
+        invoke_options = deploy_options
+
+        say "Log into image registry...", :magenta
+        invoke "kamal:cli:registry:login", [], invoke_options
+
+        if options[:skip_push]
+          say "Pull app image...", :magenta
+          invoke "kamal:cli:build:pull", [], invoke_options
+        else
+          say "Build and push app image...", :magenta
+          invoke "kamal:cli:build:deliver", [], invoke_options
+        end
+
+        run_hook "pre-deploy"
+
+        say "Ensure Traefik is running...", :magenta
+        invoke "kamal:cli:traefik:boot", [], invoke_options
+
+        if KAMAL.config.role(KAMAL.config.primary_role).running_traefik?
+          say "Ensure app can pass healthcheck...", :magenta
+          invoke "kamal:cli:healthcheck:perform", [], invoke_options
+        end
+
+        say "Detect stale containers...", :magenta
+        invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
+
+        invoke "kamal:cli:app:boot", [], invoke_options
+
+        say "Prune old containers and images...", :magenta
+        invoke "kamal:cli:prune:all", [], invoke_options
+      end
+    end
+
+    run_hook "post-deploy", runtime: runtime.round
+  end
+
+  desc "redeploy", "Deploy app to servers without bootstrapping servers, starting Traefik, pruning, and registry login"
+  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  def redeploy
+    runtime = print_runtime do
+      mutating do
+        invoke_options = deploy_options
+
+        if options[:skip_push]
+          say "Pull app image...", :magenta
+          invoke "kamal:cli:build:pull", [], invoke_options
+        else
+          say "Build and push app image...", :magenta
+          invoke "kamal:cli:build:deliver", [], invoke_options
+        end
+
+        run_hook "pre-deploy"
+
+        say "Ensure app can pass healthcheck...", :magenta
+        invoke "kamal:cli:healthcheck:perform", [], invoke_options
+
+        say "Detect stale containers...", :magenta
+        invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
+
+        invoke "kamal:cli:app:boot", [], invoke_options
+      end
+    end
+
+    run_hook "post-deploy", runtime: runtime.round
+  end
+
+  desc "rollback [VERSION]", "Rollback app to VERSION"
+  def rollback(version)
+    rolled_back = false
+    runtime = print_runtime do
+      mutating do
+        invoke_options = deploy_options
+
+        KAMAL.config.version = version
+        old_version = nil
+
+        if container_available?(version)
+          run_hook "pre-deploy"
+
+          invoke "kamal:cli:app:boot", [], invoke_options.merge(version: version)
+          rolled_back = true
+        else
+          say "The app version '#{version}' is not available as a container (use 'kamal app containers' for available versions)", :red
+        end
+      end
+    end
+
+    run_hook "post-deploy", runtime: runtime.round if rolled_back
+  end
+
+  desc "details", "Show details about all containers"
+  def details
+    invoke "kamal:cli:traefik:details"
+    invoke "kamal:cli:app:details"
+    invoke "kamal:cli:accessory:details", [ "all" ]
+  end
+
+  desc "audit", "Show audit log from servers"
+  def audit
+    on(KAMAL.hosts) do |host|
+      puts_by_host host, capture_with_info(*KAMAL.auditor.reveal)
+    end
+  end
+
+  desc "config", "Show combined config (including secrets!)"
+  def config
+    run_locally do
+      puts Kamal::Utils.redacted(KAMAL.config.to_h).to_yaml
+    end
+  end
+
+  desc "init", "Create config stub in config/deploy.yml and env stub in .env"
+  option :bundle, type: :boolean, default: false, desc: "Add Kamal to the Gemfile and create a bin/kamal binstub"
+  def init
+    require "fileutils"
+
+    if (deploy_file = Pathname.new(File.expand_path("config/deploy.yml"))).exist?
+      puts "Config file already exists in config/deploy.yml (remove first to create a new one)"
+    else
+      FileUtils.mkdir_p deploy_file.dirname
+      FileUtils.cp_r Pathname.new(File.expand_path("templates/deploy.yml", __dir__)), deploy_file
+      puts "Created configuration file in config/deploy.yml"
+    end
+
+    unless (deploy_file = Pathname.new(File.expand_path(".env"))).exist?
+      FileUtils.cp_r Pathname.new(File.expand_path("templates/template.env", __dir__)), deploy_file
+      puts "Created .env file"
+    end
+
+    unless (hooks_dir = Pathname.new(File.expand_path(".kamal/hooks"))).exist?
+      hooks_dir.mkpath
+      Pathname.new(File.expand_path("templates/sample_hooks", __dir__)).each_child do |sample_hook|
+        FileUtils.cp sample_hook, hooks_dir, preserve: true
+      end
+      puts "Created sample hooks in .kamal/hooks"
+    end
+
+    if options[:bundle]
+      if (binstub = Pathname.new(File.expand_path("bin/kamal"))).exist?
+        puts "Binstub already exists in bin/kamal (remove first to create a new one)"
+      else
+        puts "Adding Kamal to Gemfile and bundle..."
+        run_locally do
+          execute :bundle, :add, :kamal
+          execute :bundle, :binstubs, :kamal
+        end
+        puts "Created binstub file in bin/kamal"
+      end
+    end
+  end
+
+  desc "envify", "Create .env by evaluating .env.erb (or .env.staging.erb -> .env.staging when using -d staging)"
+  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip .env file push"
+  def envify
+    if destination = options[:destination]
+      env_template_path = ".env.#{destination}.erb"
+      env_path          = ".env.#{destination}"
+    else
+      env_template_path = ".env.erb"
+      env_path          = ".env"
+    end
+
+    File.write(env_path, ERB.new(File.read(env_template_path), trim_mode: "-").result, perm: 0600)
+
+    unless options[:skip_push]
+      reload_envs
+      invoke "kamal:cli:env:push", options
+    end
+  end
+
+  desc "remove", "Remove Traefik, app, accessories, and registry session from servers"
+  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
+  def remove
+    mutating do
+      if options[:confirmed] || ask("This will remove all containers and images. Are you sure?", limited_to: %w( y N ), default: "N") == "y"
+        invoke "kamal:cli:traefik:remove", [], options.without(:confirmed)
+        invoke "kamal:cli:app:remove", [], options.without(:confirmed)
+        invoke "kamal:cli:accessory:remove", [ "all" ], options
+        invoke "kamal:cli:registry:logout", [], options.without(:confirmed)
+      end
+    end
+  end
+
+  desc "version", "Show Kamal version"
+  def version
+    puts Kamal::VERSION
+  end
+
+  desc "accessory", "Manage accessories (db/redis/search)"
+  subcommand "accessory", Kamal::Cli::Accessory
+
+  desc "app", "Manage application"
+  subcommand "app", Kamal::Cli::App
+
+  desc "build", "Build application image"
+  subcommand "build", Kamal::Cli::Build
+
+  desc "env", "Manage environment files"
+  subcommand "env", Kamal::Cli::Env
+
+  desc "healthcheck", "Healthcheck application"
+  subcommand "healthcheck", Kamal::Cli::Healthcheck
+
+  desc "lock", "Manage the deploy lock"
+  subcommand "lock", Kamal::Cli::Lock
+
+  desc "prune", "Prune old application images and containers"
+  subcommand "prune", Kamal::Cli::Prune
+
+  desc "registry", "Login and -out of the image registry"
+  subcommand "registry", Kamal::Cli::Registry
+
+  desc "server", "Bootstrap servers with curl and Docker"
+  subcommand "server", Kamal::Cli::Server
+
+  desc "traefik", "Manage Traefik load balancer"
+  subcommand "traefik", Kamal::Cli::Traefik
+
+  private
+    def container_available?(version)
+      begin
+        on(KAMAL.hosts) do
+          KAMAL.roles_on(host).each do |role|
+            container_id = capture_with_info(*KAMAL.app(role: role).container_id_for_version(version))
+            raise "Container not found" unless container_id.present?
+          end
+        end
+      rescue SSHKit::Runner::ExecuteError => e
+        if e.message =~ /Container not found/
+          say "Error looking for container version #{version}: #{e.message}"
+          return false
+        else
+          raise
+        end
+      end
+
+      true
+    end
+
+    def deploy_options
+      { "version" => KAMAL.config.version }.merge(options.without("skip_push"))
+    end
+end
--- a/lib/kamal/cli/prune.rb
+++ b/lib/kamal/cli/prune.rb
@@ -0,0 +1,31 @@
+class Kamal::Cli::Prune < Kamal::Cli::Base
+  desc "all", "Prune unused images and stopped containers"
+  def all
+    mutating do
+      containers
+      images
+    end
+  end
+
+  desc "images", "Prune unused images"
+  def images
+    mutating do
+      on(KAMAL.hosts) do
+        execute *KAMAL.auditor.record("Pruned images"), verbosity: :debug
+        execute *KAMAL.prune.dangling_images
+        execute *KAMAL.prune.tagged_images
+      end
+    end
+  end
+
+  desc "containers", "Prune all stopped containers, except the last 5"
+  def containers
+    mutating do
+      on(KAMAL.hosts) do
+        execute *KAMAL.auditor.record("Pruned containers"), verbosity: :debug
+        execute *KAMAL.prune.app_containers
+        execute *KAMAL.prune.healthcheck_containers
+      end
+    end
+  end
+end
--- a/lib/kamal/cli/registry.rb
+++ b/lib/kamal/cli/registry.rb
@@ -1,8 +1,7 @@
-class Mrsk::Cli::Registry < Mrsk::Cli::Base
+class Kamal::Cli::Registry < Kamal::Cli::Base
  desc "login", "Log in to registry locally and remotely"
  def login
-    run_locally    { execute *MRSK.registry.login }
-    on(MRSK.hosts) { execute *MRSK.registry.login }
+    on([ :local ] + KAMAL.hosts) { execute *KAMAL.registry.login }
  # FIXME: This rescue needed?
  rescue ArgumentError => e
    puts e.message
@@ -10,7 +9,7 @@ class Mrsk::Cli::Registry < Mrsk::Cli::Base

  desc "logout", "Log out of registry remotely"
  def logout
-    on(MRSK.hosts) { execute *MRSK.registry.logout }
+    on(KAMAL.hosts) { execute *KAMAL.registry.logout }
  # FIXME: This rescue needed?
  rescue ArgumentError => e
    puts e.message
--- a/lib/kamal/cli/server.rb
+++ b/lib/kamal/cli/server.rb
@@ -0,0 +1,23 @@
+class Kamal::Cli::Server < Kamal::Cli::Base
+  desc "bootstrap", "Set up Docker to run Kamal apps"
+  def bootstrap
+    missing = []
+
+    on(KAMAL.hosts | KAMAL.accessory_hosts) do |host|
+      unless execute(*KAMAL.docker.installed?, raise_on_non_zero_exit: false)
+        if execute(*KAMAL.docker.superuser?, raise_on_non_zero_exit: false)
+          info "Missing Docker on #{host}. Installing…"
+          execute *KAMAL.docker.install
+        else
+          missing << host
+        end
+      end
+
+      execute(*KAMAL.server.ensure_run_directory)
+    end
+
+    if missing.any?
+      raise "Docker is not installed on #{missing.join(", ")} and can't be automatically installed without having root access and the `curl` command available. Install Docker manually: https://docs.docker.com/engine/install/"
+    end
+  end
+end
--- a/lib/kamal/cli/templates/deploy.yml
+++ b/lib/kamal/cli/templates/deploy.yml
@@ -13,20 +13,19 @@ registry:
  # Specify the registry server, if you're not using Docker Hub
  # server: registry.digitalocean.com / ghcr.io / ...
  username: my-user
+
+  # Always use an access token rather than real password when possible.
  password:
-    - MRSK_REGISTRY_PASSWORD
+    - KAMAL_REGISTRY_PASSWORD

 # Inject ENV variables into containers (secrets come from .env).
+# Remember to run `kamal env push` after making changes!
 # env:
 #   clear:
 #     DB_HOST: 192.168.0.2
 #   secret:
 #     - RAILS_MASTER_KEY

-# Call a broadcast command on deploys.
-# audit_broadcast_cmd:
-#   bin/broadcast_to_bc
-
 # Use a different ssh user than root
 # ssh:
 #   user: app
@@ -54,7 +53,7 @@ registry:
 #         - MYSQL_ROOT_PASSWORD
 #     files:
 #       - config/mysql/production.cnf:/etc/mysql/my.cnf
-#       - db/production.sql.erb:/docker-entrypoint-initdb.d/setup.sql
+#       - db/production.sql:/docker-entrypoint-initdb.d/setup.sql
 #     directories:
 #       - data:/var/lib/mysql
 #   redis:
@@ -74,3 +73,25 @@ registry:
 # healthcheck:
 #   path: /healthz
 #   port: 4000
+
+# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
+# hitting 404 on in-flight requests. Combines all files from new and old
+# version inside the asset_path.
+# asset_path: /rails/public/assets
+
+# Configure rolling deploys by setting a wait time between batches of restarts.
+# boot:
+#   limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
+#   wait: 2
+
+# Configure the role used to determine the primary_host. This host takes
+# deploy locks, runs health checks during the deploy, and follow logs, etc.
+#
+# Caution: there's no support for role renaming yet, so be careful to cleanup
+#          the previous role on the deployed hosts.
+# primary_role: web
+
+# Controls if we abort when see a role with no hosts. Disabling this may be
+# useful for more complex deploy configurations.
+#
+# allow_empty_roles: false
--- a/lib/kamal/cli/templates/sample_hooks/post-deploy.sample
+++ b/lib/kamal/cli/templates/sample_hooks/post-deploy.sample
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# A sample post-deploy hook
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+# KAMAL_RUNTIME
+
+echo "$KAMAL_PERFORMER deployed $KAMAL_VERSION to $KAMAL_DESTINATION in $KAMAL_RUNTIME seconds"
--- a/lib/kamal/cli/templates/sample_hooks/post-traefik-reboot.sample
+++ b/lib/kamal/cli/templates/sample_hooks/post-traefik-reboot.sample
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Rebooted Traefik on $KAMAL_HOSTS"
--- a/lib/kamal/cli/templates/sample_hooks/pre-build.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-build.sample
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# A sample pre-build hook
+#
+# Checks:
+# 1. We have a clean checkout
+# 2. A remote is configured
+# 3. The branch has been pushed to the remote
+# 4. The version we are deploying matches the remote
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+
+if [ -n "$(git status --porcelain)" ]; then
+  echo "Git checkout is not clean, aborting..." >&2
+  git status --porcelain >&2
+  exit 1
+fi
+
+first_remote=$(git remote)
+
+if [ -z "$first_remote" ]; then
+  echo "No git remote set, aborting..." >&2
+  exit 1
+fi
+
+current_branch=$(git branch --show-current)
+
+if [ -z "$current_branch" ]; then
+  echo "Not on a git branch, aborting..." >&2
+  exit 1
+fi
+
+remote_head=$(git ls-remote $first_remote --tags $current_branch | cut -f1)
+
+if [ -z "$remote_head" ]; then
+  echo "Branch not pushed to remote, aborting..." >&2
+  exit 1
+fi
+
+if [ "$KAMAL_VERSION" != "$remote_head" ]; then
+  echo "Version ($KAMAL_VERSION) does not match remote HEAD ($remote_head), aborting..." >&2
+  exit 1
+fi
+
+exit 0
--- a/lib/kamal/cli/templates/sample_hooks/pre-connect.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-connect.sample
@@ -0,0 +1,47 @@
+#!/usr/bin/env ruby
+
+# A sample pre-connect check
+#
+# Warms DNS before connecting to hosts in parallel
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+# KAMAL_RUNTIME
+
+hosts = ENV["KAMAL_HOSTS"].split(",")
+results = nil
+max = 3
+
+elapsed = Benchmark.realtime do
+  results = hosts.map do |host|
+    Thread.new do
+      tries = 1
+
+      begin
+        Socket.getaddrinfo(host, 0, Socket::AF_UNSPEC, Socket::SOCK_STREAM, nil, Socket::AI_CANONNAME)
+      rescue SocketError
+        if tries < max
+          puts "Retrying DNS warmup: #{host}"
+          tries += 1
+          sleep rand
+          retry
+        else
+          puts "DNS warmup failed: #{host}"
+          host
+        end
+      end
+
+      tries
+    end
+  end.map(&:value)
+end
+
+retries = results.sum - hosts.size
+nopes = results.count { |r| r == max }
+
+puts "Prewarmed %d DNS lookups in %.2f sec: %d retries, %d failures" % [ hosts.size, elapsed, retries, nopes ]
--- a/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample
@@ -0,0 +1,109 @@
+#!/usr/bin/env ruby
+
+# A sample pre-deploy hook
+#
+# Checks the Github status of the build, waiting for a pending build to complete for up to 720 seconds.
+#
+# Fails unless the combined status is "success"
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_COMMAND
+# KAMAL_SUBCOMMAND
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+
+# Only check the build status for production deployments
+if ENV["KAMAL_COMMAND"] == "rollback" || ENV["KAMAL_DESTINATION"] != "production"
+  exit 0
+end
+
+require "bundler/inline"
+
+# true = install gems so this is fast on repeat invocations
+gemfile(true, quiet: true) do
+  source "https://rubygems.org"
+
+  gem "octokit"
+  gem "faraday-retry"
+end
+
+MAX_ATTEMPTS = 72
+ATTEMPTS_GAP = 10
+
+def exit_with_error(message)
+  $stderr.puts message
+  exit 1
+end
+
+class GithubStatusChecks
+  attr_reader :remote_url, :git_sha, :github_client, :combined_status
+
+  def initialize
+    @remote_url = `git config --get remote.origin.url`.strip.delete_prefix("https://github.com/")
+    @git_sha = `git rev-parse HEAD`.strip
+    @github_client = Octokit::Client.new(access_token: ENV["GITHUB_TOKEN"])
+    refresh!
+  end
+
+  def refresh!
+    @combined_status = github_client.combined_status(remote_url, git_sha)
+  end
+
+  def state
+    combined_status[:state]
+  end
+
+  def first_status_url
+    first_status = combined_status[:statuses].find { |status| status[:state] == state }
+    first_status && first_status[:target_url]
+  end
+
+  def complete_count
+    combined_status[:statuses].count { |status| status[:state] != "pending"}
+  end
+
+  def total_count
+    combined_status[:statuses].count
+  end
+
+  def current_status
+    if total_count > 0
+      "Completed #{complete_count}/#{total_count} checks, see #{first_status_url} ..."
+    else
+      "Build not started..."
+    end
+  end
+end
+
+
+$stdout.sync = true
+
+puts "Checking build status..."
+attempts = 0
+checks = GithubStatusChecks.new
+
+begin
+  loop do
+    case checks.state
+    when "success"
+      puts "Checks passed, see #{checks.first_status_url}"
+      exit 0
+    when "failure"
+      exit_with_error "Checks failed, see #{checks.first_status_url}"
+    when "pending"
+      attempts += 1
+    end
+
+    exit_with_error "Checks are still pending, gave up after #{MAX_ATTEMPTS * ATTEMPTS_GAP} seconds" if attempts == MAX_ATTEMPTS
+
+    puts checks.current_status
+    sleep(ATTEMPTS_GAP)
+    checks.refresh!
+  end
+rescue Octokit::NotFound
+  exit_with_error "Build status could not be found"
+end
--- a/lib/kamal/cli/templates/sample_hooks/pre-traefik-reboot.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-traefik-reboot.sample
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Rebooting Traefik on $KAMAL_HOSTS..."
--- a/lib/kamal/cli/templates/template.env
+++ b/lib/kamal/cli/templates/template.env
@@ -0,0 +1,2 @@
+KAMAL_REGISTRY_PASSWORD=change-this
+RAILS_MASTER_KEY=another-env
--- a/lib/kamal/cli/traefik.rb
+++ b/lib/kamal/cli/traefik.rb
@@ -0,0 +1,117 @@
+class Kamal::Cli::Traefik < Kamal::Cli::Base
+  desc "boot", "Boot Traefik on servers"
+  def boot
+    mutating do
+      on(KAMAL.traefik_hosts) do
+        execute *KAMAL.registry.login
+        execute *KAMAL.traefik.start_or_run
+      end
+    end
+  end
+
+  desc "reboot", "Reboot Traefik on servers (stop container, remove container, start new container)"
+  option :rolling, type: :boolean, default: false, desc: "Reboot traefik on hosts in sequence, rather than in parallel"
+  def reboot
+    mutating do
+      host_groups = options[:rolling] ? KAMAL.traefik_hosts : [KAMAL.traefik_hosts]
+      host_groups.each do |hosts|
+        host_list = Array(hosts).join(",")
+        run_hook "pre-traefik-reboot", hosts: host_list
+        on(hosts) do
+          execute *KAMAL.auditor.record("Rebooted traefik"), verbosity: :debug
+          execute *KAMAL.registry.login
+          execute *KAMAL.traefik.stop
+          execute *KAMAL.traefik.remove_container
+          execute *KAMAL.traefik.run
+        end
+        run_hook "post-traefik-reboot", hosts: host_list
+      end
+    end
+  end
+
+  desc "start", "Start existing Traefik container on servers"
+  def start
+    mutating do
+      on(KAMAL.traefik_hosts) do
+        execute *KAMAL.auditor.record("Started traefik"), verbosity: :debug
+        execute *KAMAL.traefik.start
+      end
+    end
+  end
+
+  desc "stop", "Stop existing Traefik container on servers"
+  def stop
+    mutating do
+      on(KAMAL.traefik_hosts) do
+        execute *KAMAL.auditor.record("Stopped traefik"), verbosity: :debug
+        execute *KAMAL.traefik.stop
+      end
+    end
+  end
+
+  desc "restart", "Restart existing Traefik container on servers"
+  def restart
+    mutating do
+      stop
+      start
+    end
+  end
+
+  desc "details", "Show details about Traefik container from servers"
+  def details
+    on(KAMAL.traefik_hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.traefik.info), type: "Traefik" }
+  end
+
+  desc "logs", "Show log lines from Traefik on servers"
+  option :since, aliases: "-s", desc: "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
+  option :lines, type: :numeric, aliases: "-n", desc: "Number of log lines to pull from each server"
+  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
+  option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
+  def logs
+    grep = options[:grep]
+
+    if options[:follow]
+      run_locally do
+        info "Following logs on #{KAMAL.primary_host}..."
+        info KAMAL.traefik.follow_logs(host: KAMAL.primary_host, grep: grep)
+        exec KAMAL.traefik.follow_logs(host: KAMAL.primary_host, grep: grep)
+      end
+    else
+      since = options[:since]
+      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
+
+      on(KAMAL.traefik_hosts) do |host|
+        puts_by_host host, capture(*KAMAL.traefik.logs(since: since, lines: lines, grep: grep)), type: "Traefik"
+      end
+    end
+  end
+
+  desc "remove", "Remove Traefik container and image from servers"
+  def remove
+    mutating do
+      stop
+      remove_container
+      remove_image
+    end
+  end
+
+  desc "remove_container", "Remove Traefik container from servers", hide: true
+  def remove_container
+    mutating do
+      on(KAMAL.traefik_hosts) do
+        execute *KAMAL.auditor.record("Removed traefik container"), verbosity: :debug
+        execute *KAMAL.traefik.remove_container
+      end
+    end
+  end
+
+  desc "remove_image", "Remove Traefik image from servers", hide: true
+  def remove_image
+    mutating do
+      on(KAMAL.traefik_hosts) do
+        execute *KAMAL.auditor.record("Removed traefik image"), verbosity: :debug
+        execute *KAMAL.traefik.remove_image
+      end
+    end
+  end
+end
--- a/lib/kamal/commander.rb
+++ b/lib/kamal/commander.rb
@@ -0,0 +1,184 @@
+require "active_support/core_ext/enumerable"
+require "active_support/core_ext/module/delegation"
+
+class Kamal::Commander
+  attr_accessor :verbosity, :holding_lock, :hold_lock_on_error
+
+  def initialize
+    self.verbosity = :info
+    self.holding_lock = false
+    self.hold_lock_on_error = false
+  end
+
+  def config
+    @config ||= Kamal::Configuration.create_from(**@config_kwargs).tap do |config|
+      @config_kwargs = nil
+      configure_sshkit_with(config)
+    end
+  end
+
+  def configure(**kwargs)
+    @config, @config_kwargs = nil, kwargs
+  end
+
+  attr_reader :specific_roles, :specific_hosts
+
+  def specific_primary!
+    self.specific_hosts = [ config.primary_host ]
+  end
+
+  def specific_roles=(role_names)
+    if role_names.present?
+      @specific_roles = Kamal::Utils.filter_specific_items(role_names, config.roles)
+
+      if @specific_roles.empty?
+        raise ArgumentError, "No --roles match for #{role_names.join(',')}"
+      end
+
+      @specific_roles
+    end
+  end
+
+  def specific_hosts=(hosts)
+    if hosts.present?
+      @specific_hosts = Kamal::Utils.filter_specific_items(hosts, config.all_hosts)
+
+      if @specific_hosts.empty?
+        raise ArgumentError, "No --hosts match for #{hosts.join(',')}"
+      end
+
+      @specific_hosts
+    end
+  end
+
+  def primary_host
+    # Given a list of specific roles, make an effort to match up with the primary_role
+    specific_hosts&.first || specific_roles&.detect { |role| role.name == config.primary_role }&.primary_host || specific_roles&.first&.primary_host || config.primary_host
+  end
+
+  def primary_role
+    roles_on(primary_host).first
+  end
+
+  def roles
+    (specific_roles || config.roles).select do |role|
+      ((specific_hosts || config.all_hosts) & role.hosts).any?
+    end
+  end
+
+  def hosts
+    (specific_hosts || config.all_hosts).select do |host|
+      (specific_roles || config.roles).flat_map(&:hosts).include?(host)
+    end
+  end
+
+  def roles_on(host)
+    roles.select { |role| role.hosts.include?(host.to_s) }.map(&:name)
+  end
+
+  def traefik_hosts
+    specific_hosts || config.traefik_hosts
+  end
+
+  def accessory_hosts
+    specific_hosts || config.accessories.flat_map(&:hosts)
+  end
+
+  def accessory_names
+    config.accessories&.collect(&:name) || []
+  end
+
+  def accessories_on(host)
+    config.accessories.select { |accessory| accessory.hosts.include?(host.to_s) }.map(&:name)
+  end
+
+
+  def app(role: nil)
+    Kamal::Commands::App.new(config, role: role)
+  end
+
+  def accessory(name)
+    Kamal::Commands::Accessory.new(config, name: name)
+  end
+
+  def auditor(**details)
+    Kamal::Commands::Auditor.new(config, **details)
+  end
+
+  def builder
+    @builder ||= Kamal::Commands::Builder.new(config)
+  end
+
+  def docker
+    @docker ||= Kamal::Commands::Docker.new(config)
+  end
+
+  def healthcheck
+    @healthcheck ||= Kamal::Commands::Healthcheck.new(config)
+  end
+
+  def hook
+    @hook ||= Kamal::Commands::Hook.new(config)
+  end
+
+  def lock
+    @lock ||= Kamal::Commands::Lock.new(config)
+  end
+
+  def prune
+    @prune ||= Kamal::Commands::Prune.new(config)
+  end
+
+  def registry
+    @registry ||= Kamal::Commands::Registry.new(config)
+  end
+
+  def server
+    @server ||= Kamal::Commands::Server.new(config)
+  end
+
+  def traefik
+    @traefik ||= Kamal::Commands::Traefik.new(config)
+  end
+
+
+  def with_verbosity(level)
+    old_level = self.verbosity
+
+    self.verbosity = level
+    SSHKit.config.output_verbosity = level
+
+    yield
+  ensure
+    self.verbosity = old_level
+    SSHKit.config.output_verbosity = old_level
+  end
+
+  def boot_strategy
+    if config.boot.limit.present?
+      { in: :groups, limit: config.boot.limit, wait: config.boot.wait }
+    else
+      {}
+    end
+  end
+
+  def holding_lock?
+    self.holding_lock
+  end
+
+  def hold_lock_on_error?
+    self.hold_lock_on_error
+  end
+
+  private
+    # Lazy setup of SSHKit
+    def configure_sshkit_with(config)
+      SSHKit::Backend::Netssh.pool.idle_timeout = config.sshkit.pool_idle_timeout
+      SSHKit::Backend::Netssh.configure do |sshkit|
+        sshkit.max_concurrent_starts = config.sshkit.max_concurrent_starts
+        sshkit.ssh_options = config.ssh.options
+      end
+      SSHKit.config.command_map[:docker] = "docker" # No need to use /usr/bin/env, just clogs up the logs
+      SSHKit.config.output_verbosity = verbosity
+    end
+end
--- a/lib/kamal/commands.rb
+++ b/lib/kamal/commands.rb
@@ -0,0 +1,2 @@
+module Kamal::Commands
+end
--- a/lib/kamal/commands/accessory.rb
+++ b/lib/kamal/commands/accessory.rb
@@ -1,6 +1,7 @@
-class Mrsk::Commands::Accessory < Mrsk::Commands::Base
+class Kamal::Commands::Accessory < Kamal::Commands::Base
  attr_reader :accessory_config
-  delegate :service_name, :image, :host, :port, :files, :directories, :env_args, :volume_args, :label_args, to: :accessory_config
+  delegate :service_name, :image, :hosts, :port, :files, :directories, :cmd,
+           :publish_args, :env_args, :volume_args, :label_args, :option_args, to: :accessory_config

  def initialize(config, name:)
    super(config)
@@ -12,12 +13,14 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
      "--name", service_name,
      "--detach",
      "--restart", "unless-stopped",
-      "--log-opt", "max-size=#{MAX_LOG_SIZE}",
-      "--publish", port,
+      *config.logging_args,
+      *publish_args,
      *env_args,
      *volume_args,
      *label_args,
-      image
+      *option_args,
+      image,
+      cmd
  end

  def start
@@ -73,7 +76,7 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
  end

  def run_over_ssh(command)
-    super command, host: host
+    super command, host: hosts.first
  end


@@ -83,14 +86,6 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
    end
  end

-  def make_directory_for(remote_file)
-    make_directory Pathname.new(remote_file).dirname.to_s
-  end
-
-  def make_directory(path)
-    [ :mkdir, "-p", path ]
-  end
-
  def remove_service_directory
    [ :rm, "-rf", service_name ]
  end
@@ -100,7 +95,15 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
  end

  def remove_image
-    docker :image, :prune, "--all", "--force", *service_filter
+    docker :image, :rm, "--force", image
+  end
+
+  def make_env_directory
+    make_directory accessory_config.host_env_directory
+  end
+
+  def remove_env_file
+    [:rm, "-f", accessory_config.host_env_file_path]
  end

  private
--- a/lib/kamal/commands/app.rb
+++ b/lib/kamal/commands/app.rb
@@ -0,0 +1,102 @@
+class Kamal::Commands::App < Kamal::Commands::Base
+  include Assets, Containers, Cord, Execution, Images, Logging
+
+  ACTIVE_DOCKER_STATUSES = [ :running, :restarting ]
+
+  attr_reader :role, :role_config
+
+  def initialize(config, role: nil)
+    super(config)
+    @role = role
+    @role_config = config.role(self.role)
+  end
+
+  def run(hostname: nil)
+    docker :run,
+      "--detach",
+      "--restart unless-stopped",
+      "--name", container_name,
+      *(["--hostname", hostname] if hostname),
+      "-e", "KAMAL_CONTAINER_NAME=\"#{container_name}\"",
+      "-e", "KAMAL_VERSION=\"#{config.version}\"",
+      *role_config.env_args,
+      *role_config.health_check_args,
+      *config.logging_args,
+      *config.volume_args,
+      *role_config.asset_volume_args,
+      *role_config.label_args,
+      *role_config.option_args,
+      config.absolute_image,
+      role_config.cmd
+  end
+
+  def start
+    docker :start, container_name
+  end
+
+  def status(version:)
+    pipe container_id_for_version(version), xargs(docker(:inspect, "--format", DOCKER_HEALTH_STATUS_FORMAT))
+  end
+
+  def stop(version: nil)
+    pipe \
+      version ? container_id_for_version(version) : current_running_container_id,
+      xargs(config.stop_wait_time ? docker(:stop, "-t", config.stop_wait_time) : docker(:stop))
+  end
+
+  def info
+    docker :ps, *filter_args
+  end
+
+
+  def current_running_container_id
+    docker :ps, "--quiet", *filter_args(statuses: ACTIVE_DOCKER_STATUSES), "--latest"
+  end
+
+  def container_id_for_version(version, only_running: false)
+    container_id_for(container_name: container_name(version), only_running: only_running)
+  end
+
+  def current_running_version
+    list_versions("--latest", statuses: ACTIVE_DOCKER_STATUSES)
+  end
+
+  def list_versions(*docker_args, statuses: nil)
+    pipe \
+      docker(:ps, *filter_args(statuses: statuses), *docker_args, "--format", '"{{.Names}}"'),
+      %(while read line; do echo ${line##{role_config.container_prefix}-}; done) # Extract SHA from "service-role-dest-SHA"
+  end
+
+
+  def make_env_directory
+    make_directory role_config.host_env_directory
+  end
+
+  def remove_env_file
+    [ :rm, "-f", role_config.host_env_file_path ]
+  end
+
+
+  private
+    def container_name(version = nil)
+      [ role_config.container_prefix, version || config.version ].compact.join("-")
+    end
+
+    def filter_args(statuses: nil)
+      argumentize "--filter", filters(statuses: statuses)
+    end
+
+    def service_role_dest
+      [ config.service, role, config.destination ].compact.join("-")
+    end
+
+    def filters(statuses: nil)
+      [ "label=service=#{config.service}" ].tap do |filters|
+        filters << "label=destination=#{config.destination}" if config.destination
+        filters << "label=role=#{role}" if role
+        statuses&.each do |status|
+          filters << "status=#{status}"
+        end
+      end
+    end
+end
--- a/lib/kamal/commands/app/assets.rb
+++ b/lib/kamal/commands/app/assets.rb
@@ -0,0 +1,51 @@
+module Kamal::Commands::App::Assets
+  def extract_assets
+    asset_container = "#{role_config.container_prefix}-assets"
+
+    combine \
+      make_directory(role_config.asset_extracted_path),
+      [*docker(:stop, "-t 1", asset_container, "2> /dev/null"), "|| true"],
+      docker(:run, "--name", asset_container, "--detach", "--rm", config.latest_image, "sleep 1000000"),
+      docker(:cp, "-L", "#{asset_container}:#{role_config.asset_path}/.", role_config.asset_extracted_path),
+      docker(:stop, "-t 1", asset_container),
+      by: "&&"
+  end
+
+  def sync_asset_volumes(old_version: nil)
+    new_extracted_path, new_volume_path = role_config.asset_extracted_path(config.version), role_config.asset_volume.host_path
+    if old_version.present?
+      old_extracted_path, old_volume_path = role_config.asset_extracted_path(old_version), role_config.asset_volume(old_version).host_path
+    end
+
+    commands = [make_directory(new_volume_path), copy_contents(new_extracted_path, new_volume_path)]
+
+    if old_version.present?
+      commands << copy_contents(new_extracted_path, old_volume_path, continue_on_error: true)
+      commands << copy_contents(old_extracted_path, new_volume_path, continue_on_error: true)
+    end
+
+    chain *commands
+  end
+
+  def clean_up_assets
+    chain \
+      find_and_remove_older_siblings(role_config.asset_extracted_path),
+      find_and_remove_older_siblings(role_config.asset_volume_path)
+  end
+
+  private
+    def find_and_remove_older_siblings(path)
+      [
+        :find,
+        Pathname.new(path).dirname.to_s,
+        "-maxdepth 1",
+        "-name", "'#{role_config.container_prefix}-*'",
+        "!", "-name", Pathname.new(path).basename.to_s,
+        "-exec rm -rf \"{}\" +"
+      ]
+    end
+
+    def copy_contents(source, destination, continue_on_error: false)
+      [ :cp, "-rnT", "#{source}", destination, *("|| true" if continue_on_error)]
+    end
+end
--- a/lib/kamal/commands/app/containers.rb
+++ b/lib/kamal/commands/app/containers.rb
@@ -0,0 +1,23 @@
+module Kamal::Commands::App::Containers
+  def list_containers
+    docker :container, :ls, "--all", *filter_args
+  end
+
+  def list_container_names
+    [ *list_containers, "--format", "'{{ .Names }}'" ]
+  end
+
+  def remove_container(version:)
+    pipe \
+      container_id_for(container_name: container_name(version)),
+      xargs(docker(:container, :rm))
+  end
+
+  def rename_container(version:, new_version:)
+    docker :rename, container_name(version), container_name(new_version)
+  end
+
+  def remove_containers
+    docker :container, :prune, "--force", *filter_args
+  end
+end
--- a/lib/kamal/commands/app/cord.rb
+++ b/lib/kamal/commands/app/cord.rb
@@ -0,0 +1,22 @@
+module Kamal::Commands::App::Cord
+  def cord(version:)
+    pipe \
+      docker(:inspect, "-f '{{ range .Mounts }}{{printf \"%s %s\\n\" .Source .Destination}}{{ end }}'", container_name(version)),
+      [:awk, "'$2 == \"#{role_config.cord_volume.container_path}\" {print $1}'"]
+  end
+
+  def tie_cord(cord)
+    create_empty_file(cord)
+  end
+
+  def cut_cord(cord)
+    remove_directory(cord)
+  end
+  
+  private    
+    def create_empty_file(file)
+      chain \
+        make_directory_for(file),
+        [:touch, file]
+    end
+end
--- a/lib/kamal/commands/app/execution.rb
+++ b/lib/kamal/commands/app/execution.rb
@@ -0,0 +1,27 @@
+module Kamal::Commands::App::Execution
+  def execute_in_existing_container(*command, interactive: false)
+    docker :exec,
+      ("-it" if interactive),
+      container_name,
+      *command
+  end
+
+  def execute_in_new_container(*command, interactive: false)
+    docker :run,
+      ("-it" if interactive),
+      "--rm",
+      *role_config&.env_args,
+      *config.volume_args,
+      *role_config&.option_args,
+      config.absolute_image,
+      *command
+  end
+
+  def execute_in_existing_container_over_ssh(*command, host:)
+    run_over_ssh execute_in_existing_container(*command, interactive: true), host: host
+  end
+
+  def execute_in_new_container_over_ssh(*command, host:)
+    run_over_ssh execute_in_new_container(*command, interactive: true), host: host
+  end
+end
--- a/lib/kamal/commands/app/images.rb
+++ b/lib/kamal/commands/app/images.rb
@@ -0,0 +1,13 @@
+module Kamal::Commands::App::Images
+  def list_images
+    docker :image, :ls, config.repository
+  end
+
+  def remove_images
+    docker :image, :prune, "--all", "--force", *filter_args
+  end
+
+  def tag_current_image_as_latest
+    docker :tag, config.absolute_image, config.latest_image
+  end
+end
--- a/lib/kamal/commands/app/logging.rb
+++ b/lib/kamal/commands/app/logging.rb
@@ -0,0 +1,18 @@
+module Kamal::Commands::App::Logging
+  def logs(since: nil, lines: nil, grep: nil)
+    pipe \
+      current_running_container_id,
+      "xargs docker logs#{" --since #{since}" if since}#{" --tail #{lines}" if lines} 2>&1",
+      ("grep '#{grep}'" if grep)
+  end
+
+  def follow_logs(host:, grep: nil)
+    run_over_ssh \
+      pipe(
+        current_running_container_id,
+        "xargs docker logs --timestamps --tail 10 --follow 2>&1",
+        (%(grep "#{grep}") if grep)
+      ),
+      host: host
+  end
+end
--- a/lib/kamal/commands/auditor.rb
+++ b/lib/kamal/commands/auditor.rb
@@ -0,0 +1,30 @@
+class Kamal::Commands::Auditor < Kamal::Commands::Base
+  attr_reader :details
+
+  def initialize(config, **details)
+    super(config)
+    @details = details
+  end
+
+  # Runs remotely
+  def record(line, **details)
+    append \
+      [ :echo, audit_tags(**details).except(:version, :service_version).to_s, line ],
+      audit_log_file
+  end
+
+  def reveal
+    [ :tail, "-n", 50, audit_log_file ]
+  end
+
+  private
+    def audit_log_file
+      file = [ config.service, config.destination, "audit.log" ].compact.join("-")
+
+      "#{config.run_directory}/#{file}"
+    end
+
+    def audit_tags(**details)
+      tags(**self.details, **details)
+    end
+end
--- a/lib/kamal/commands/base.rb
+++ b/lib/kamal/commands/base.rb
@@ -0,0 +1,77 @@
+module Kamal::Commands
+  class Base
+    delegate :sensitive, :argumentize, to: Kamal::Utils
+
+    DOCKER_HEALTH_STATUS_FORMAT = "'{{if .State.Health}}{{.State.Health.Status}}{{else}}{{.State.Status}}{{end}}'"
+    DOCKER_HEALTH_LOG_FORMAT    = "'{{json .State.Health}}'"
+
+    attr_accessor :config
+
+    def initialize(config)
+      @config = config
+    end
+
+    def run_over_ssh(*command, host:)
+      "ssh".tap do |cmd|
+        if config.ssh.proxy && config.ssh.proxy.is_a?(Net::SSH::Proxy::Jump)
+          cmd << " -J #{config.ssh.proxy.jump_proxies}"
+        elsif config.ssh.proxy && config.ssh.proxy.is_a?(Net::SSH::Proxy::Command)
+          cmd << " -o ProxyCommand='#{config.ssh.proxy.command_line_template}'"
+        end
+        cmd << " -t #{config.ssh.user}@#{host} -p #{config.ssh.port} '#{command.join(" ")}'"
+      end
+    end
+
+    def container_id_for(container_name:, only_running: false)
+      docker :container, :ls, *("--all" unless only_running), "--filter", "name=^#{container_name}$", "--quiet"
+    end
+
+    def make_directory_for(remote_file)
+      make_directory Pathname.new(remote_file).dirname.to_s
+    end
+
+    def make_directory(path)
+      [ :mkdir, "-p", path ]
+    end
+
+    def remove_directory(path)
+      [ :rm, "-r", path ]
+    end
+
+    private
+      def combine(*commands, by: "&&")
+        commands
+          .compact
+          .collect { |command| Array(command) + [ by ] }.flatten # Join commands
+          .tap     { |commands| commands.pop } # Remove trailing combiner
+      end
+
+      def chain(*commands)
+        combine *commands, by: ";"
+      end
+
+      def pipe(*commands)
+        combine *commands, by: "|"
+      end
+
+      def append(*commands)
+        combine *commands, by: ">>"
+      end
+
+      def write(*commands)
+        combine *commands, by: ">"
+      end
+
+      def xargs(command)
+        [ :xargs, command ].flatten
+      end
+
+      def docker(*args)
+        args.compact.unshift :docker
+      end
+
+      def tags(**details)
+        Kamal::Tags.from_config(config, **details)
+      end
+  end
+end
--- a/lib/kamal/commands/builder.rb
+++ b/lib/kamal/commands/builder.rb
@@ -0,0 +1,64 @@
+require "active_support/core_ext/string/filters"
+
+class Kamal::Commands::Builder < Kamal::Commands::Base
+  delegate :create, :remove, :push, :clean, :pull, :info, :validate_image, to: :target
+
+  def name
+    target.class.to_s.remove("Kamal::Commands::Builder::").underscore.inquiry
+  end
+
+  def target
+    case
+    when !config.builder.multiarch? && !config.builder.cached?
+      native
+    when !config.builder.multiarch? && config.builder.cached?
+      native_cached
+    when config.builder.local? && config.builder.remote?
+      multiarch_remote
+    when config.builder.remote?
+      native_remote
+    else
+      multiarch
+    end
+  end
+
+  def native
+    @native ||= Kamal::Commands::Builder::Native.new(config)
+  end
+
+  def native_cached
+    @native ||= Kamal::Commands::Builder::Native::Cached.new(config)
+  end
+
+  def native_remote
+    @native ||= Kamal::Commands::Builder::Native::Remote.new(config)
+  end
+
+  def multiarch
+    @multiarch ||= Kamal::Commands::Builder::Multiarch.new(config)
+  end
+
+  def multiarch_remote
+    @multiarch_remote ||= Kamal::Commands::Builder::Multiarch::Remote.new(config)
+  end
+
+
+  def ensure_local_dependencies_installed
+    if name.native?
+      ensure_local_docker_installed
+    else
+      combine \
+        ensure_local_docker_installed,
+        ensure_local_buildx_installed
+    end
+  end
+
+  private
+    def ensure_local_docker_installed
+      docker "--version"
+    end
+
+    def ensure_local_buildx_installed
+      docker :buildx, "version"
+    end
+end
--- a/lib/kamal/commands/builder/base.rb
+++ b/lib/kamal/commands/builder/base.rb
@@ -0,0 +1,66 @@
+
+class Kamal::Commands::Builder::Base < Kamal::Commands::Base
+  class BuilderError < StandardError; end
+
+  delegate :argumentize, to: Kamal::Utils
+  delegate :args, :secrets, :dockerfile, :local_arch, :local_host, :remote_arch, :remote_host, :cache_from, :cache_to, to: :builder_config
+
+  def clean
+    docker :image, :rm, "--force", config.absolute_image
+  end
+
+  def pull
+    docker :pull, config.absolute_image
+  end
+
+  def build_options
+    [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile ]
+  end
+
+  def build_context
+    config.builder.context
+  end
+
+  def validate_image
+    pipe \
+      docker(:inspect, "-f", "'{{ .Config.Labels.service }}'", config.absolute_image),
+      [:grep, "-x", config.service, "||", "(echo \"Image #{config.absolute_image} is missing the `service` label\" && exit 1)"]
+  end
+
+
+  private
+    def build_tags
+      [ "-t", config.absolute_image, "-t", config.latest_image ]
+    end
+
+    def build_cache
+      if cache_to && cache_from
+        ["--cache-to", cache_to,
+          "--cache-from", cache_from]
+      end
+    end
+
+    def build_labels
+      argumentize "--label", { service: config.service }
+    end
+
+    def build_args
+      argumentize "--build-arg", args, sensitive: true
+    end
+
+    def build_secrets
+      argumentize "--secret", secrets.collect { |secret| [ "id", secret ] }
+    end
+
+    def build_dockerfile
+      if Pathname.new(File.expand_path(dockerfile)).exist?
+        argumentize "--file", dockerfile
+      else
+        raise BuilderError, "Missing #{dockerfile}"
+      end
+    end
+
+    def builder_config
+      config.builder
+    end
+end
--- a/lib/kamal/commands/builder/multiarch.rb
+++ b/lib/kamal/commands/builder/multiarch.rb
@@ -1,4 +1,4 @@
-class Mrsk::Commands::Builder::Multiarch < Mrsk::Commands::Builder::Base
+class Kamal::Commands::Builder::Multiarch < Kamal::Commands::Builder::Base
  def create
    docker :buildx, :create, "--use", "--name", builder_name
  end
@@ -10,10 +10,10 @@ class Mrsk::Commands::Builder::Multiarch < Mrsk::Commands::Builder::Base
  def push
    docker :buildx, :build,
      "--push",
-      "--platform", "linux/amd64,linux/arm64",
+      "--platform", platform_names,
      "--builder", builder_name,
      *build_options,
-      "."
+      build_context
  end

  def info
@@ -24,6 +24,14 @@ class Mrsk::Commands::Builder::Multiarch < Mrsk::Commands::Builder::Base

  private
    def builder_name
-      "mrsk-#{config.service}-multiarch"
+      "kamal-#{config.service}-multiarch"
+    end
+
+    def platform_names
+      if local_arch
+        "linux/#{local_arch}"
+      else
+        "linux/amd64,linux/arm64"
+      end
    end
 end
--- a/lib/kamal/commands/builder/multiarch/remote.rb
+++ b/lib/kamal/commands/builder/multiarch/remote.rb
@@ -1,4 +1,4 @@
-class Mrsk::Commands::Builder::Multiarch::Remote < Mrsk::Commands::Builder::Multiarch
+class Kamal::Commands::Builder::Multiarch::Remote < Kamal::Commands::Builder::Multiarch
  def create
    combine \
      create_contexts,
@@ -22,17 +22,17 @@ class Mrsk::Commands::Builder::Multiarch::Remote < Mrsk::Commands::Builder::Mult
    end

    def create_local_buildx
-      docker :buildx, :create, "--name", builder_name, builder_name_with_arch(local["arch"]), "--platform", "linux/#{local["arch"]}"
+      docker :buildx, :create, "--name", builder_name, builder_name_with_arch(local_arch), "--platform", "linux/#{local_arch}"
    end

    def append_remote_buildx
-      docker :buildx, :create, "--append", "--name", builder_name, builder_name_with_arch(remote["arch"]), "--platform", "linux/#{remote["arch"]}"
+      docker :buildx, :create, "--append", "--name", builder_name, builder_name_with_arch(remote_arch), "--platform", "linux/#{remote_arch}"
    end

    def create_contexts
      combine \
-        create_context(local["arch"], local["host"]),
-        create_context(remote["arch"], remote["host"])
+        create_context(local_arch, local_host),
+        create_context(remote_arch, remote_host)
    end

    def create_context(arch, host)
@@ -41,19 +41,11 @@ class Mrsk::Commands::Builder::Multiarch::Remote < Mrsk::Commands::Builder::Mult

    def remove_contexts
      combine \
-        remove_context(local["arch"]),
-        remove_context(remote["arch"])
+        remove_context(local_arch),
+        remove_context(remote_arch)
    end

    def remove_context(arch)
      docker :context, :rm, builder_name_with_arch(arch)
    end
-
-    def local
-      config.builder["local"]
-    end
-
-    def remote
-      config.builder["remote"]
-    end
 end
--- a/lib/kamal/commands/builder/native.rb
+++ b/lib/kamal/commands/builder/native.rb
@@ -0,0 +1,20 @@
+class Kamal::Commands::Builder::Native < Kamal::Commands::Builder::Base
+  def create
+    # No-op on native without cache
+  end
+
+  def remove
+    # No-op on native without cache
+  end
+
+  def push
+    combine \
+      docker(:build, *build_options, build_context),
+      docker(:push, config.absolute_image),
+      docker(:push, config.latest_image)
+  end
+
+  def info
+    # No-op on native
+  end
+end
--- a/lib/kamal/commands/builder/native/cached.rb
+++ b/lib/kamal/commands/builder/native/cached.rb
@@ -0,0 +1,16 @@
+class Kamal::Commands::Builder::Native::Cached < Kamal::Commands::Builder::Native
+  def create
+    docker :buildx, :create, "--use", "--driver=docker-container"
+  end
+
+  def remove
+    docker :buildx, :rm, builder_name
+  end
+
+  def push
+    docker :buildx, :build,
+      "--push",
+      *build_options,
+      build_context
+  end
+end
--- a/lib/kamal/commands/builder/native/remote.rb
+++ b/lib/kamal/commands/builder/native/remote.rb
@@ -1,4 +1,4 @@
-class Mrsk::Commands::Builder::Native::Remote < Mrsk::Commands::Builder::Native
+class Kamal::Commands::Builder::Native::Remote < Kamal::Commands::Builder::Native
  def create
    chain \
      create_context,
@@ -17,7 +17,7 @@ class Mrsk::Commands::Builder::Native::Remote < Mrsk::Commands::Builder::Native
      "--platform", platform,
      "--builder", builder_name,
      *build_options,
-      "."
+      build_context
  end

  def info
@@ -28,29 +28,21 @@ class Mrsk::Commands::Builder::Native::Remote < Mrsk::Commands::Builder::Native


  private
-    def arch
-      config.builder["remote"]["arch"]
-    end
-
-    def host
-      config.builder["remote"]["host"]
-    end
-
    def builder_name
-      "mrsk-#{config.service}-native-remote"
+      "kamal-#{config.service}-native-remote"
    end

    def builder_name_with_arch
-      "#{builder_name}-#{arch}"
+      "#{builder_name}-#{remote_arch}"
    end

    def platform
-      "linux/#{arch}"
+      "linux/#{remote_arch}"
    end

    def create_context
      docker :context, :create,
-        builder_name_with_arch, "--description", "'#{builder_name} #{arch} native host'", "--docker", "'host=#{host}'"
+        builder_name_with_arch, "--description", "'#{builder_name} #{remote_arch} native host'", "--docker", "'host=#{remote_host}'"
    end

    def remove_context
--- a/lib/kamal/commands/docker.rb
+++ b/lib/kamal/commands/docker.rb
@@ -0,0 +1,21 @@
+class Kamal::Commands::Docker < Kamal::Commands::Base
+  # Install Docker using the https://github.com/docker/docker-install convenience script.
+  def install
+    pipe [ :curl, "-fsSL", "https://get.docker.com" ], :sh
+  end
+
+  # Checks the Docker client version. Fails if Docker is not installed.
+  def installed?
+    docker "-v"
+  end
+
+  # Checks the Docker server version. Fails if Docker is not running.
+  def running?
+    docker :version
+  end
+
+  # Do we have superuser access to install Docker and start system services?
+  def superuser?
+    [ '[ "${EUID:-$(id -u)}" -eq 0 ] || command -v sudo >/dev/null || command -v su >/dev/null' ]
+  end
+end
--- a/lib/kamal/commands/healthcheck.rb
+++ b/lib/kamal/commands/healthcheck.rb
@@ -0,0 +1,60 @@
+class Kamal::Commands::Healthcheck < Kamal::Commands::Base
+
+  def run
+    primary = config.role(config.primary_role)
+
+    docker :run,
+      "--detach",
+      "--name", container_name_with_version,
+      "--publish", "#{exposed_port}:#{config.healthcheck["port"]}",
+      "--label", "service=#{config.healthcheck_service}",
+      "-e", "KAMAL_CONTAINER_NAME=\"#{config.healthcheck_service}\"",
+      *primary.env_args,
+      *primary.health_check_args(cord: false),
+      *config.volume_args,
+      *primary.option_args,
+      config.absolute_image,
+      primary.cmd
+  end
+
+  def status
+    pipe container_id, xargs(docker(:inspect, "--format", DOCKER_HEALTH_STATUS_FORMAT))
+  end
+
+  def container_health_log
+    pipe container_id, xargs(docker(:inspect, "--format", DOCKER_HEALTH_LOG_FORMAT))
+  end
+
+  def logs
+    pipe container_id, xargs(docker(:logs, "--tail", log_lines, "2>&1"))
+  end
+
+  def stop
+    pipe container_id, xargs(docker(:stop))
+  end
+
+  def remove
+    pipe container_id, xargs(docker(:container, :rm))
+  end
+
+  private
+    def container_name_with_version
+      "#{config.healthcheck_service}-#{config.version}"
+    end
+
+    def container_id
+      container_id_for(container_name: container_name_with_version)
+    end
+
+    def health_url
+      "http://localhost:#{exposed_port}#{config.healthcheck["path"]}"
+    end
+
+    def exposed_port
+      config.healthcheck["exposed_port"]
+    end
+
+    def log_lines
+      config.healthcheck["log_lines"]
+    end
+end
--- a/lib/kamal/commands/hook.rb
+++ b/lib/kamal/commands/hook.rb
@@ -0,0 +1,14 @@
+class Kamal::Commands::Hook < Kamal::Commands::Base
+  def run(hook, **details)
+    [ hook_file(hook), env: tags(**details).env ]
+  end
+
+  def hook_exists?(hook)
+    Pathname.new(hook_file(hook)).exist?
+  end
+
+  private
+    def hook_file(hook)
+      "#{config.hooks_path}/#{hook}"
+    end
+end
--- a/lib/kamal/commands/lock.rb
+++ b/lib/kamal/commands/lock.rb
@@ -0,0 +1,64 @@
+require "active_support/duration"
+require "time"
+require "base64"
+
+class Kamal::Commands::Lock < Kamal::Commands::Base
+  def acquire(message, version)
+    combine \
+      [:mkdir, lock_dir],
+      write_lock_details(message, version)
+  end
+
+  def release
+    combine \
+      [:rm, lock_details_file],
+      [:rm, "-r", lock_dir]
+  end
+
+  def status
+    combine \
+      stat_lock_dir,
+      read_lock_details
+  end
+
+  private
+    def write_lock_details(message, version)
+      write \
+        [:echo, "\"#{Base64.encode64(lock_details(message, version))}\""],
+        lock_details_file
+    end
+
+    def read_lock_details
+      pipe \
+        [:cat, lock_details_file],
+        [:base64, "-d"]
+    end
+
+    def stat_lock_dir
+      write \
+        [:stat, lock_dir],
+        "/dev/null"
+    end
+
+    def lock_dir
+      "#{config.run_directory}/lock-#{config.service}"
+    end
+
+    def lock_details_file
+      [lock_dir, :details].join("/")
+    end
+
+    def lock_details(message, version)
+      <<~DETAILS.strip
+        Locked by: #{locked_by} at #{Time.now.utc.iso8601}
+        Version: #{version}
+        Message: #{message}
+      DETAILS
+    end
+
+    def locked_by
+      Kamal::Git.user_name
+    rescue Errno::ENOENT
+      "Unknown"
+    end
+end
--- a/lib/kamal/commands/prune.rb
+++ b/lib/kamal/commands/prune.rb
@@ -0,0 +1,46 @@
+require "active_support/duration"
+require "active_support/core_ext/numeric/time"
+
+class Kamal::Commands::Prune < Kamal::Commands::Base
+  def dangling_images
+    docker :image, :prune, "--force", "--filter", "label=service=#{config.service}"
+  end
+
+  def tagged_images
+    pipe \
+      docker(:image, :ls, *service_filter, "--format", "'{{.ID}} {{.Repository}}:{{.Tag}}'"),
+      "grep -v -w \"#{active_image_list}\"",
+      "while read image tag; do docker rmi $tag; done"
+  end
+
+  def app_containers(keep_last: 5)
+    pipe \
+      docker(:ps, "-q", "-a", *service_filter, *stopped_containers_filters),
+      "tail -n +#{keep_last + 1}",
+      "while read container_id; do docker rm $container_id; done"
+  end
+
+  def healthcheck_containers
+    docker :container, :prune, "--force", *healthcheck_service_filter
+  end
+
+  private
+    def stopped_containers_filters
+      [ "created", "exited", "dead" ].flat_map { |status| ["--filter", "status=#{status}"] }
+    end
+
+    def active_image_list
+      # Pull the images that are used by any containers
+      # Append repo:latest - to avoid deleting the latest tag
+      # Append repo:<none> - to avoid deleting dangling images that are in use. Unused dangling images are deleted separately
+      "$(docker container ls -a --format '{{.Image}}\\|' --filter label=service=#{config.service} | tr -d '\\n')#{config.latest_image}\\|#{config.repository}:<none>"
+    end
+
+    def service_filter
+      [ "--filter", "label=service=#{config.service}" ]
+    end
+
+    def healthcheck_service_filter
+      [ "--filter", "label=service=#{config.healthcheck_service}" ]
+    end
+  end
--- a/lib/kamal/commands/registry.rb
+++ b/lib/kamal/commands/registry.rb
@@ -0,0 +1,20 @@
+class Kamal::Commands::Registry < Kamal::Commands::Base
+  delegate :registry, to: :config
+
+  def login
+    docker :login, registry["server"], "-u", sensitive(lookup("username")), "-p", sensitive(lookup("password"))
+  end
+
+  def logout
+    docker :logout, registry["server"]
+  end
+
+  private
+    def lookup(key)
+      if registry[key].is_a?(Array)
+        ENV.fetch(registry[key].first).dup
+      else
+        registry[key]
+      end
+    end
+end
--- a/lib/kamal/commands/server.rb
+++ b/lib/kamal/commands/server.rb
@@ -0,0 +1,5 @@
+class Kamal::Commands::Server < Kamal::Commands::Base
+  def ensure_run_directory
+    [:mkdir, "-p", config.run_directory]
+  end
+end
--- a/lib/kamal/commands/traefik.rb
+++ b/lib/kamal/commands/traefik.rb
@@ -0,0 +1,130 @@
+class Kamal::Commands::Traefik < Kamal::Commands::Base
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  DEFAULT_IMAGE = "traefik:v2.9"
+  CONTAINER_PORT = 80
+  DEFAULT_ARGS = {
+    'log.level' => 'DEBUG'
+  }
+  DEFAULT_LABELS = {
+    # These ensure we serve a 502 rather than a 404 if no containers are available
+    "traefik.http.routers.catchall.entryPoints" => "http",
+    "traefik.http.routers.catchall.rule" => "PathPrefix(`/`)",
+    "traefik.http.routers.catchall.service" => "unavailable",
+    "traefik.http.routers.catchall.priority" => 1,
+    "traefik.http.services.unavailable.loadbalancer.server.port" => "0"
+  }
+
+  def run
+    docker :run, "--name traefik",
+      "--detach",
+      "--restart", "unless-stopped",
+      *publish_args,
+      "--volume", "/var/run/docker.sock:/var/run/docker.sock",
+      *env_args,
+      *config.logging_args,
+      *label_args,
+      *docker_options_args,
+      image,
+      "--providers.docker",
+      *cmd_option_args
+  end
+
+  def start
+    docker :container, :start, "traefik"
+  end
+
+  def stop
+    docker :container, :stop, "traefik"
+  end
+
+  def start_or_run
+    combine start, run, by: "||"
+  end
+
+  def info
+    docker :ps, "--filter", "name=^traefik$"
+  end
+
+  def logs(since: nil, lines: nil, grep: nil)
+    pipe \
+      docker(:logs, "traefik", (" --since #{since}" if since), (" --tail #{lines}" if lines), "--timestamps", "2>&1"),
+      ("grep '#{grep}'" if grep)
+  end
+
+  def follow_logs(host:, grep: nil)
+    run_over_ssh pipe(
+      docker(:logs, "traefik", "--timestamps", "--tail", "10", "--follow", "2>&1"),
+      (%(grep "#{grep}") if grep)
+    ).join(" "), host: host
+  end
+
+  def remove_container
+    docker :container, :prune, "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
+  end
+
+  def remove_image
+    docker :image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
+  end
+
+  def port
+    "#{host_port}:#{CONTAINER_PORT}"
+  end
+
+  def env_file
+    Kamal::EnvFile.new(config.traefik.fetch("env", {}))
+  end
+
+  def host_env_file_path
+    File.join host_env_directory, "traefik.env"
+  end
+
+  def make_env_directory
+    make_directory(host_env_directory)
+  end
+
+  def remove_env_file
+    [:rm, "-f", host_env_file_path]
+  end
+
+  private
+    def publish_args
+      argumentize "--publish", port unless config.traefik["publish"] == false
+    end
+
+    def label_args
+      argumentize "--label", labels
+    end
+
+    def env_args
+      argumentize "--env-file", host_env_file_path
+    end
+
+    def host_env_directory
+      File.join config.host_env_directory, "traefik"
+    end
+
+    def labels
+      DEFAULT_LABELS.merge(config.traefik["labels"] || {})
+    end
+
+    def image
+      config.traefik.fetch("image") { DEFAULT_IMAGE }
+    end
+
+    def docker_options_args
+      optionize(config.traefik["options"] || {})
+    end
+
+    def cmd_option_args
+      if args = config.traefik["args"]
+        optionize DEFAULT_ARGS.merge(args), with: "="
+      else
+        optionize DEFAULT_ARGS, with: "="
+      end
+    end
+
+    def host_port
+      config.traefik["host_port"] || CONTAINER_PORT
+    end
+end
--- a/lib/kamal/configuration.rb
+++ b/lib/kamal/configuration.rb
@@ -0,0 +1,307 @@
+require "active_support/ordered_options"
+require "active_support/core_ext/string/inquiry"
+require "active_support/core_ext/module/delegation"
+require "pathname"
+require "erb"
+require "net/ssh/proxy/jump"
+
+class Kamal::Configuration
+  delegate :service, :image, :servers, :env, :labels, :registry, :stop_wait_time, :hooks_path, to: :raw_config, allow_nil: true
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  attr_reader :destination, :raw_config
+
+  class << self
+    def create_from(config_file:, destination: nil, version: nil)
+      raw_config = load_config_files(config_file, *destination_config_file(config_file, destination))
+
+      new raw_config, destination: destination, version: version
+    end
+
+    private
+      def load_config_files(*files)
+        files.inject({}) { |config, file| config.deep_merge! load_config_file(file) }
+      end
+
+      def load_config_file(file)
+        if file.exist?
+          # Newer Psych doesn't load aliases by default
+          load_method = YAML.respond_to?(:unsafe_load) ? :unsafe_load : :load
+          YAML.send(load_method, ERB.new(IO.read(file)).result).symbolize_keys
+        else
+          raise "Configuration file not found in #{file}"
+        end
+      end
+
+      def destination_config_file(base_config_file, destination)
+        base_config_file.sub_ext(".#{destination}.yml") if destination
+      end
+  end
+
+  def initialize(raw_config, destination: nil, version: nil, validate: true)
+    @raw_config = ActiveSupport::InheritableOptions.new(raw_config)
+    @destination = destination
+    @declared_version = version
+    valid? if validate
+  end
+
+
+  def version=(version)
+    @declared_version = version
+  end
+
+  def version
+    @declared_version.presence || ENV["VERSION"] || git_version
+  end
+
+  def abbreviated_version
+    if version
+      # Don't abbreviate <sha>_uncommitted_<etc>
+      if version.include?("_")
+        version
+      else
+        version[0...7]
+      end
+    end
+  end
+
+  def minimum_version
+    raw_config.minimum_version
+  end
+
+
+  def roles
+    @roles ||= role_names.collect { |role_name| Role.new(role_name, config: self) }
+  end
+
+  def role(name)
+    roles.detect { |r| r.name == name.to_s }
+  end
+
+  def accessories
+    @accessories ||= raw_config.accessories&.keys&.collect { |name| Kamal::Configuration::Accessory.new(name, config: self) } || []
+  end
+
+  def accessory(name)
+    accessories.detect { |a| a.name == name.to_s }
+  end
+
+
+  def all_hosts
+    roles.flat_map(&:hosts).uniq
+  end
+
+  def primary_host
+    role(primary_role)&.primary_host
+  end
+
+  def traefik_roles
+    roles.select(&:running_traefik?)
+  end
+
+  def traefik_role_names
+    traefik_roles.flat_map(&:name)
+  end
+
+  def traefik_hosts
+    traefik_roles.flat_map(&:hosts).uniq
+  end
+
+  def repository
+    [ raw_config.registry["server"], image ].compact.join("/")
+  end
+
+  def absolute_image
+    "#{repository}:#{version}"
+  end
+
+  def latest_image
+    "#{repository}:latest"
+  end
+
+  def service_with_version
+    "#{service}-#{version}"
+  end
+
+  def require_destination?
+    raw_config.require_destination
+  end
+
+
+  def volume_args
+    if raw_config.volumes.present?
+      argumentize "--volume", raw_config.volumes
+    else
+      []
+    end
+  end
+
+  def logging_args
+    if raw_config.logging.present?
+      optionize({ "log-driver" => raw_config.logging["driver"] }.compact) +
+        argumentize("--log-opt", raw_config.logging["options"])
+    else
+      argumentize("--log-opt", { "max-size" => "10m" })
+    end
+  end
+
+
+  def boot
+    Kamal::Configuration::Boot.new(config: self)
+  end
+
+  def builder
+    Kamal::Configuration::Builder.new(config: self)
+  end
+
+  def traefik
+    raw_config.traefik || {}
+  end
+
+  def ssh
+    Kamal::Configuration::Ssh.new(config: self)
+  end
+
+  def sshkit
+    Kamal::Configuration::Sshkit.new(config: self)
+  end
+
+
+  def healthcheck
+    { "path" => "/up", "port" => 3000, "max_attempts" => 7, "exposed_port" => 3999, "cord" => "/tmp/kamal-cord", "log_lines" => 50 }.merge(raw_config.healthcheck || {})
+  end
+
+  def healthcheck_service
+    [ "healthcheck", service, destination ].compact.join("-")
+  end
+
+  def readiness_delay
+    raw_config.readiness_delay || 7
+  end
+
+  def run_id
+    @run_id ||= SecureRandom.hex(16)
+  end
+
+
+  def run_directory
+    raw_config.run_directory || ".kamal"
+  end
+
+  def run_directory_as_docker_volume
+    if Pathname.new(run_directory).absolute?
+      run_directory
+    else
+      File.join "$(pwd)", run_directory
+    end
+  end
+
+  def hooks_path
+    raw_config.hooks_path || ".kamal/hooks"
+  end
+
+  def host_env_directory
+    "#{run_directory}/env"
+  end
+
+  def asset_path
+    raw_config.asset_path
+  end
+
+  def primary_role
+    raw_config.primary_role || "web"
+  end
+
+  def allow_empty_roles?
+    raw_config.allow_empty_roles
+  end
+
+
+  def valid?
+    ensure_destination_if_required && ensure_required_keys_present && ensure_valid_kamal_version
+  end
+
+  def to_h
+    {
+      roles: role_names,
+      hosts: all_hosts,
+      primary_host: primary_host,
+      version: version,
+      repository: repository,
+      absolute_image: absolute_image,
+      service_with_version: service_with_version,
+      volume_args: volume_args,
+      ssh_options: ssh.to_h,
+      sshkit: sshkit.to_h,
+      builder: builder.to_h,
+      accessories: raw_config.accessories,
+      logging: logging_args,
+      healthcheck: healthcheck
+    }.compact
+  end
+
+
+  private
+    # Will raise ArgumentError if any required config keys are missing
+    def ensure_destination_if_required
+      if require_destination? && destination.nil?
+        raise ArgumentError, "You must specify a destination"
+      end
+
+      true
+    end
+
+    def ensure_required_keys_present
+      %i[ service image registry servers ].each do |key|
+        raise ArgumentError, "Missing required configuration for #{key}" unless raw_config[key].present?
+      end
+
+      if raw_config.registry["username"].blank?
+        raise ArgumentError, "You must specify a username for the registry in config/deploy.yml"
+      end
+
+      if raw_config.registry["password"].blank?
+        raise ArgumentError, "You must specify a password for the registry in config/deploy.yml (or set the ENV variable if that's used)"
+      end
+
+      unless role_names.include?(primary_role)
+        raise ArgumentError, "The primary_role #{primary_role} isn't defined"
+      end
+
+      if role(primary_role).hosts.empty?
+        raise ArgumentError, "No servers specified for the #{primary_role} primary_role"
+      end
+
+      unless allow_empty_roles?
+        roles.each do |role|
+          if role.hosts.empty?
+            raise ArgumentError, "No servers specified for the #{role.name} role. You can ignore this with allow_empty_roles: true"
+          end
+        end
+      end
+
+      true
+    end
+
+    def ensure_valid_kamal_version
+      if minimum_version && Gem::Version.new(minimum_version) > Gem::Version.new(Kamal::VERSION)
+        raise ArgumentError, "Current version is #{Kamal::VERSION}, minimum required is #{minimum_version}"
+      end
+
+      true
+    end
+
+
+    def role_names
+      raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
+    end
+
+    def git_version
+      @git_version ||=
+        if Kamal::Git.used?
+          [ Kamal::Git.revision, Kamal::Git.uncommitted_changes.present? ? "_uncommitted_#{SecureRandom.hex(8)}" : "" ].join
+        else
+          raise "Can't use commit hash as version, no git repository found in #{Dir.pwd}"
+        end
+    end
+end
--- a/lib/kamal/configuration/accessory.rb
+++ b/lib/kamal/configuration/accessory.rb
@@ -1,5 +1,5 @@
-class Mrsk::Configuration::Accessory
-  delegate :argumentize, :argumentize_env_with_secrets, to: Mrsk::Utils
+class Kamal::Configuration::Accessory
+  delegate :argumentize, :optionize, to: Kamal::Utils

  attr_accessor :name, :specifics

@@ -15,18 +15,24 @@ class Mrsk::Configuration::Accessory
    specifics["image"]
  end

-  def host
-    specifics["host"] || raise(ArgumentError, "Missing host for accessory")
+  def hosts
+    if (specifics.keys & ["host", "hosts", "roles"]).size != 1
+      raise ArgumentError, "Specify one of `host`, `hosts` or `roles` for accessory `#{name}`"
+    end
+
+    hosts_from_host || hosts_from_hosts || hosts_from_roles
  end

  def port
-    if specifics["port"].to_s.include?(":")
-      specifics["port"]
-    else
-      "#{specifics["port"]}:#{specifics["port"]}"
+    if port = specifics["port"]&.to_s
+      port.include?(":") ? port : "#{port}:#{port}"
    end
  end

+  def publish_args
+    argumentize "--publish", port if port
+  end
+
  def labels
    default_labels.merge(specifics["labels"] || {})
  end
@@ -39,8 +45,20 @@ class Mrsk::Configuration::Accessory
    specifics["env"] || {}
  end

+  def env_file
+    Kamal::EnvFile.new(env)
+  end
+
+  def host_env_directory
+    File.join config.host_env_directory, "accessories"
+  end
+
+  def host_env_file_path
+    File.join host_env_directory, "#{service_name}.env"
+  end
+
  def env_args
-    argumentize_env_with_secrets env
+    argumentize "--env-file", host_env_file_path
  end

  def files
@@ -52,8 +70,8 @@ class Mrsk::Configuration::Accessory

  def directories
    specifics["directories"]&.to_h do |host_to_container_mapping|
-      host_relative_path, container_path = host_to_container_mapping.split(":")
-      [ expand_host_path(host_relative_path), container_path ]
+      host_path, container_path = host_to_container_mapping.split(":")
+      [ expand_host_path(host_path), container_path ]
    end || {}
  end

@@ -65,6 +83,18 @@ class Mrsk::Configuration::Accessory
    argumentize "--volume", volumes
  end

+  def option_args
+    if args = specifics["options"]
+      optionize args
+    else
+      []
+    end
+  end
+
+  def cmd
+    specifics["cmd"]
+  end
+
  private
    attr_accessor :config

@@ -108,16 +138,48 @@ class Mrsk::Configuration::Accessory

    def remote_directories_as_volumes
      specifics["directories"]&.collect do |host_to_container_mapping|
-        host_relative_path, container_path = host_to_container_mapping.split(":")
-        [ expand_host_path(host_relative_path), container_path ].join(":")
+        host_path, container_path = host_to_container_mapping.split(":")
+        [ expand_host_path(host_path), container_path ].join(":")
      end || []
    end

-    def expand_host_path(host_relative_path)
-      "#{service_data_directory}/#{host_relative_path}"
+    def expand_host_path(host_path)
+      absolute_path?(host_path) ? host_path : "#{service_data_directory}/#{host_path}"
+    end
+
+    def absolute_path?(path)
+      Pathname.new(path).absolute?
    end

    def service_data_directory
      "$PWD/#{service_name}"
    end
+
+    def hosts_from_host
+      if specifics.key?("host")
+        host = specifics["host"]
+        if host
+          [host]
+        else
+          raise ArgumentError, "Missing host for accessory `#{name}`"
+        end
+      end
+    end
+
+    def hosts_from_hosts
+      if specifics.key?("hosts")
+        hosts = specifics["hosts"]
+        if hosts.is_a?(Array)
+          hosts
+        else
+          raise ArgumentError, "Hosts should be an Array for accessory `#{name}`"
+        end
+      end
+    end
+
+    def hosts_from_roles
+      if specifics.key?("roles")
+        specifics["roles"].flat_map { |role| config.role(role).hosts }
+      end
+    end
 end
--- a/lib/kamal/configuration/boot.rb
+++ b/lib/kamal/configuration/boot.rb
@@ -0,0 +1,20 @@
+class Kamal::Configuration::Boot
+  def initialize(config:)
+    @options = config.raw_config.boot || {}
+    @host_count = config.all_hosts.count
+  end
+
+  def limit
+    limit = @options["limit"]
+
+    if limit.to_s.end_with?("%")
+      @host_count * limit.to_i / 100
+    else
+      limit
+    end
+  end
+
+  def wait
+    @options["wait"]
+  end
+end
--- a/lib/kamal/configuration/builder.rb
+++ b/lib/kamal/configuration/builder.rb
@@ -0,0 +1,114 @@
+class Kamal::Configuration::Builder
+  def initialize(config:)
+    @options = config.raw_config.builder || {}
+    @image = config.image
+    @server = config.registry["server"]
+
+    valid?
+  end
+
+  def to_h
+    @options
+  end
+
+  def multiarch?
+    @options["multiarch"] != false
+  end
+
+  def local?
+    !!@options["local"]
+  end
+
+  def remote?
+    !!@options["remote"]
+  end
+
+  def cached?
+    !!@options["cache"]
+  end
+
+  def args
+    @options["args"] || {}
+  end
+
+  def secrets
+    @options["secrets"] || []
+  end
+
+  def dockerfile
+    @options["dockerfile"] || "Dockerfile"
+  end
+
+  def context
+    @options["context"] || "."
+  end
+
+  def local_arch
+    @options["local"]["arch"] if local?
+  end
+
+  def local_host
+    @options["local"]["host"] if local?
+  end
+
+  def remote_arch
+    @options["remote"]["arch"] if remote?
+  end
+
+  def remote_host
+    @options["remote"]["host"] if remote?
+  end
+
+  def cache_from
+    if cached?
+      case @options["cache"]["type"]
+      when "gha"
+        cache_from_config_for_gha
+      when "registry"
+        cache_from_config_for_registry
+      end
+    end
+  end
+
+  def cache_to
+    if cached?
+      case @options["cache"]["type"]
+      when "gha"
+        cache_to_config_for_gha
+      when "registry"
+        cache_to_config_for_registry
+      end
+    end
+  end
+
+  private
+    def valid?
+      if @options["cache"] && @options["cache"]["type"]
+        raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless ["gha", "registry"].include?(@options["cache"]["type"])
+      end
+    end
+
+    def cache_image
+      @options["cache"]&.fetch("image", nil) || "#{@image}-build-cache"
+    end
+
+    def cache_image_ref
+      [ @server, cache_image ].compact.join("/")
+    end
+
+    def cache_from_config_for_gha
+      "type=gha"
+    end
+
+    def cache_from_config_for_registry
+      [ "type=registry", "ref=#{cache_image_ref}" ].compact.join(",")
+    end
+
+    def cache_to_config_for_gha
+      [ "type=gha", @options["cache"]&.fetch("options", nil)].compact.join(",")
+    end
+
+    def cache_to_config_for_registry
+      [ "type=registry", @options["cache"]&.fetch("options", nil), "ref=#{cache_image_ref}" ].compact.join(",")
+    end
+end
--- a/lib/kamal/configuration/role.rb
+++ b/lib/kamal/configuration/role.rb
@@ -0,0 +1,257 @@
+class Kamal::Configuration::Role
+  CORD_FILE = "cord"
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  attr_accessor :name
+
+  def initialize(name, config:)
+   @name, @config = name.inquiry, config
+  end
+
+  def primary_host
+    hosts.first
+  end
+
+  def hosts
+    @hosts ||= extract_hosts_from_config
+  end
+
+  def cmd
+    specializations["cmd"]
+  end
+
+  def option_args
+    if args = specializations["options"]
+      optionize args
+    else
+      []
+    end
+  end
+
+  def labels
+    default_labels.merge(traefik_labels).merge(custom_labels)
+  end
+
+  def label_args
+    argumentize "--label", labels
+  end
+
+
+  def env
+    if config.env && config.env["secret"]
+      merged_env_with_secrets
+    else
+      merged_env
+    end
+  end
+
+  def env_file
+    Kamal::EnvFile.new(env)
+  end
+
+  def host_env_directory
+    File.join config.host_env_directory, "roles"
+  end
+
+  def host_env_file_path
+    File.join host_env_directory, "#{[config.service, name, config.destination].compact.join("-")}.env"
+  end
+
+  def env_args
+    argumentize "--env-file", host_env_file_path
+  end
+
+  def asset_volume_args
+    asset_volume&.docker_args
+  end
+
+
+  def health_check_args(cord: true)
+    if health_check_cmd.present?
+      if cord && uses_cord?
+        optionize({ "health-cmd" => health_check_cmd_with_cord, "health-interval" => health_check_interval })
+          .concat(cord_volume.docker_args)
+      else
+        optionize({ "health-cmd" => health_check_cmd, "health-interval" => health_check_interval })
+      end
+    else
+      []
+    end
+  end
+
+  def health_check_cmd
+    health_check_options["cmd"] || http_health_check(port: health_check_options["port"], path: health_check_options["path"])
+  end
+
+  def health_check_cmd_with_cord
+    "(#{health_check_cmd}) && (stat #{cord_container_file} > /dev/null || exit 1)"
+  end
+
+  def health_check_interval
+    health_check_options["interval"] || "1s"
+  end
+
+
+  def running_traefik?
+    if specializations["traefik"].nil?
+      primary?
+    else
+      specializations["traefik"]
+    end
+  end
+
+  def primary?
+    @config.primary_role == name
+  end
+
+
+  def uses_cord?
+    running_traefik? && cord_volume && health_check_cmd.present?
+  end
+
+  def cord_host_directory
+    File.join config.run_directory_as_docker_volume, "cords", [container_prefix, config.run_id].join("-")
+  end
+
+  def cord_volume
+    if (cord = health_check_options["cord"])
+      @cord_volume ||= Kamal::Configuration::Volume.new \
+        host_path: File.join(config.run_directory, "cords", [container_prefix, config.run_id].join("-")),
+        container_path: cord
+    end
+  end
+
+  def cord_host_file
+    File.join cord_volume.host_path, CORD_FILE
+  end
+
+  def cord_container_directory
+    health_check_options.fetch("cord", nil)
+  end
+
+  def cord_container_file
+    File.join cord_volume.container_path, CORD_FILE
+  end
+
+
+  def container_name(version = nil)
+    [ container_prefix, version || config.version ].compact.join("-")
+  end
+
+  def container_prefix
+    [ config.service, name, config.destination ].compact.join("-")
+  end
+
+
+  def asset_path
+    specializations["asset_path"] || config.asset_path
+  end
+
+  def assets?
+    asset_path.present? && running_traefik?
+  end
+
+  def asset_volume(version = nil)
+    if assets?
+      Kamal::Configuration::Volume.new \
+        host_path: asset_volume_path(version), container_path: asset_path
+    end
+  end
+
+  def asset_extracted_path(version = nil)
+    File.join config.run_directory, "assets", "extracted", container_name(version)
+  end
+
+  def asset_volume_path(version = nil)
+    File.join config.run_directory, "assets", "volumes", container_name(version)
+  end
+
+  private
+    attr_accessor :config
+
+    def extract_hosts_from_config
+      if config.servers.is_a?(Array)
+        config.servers
+      else
+        servers = config.servers[name]
+        servers.is_a?(Array) ? servers : Array(servers["hosts"])
+      end
+    end
+
+    def default_labels
+      if config.destination
+        { "service" => config.service, "role" => name, "destination" => config.destination }
+      else
+        { "service" => config.service, "role" => name }
+      end
+    end
+
+    def traefik_labels
+      if running_traefik?
+        {
+          # Setting a service property ensures that the generated service name will be consistent between versions
+          "traefik.http.services.#{traefik_service}.loadbalancer.server.scheme" => "http",
+
+          "traefik.http.routers.#{traefik_service}.rule" => "PathPrefix(`/`)",
+          "traefik.http.routers.#{traefik_service}.priority" => "2",
+          "traefik.http.middlewares.#{traefik_service}-retry.retry.attempts" => "5",
+          "traefik.http.middlewares.#{traefik_service}-retry.retry.initialinterval" => "500ms",
+          "traefik.http.routers.#{traefik_service}.middlewares" => "#{traefik_service}-retry@docker"
+        }
+      else
+        {}
+      end
+    end
+
+    def traefik_service
+      [ config.service, name, config.destination ].compact.join("-")
+    end
+
+    def custom_labels
+      Hash.new.tap do |labels|
+        labels.merge!(config.labels) if config.labels.present?
+        labels.merge!(specializations["labels"]) if specializations["labels"].present?
+      end
+    end
+
+    def specializations
+      if config.servers.is_a?(Array) || config.servers[name].is_a?(Array)
+        { }
+      else
+        config.servers[name].except("hosts")
+      end
+    end
+
+    def specialized_env
+      specializations["env"] || {}
+    end
+
+    def merged_env
+      config.env&.merge(specialized_env) || {}
+    end
+
+    # Secrets are stored in an array, which won't merge by default, so have to do it by hand.
+    def merged_env_with_secrets
+      merged_env.tap do |new_env|
+        new_env["secret"] = Array(config.env["secret"]) + Array(specialized_env["secret"])
+
+        # If there's no secret/clear split, everything is clear
+        clear_app_env  = config.env["secret"] ? Array(config.env["clear"]) : Array(config.env["clear"] || config.env)
+        clear_role_env = specialized_env["secret"] ? Array(specialized_env["clear"]) : Array(specialized_env["clear"] || specialized_env)
+
+        new_env["clear"] = clear_app_env.to_h.merge(clear_role_env.to_h)
+      end
+    end
+
+    def http_health_check(port:, path:)
+      "curl -f #{URI.join("http://localhost:#{port}", path)} || exit 1" if path.present? || port.present?
+    end
+
+    def health_check_options
+      @health_check_options ||= begin
+        options = specializations["healthcheck"] || {}
+        options = config.healthcheck.merge(options) if running_traefik?
+        options
+      end
+    end
+end
--- a/lib/kamal/configuration/ssh.rb
+++ b/lib/kamal/configuration/ssh.rb
@@ -0,0 +1,42 @@
+class Kamal::Configuration::Ssh
+  LOGGER = ::Logger.new(STDERR)
+
+  def initialize(config:)
+    @config = config.raw_config.ssh || {}
+  end
+
+  def user
+    config.fetch("user", "root")
+  end
+
+  def port
+    config.fetch("port", 22)
+  end
+
+  def proxy
+    if (proxy = config["proxy"])
+      Net::SSH::Proxy::Jump.new(proxy.include?("@") ? proxy : "root@#{proxy}")
+    elsif (proxy_command = config["proxy_command"])
+      Net::SSH::Proxy::Command.new(proxy_command)
+    end
+  end
+
+  def options
+    { user: user, port: port, proxy: proxy, logger: logger, keepalive: true, keepalive_interval: 30 }.compact
+  end
+
+  def to_h
+    options.except(:logger).merge(log_level: log_level)
+  end
+
+  private
+    attr_accessor :config
+
+    def logger
+      LOGGER.tap { |logger| logger.level = log_level }
+    end
+
+    def log_level
+      config.fetch("log_level", :fatal)
+    end
+end
--- a/lib/kamal/configuration/sshkit.rb
+++ b/lib/kamal/configuration/sshkit.rb
@@ -0,0 +1,20 @@
+class Kamal::Configuration::Sshkit
+  def initialize(config:)
+    @options = config.raw_config.sshkit || {}
+  end
+
+  def max_concurrent_starts
+    options.fetch("max_concurrent_starts", 30)
+  end
+
+  def pool_idle_timeout
+    options.fetch("pool_idle_timeout", 900)
+  end
+
+  def to_h
+    options
+  end
+
+  private
+    attr_accessor :options
+end
--- a/lib/kamal/configuration/volume.rb
+++ b/lib/kamal/configuration/volume.rb
@@ -0,0 +1,22 @@
+class Kamal::Configuration::Volume
+  attr_reader :host_path, :container_path
+  delegate :argumentize, to: Kamal::Utils
+
+  def initialize(host_path:, container_path:)
+    @host_path = host_path
+    @container_path = container_path
+  end
+
+  def docker_args
+    argumentize "--volume", "#{host_path_for_docker_volume}:#{container_path}"
+  end
+
+  private
+    def host_path_for_docker_volume
+      if Pathname.new(host_path).absolute?
+        host_path
+      else
+        File.join "$(pwd)", host_path
+      end
+    end
+end
--- a/lib/kamal/env_file.rb
+++ b/lib/kamal/env_file.rb
@@ -0,0 +1,41 @@
+# Encode an env hash as a string where secret values have been looked up and all values escaped for Docker.
+class Kamal::EnvFile
+  def initialize(env)
+    @env = env
+  end
+  
+  def to_s
+    env_file = StringIO.new.tap do |contents|
+      if (secrets = @env["secret"]).present?
+        @env.fetch("secret", @env)&.each do |key|
+          contents << docker_env_file_line(key, ENV.fetch(key))
+        end
+
+        @env["clear"]&.each do |key, value|
+          contents << docker_env_file_line(key, value)
+        end
+      else
+        @env.fetch("clear", @env)&.each do |key, value|
+          contents << docker_env_file_line(key, value)
+        end
+      end
+    end.string
+
+    # Ensure the file has some contents to avoid the SSHKIT empty file warning
+    env_file.presence || "\n"
+  end
+
+  alias to_str to_s
+  
+  private
+    def docker_env_file_line(key, value)
+      "#{key.to_s}=#{escape_docker_env_file_value(value)}\n"
+    end
+
+    # Escape a value to make it safe to dump in a docker file.
+    def escape_docker_env_file_value(value)
+      # Doublequotes are treated literally in docker env files
+      # so remove leading and trailing ones and unescape any others
+      value.to_s.dump[1..-2].gsub(/\\"/, "\"")
+    end
+end
--- a/lib/kamal/git.rb
+++ b/lib/kamal/git.rb
@@ -0,0 +1,19 @@
+module Kamal::Git
+  extend self
+
+  def used?
+    system("git rev-parse")
+  end
+
+  def user_name
+    `git config user.name`.strip
+  end
+
+  def revision
+    `git rev-parse HEAD`.strip
+  end
+
+  def uncommitted_changes
+    `git status --porcelain`.strip
+  end
+end
--- a/lib/kamal/sshkit_with_ext.rb
+++ b/lib/kamal/sshkit_with_ext.rb
@@ -0,0 +1,104 @@
+require "sshkit"
+require "sshkit/dsl"
+require "active_support/core_ext/hash/deep_merge"
+require "json"
+
+class SSHKit::Backend::Abstract
+  def capture_with_info(*args, **kwargs)
+    capture(*args, **kwargs, verbosity: Logger::INFO)
+  end
+
+  def capture_with_debug(*args, **kwargs)
+    capture(*args, **kwargs, verbosity: Logger::DEBUG)
+  end
+
+  def capture_with_pretty_json(*args, **kwargs)
+    JSON.pretty_generate(JSON.parse(capture(*args, **kwargs)))
+  end
+
+  def puts_by_host(host, output, type: "App")
+    puts "#{type} Host: #{host}\n#{output}\n\n"
+  end
+
+  # Our execution pattern is for the CLI execute args lists returned
+  # from commands, but this doesn't support returning execution options
+  # from the command.
+  #
+  # Support this by using kwargs for CLI options and merging with the
+  # args-extracted options.
+  module CommandEnvMerge
+    private
+
+    # Override to merge options returned by commands in the args list with
+    # options passed by the CLI and pass them along as kwargs.
+    def command(args, options)
+      more_options, args = args.partition { |a| a.is_a? Hash }
+      more_options << options
+
+      build_command(args, **more_options.reduce(:deep_merge))
+    end
+
+    # Destructure options to pluck out env for merge
+    def build_command(args, env: nil, **options)
+      # Rely on native Ruby kwargs precedence rather than explicit Hash merges
+      SSHKit::Command.new(*args, **default_command_options, **options, env: env_for(env))
+    end
+
+    def default_command_options
+      { in: pwd_path, host: @host, user: @user, group: @group }
+    end
+
+    def env_for(env)
+      @env.to_h.merge(env.to_h)
+    end
+  end
+  prepend CommandEnvMerge
+end
+
+class SSHKit::Backend::Netssh::Configuration
+  attr_accessor :max_concurrent_starts
+end
+
+class SSHKit::Backend::Netssh
+  module LimitConcurrentStartsClass
+    attr_reader :start_semaphore
+
+    def configure(&block)
+      super &block
+      # Create this here to avoid lazy creation by multiple threads
+      if config.max_concurrent_starts
+        @start_semaphore = Concurrent::Semaphore.new(config.max_concurrent_starts)
+      end
+    end
+  end
+
+  class << self
+    prepend LimitConcurrentStartsClass
+  end
+
+  module LimitConcurrentStartsInstance
+    private
+      def with_ssh(&block)
+        host.ssh_options = self.class.config.ssh_options.merge(host.ssh_options || {})
+        self.class.pool.with(
+          method(:start_with_concurrency_limit),
+          String(host.hostname),
+          host.username,
+          host.netssh_options,
+          &block
+        )
+      end
+
+      def start_with_concurrency_limit(*args)
+        if self.class.start_semaphore
+          self.class.start_semaphore.acquire do
+            Net::SSH.start(*args)
+          end
+        else
+          Net::SSH.start(*args)
+        end
+      end
+  end
+
+  prepend LimitConcurrentStartsInstance
+end
--- a/lib/kamal/tags.rb
+++ b/lib/kamal/tags.rb
@@ -0,0 +1,39 @@
+require "time"
+
+class Kamal::Tags
+  attr_reader :config, :tags
+
+  class << self
+    def from_config(config, **extra)
+      new(**default_tags(config), **extra)
+    end
+
+    def default_tags(config)
+      { recorded_at: Time.now.utc.iso8601,
+        performer: `whoami`.chomp,
+        destination: config.destination,
+        version: config.version,
+        service_version: service_version(config) }
+    end
+
+    def service_version(config)
+      [ config.service, config.abbreviated_version ].compact.join("@")
+    end
+  end
+
+  def initialize(**tags)
+    @tags = tags.compact
+  end
+
+  def env
+    tags.transform_keys { |detail| "KAMAL_#{detail.upcase}" }
+  end
+
+  def to_s
+    tags.values.map { |value| "[#{value}]" }.join(" ")
+  end
+
+  def except(*tags)
+    self.class.new(**self.tags.except(*tags))
+  end
+end
--- a/lib/kamal/utils.rb
+++ b/lib/kamal/utils.rb
@@ -0,0 +1,77 @@
+module Kamal::Utils
+  extend self
+
+  DOLLAR_SIGN_WITHOUT_SHELL_EXPANSION_REGEX = /\$(?!{[^\}]*\})/
+
+  # Return a list of escaped shell arguments using the same named argument against the passed attributes (hash or array).
+  def argumentize(argument, attributes, sensitive: false)
+    Array(attributes).flat_map do |key, value|
+      if value.present?
+        attr = "#{key}=#{escape_shell_value(value)}"
+        attr = self.sensitive(attr, redaction: "#{key}=[REDACTED]") if sensitive
+        [ argument, attr]
+      else
+        [ argument, key ]
+      end
+    end
+  end
+
+  # Returns a list of shell-dashed option arguments. If the value is true, it's treated like a value-less option.
+  def optionize(args, with: nil)
+    options = if with
+      flatten_args(args).collect { |(key, value)| value == true ? "--#{key}" : "--#{key}#{with}#{escape_shell_value(value)}" }
+    else
+      flatten_args(args).collect { |(key, value)| [ "--#{key}", value == true ? nil : escape_shell_value(value) ] }
+    end
+
+    options.flatten.compact
+  end
+
+  # Flattens a one-to-many structure into an array of two-element arrays each containing a key-value pair
+  def flatten_args(args)
+    args.flat_map { |key, value| value.try(:map) { |entry| [key, entry] } || [ [ key, value ] ] }
+  end
+
+  # Marks sensitive values for redaction in logs and human-visible output.
+  # Pass `redaction:` to change the default `"[REDACTED]"` redaction, e.g.
+  # `sensitive "#{arg}=#{secret}", redaction: "#{arg}=xxxx"
+  def sensitive(...)
+    Kamal::Utils::Sensitive.new(...)
+  end
+
+  def redacted(value)
+    case
+    when value.respond_to?(:redaction)
+      value.redaction
+    when value.respond_to?(:transform_values)
+      value.transform_values { |value| redacted value }
+    when value.respond_to?(:map)
+      value.map { |element| redacted element }
+    else
+      value
+    end
+  end
+
+  # Escape a value to make it safe for shell use.
+  def escape_shell_value(value)
+    value.to_s.dump
+      .gsub(/`/, '\\\\`')
+      .gsub(DOLLAR_SIGN_WITHOUT_SHELL_EXPANSION_REGEX, '\$')
+  end
+
+  # Apply a list of host or role filters, including wildcard matches
+  def filter_specific_items(filters, items)
+    matches = []
+
+    Array(filters).select do |filter|
+      matches += Array(items).select do |item|
+        # Only allow * for a wildcard
+        pattern = Regexp.escape(filter).gsub('\*', '.*')
+        # items are roles or hosts
+        (item.respond_to?(:name) ? item.name : item).match(/^#{pattern}$/)
+      end
+    end
+
+    matches
+  end
+end
--- a/lib/kamal/utils/sensitive.rb
+++ b/lib/kamal/utils/sensitive.rb
@@ -0,0 +1,20 @@
+require "active_support/core_ext/module/delegation"
+require "sshkit"
+
+class Kamal::Utils::Sensitive
+  # So SSHKit knows to redact these values.
+  include SSHKit::Redaction
+
+  attr_reader :unredacted, :redaction
+  delegate :to_s, to: :unredacted
+  delegate :inspect, to: :redaction
+
+  def initialize(value, redaction: "[REDACTED]")
+    @unredacted, @redaction = value, redaction
+  end
+
+  # Sensitive values won't leak into YAML output.
+  def encode_with(coder)
+    coder.represent_scalar nil, redaction
+  end
+end
--- a/lib/kamal/version.rb
+++ b/lib/kamal/version.rb
@@ -0,0 +1,3 @@
+module Kamal
+  VERSION = "1.3.1"
+end
--- a/lib/mrsk/cli.rb
+++ b/lib/mrsk/cli.rb
@@ -1,5 +0,0 @@
-module Mrsk::Cli
-end
-
-# SSHKit uses instance eval, so we need a global const for ergonomics
-MRSK = Mrsk::Commander.new
--- a/lib/mrsk/cli/app.rb
+++ b/lib/mrsk/cli/app.rb
@@ -1,211 +0,0 @@
-class Mrsk::Cli::App < Mrsk::Cli::Base
-  desc "boot", "Boot app on servers (or reboot app if already running)"
-  def boot
-    say "Get most recent version available as an image...", :magenta unless options[:version]
-    using_version(options[:version] || most_recent_version_available) do |version|
-      say "Start container with version #{version} (or reboot if already running)...", :magenta
-
-      cli = self
-      
-      MRSK.config.roles.each do |role|
-        on(role.hosts) do |host|
-          execute *MRSK.auditor.record("Booted app version #{version}"), verbosity: :debug
-
-          begin
-            old_version = capture_with_info(*MRSK.app.current_running_version).strip
-            execute *MRSK.app.run(role: role.name)
-
-            cli.say "Waiting #{MRSK.config.readiness_delay}s for app to boot...", :magenta
-            sleep MRSK.config.readiness_delay
-
-            execute *MRSK.app.stop(version: old_version), raise_on_non_zero_exit: false if old_version.present?
-
-          rescue SSHKit::Command::Failed => e
-            if e.message =~ /already in use/
-              error "Rebooting container with same version #{version} already deployed on #{host} (may cause gap in zero-downtime promise!)"
-              execute *MRSK.auditor.record("Rebooted app version #{version}"), verbosity: :debug
-
-              execute *MRSK.app.stop(version: version)
-              execute *MRSK.app.remove_container(version: version)
-              execute *MRSK.app.run(role: role.name)
-            else
-              raise
-            end
-          end
-        end
-      end
-    end
-  end
-
-  desc "start", "Start existing app container on servers"
-  def start
-    on(MRSK.hosts) do
-      execute *MRSK.auditor.record("Started app version #{MRSK.version}"), verbosity: :debug
-      execute *MRSK.app.start, raise_on_non_zero_exit: false
-    end
-  end
-
-  desc "stop", "Stop app container on servers"
-  def stop
-    on(MRSK.hosts) do
-      execute *MRSK.auditor.record("Stopped app"), verbosity: :debug
-      execute *MRSK.app.stop, raise_on_non_zero_exit: false
-    end
-  end
-
-  # FIXME: Drop in favor of just containers?
-  desc "details", "Show details about app containers"
-  def details
-    on(MRSK.hosts) { |host| puts_by_host host, capture_with_info(*MRSK.app.info) }
-  end
-
-  desc "exec [CMD]", "Execute a custom command on servers (use --help to show options)"
-  option :interactive, aliases: "-i", type: :boolean, default: false, desc: "Execute command over ssh for an interactive shell (use for console/bash)"
-  option :reuse, type: :boolean, default: false, desc: "Reuse currently running container instead of starting a new one"
-  def exec(cmd)
-    case
-    when options[:interactive] && options[:reuse]
-      say "Get current version of running container...", :magenta unless options[:version]
-      using_version(options[:version] || current_running_version) do |version|
-        say "Launching interactive command with version #{version} via SSH from existing container on #{MRSK.primary_host}...", :magenta
-        run_locally { exec MRSK.app.execute_in_existing_container_over_ssh(cmd, host: MRSK.primary_host) }
-      end
-
-    when options[:interactive]
-      say "Get most recent version available as an image...", :magenta unless options[:version]
-      using_version(options[:version] || most_recent_version_available) do |version|
-        say "Launching interactive command with version #{version} via SSH from new container on #{MRSK.primary_host}...", :magenta
-        run_locally { exec MRSK.app.execute_in_new_container_over_ssh(cmd, host: MRSK.primary_host) }
-      end
-
-    when options[:reuse]
-      say "Get current version of running container...", :magenta unless options[:version]
-      using_version(options[:version] || current_running_version) do |version|
-        say "Launching command with version #{version} from existing container...", :magenta
-
-        on(MRSK.hosts) do |host|
-          execute *MRSK.auditor.record("Executed cmd '#{cmd}' on app version #{version}"), verbosity: :debug
-          puts_by_host host, capture_with_info(*MRSK.app.execute_in_existing_container(cmd))
-        end
-      end
-
-    else
-      say "Get most recent version available as an image...", :magenta unless options[:version]
-      using_version(options[:version] || most_recent_version_available) do |version|
-        say "Launching command with version #{version} from new container...", :magenta
-        on(MRSK.hosts) do |host|
-          execute *MRSK.auditor.record("Executed cmd '#{cmd}' on app version #{version}"), verbosity: :debug
-          puts_by_host host, capture_with_info(*MRSK.app.execute_in_new_container(cmd))
-        end
-      end
-    end
-  end
-
-  desc "containers", "Show app containers on servers"
-  def containers
-    on(MRSK.hosts) { |host| puts_by_host host, capture_with_info(*MRSK.app.list_containers) }
-  end
-
-  desc "images", "Show app images on servers"
-  def images
-    on(MRSK.hosts) { |host| puts_by_host host, capture_with_info(*MRSK.app.list_images) }
-  end
-
-  desc "logs", "Show log lines from app on servers (use --help to show options)"
-  option :since, aliases: "-s", desc: "Show lines since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
-  option :lines, type: :numeric, aliases: "-n", desc: "Number of lines to show from each server"
-  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
-  option :follow, aliases: "-f", desc: "Follow log on primary server (or specific host set by --hosts)"
-  def logs
-    # FIXME: Catch when app containers aren't running
-
-    grep = options[:grep]
-
-    if options[:follow]
-      run_locally do
-        info "Following logs on #{MRSK.primary_host}..."
-        info MRSK.app.follow_logs(host: MRSK.primary_host, grep: grep)
-        exec MRSK.app.follow_logs(host: MRSK.primary_host, grep: grep)
-      end
-    else
-      since = options[:since]
-      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
-
-      on(MRSK.hosts) do |host|
-        begin
-          puts_by_host host, capture_with_info(*MRSK.app.logs(since: since, lines: lines, grep: grep))
-        rescue SSHKit::Command::Failed
-          puts_by_host host, "Nothing found"
-        end
-      end
-    end
-  end
-
-  desc "remove", "Remove app containers and images from servers"
-  def remove
-    stop
-    remove_containers
-    remove_images
-  end
-
-  desc "remove_container [VERSION]", "Remove app container with given version from servers", hide: true
-  def remove_container(version)
-    on(MRSK.hosts) do
-      execute *MRSK.auditor.record("Removed app container with version #{version}"), verbosity: :debug
-      execute *MRSK.app.remove_container(version: version)
-    end
-  end
-
-  desc "remove_containers", "Remove all app containers from servers", hide: true
-  def remove_containers
-    on(MRSK.hosts) do
-      execute *MRSK.auditor.record("Removed all app containers"), verbosity: :debug
-      execute *MRSK.app.remove_containers
-    end
-  end
-
-  desc "remove_images", "Remove all app images from servers", hide: true
-  def remove_images
-    on(MRSK.hosts) do
-      execute *MRSK.auditor.record("Removed all app images"), verbosity: :debug
-      execute *MRSK.app.remove_images
-    end
-  end
-
-  desc "version", "Show app version currently running on servers"
-  def version
-    on(MRSK.hosts) { |host| puts_by_host host, capture_with_info(*MRSK.app.current_running_version).strip }
-  end
-
-  private
-    def using_version(new_version)
-      if new_version
-        begin
-          old_version = MRSK.config.version
-          MRSK.config.version = new_version
-          yield new_version
-        ensure
-          MRSK.config.version = old_version
-        end
-      else
-        yield MRSK.config.version
-      end
-    end
-
-    def most_recent_version_available(host: MRSK.primary_host)
-      version = nil
-      on(host) { version = capture_with_info(*MRSK.app.most_recent_version_from_available_images).strip }
-      
-      if version == "<none>"
-        raise "Most recent image available was not tagged with a version (returned <none>)"
-      else
-        version.presence
-      end
-    end
-
-    def current_running_version(host: MRSK.primary_host)
-      version = nil
-      on(host) { version = capture_with_info(*MRSK.app.current_running_version).strip }
-      version.presence
-    end
-end
--- a/lib/mrsk/cli/base.rb
+++ b/lib/mrsk/cli/base.rb
@@ -1,74 +0,0 @@
-require "thor"
-require "dotenv"
-require "mrsk/sshkit_with_ext"
-
-module Mrsk::Cli
-  class Base < Thor
-    include SSHKit::DSL
-
-    def self.exit_on_failure?() true end
-
-    class_option :verbose, type: :boolean, aliases: "-v", desc: "Detailed logging"
-    class_option :quiet, type: :boolean, aliases: "-q", desc: "Minimal logging"
-
-    class_option :version, desc: "Run commands against a specific app version"
-
-    class_option :primary, type: :boolean, aliases: "-p", desc: "Run commands only on primary host instead of all"
-    class_option :hosts, aliases: "-h", desc: "Run commands on these hosts instead of all (separate by comma)"
-    class_option :roles, aliases: "-r", desc: "Run commands on these roles instead of all (separate by comma)"
-
-    class_option :config_file, aliases: "-c", default: "config/deploy.yml", desc: "Path to config file"
-    class_option :destination, aliases: "-d", desc: "Specify destination to be used for config file (staging -> deploy.staging.yml)"
-
-    class_option :skip_broadcast, aliases: "-B", type: :boolean, default: false, desc: "Skip audit broadcasts"
-
-    def initialize(*)
-      super
-      load_envs
-      initialize_commander(options)
-    end
-
-    private
-      def load_envs
-        if destination = options[:destination]
-          Dotenv.load(".env.#{destination}", ".env")
-        else
-          Dotenv.load(".env")
-        end
-      end
-
-      def initialize_commander(options)
-        MRSK.tap do |commander|
-          commander.config_file = Pathname.new(File.expand_path(options[:config_file]))
-          commander.destination = options[:destination]
-          commander.version     = options[:version]
-
-          commander.specific_hosts    = options[:hosts]&.split(",")
-          commander.specific_roles    = options[:roles]&.split(",")
-          commander.specific_primary! if options[:primary]
-
-          if options[:verbose]
-            ENV["VERBOSE"] = "1" # For backtraces via cli/start
-            commander.verbosity = :debug
-          end
-
-          if options[:quiet]
-            commander.verbosity = :error
-          end
-        end
-      end
-
-      def print_runtime
-        started_at = Time.now
-        yield
-        return Time.now - started_at
-      ensure
-        runtime = Time.now - started_at
-        puts "  Finished all in #{sprintf("%.1f seconds", runtime)}"
-      end
-
-      def audit_broadcast(line)
-        run_locally { execute *MRSK.auditor.broadcast(line), verbosity: :debug }
-      end
-  end
-end
--- a/lib/mrsk/cli/build.rb
+++ b/lib/mrsk/cli/build.rb
@@ -1,70 +0,0 @@
-class Mrsk::Cli::Build < Mrsk::Cli::Base
-  desc "deliver", "Build app and push app image to registry then pull image on servers"
-  def deliver
-    push
-    pull
-  end
-
-  desc "push", "Build and push app image to registry"
-  def push
-    cli = self
-
-    run_locally do
-      begin
-        MRSK.with_verbosity(:debug) { execute *MRSK.builder.push }
-      rescue SSHKit::Command::Failed => e
-        if e.message =~ /(no builder)|(no such file or directory)/
-          error "Missing compatible builder, so creating a new one first"
-
-          if cli.create
-            MRSK.with_verbosity(:debug) { execute *MRSK.builder.push }
-          end
-        else
-          raise
-        end
-      end
-    end
-  end
-
-  desc "pull", "Pull app image from registry onto servers"
-  def pull
-    on(MRSK.hosts) do
-      execute *MRSK.auditor.record("Pulled image with version #{MRSK.version}"), verbosity: :debug
-      execute *MRSK.builder.clean, raise_on_non_zero_exit: false
-      execute *MRSK.builder.pull
-    end
-  end
-
-  desc "create", "Create a build setup"
-  def create
-    run_locally do
-      begin
-        debug "Using builder: #{MRSK.builder.name}"
-        execute *MRSK.builder.create
-      rescue SSHKit::Command::Failed => e
-        if e.message =~ /stderr=(.*)/
-          error "Couldn't create remote builder: #{$1}"
-          false
-        else
-          raise
-        end
-      end
-    end
-  end
-
-  desc "remove", "Remove build setup"
-  def remove
-    run_locally do
-      debug "Using builder: #{MRSK.builder.name}"
-      execute *MRSK.builder.remove
-    end
-  end
-
-  desc "details", "Show build setup"
-  def details
-    run_locally do
-      puts "Builder: #{MRSK.builder.name}"
-      puts capture(*MRSK.builder.info)
-    end
-  end
-end
--- a/lib/mrsk/cli/healthcheck.rb
+++ b/lib/mrsk/cli/healthcheck.rb
@@ -1,50 +0,0 @@
-class Mrsk::Cli::Healthcheck < Mrsk::Cli::Base
-  MAX_ATTEMPTS = 7
-
-  class HealthcheckError < StandardError; end
-
-  default_command :perform
-
-  desc "perform", "Health check current app version"
-  def perform
-    on(MRSK.primary_host) do
-      begin
-        execute *MRSK.healthcheck.run
-
-        target = "Health check against #{MRSK.config.healthcheck["path"]}"
-        attempt = 1
-
-        begin
-          status = capture_with_info(*MRSK.healthcheck.curl)
-
-          if status == "200"
-            info "#{target} succeeded with 200 OK!"
-          else
-            raise HealthcheckError, "#{target} failed with status #{status}"
-          end
-        rescue SSHKit::Command::Failed
-          if attempt <= MAX_ATTEMPTS
-            info "#{target} failed to respond, retrying in #{attempt}s..."
-            sleep attempt
-            attempt += 1
-
-            retry
-          else
-            raise
-          end
-        end
-      rescue SSHKit::Command::Failed, HealthcheckError => e
-        error capture_with_info(*MRSK.healthcheck.logs)
-
-        if e.message =~ /curl/
-          raise SSHKit::Command::Failed, "#{target} failed to return 200 OK!"
-        else
-          raise
-        end
-      ensure
-        execute *MRSK.healthcheck.stop, raise_on_non_zero_exit: false
-        execute *MRSK.healthcheck.remove, raise_on_non_zero_exit: false
-      end
-    end
-  end
-end
--- a/lib/mrsk/cli/main.rb
+++ b/lib/mrsk/cli/main.rb
@@ -1,195 +0,0 @@
-class Mrsk::Cli::Main < Mrsk::Cli::Base
-  desc "setup", "Setup all accessories and deploy app to servers"
-  def setup
-    print_runtime do
-      invoke "mrsk:cli:server:bootstrap"
-      invoke "mrsk:cli:accessory:boot", [ "all" ]
-      deploy
-    end
-  end
-
-  desc "deploy", "Deploy app to servers"
-  def deploy
-    runtime = print_runtime do
-      say "Ensure Docker is installed...", :magenta
-      invoke "mrsk:cli:server:bootstrap"
-
-      say "Log into image registry...", :magenta
-      invoke "mrsk:cli:registry:login"
-
-      say "Build and push app image...", :magenta
-      invoke "mrsk:cli:build:deliver"
-
-      say "Ensure Traefik is running...", :magenta
-      invoke "mrsk:cli:traefik:boot"
-
-      say "Ensure app can pass healthcheck...", :magenta
-      invoke "mrsk:cli:healthcheck:perform"
-
-      invoke "mrsk:cli:app:boot"
-
-      say "Prune old containers and images...", :magenta
-      invoke "mrsk:cli:prune:all"
-    end
-
-    audit_broadcast "Deployed app in #{runtime.to_i} seconds" unless options[:skip_broadcast]
-  end
-
-  desc "redeploy", "Deploy app to servers without bootstrapping servers, starting Traefik, pruning, and registry login"
-  def redeploy
-    runtime = print_runtime do
-      say "Build and push app image...", :magenta
-      invoke "mrsk:cli:build:deliver"
-
-      say "Ensure app can pass healthcheck...", :magenta
-      invoke "mrsk:cli:healthcheck:perform"
-
-      invoke "mrsk:cli:app:boot"
-    end
-
-    audit_broadcast "Redeployed app in #{runtime.to_i} seconds" unless options[:skip_broadcast]
-  end
-
-  desc "rollback [VERSION]", "Rollback app to VERSION"
-  def rollback(version)
-    MRSK.version = version
-
-    if container_name_available?(MRSK.config.service_with_version)
-      say "Start version #{version}, then stop the old version...", :magenta
-
-      cli = self
-
-      on(MRSK.hosts) do |host|
-        old_version = capture_with_info(*MRSK.app.current_running_version).strip.presence
-
-        execute *MRSK.app.start
-
-        cli.say "Waiting #{MRSK.config.readiness_delay}s for app to start...", :magenta
-        sleep MRSK.config.readiness_delay
-
-        execute *MRSK.app.stop(version: old_version), raise_on_non_zero_exit: false
-      end
-
-      audit_broadcast "Rolled back app to version #{version}" unless options[:skip_broadcast]
-    else
-      say "The app version '#{version}' is not available as a container (use 'mrsk app containers' for available versions)", :red
-    end
-  end
-
-  desc "details", "Show details about all containers"
-  def details
-    invoke "mrsk:cli:traefik:details"
-    invoke "mrsk:cli:app:details"
-    invoke "mrsk:cli:accessory:details", [ "all" ]
-  end
-
-  desc "audit", "Show audit log from servers"
-  def audit
-    on(MRSK.hosts) do |host|
-      puts_by_host host, capture_with_info(*MRSK.auditor.reveal)
-    end
-  end
-
-  desc "config", "Show combined config (including secrets!)"
-  def config
-    run_locally do
-      puts MRSK.config.to_h.to_yaml
-    end
-  end
-
-  desc "init", "Create config stub in config/deploy.yml and env stub in .env"
-  option :bundle, type: :boolean, default: false, desc: "Add MRSK to the Gemfile and create a bin/mrsk binstub"
-  def init
-    require "fileutils"
-
-    if (deploy_file = Pathname.new(File.expand_path("config/deploy.yml"))).exist?
-      puts "Config file already exists in config/deploy.yml (remove first to create a new one)"
-    else
-      FileUtils.mkdir_p deploy_file.dirname
-      FileUtils.cp_r Pathname.new(File.expand_path("templates/deploy.yml", __dir__)), deploy_file
-      puts "Created configuration file in config/deploy.yml"
-    end
-
-    unless (deploy_file = Pathname.new(File.expand_path(".env"))).exist?
-      FileUtils.cp_r Pathname.new(File.expand_path("templates/template.env", __dir__)), deploy_file
-      puts "Created .env file"
-    end
-
-    if options[:bundle]
-      if (binstub = Pathname.new(File.expand_path("bin/mrsk"))).exist?
-        puts "Binstub already exists in bin/mrsk (remove first to create a new one)"
-      else
-        puts "Adding MRSK to Gemfile and bundle..."
-        `bundle add mrsk`
-        `bundle binstubs mrsk`
-        puts "Created binstub file in bin/mrsk"
-      end
-    end
-  end
-
-  desc "envify", "Create .env by evaluating .env.erb (or .env.staging.erb -> .env.staging when using -d staging)"
-  def envify
-    if destination = options[:destination]
-      env_template_path = ".env.#{destination}.erb"
-      env_path          = ".env.#{destination}"
-    else
-      env_template_path = ".env.erb"
-      env_path          = ".env"
-    end
-
-    File.write(env_path, ERB.new(File.read(env_template_path)).result, perm: 0600)
-  end
-
-  desc "remove", "Remove Traefik, app, accessories, and registry session from servers"
-  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
-  def remove
-    if options[:confirmed] || ask(remove_confirmation_question, limited_to: %w( y N ), default: "N") == "y"
-      invoke "mrsk:cli:traefik:remove", [], options.without(:confirmed)
-      invoke "mrsk:cli:app:remove", [], options.without(:confirmed)
-      invoke "mrsk:cli:accessory:remove", [ "all" ]
-      invoke "mrsk:cli:registry:logout", [], options.without(:confirmed)
-    end
-  end
-
-  desc "version", "Show MRSK version"
-  def version
-    puts Mrsk::VERSION
-  end
-
-  desc "accessory", "Manage accessories (db/redis/search)"
-  subcommand "accessory", Mrsk::Cli::Accessory
-
-  desc "app", "Manage application"
-  subcommand "app", Mrsk::Cli::App
-
-  desc "build", "Build application image"
-  subcommand "build", Mrsk::Cli::Build
-
-  desc "healthcheck", "Healthcheck application"
-  subcommand "healthcheck", Mrsk::Cli::Healthcheck
-
-  desc "prune", "Prune old application images and containers"
-  subcommand "prune", Mrsk::Cli::Prune
-
-  desc "registry", "Login and -out of the image registry"
-  subcommand "registry", Mrsk::Cli::Registry
-
-  desc "server", "Bootstrap servers with Docker"
-  subcommand "server", Mrsk::Cli::Server
-
-  desc "traefik", "Manage Traefik load balancer"
-  subcommand "traefik", Mrsk::Cli::Traefik
-
-  private
-    def container_name_available?(container_name, host: MRSK.primary_host)
-      container_names = nil
-      on(host) { container_names = capture_with_info(*MRSK.app.list_container_names).split("\n") }
-      Array(container_names).include?(container_name)
-    end
-
-    def remove_confirmation_question      
-      "This will remove all containers and images. " +
-      (MRSK.config.accessories.any? ? "Including #{MRSK.config.accessories.collect(&:name).to_sentence}. " : "") +
-      "Are you sure?"
-    end
-end
--- a/lib/mrsk/cli/prune.rb
+++ b/lib/mrsk/cli/prune.rb
@@ -1,23 +0,0 @@
-class Mrsk::Cli::Prune < Mrsk::Cli::Base
-  desc "all", "Prune unused images and stopped containers"
-  def all
-    containers
-    images
-  end
-
-  desc "images", "Prune unused images older than 7 days"
-  def images
-    on(MRSK.hosts) do
-      execute *MRSK.auditor.record("Pruned images"), verbosity: :debug
-      execute *MRSK.prune.images
-    end
-  end
-
-  desc "containers", "Prune stopped containers older than 3 days"
-  def containers
-    on(MRSK.hosts) do
-      execute *MRSK.auditor.record("Pruned containers"), verbosity: :debug
-      execute *MRSK.prune.containers
-    end
-  end
-end
--- a/lib/mrsk/cli/server.rb
+++ b/lib/mrsk/cli/server.rb
@@ -1,6 +0,0 @@
-class Mrsk::Cli::Server < Mrsk::Cli::Base
-  desc "bootstrap", "Ensure Docker is installed on servers"
-  def bootstrap
-    on(MRSK.hosts + MRSK.accessory_hosts) { execute "which docker || (apt-get update -y && apt-get install docker.io -y)" }
-  end
-end
--- a/lib/mrsk/cli/templates/template.env
+++ b/lib/mrsk/cli/templates/template.env
@@ -1,2 +0,0 @@
-MRSK_REGISTRY_PASSWORD=change-this
-RAILS_MASTER_KEY=another-env
--- a/lib/mrsk/cli/traefik.rb
+++ b/lib/mrsk/cli/traefik.rb
@@ -1,87 +0,0 @@
-class Mrsk::Cli::Traefik < Mrsk::Cli::Base
-  desc "boot", "Boot Traefik on servers"
-  def boot
-    on(MRSK.traefik_hosts) { execute *MRSK.traefik.run, raise_on_non_zero_exit: false }
-  end
-
-  desc "reboot", "Reboot Traefik on servers (stop container, remove container, start new container)"
-  def reboot
-    stop
-    remove_container
-    boot
-  end
-
-  desc "start", "Start existing Traefik container on servers"
-  def start
-    on(MRSK.traefik_hosts) do
-      execute *MRSK.auditor.record("Started traefik"), verbosity: :debug
-      execute *MRSK.traefik.start, raise_on_non_zero_exit: false
-    end
-  end
-
-  desc "stop", "Stop existing Traefik container on servers"
-  def stop
-    on(MRSK.traefik_hosts) do
-      execute *MRSK.auditor.record("Stopped traefik"), verbosity: :debug
-      execute *MRSK.traefik.stop, raise_on_non_zero_exit: false
-    end
-  end
-
-  desc "restart", "Restart existing Traefik container on servers"
-  def restart
-    stop
-    start
-  end
-
-  desc "details", "Show details about Traefik container from servers"
-  def details
-    on(MRSK.traefik_hosts) { |host| puts_by_host host, capture_with_info(*MRSK.traefik.info), type: "Traefik" }
-  end
-
-  desc "logs", "Show log lines from Traefik on servers"
-  option :since, aliases: "-s", desc: "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
-  option :lines, type: :numeric, aliases: "-n", desc: "Number of log lines to pull from each server"
-  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
-  option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
-  def logs
-    grep = options[:grep]
-
-    if options[:follow]
-      run_locally do
-        info "Following logs on #{MRSK.primary_host}..."
-        info MRSK.traefik.follow_logs(host: MRSK.primary_host, grep: grep)
-        exec MRSK.traefik.follow_logs(host: MRSK.primary_host, grep: grep)
-      end
-    else
-      since = options[:since]
-      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
-
-      on(MRSK.traefik_hosts) do |host|
-        puts_by_host host, capture(*MRSK.traefik.logs(since: since, lines: lines, grep: grep)), type: "Traefik"
-      end
-    end
-  end
-
-  desc "remove", "Remove Traefik container and image from servers"
-  def remove
-    stop
-    remove_container
-    remove_image
-  end
-
-  desc "remove_container", "Remove Traefik container from servers", hide: true
-  def remove_container
-    on(MRSK.traefik_hosts) do
-      execute *MRSK.auditor.record("Removed traefik container"), verbosity: :debug
-      execute *MRSK.traefik.remove_container
-    end
-  end
-
-  desc "remove_container", "Remove Traefik image from servers", hide: true
-  def remove_image
-    on(MRSK.traefik_hosts) do
-      execute *MRSK.auditor.record("Removed traefik image"), verbosity: :debug
-      execute *MRSK.traefik.remove_image
-    end
-  end
-end
--- a/lib/mrsk/commander.rb
+++ b/lib/mrsk/commander.rb
@@ -1,119 +0,0 @@
-require "active_support/core_ext/enumerable"
-
-class Mrsk::Commander
-  attr_accessor :config_file, :destination, :verbosity, :version
-
-  def initialize(config_file: nil, destination: nil, verbosity: :info)
-    @config_file, @destination, @verbosity = config_file, destination, verbosity
-  end
-
-  def config
-    @config ||= \
-      Mrsk::Configuration
-        .create_from(config_file, destination: destination, version: cascading_version)
-        .tap { |config| configure_sshkit_with(config) }
-  end
-
-  attr_accessor :specific_hosts
-
-  def specific_primary!
-    self.specific_hosts = [ config.primary_web_host ]
-  end
-
-  def specific_roles=(role_names)
-    self.specific_hosts = config.roles.select { |r| role_names.include?(r.name) }.flat_map(&:hosts) if role_names.present?
-  end
-
-  def primary_host
-    specific_hosts&.sole || config.primary_web_host
-  end
-
-  def hosts
-    specific_hosts || config.all_hosts
-  end
-
-  def traefik_hosts
-    specific_hosts || config.traefik_hosts
-  end
-
-  def accessory_hosts
-    specific_hosts || config.accessories.collect(&:host)
-  end
-
-  def accessory_names
-    config.accessories&.collect(&:name) || []
-  end
-
-
-  def app
-    @app ||= Mrsk::Commands::App.new(config)
-  end
-
-  def accessory(name)
-    Mrsk::Commands::Accessory.new(config, name: name)
-  end
-
-  def auditor
-    @auditor ||= Mrsk::Commands::Auditor.new(config)
-  end
-
-  def builder
-    @builder ||= Mrsk::Commands::Builder.new(config)
-  end
-
-  def healthcheck
-    @healthcheck ||= Mrsk::Commands::Healthcheck.new(config)
-  end
-
-  def prune
-    @prune ||= Mrsk::Commands::Prune.new(config)
-  end
-
-  def registry
-    @registry ||= Mrsk::Commands::Registry.new(config)
-  end
-
-  def traefik
-    @traefik ||= Mrsk::Commands::Traefik.new(config)
-  end
-
-
-  def with_verbosity(level)
-    old_level = self.verbosity
-
-    self.verbosity = level
-    SSHKit.config.output_verbosity = level
-
-    yield
-  ensure
-    self.verbosity = old_level
-    SSHKit.config.output_verbosity = old_level
-  end
-
-  # Test-induced damage!
-  def reset
-    @config = @config_file = @destination = @version = nil
-    @app = @builder = @traefik = @registry = @prune = @auditor = nil
-    @verbosity = :info
-  end
-
-  private
-    def cascading_version
-      version.presence || ENV["VERSION"] || current_commit_hash
-    end
-
-    def current_commit_hash
-      if system("git rev-parse")
-        `git rev-parse HEAD`.strip
-      else
-        raise "Can't use commit hash as version, no git repository found in #{Dir.pwd}"
-      end
-    end
-
-    # Lazy setup of SSHKit
-    def configure_sshkit_with(config)
-      SSHKit::Backend::Netssh.configure { |ssh| ssh.ssh_options = config.ssh_options }
-      SSHKit.config.command_map[:docker] = "docker" # No need to use /usr/bin/env, just clogs up the logs
-      SSHKit.config.output_verbosity = verbosity
-    end
-end
--- a/lib/mrsk/commands.rb
+++ b/lib/mrsk/commands.rb
@@ -1,2 +0,0 @@
-module Mrsk::Commands
-end
--- a/lib/mrsk/commands/app.rb
+++ b/lib/mrsk/commands/app.rb
@@ -1,144 +0,0 @@
-class Mrsk::Commands::App < Mrsk::Commands::Base
-  def run(role: :web)
-    role = config.role(role)
-
-    docker :run,
-      "--detach",
-      "--restart unless-stopped",
-      "--log-opt", "max-size=#{MAX_LOG_SIZE}",
-      "--name", service_with_version,
-      *role.env_args,
-      *config.volume_args,
-      *role.label_args,
-      config.absolute_image,
-      role.cmd
-  end
-
-  def start
-    docker :start, service_with_version
-  end
-
-  def stop(version: nil)
-    pipe \
-      version ? container_id_for_version(version) : current_container_id,
-      xargs(docker(:stop))
-  end
-
-  def info
-    docker :ps, *service_filter
-  end
-
-
-  def logs(since: nil, lines: nil, grep: nil)
-    pipe \
-      current_container_id,
-      "xargs docker logs#{" --since #{since}" if since}#{" --tail #{lines}" if lines} 2>&1",
-      ("grep '#{grep}'" if grep)
-  end
-
-  def follow_logs(host:, grep: nil)
-    run_over_ssh \
-      pipe(
-        current_container_id,
-        "xargs docker logs --timestamps --tail 10 --follow 2>&1",
-        (%(grep "#{grep}") if grep)
-      ),
-      host: host
-  end
-
-
-  def execute_in_existing_container(*command, interactive: false)
-    docker :exec,
-      ("-it" if interactive),
-      config.service_with_version,
-      *command
-  end
-
-  def execute_in_new_container(*command, interactive: false)
-    docker :run,
-      ("-it" if interactive),
-      "--rm",
-      *config.env_args,
-      *config.volume_args,
-      config.absolute_image,
-      *command
-  end
-
-  def execute_in_existing_container_over_ssh(*command, host:)
-    run_over_ssh execute_in_existing_container(*command, interactive: true), host: host
-  end
-
-  def execute_in_new_container_over_ssh(*command, host:)
-    run_over_ssh execute_in_new_container(*command, interactive: true), host: host
-  end
-
-
-  def current_container_id
-    docker :ps, "--quiet", *service_filter
-  end
-
-  def current_running_version
-    # FIXME: Find more graceful way to extract the version from "app-version" than using sed and tail!
-    pipe \
-      docker(:ps, "--filter", "label=service=#{config.service}", "--format", '"{{.Names}}"'),
-      %(sed 's/-/\\n/g'),
-      "tail -n 1"
-  end
-
-  def most_recent_version_from_available_images
-    pipe \
-      docker(:image, :ls, "--format", '"{{.Tag}}"', config.repository),
-      "head -n 1"
-  end
-
-  def all_versions_from_available_containers
-    pipe \
-      docker(:image, :ls, "--format", '"{{.Tag}}"', config.repository),
-      "head -n 1"
-  end
-
-
-  def list_containers
-    docker :container, :ls, "--all", *service_filter
-  end
-
-  def list_container_names
-    [ *list_containers, "--format", "'{{ .Names }}'" ]
-  end
-
-  def remove_container(version:)
-    pipe \
-      container_id_for(container_name: service_with_version(version)),
-      xargs(docker(:container, :rm))
-  end
-
-  def remove_containers
-    docker :container, :prune, "--force", *service_filter
-  end
-
-  def list_images
-    docker :image, :ls, config.repository
-  end
-
-  def remove_images
-    docker :image, :prune, "--all", "--force", *service_filter
-  end
-
-
-  private
-    def service_with_version(version = nil)
-      if version
-        "#{config.service}-#{version}"
-      else
-        config.service_with_version
-      end
-    end
-
-    def container_id_for_version(version)
-      container_id_for(container_name: service_with_version(version))    
-    end
-
-    def service_filter
-      [ "--filter", "label=service=#{config.service}" ]
-    end
-end
--- a/lib/mrsk/commands/auditor.rb
+++ b/lib/mrsk/commands/auditor.rb
@@ -1,42 +0,0 @@
-require "active_support/core_ext/time/conversions"
-
-class Mrsk::Commands::Auditor < Mrsk::Commands::Base
-  # Runs remotely
-  def record(line)
-    append \
-      [ :echo, tagged_record_line(line) ],
-      audit_log_file
-  end
-
-  # Runs locally
-  def broadcast(line)
-    if broadcast_cmd = config.audit_broadcast_cmd
-      [ broadcast_cmd, tagged_broadcast_line(line) ]
-    end
-  end
-
-  def reveal
-    [ :tail, "-n", 50, audit_log_file ]
-  end
-
-  private
-    def audit_log_file
-      "mrsk-#{config.service}-audit.log"
-    end
-
-    def tagged_record_line(line)
-      "'#{recorded_at_tag} #{performer_tag} #{line}'"
-    end
-
-    def tagged_broadcast_line(line)
-      "'#{performer_tag} #{line}'"
-    end
-
-    def performer_tag
-      "[#{`whoami`.strip}]"
-    end
-
-    def recorded_at_tag
-      "[#{Time.now.to_fs(:db)}]"
-    end
-end
--- a/lib/mrsk/commands/base.rb
+++ b/lib/mrsk/commands/base.rb
@@ -1,52 +0,0 @@
-module Mrsk::Commands
-  class Base
-    delegate :redact, to: Mrsk::Utils
-
-    MAX_LOG_SIZE = "10m"
-
-    attr_accessor :config
-
-    def initialize(config)
-      @config = config
-    end
-
-    def run_over_ssh(*command, host:)
-      "ssh".tap do |cmd|
-        cmd << " -J #{config.ssh_proxy.jump_proxies}" if config.ssh_proxy
-        cmd << " -t #{config.ssh_user}@#{host} '#{command.join(" ")}'"
-      end
-    end
-
-    def container_id_for(container_name:)
-      docker :container, :ls, "--all", "--filter", "name=#{container_name}", "--quiet"
-    end
-
-    private
-      def combine(*commands, by: "&&")
-        commands
-          .compact
-          .collect { |command| Array(command) + [ by ] }.flatten # Join commands
-          .tap     { |commands| commands.pop } # Remove trailing combiner
-      end
-
-      def chain(*commands)
-        combine *commands, by: ";"
-      end
-
-      def pipe(*commands)
-        combine *commands, by: "|"
-      end
-
-      def append(*commands)
-        combine *commands, by: ">>"
-      end
-
-      def xargs(command)
-        [ :xargs, command ].flatten
-      end
-
-      def docker(*args)
-        args.compact.unshift :docker
-      end
-  end
-end
--- a/lib/mrsk/commands/builder.rb
+++ b/lib/mrsk/commands/builder.rb
@@ -1,36 +0,0 @@
-class Mrsk::Commands::Builder < Mrsk::Commands::Base
-  delegate :create, :remove, :push, :clean, :pull, :info, to: :target
-
-  def name
-    target.class.to_s.remove("Mrsk::Commands::Builder::").underscore
-  end
-
-  def target
-    case
-    when config.builder && config.builder["multiarch"] == false
-      native
-    when config.builder && config.builder["local"] && config.builder["remote"]
-      multiarch_remote
-    when config.builder && config.builder["remote"]
-      native_remote
-    else
-      multiarch
-    end
-  end
-
-  def native
-    @native ||= Mrsk::Commands::Builder::Native.new(config)
-  end
-
-  def native_remote
-    @native ||= Mrsk::Commands::Builder::Native::Remote.new(config)
-  end
-
-  def multiarch
-    @multiarch ||= Mrsk::Commands::Builder::Multiarch.new(config)
-  end
-
-  def multiarch_remote
-    @multiarch_remote ||= Mrsk::Commands::Builder::Multiarch::Remote.new(config)
-  end
-end
--- a/lib/mrsk/commands/builder/base.rb
+++ b/lib/mrsk/commands/builder/base.rb
@@ -1,40 +0,0 @@
-class Mrsk::Commands::Builder::Base < Mrsk::Commands::Base
-  delegate :argumentize, to: Mrsk::Utils
-
-  def clean
-    docker :image, :rm, "--force", config.absolute_image
-  end
-
-  def pull
-    docker :pull, config.absolute_image
-  end
-
-  def build_options
-    [ *build_tags, *build_labels, *build_args, *build_secrets ]
-  end
-
-  private
-    def build_tags
-      [ "-t", config.absolute_image, "-t", config.latest_image ]
-    end
-
-    def build_labels
-      argumentize "--label", { service: config.service }
-    end
-
-    def build_args
-      argumentize "--build-arg", args, redacted: true
-    end
-
-    def build_secrets
-      argumentize "--secret", secrets.collect { |secret| [ "id", secret ] }
-    end
-
-    def args
-      (config.builder && config.builder["args"]) || {}
-    end
-
-    def secrets
-      (config.builder && config.builder["secrets"]) || []
-    end
-end
--- a/lib/mrsk/commands/builder/native.rb
+++ b/lib/mrsk/commands/builder/native.rb
@@ -1,19 +0,0 @@
-class Mrsk::Commands::Builder::Native < Mrsk::Commands::Builder::Base
-  def create
-    # No-op on native
-  end
-
-  def remove
-    # No-op on native
-  end
-
-  def push
-    combine \
-      docker(:build, *build_options, "."),
-      docker(:push, config.absolute_image)
-  end
-
-  def info
-    # No-op on native
-  end
-end
--- a/lib/mrsk/commands/healthcheck.rb
+++ b/lib/mrsk/commands/healthcheck.rb
@@ -1,50 +0,0 @@
-class Mrsk::Commands::Healthcheck < Mrsk::Commands::Base
-  EXPOSED_PORT = 3999
-
-  def run
-    web = config.role(:web)
-
-    docker :run,
-      "--detach",
-      "--name", container_name_with_version,
-      "--publish", "#{EXPOSED_PORT}:#{config.healthcheck["port"]}",
-      "--label", "service=#{container_name}",
-      *web.env_args,
-      *config.volume_args,
-      config.absolute_image,
-      web.cmd
-  end
-
-  def curl
-    [ :curl, "--silent", "--output", "/dev/null", "--write-out", "'%{http_code}'", "--max-time", "2", health_url ]
-  end
-
-  def logs
-    pipe container_id, xargs(docker(:logs, "--tail", 50, "2>&1"))
-  end
-
-  def stop
-    pipe container_id, xargs(docker(:stop))
-  end
-
-  def remove
-    pipe container_id, xargs(docker(:container, :rm))
-  end
-
-  private
-    def container_name
-      "healthcheck-#{config.service}"
-    end
-
-    def container_name_with_version
-      "healthcheck-#{config.service_with_version}"
-    end
-
-    def container_id
-      container_id_for(container_name: container_name)
-    end
-
-    def health_url
-      "http://localhost:#{EXPOSED_PORT}#{config.healthcheck["path"]}"
-    end
-end
--- a/lib/mrsk/commands/prune.rb
+++ b/lib/mrsk/commands/prune.rb
@@ -1,12 +0,0 @@
-require "active_support/duration"
-require "active_support/core_ext/numeric/time"
-
-class Mrsk::Commands::Prune < Mrsk::Commands::Base
-  def images(until_hours: 7.days.in_hours.to_i)
-    docker :image, :prune, "--all", "--force", "--filter", "label=service=#{config.service}", "--filter", "until=#{until_hours}h"
-  end
-
-  def containers(until_hours: 3.days.in_hours.to_i)
-    docker :container, :prune, "--force", "--filter", "label=service=#{config.service}", "--filter", "until=#{until_hours}h"
-  end
-end
--- a/lib/mrsk/commands/registry.rb
+++ b/lib/mrsk/commands/registry.rb
@@ -1,20 +0,0 @@
-class Mrsk::Commands::Registry < Mrsk::Commands::Base
-  delegate :registry, to: :config
-
-  def login
-    docker :login, registry["server"], "-u", redact(registry["username"]), "-p", redact(lookup_password)
-  end
-
-  def logout
-    docker :logout, registry["server"]
-  end
-
-  private
-    def lookup_password
-      if registry["password"].is_a?(Array)
-        ENV.fetch(registry["password"].first).dup
-      else
-        registry["password"]
-      end
-    end
-end
--- a/Show More
+++ b/Show More