Eval proxy options

To ensure that the proxy options are evaluated as if they were added verbatim to the command, we'll eval the docker run command. Fixes: https://github.com/basecamp/kamal/issues/1448
Merge pull request #1439 from matthewbjones/feature/aliased-secrets
2025-03-10 10:07:04 +00:00 · 2025-03-10 10:06:45 +00:00 · 2025-03-10 10:06:14 +00:00 · 2025-03-07 11:33:17 +00:00 · 2025-03-04 07:23:26 -07:00 · 2025-03-03 14:49:37 +00:00
306 changed files with 15386 additions and 4698 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,24 +1,50 @@
 name: CI
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
 jobs:
+  rubocop:
+    name: RuboCop
+    runs-on: ubuntu-latest
+    env:
+      BUNDLE_ONLY: rubocop
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Ruby and install gems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.3.0
+          bundler-cache: true
+      - name: Run Rubocop
+        run: bundle exec rubocop --parallel
  tests:
    strategy:
+      fail-fast: false
      matrix:
        ruby-version:
-          - "2.7"
          - "3.1"
          - "3.2"
+          - "3.3"
+          - "3.4"
        gemfile:
          - Gemfile
          - gemfiles/rails_edge.gemfile
-        continue-on-error: [false]
+        exclude:
+          - ruby-version: "3.1"
+            gemfile: gemfiles/rails_edge.gemfile
    name: ${{ format('Tests (Ruby {0})', matrix.ruby-version) }}
    runs-on: ubuntu-latest
-    continue-on-error: ${{ matrix.continue-on-error }}
    env:
      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+
+      - name: Remove gemfile.lock
+        run: rm Gemfile.lock

      - name: Install Ruby
        uses: ruby/setup-ruby@v1
@@ -28,3 +54,5 @@ jobs:

      - name: Run tests
        run: bin/test
+        env:
+          RUBYOPT: ${{ startsWith(matrix.ruby-version, '3.4.') && '--enable=frozen-string-literal' || '' }}
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -1,6 +1,12 @@
 name: Docker

 on:
+  workflow_dispatch:
+    inputs:
+      tagInput:
+        description: 'Tag'
+        required: true
+    
  release:
    types: [created]
    tags:
@@ -29,6 +35,14 @@ jobs:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Determine version tag
+        id: version-tag
+        run: |
+          INPUT_VALUE="${{ github.event.inputs.tagInput }}"
+          if [ -z "$INPUT_VALUE" ]; then
+            INPUT_VALUE="${{ github.ref_name }}"
+          fi
+          echo "::set-output name=value::$INPUT_VALUE"
      -
        name: Build and push
        uses: docker/build-push-action@v3
@@ -37,5 +51,5 @@ jobs:
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
-            ghcr.io/mrsked/mrsk:latest
-            ghcr.io/mrsked/mrsk:${{ github.ref_name }}
+            ghcr.io/basecamp/kamal:latest
+            ghcr.io/basecamp/kamal:${{ steps.version-tag.outputs.value }}
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -0,0 +1,2 @@
+inherit_gem:
+  rubocop-rails-omakase: rubocop.yml
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -1,10 +1,10 @@
 # Contributor Code of Conduct

-As contributors and maintainers of the MRSK project, we pledge to create a welcoming and inclusive environment for everyone. We value the participation of each member of our community and want all contributors to feel respected and valued.
+As contributors and maintainers of the Kamal project, we pledge to create a welcoming and inclusive environment for everyone. We value the participation of each member of our community and want all contributors to feel respected and valued.

 We are committed to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age, or religion (or lack thereof). We do not tolerate harassment of participants in any form.

-This code of conduct applies to all MRSK project spaces, including but not limited to project code, issue trackers, chat rooms, and mailing lists. Violations of this code of conduct may result in removal from the project community.
+This code of conduct applies to all Kamal project spaces, including but not limited to project code, issue trackers, chat rooms, and mailing lists. Violations of this code of conduct may result in removal from the project community.

 ## Our standards

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,18 +1,18 @@
-# Contributing to MRSK development
+# Contributing to Kamal development

-Thank you for considering contributing to MRSK! This document outlines some guidelines for contributing to this open source project.
+Thank you for considering contributing to Kamal! This document outlines some guidelines for contributing to this open source project.

-Please make sure to review our [Code of Conduct](CODE_OF_CONDUCT.md) before contributing to MRSK.
+Please make sure to review our [Code of Conduct](CODE_OF_CONDUCT.md) before contributing to Kamal.

 There are several ways you can contribute to the betterment of the project:

- **Report an issue?** - If the issue isn’t reported, we can’t fix it. Please report any bugs, feature, and/or improvement requests on the [MRSK GitHub Issues tracker](https://github.com/mrsked/mrsk/issues).
- **Submit patches** - Do you have a new feature or a fix you'd like to share? [Submit a pull request](https://github.com/mrsked/mrsk/pulls)!
- **Write blog articles** - Are you using MRSK? We'd love to hear how you're using it with your projects. Write a tutorial and post it on your blog!
+- **Report an issue?** - If the issue isn’t reported, we can’t fix it. Please report any bugs, feature, and/or improvement requests on the [Kamal GitHub Issues tracker](https://github.com/basecamp/kamal/issues).
+- **Submit patches** - Do you have a new feature or a fix you'd like to share? [Submit a pull request](https://github.com/basecamp/kamal/pulls)!
+- **Write blog articles** - Are you using Kamal? We'd love to hear how you're using it with your projects. Write a tutorial and post it on your blog!

 ## Issues

-If you encounter any issues with the project, please check the [existing issues](https://github.com/mrsked/mrsk/issues) first to see if the issue has already been reported. If the issue hasn't been reported, please open a new issue with a clear description of the problem and steps to reproduce it.
+If you encounter any issues with the project, please check the [existing issues](https://github.com/basecamp/kamal/issues) first to see if the issue has already been reported. If the issue hasn't been reported, please open a new issue with a clear description of the problem and steps to reproduce it.

 ## Pull Requests

@@ -27,23 +27,23 @@ Please keep the following guidelines in mind when opening a pull request:
 - Add tests for your changes, if possible.
 - Ensure that your changes don't break existing functionality.

-#### Commit message guidline
+#### Commit message guidelines

 A good commit message should describe what changed and why.

 ## Development

-The `main` branch is regularly built and tested, but it is not guaranteed to be completely stable. Tags are created regularly from release branches to indicate new official, stable release versions of MRSK.
+The `main` branch is regularly built and tested, but it is not guaranteed to be completely stable. Tags are created regularly from release branches to indicate new official, stable release versions of Kamal.

-MRSK is written in Ruby. You should have Ruby 3.2+ installed on your machine in order to work on MRSK. If that's already setup, run `bundle` in the root directory to install all dependencies. Then you can run `bin/test` to run all tests.
+Kamal is written in Ruby. You should have Ruby 3.2+ installed on your machine in order to work on Kamal. If that's already setup, run `bundle` in the root directory to install all dependencies. Then you can run `bin/test` to run all tests.

 1. Fork the project repository.
 2. Create a new branch for your contribution.
 3. Write your code or make the desired changes.
 4. **Ensure that your code passes the project's minitests by running ./bin/test.**
 5. Commit your changes and push them to your forked repository.
-6. [Open a pull request](https://github.com/mrsked/mrsk/pulls) to the main project repository with a detailed description of your changes.
+6. [Open a pull request](https://github.com/basecamp/kamal/pulls) to the main project repository with a detailed description of your changes.

 ## License

-MRSK is released under the MIT License. By contributing to this project, you agree to license your contributions under the same license.
+Kamal is released under the MIT License. By contributing to this project, you agree to license your contributions under the same license.
--- a/33
+++ b/33
@@ -1,36 +1,39 @@
-# Use the official Ruby 3.2.0 Alpine image as the base image
-FROM ruby:3.2.0-alpine
+FROM ruby:3.4-alpine

-# Install  docker/buildx-bin
+# Install docker/buildx-bin
 COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx

-# Set the working directory to /mrsk
-WORKDIR /mrsk
+# Set the working directory to /kamal
+WORKDIR /kamal

 # Copy the Gemfile, Gemfile.lock into the container
-COPY Gemfile Gemfile.lock mrsk.gemspec ./
+COPY Gemfile Gemfile.lock kamal.gemspec ./

-# Required in mrsk.gemspec
-COPY lib/mrsk/version.rb /mrsk/lib/mrsk/version.rb
+# Required in kamal.gemspec
+COPY lib/kamal/version.rb /kamal/lib/kamal/version.rb

 # Install system dependencies
-RUN apk add --no-cache --update build-base git docker openrc \
+RUN apk add --no-cache build-base git docker openrc openssh-client-default yaml-dev \
    && rc-update add docker boot \
-    && gem install bundler --version=2.4.3 \
+    && gem install bundler --version=2.6.5 \
    && bundle install

 # Copy the rest of our application code into the container.
 # We do this after bundle install, to avoid having to run bundle
-# everytime we do small fixes in the source code.
+# every time we do small fixes in the source code.
 COPY . .

 # Install the gem locally from the project folder
-RUN gem build mrsk.gemspec && \
-    gem install ./mrsk-*.gem --no-document
+RUN gem build kamal.gemspec && \
+    gem install ./kamal-*.gem --no-document

 # Set the working directory to /workdir
 WORKDIR /workdir

+# Tell git it's safe to access /workdir/.git even if
+# the directory is owned by a different user
+RUN git config --global --add safe.directory '*'
+
 # Set the entrypoint to run the installed binary in /workdir
-# Example:  docker run -it -v "$PWD:/workdir" mrsk init
-ENTRYPOINT ["mrsk"]
+# Example:  docker run -it -v "$PWD:/workdir" kamal init
+ENTRYPOINT ["kamal"]
--- a/6
+++ b/6
@@ -1,4 +1,8 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }

 gemspec
+
+group :rubocop do
+  gem "rubocop-rails-omakase", require: false
+end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,106 +1,196 @@
 PATH
  remote: .
  specs:
-    mrsk (0.11.0)
+    kamal (2.5.3)
      activesupport (>= 7.0)
+      base64 (~> 0.2)
      bcrypt_pbkdf (~> 1.0)
-      dotenv (~> 2.8)
+      concurrent-ruby (~> 1.2)
+      dotenv (~> 3.1)
      ed25519 (~> 1.2)
-      net-ssh (~> 7.0)
-      sshkit (~> 1.21)
-      thor (~> 1.2)
-      zeitwerk (~> 2.5)
+      net-ssh (~> 7.3)
+      sshkit (>= 1.23.0, < 2.0)
+      thor (~> 1.3)
+      zeitwerk (>= 2.6.18, < 3.0)

 GEM
  remote: https://rubygems.org/
  specs:
-    actionpack (7.0.4.3)
-      actionview (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (8.0.0.1)
+      actionview (= 8.0.0.1)
+      activesupport (= 8.0.0.1)
+      nokogiri (>= 1.8.5)
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.4.3)
-      activesupport (= 7.0.4.3)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+      useragent (~> 0.16)
+    actionview (8.0.0.1)
+      activesupport (= 8.0.0.1)
      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (7.0.4.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activesupport (8.0.0.1)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
      minitest (>= 5.1)
-      tzinfo (~> 2.0)
-    bcrypt_pbkdf (1.1.0)
-    builder (3.2.4)
-    concurrent-ruby (1.2.2)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
+    ast (2.4.2)
+    base64 (0.2.0)
+    bcrypt_pbkdf (1.1.1)
+    benchmark (0.4.0)
+    bigdecimal (3.1.8)
+    builder (3.3.0)
+    concurrent-ruby (1.3.4)
+    connection_pool (2.4.1)
    crass (1.0.6)
-    debug (1.7.2)
-      irb (>= 1.5.0)
-      reline (>= 0.3.1)
-    dotenv (2.8.1)
+    date (3.4.1)
+    debug (1.9.2)
+      irb (~> 1.10)
+      reline (>= 0.3.8)
+    dotenv (3.1.5)
+    drb (2.2.1)
    ed25519 (1.3.0)
-    erubi (1.12.0)
-    i18n (1.12.0)
+    erubi (1.13.0)
+    i18n (1.14.6)
      concurrent-ruby (~> 1.0)
-    io-console (0.6.0)
-    irb (1.6.3)
-      reline (>= 0.3.0)
-    loofah (2.20.0)
+    io-console (0.8.0)
+    irb (1.14.2)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    json (2.9.0)
+    language_server-protocol (3.17.0.3)
+    logger (1.6.3)
+    loofah (2.23.1)
      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    method_source (1.0.0)
-    minitest (5.18.0)
-    mocha (2.0.2)
+      nokogiri (>= 1.12.0)
+    minitest (5.25.4)
+    mocha (2.7.1)
      ruby2_keywords (>= 0.0.5)
    net-scp (4.0.0)
      net-ssh (>= 2.6.5, < 8.0.0)
-    net-ssh (7.1.0)
-    nokogiri (1.14.2-arm64-darwin)
+    net-sftp (4.0.0)
+      net-ssh (>= 5.0.0, < 8.0.0)
+    net-ssh (7.3.0)
+    nokogiri (1.18.3-aarch64-linux-musl)
      racc (~> 1.4)
-    nokogiri (1.14.2-x86_64-darwin)
+    nokogiri (1.18.3-arm64-darwin)
      racc (~> 1.4)
-    nokogiri (1.14.2-x86_64-linux)
+    nokogiri (1.18.3-x86_64-darwin)
      racc (~> 1.4)
-    racc (1.6.2)
-    rack (2.2.6.4)
+    nokogiri (1.18.3-x86_64-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.18.3-x86_64-linux-musl)
+      racc (~> 1.4)
+    ostruct (0.6.1)
+    parallel (1.26.3)
+    parser (3.3.6.0)
+      ast (~> 2.4.1)
+      racc
+    psych (5.2.1)
+      date
+      stringio
+    racc (1.8.1)
+    rack (3.1.10)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
    rack-test (2.1.0)
      rack (>= 1.3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rackup (2.2.1)
+      rack (>= 3)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.5.0)
-      loofah (~> 2.19, >= 2.19.1)
-    railties (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-      method_source
+    rails-html-sanitizer (1.6.2)
+      loofah (~> 2.21)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+    railties (8.0.0.1)
+      actionpack (= 8.0.0.1)
+      activesupport (= 8.0.0.1)
+      irb (~> 1.13)
+      rackup (>= 1.0.0)
      rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
-    rake (13.0.6)
-    reline (0.3.3)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rainbow (3.1.1)
+    rake (13.2.1)
+    rdoc (6.8.1)
+      psych (>= 4.0.0)
+    regexp_parser (2.9.3)
+    reline (0.5.12)
      io-console (~> 0.5)
+    rubocop (1.69.2)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.36.2, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.36.2)
+      parser (>= 3.3.1.0)
+    rubocop-minitest (0.36.0)
+      rubocop (>= 1.61, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-performance (1.23.0)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails (2.27.0)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.52.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails-omakase (1.0.0)
+      rubocop
+      rubocop-minitest
+      rubocop-performance
+      rubocop-rails
+    ruby-progressbar (1.13.0)
    ruby2_keywords (0.0.5)
-    sshkit (1.21.4)
+    securerandom (0.4.0)
+    sshkit (1.23.2)
+      base64
      net-scp (>= 1.1.2)
+      net-sftp (>= 2.1.2)
      net-ssh (>= 2.8.0)
-    thor (1.2.1)
+      ostruct
+    stringio (3.1.2)
+    thor (1.3.2)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
-    zeitwerk (2.6.7)
+    unicode-display_width (3.1.2)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
+    uri (1.0.2)
+    useragent (0.16.11)
+    zeitwerk (2.7.1)

 PLATFORMS
+  aarch64-linux-musl
  arm64-darwin
  x86_64-darwin
  x86_64-linux
+  x86_64-linux-musl

 DEPENDENCIES
  debug
+  kamal!
  mocha
-  mrsk!
  railties
+  rubocop-rails-omakase

 BUNDLED WITH
-   2.4.3
+   2.6.5
--- a/README.md
+++ b/README.md
@@ -1,825 +1,13 @@
-# MRSK
+# Kamal: Deploy web apps anywhere

-MRSK deploys web apps anywhere from bare metal to cloud VMs using Docker with zero downtime. It uses the dynamic reverse-proxy Traefik to hold requests while the new application container is started and the old one is stopped. It works seamlessly across multiple hosts, using SSHKit to execute commands. It was built for Rails applications, but works with any type of web app that can be containerized with Docker.
+From bare metal to cloud VMs, deploy web apps anywhere with zero downtime. Kamal uses [kamal-proxy](https://github.com/basecamp/kamal-proxy) to seamlessly switch requests between containers. Works seamlessly across multiple servers, using SSHKit to execute commands. Originally built for Rails apps, Kamal will work with any type of web app that can be containerized with Docker.

-Watch the screencast: https://www.youtube.com/watch?v=LL1cV2FXZ5I
+➡️ See [kamal-deploy.org](https://kamal-deploy.org) for documentation on [installation](https://kamal-deploy.org/docs/installation), [configuration](https://kamal-deploy.org/docs/configuration), and [commands](https://kamal-deploy.org/docs/commands).

-Join us on Discord: https://discord.gg/YgHVT7GCXS
+## Contributing to the documentation

-Ask questions: https://github.com/mrsked/mrsk/discussions
-
-## Installation
-
-If you have a Ruby environment available, you can install MRSK globally with:
-
-```sh
-gem install mrsk
-```
-
-...otherwise, you can run a dockerized version via an alias (add this to your .bashrc or similar to simplify re-use):
-
-```sh
-alias mrsk='docker run --rm -it -v $HOME/.ssh:/root/.ssh -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}/:/workdir  ghcr.io/mrsked/mrsk'
-```
-
-Then, inside your app directory, run `mrsk init` (or `mrsk init --bundle` within Rails 7+ apps where you want a bin/mrsk binstub). Now edit the new file `config/deploy.yml`. It could look as simple as this:
-
-```yaml
-service: hey
-image: 37s/hey
-servers:
-  - 192.168.0.1
-  - 192.168.0.2
-registry:
-  username: registry-user-name
-  password:
-    - MRSK_REGISTRY_PASSWORD
-env:
-  secret:
-    - RAILS_MASTER_KEY
-```
-
-Then edit your `.env` file to add your registry password as `MRSK_REGISTRY_PASSWORD` (and your `RAILS_MASTER_KEY` for production with a Rails app).
-
-Now you're ready to deploy to the servers:
-
-```
-mrsk deploy
-```
-
-This will:
-
-1. Connect to the servers over SSH (using root by default, authenticated by your ssh key)
-2. Install Docker on any server that might be missing it (using apt-get): root access is needed via ssh for this.
-3. Log into the registry both locally and remotely
-4. Build the image using the standard Dockerfile in the root of the application.
-5. Push the image to the registry.
-6. Pull the image from the registry onto the servers.
-7. Ensure Traefik is running and accepting traffic on port 80.
-8. Ensure your app responds with `200 OK` to `GET /up`.
-9. Start a new container with the version of the app that matches the current git version hash.
-10. Stop the old container running the previous version of the app.
-11. Prune unused images and stopped containers to ensure servers don't fill up.
-
-Voila! All the servers are now serving the app on port 80. If you're just running a single server, you're ready to go. If you're running multiple servers, you need to put a load balancer in front of them.
-
-## Vision
-
-In the past decade+, there's been an explosion in commercial offerings that make deploying web apps easier. Heroku kicked it off with an incredible offering that stayed ahead of the competition seemingly forever. These days we have excellent alternatives like Fly.io and Render. And hosted Kubernetes is making things easier too on AWS, GCP, Digital Ocean, and elsewhere. But these are all offerings that have you renting computers in the cloud at a premium. If you want to run on your own hardware, or even just have a clear migration path to do so in the future, you need to carefully consider how locked in you get to these commercial platforms. Preferably before the bills swallow your business whole!
-
-MRSK seeks to bring the advance in ergonomics pioneered by these commercial offerings to deploying web apps anywhere. Whether that's low-cost cloud options without the managed-service markup from the likes of Digital Ocean, Hetzner, OVH, etc, or it's your own colocated bare metal. To MRSK, it's all the same. Feed the config file a list of IP addresses with vanilla Ubuntu servers that have seen no prep beyond an added SSH key, and you'll be running in literally minutes.
-
-This approach gives you enormous portability. You can have your web app deployed on several clouds at ease like this. Or you can buy the baseline with your own hardware, then deploy to a cloud before a big seasonal spike to get more capacity. When you're not locked into a single provider from a tooling perspective, there are a lot of compelling options available.
-
-Ultimately, MRSK is meant to compress the complexity of going to production using open source tooling that isn't tied to any commercial offering. Not to zero, mind you. You're probably still better off with a fully managed service if basic Linux or Docker is still difficult, but as soon as those concepts are familiar, you'll be ready to go with MRSK.
-
-## Why not just run Capistrano, Kubernetes or Docker Swarm?
-
-MRSK basically is Capistrano for Containers, without the need to carefully prepare servers in advance. No need to ensure that the servers have just the right version of Ruby or other dependencies you need. That all lives in the Docker image now. You can boot a brand new Ubuntu (or whatever) server, add it to the list of servers in MRSK, and it'll be auto-provisioned with Docker, and run right away. Docker's layer caching also speeds up deployments with less mucking about on the server. And the images built for MRSK can be used for CI or later introspection.
-
-Kubernetes is a beast. Running it yourself on your own hardware is not for the faint of heart. It's a fine option if you want to run on someone else's platform, either transparently [like Render](https://thenewstack.io/render-cloud-deployment-with-less-engineering/) or explicitly on AWS/GCP, but if you'd like the freedom to move between cloud and your own hardware, or even mix the two, MRSK is much simpler. You can see everything that's going on, it's just basic Docker commands being called.
-
-Docker Swarm is much simpler than Kubernetes, but it's still built on the same declarative model that uses state reconciliation. MRSK is intentionally designed around imperative commands, like Capistrano.
-
-Ultimately, there are a myriad of ways to deploy web apps, but this is the toolkit we're using at [37signals](https://37signals.com) to bring [HEY](https://www.hey.com) [home from the cloud](https://world.hey.com/dhh/why-we-re-leaving-the-cloud-654b47e0) without losing the advantages of modern containerization tooling.
-
-## Running MRSK from Docker
-
-MRSK is packaged up in a Docker container similarly to [rails/docked](https://github.com/rails/docked). This will allow you to run MRSK (from your application directory) without having to install any dependencies other than Docker. Add the following alias to your profile configuration to make working with the container more convenient:
-
-```bash
-alias mrsk="docker run -it --rm -v '${PWD}:/workdir' -v '${SSH_AUTH_SOCK}:/ssh-agent' -v /var/run/docker.sock:/var/run/docker.sock -e 'SSH_AUTH_SOCK=/ssh-agent' ghcr.io/mrsked/mrsk:latest"
-```
-
-Since MRSK uses SSH to establish a remote connection, it will need access to your SSH agent. The above command uses a volume mount to make it available inside the container and configures the SSH agent inside the container to make use of it.
-
-## Configuration
-
-### Using .env file to load required environment variables
-
-MRSK uses [dotenv](https://github.com/bkeepers/dotenv) to automatically load environment variables set in the `.env` file present in the application root. This file can be used to set variables like `MRSK_REGISTRY_PASSWORD` or database passwords. But for this reason you must ensure that .env files are not checked into Git or included in your Dockerfile! The format is just key-value like:
-
-```bash
-MRSK_REGISTRY_PASSWORD=pw
-DB_PASSWORD=secret123
-```
-
-### Using a generated .env file
-
-#### 1Password as a secret store
-
-If you're using a centralized secret store, like 1Password, you can create `.env.erb` as a template which looks up the secrets. Example of a .env.erb file:
-
-```erb
-<% if (session_token = `op signin --account my-one-password-account --raw`.strip) != "" %># Generated by mrsk envify
-GITHUB_TOKEN=<%= `gh config get -h github.com oauth_token`.strip %>
-MRSK_REGISTRY_PASSWORD=<%= `op read "op://Vault/Docker Hub/password" -n --session  #{session_token}` %>
-RAILS_MASTER_KEY=<%= `op read "op://Vault/My App/RAILS_MASTER_SECRET" -n --session #{session_token}` %>
-MYSQL_ROOT_PASSWORD=<%= `op read "op://Vault/My App/MYSQL_ROOT_PASSWORD" -n --session #{session_token}` %>
-<% else raise ArgumentError, "Session token missing" end %>
-```
-
-This template can safely be checked into git. Then everyone deploying the app can run `mrsk envify` when they setup the app for the first time or passwords change to get the correct `.env` file.
-
-If you need separate env variables for different destinations, you can set them with `.env.destination.erb` for the template, which will generate `.env.staging` when run with `mrsk envify -d staging`.
-
-#### Bitwarden as a secret store
-
-If you are using open source secret store like bitwarden, you can create `.env.erb` as a template which looks up the secrets.
-
-You can store `SOME_SECRET` in a secure note in bitwarden vault.
-
-```
-$ bw list items --search SOME_SECRET | jq
-? Master password: [hidden]
-
-[
-  {
-    "object": "item",
-    "id": "123123123-1232-4224-222f-234234234234",
-    "organizationId": null,
-    "folderId": null,
-    "type": 2,
-    "reprompt": 0,
-    "name": "SOME_SECRET",
-    "notes": "yyy",
-    "favorite": false,
-    "secureNote": {
-      "type": 0
-    },
-    "collectionIds": [],
-    "revisionDate": "2023-02-28T23:54:47.868Z",
-    "creationDate": "2022-11-07T03:16:05.828Z",
-    "deletedDate": null
-  }
-]
-```
-
-and extract the `id` of `SOME_SECRET` from the `json` above and use in the `erb` below.
-
-
-Example `.env.erb` file:
-
-```erb
-<% if (session_token=`bw unlock --raw`.strip) != "" %># Generated by mrsk envify
-SOME_SECRET=<%= `bw get notes 123123123-1232-4224-222f-234234234234 --session #{session_token}` %>
-<% else raise ArgumentError, "session_token token missing" end %>
-```
-
-Then everyone deploying the app can run `mrsk envify` and mrsk will generate `.env`
-
-
-### Using another registry than Docker Hub
-
-The default registry is Docker Hub, but you can change it using `registry/server`:
-
-```yaml
-registry:
-  server: registry.digitalocean.com
-  username:
-    - DOCKER_REGISTRY_TOKEN
-  password:
-    - DOCKER_REGISTRY_TOKEN
-```
-
-A reference to secret `DOCKER_REGISTRY_TOKEN` will look for `ENV["DOCKER_REGISTRY_TOKEN"]` on the machine running MRSK.
-
-### Using a different SSH user than root
-
-The default SSH user is root, but you can change it using `ssh/user`:
-
-```yaml
-ssh:
-  user: app
-```
-
-If you are using non-root user, you need to bootstrap your servers manually, before using them with MRSK. On Ubuntu, you'd do:
-
-```bash
-sudo apt update
-sudo apt upgrade -y
-sudo apt install -y docker.io curl git
-sudo usermod -a -G docker ubuntu
-```
-
-### Using a proxy SSH host
-
-If you need to connect to server through a proxy host, you can use `ssh/proxy`:
-
-```yaml
-ssh:
-  proxy: "192.168.0.1" # defaults to root as the user
-```
-
-Or with specific user:
-
-```yaml
-ssh:
-  proxy: "app@192.168.0.1"
-```
-
-Also if you need specific proxy command to connect to the server:
-
-```yaml
-ssh:
-  proxy_command: aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p' --region=us-east-1 ## ssh via aws ssm
-```
-
-### Using env variables
-
-You can inject env variables into the app containers using `env`:
-
-```yaml
-env:
-  DATABASE_URL: mysql2://db1/hey_production/
-  REDIS_URL: redis://redis1:6379/1
-```
-
-### Using secret env variables
-
-If you have env variables that are secret, you can divide the `env` block into `clear` and `secret`:
-
-```yaml
-env:
-  clear:
-    DATABASE_URL: mysql2://db1/hey_production/
-    REDIS_URL: redis://redis1:6379/1
-  secret:
-    - DATABASE_PASSWORD
-    - REDIS_PASSWORD
-```
-
-The list of secret env variables will be expanded at run time from your local machine. So a reference to a secret `DATABASE_PASSWORD` will look for `ENV["DATABASE_PASSWORD"]` on the machine running MRSK. Just like with build secrets.
-
-If the referenced secret ENVs are missing, the configuration will be halted with a `KeyError` exception.
-
-Note: Marking an ENV as secret currently only redacts its value in the output for MRSK. The ENV is still injected in the clear into the container at runtime.
-
-### Using volumes
-
-You can add custom volumes into the app containers using `volumes`:
-
-```yaml
-volumes:
-  - "/local/path:/container/path"
-```
-
-### MRSK env variables
-
-The following env variables are set when your container runs:
-
-`MRSK_CONTAINER_NAME` : this contains the current container name and version
-
-### Using different roles for servers
-
-If your application uses separate hosts for running jobs or other roles beyond the default web running, you can specify these hosts in a dedicated role with a new entrypoint command like so:
-
-```yaml
-servers:
-  web:
-    - 192.168.0.1
-    - 192.168.0.2
-  job:
-    hosts:
-      - 192.168.0.3
-      - 192.168.0.4
-    cmd: bin/jobs
-```
-
-Note: Traefik will only by default be installed and run on the servers in the `web` role (and on all servers if no roles are defined). If you need Traefik on hosts in other roles than `web`, add `traefik: true`:
-
-```yaml
-servers:
-  web:
-    - 192.168.0.1
-    - 192.168.0.2
-  web2:
-    traefik: true
-    hosts:
-      - 192.168.0.3
-      - 192.168.0.4
-```
-
-### Using container labels
-
-You can specialize the default Traefik rules by setting labels on the containers that are being started:
-
-```yaml
-labels:
-  traefik.http.routers.hey-web.rule: Host(`app.hey.com`)
-```
-Traefik rules are in the "service-role-destination" format. The default role will be `web` if no rule is specified. If the destination is not specified, it is not included. To give an example, the above rule would become "traefik.http.routers.hey-web.rule" if it was for the "staging" destination.
-
-Note: The backticks are needed to ensure the rule is passed in correctly and not treated as command substitution by Bash!
-
-This allows you to run multiple applications on the same server sharing the same Traefik instance and port.
-See https://doc.traefik.io/traefik/routing/routers/#rule for a full list of available routing rules.
-
-The labels can also be applied on a per-role basis:
-
-```yaml
-servers:
-  web:
-    - 192.168.0.1
-    - 192.168.0.2
-  job:
-    hosts:
-      - 192.168.0.3
-      - 192.168.0.4
-    cmd: bin/jobs
-    labels:
-      my-label: "50"
-```
-
-### Using container options
-
-You can specialize the options used to start containers using the `options` definitions:
-
-```yaml
-servers:
-  web:
-    - 192.168.0.1
-    - 192.168.0.2
-  job:
-    hosts:
-      - 192.168.0.3
-      - 192.168.0.4
-    cmd: bin/jobs
-    options:
-      cap-add: true
-      cpu-count: 4
-```
-
-That'll start the job containers with `docker run ... --cap-add --cpu-count 4 ...`.
-
-### Configuring logging
-
-You can configure the logging driver and options passed to Docker using `logging`:
-
-```yaml
-logging:
-  driver: awslogs
-  options:
-    awslogs-region: "eu-central-2"
-    awslogs-group: "my-app"
-```
-
-If nothing is configured, the default option `max-size=10m` is used for all containers. The default logging driver of Docker is `json-file`.
-
-### Using a different stop wait time
-
-On a new deploy, each old running container is gracefully shut down with a `SIGTERM`, and after a grace period of `10` seconds a `SIGKILL` is sent.
-You can configure this value via the `stop_wait_time` option:
-
-```yaml
-stop_wait_time: 30
-```
-
-### Using remote builder for native multi-arch
-
-If you're developing on ARM64 (like Apple Silicon), but you want to deploy on AMD64 (x86 64-bit), you can use multi-architecture images. By default, MRSK will setup a local buildx configuration that does this through QEMU emulation. But this can be quite slow, especially on the first build.
-
-If you want to speed up this process by using a remote AMD64 host to natively build the AMD64 part of the image, while natively building the ARM64 part locally, you can do so using builder options:
-
-```yaml
-builder:
-  local:
-    arch: arm64
-    host: unix:///Users/<%= `whoami`.strip %>/.docker/run/docker.sock
-  remote:
-    arch: amd64
-    host: ssh://root@192.168.0.1
-```
-
-Note: You must have Docker running on the remote host being used as a builder. This instance should only be shared for builds using the same registry and credentials.
-
-### Using remote builder for single-arch
-
-If you're developing on ARM64 (like Apple Silicon), want to deploy on AMD64 (x86 64-bit), but don't need to run the image locally (or on other ARM64 hosts), you can configure a remote builder that just targets AMD64. This is a bit faster than building with multi-arch, as there's nothing to build locally.
-
-```yaml
-builder:
-  remote:
-    arch: amd64
-    host: ssh://root@192.168.0.1
-```
-
-### Using native builder when multi-arch isn't needed
-
-If you're developing on the same architecture as the one you're deploying on, you can speed up the build by forgoing both multi-arch and remote building:
-
-```yaml
-builder:
-  multiarch: false
-```
-
-This is also a good option if you're running MRSK from a CI server that shares architecture with the deployment servers.
-
-### Using a different Dockerfile or context when building
-
-If you need to pass a different Dockerfile or context to the build command (e.g. if you're using a monorepo or you have
-different Dockerfiles), you can do so in the builder options:
-
-```yaml
-# Use a different Dockerfile
-builder:
-  dockerfile: Dockerfile.xyz
-
-# Set context
-builder:
-  context: ".."
-
-# Set Dockerfile and context
-builder:
-  dockerfile: "../Dockerfile.xyz"
-  context: ".."
-```
-
-### Using build secrets for new images
-
-Some images need a secret passed in during build time, like a GITHUB_TOKEN, to give access to private gem repositories. This can be done by having the secret in ENV, then referencing it in the builder configuration:
-
-```yaml
-builder:
-  secrets:
-    - GITHUB_TOKEN
-```
-
-This build secret can then be referenced in the Dockerfile:
-
-```dockerfile
-# Copy Gemfiles
-COPY Gemfile Gemfile.lock ./
-
-# Install dependencies, including private repositories via access token (then remove bundle cache with exposed GITHUB_TOKEN)
-RUN --mount=type=secret,id=GITHUB_TOKEN \
-  BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
-  bundle install && \
-  rm -rf /usr/local/bundle/cache
-```
-
-### Traefik command arguments
-
-Customize the Traefik command line using `args`:
-
-```yaml
-traefik:
-  args:
-    accesslog: true
-    accesslog.format: json
-```
-
-This starts the Traefik container with `--accesslog=true --accesslog.format=json` arguments.
-
-### Traefik host port binding
-
-Traefik binds to port 80 by default. Specify an alternative port using `host_port`:
-
-```yaml
-traefik:
-  host_port: 8080
-```
-
-### Traefik version, upgrades, and custom images
-
-MRSK runs the traefik:v2.9 image to track Traefik 2.9.x releases.
-
-To pin Traefik to a specific version or an image published to your registry,
-specify `image`:
-
-```yaml
-traefik:
-  image: traefik:v2.10.0-rc1
-```
-
-This is useful for downgrading Traefik if there's an unexpected breaking
-change in a minor version release, upgrading Traefik to test forthcoming
-releases, or running your own Traefik-derived image.
-
-MRSK has not been tested for compatibility with Traefik 3 betas. Please do!
-
-### Traefik container configuration
-
-Pass additional Docker configuration for the Traefik container using `options`:
-
-```yaml
-traefik:
-  options:
-    publish:
-      - 8080:8080
-    volumes:
-      - /tmp/example.json:/tmp/example.json
-    memory: 512m
-```
-
-This starts the Traefik container with `--volume /tmp/example.json:/tmp/example.json --publish 8080:8080 --memory 512m` arguments to `docker run`.
-
-### Traefik container lables
-
-Add labels to Traefik Docker container.
-
-```yaml
-traefik:
-  lables:
-    - traefik.enable: true
-    - traefik.http.routers.dashboard.rule: Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
-    - traefik.http.routers.dashboard.service: api@internal
-    - traefik.http.routers.dashboard.middlewares: auth
-    - traefik.http.middlewares.auth.basicauth.users: test:$2y$05$H2o72tMaO.TwY1wNQUV1K.fhjRgLHRDWohFvUZOJHBEtUXNKrqUKi # test:password
-```
-
-This labels Traefik container with `--label traefik.http.routers.dashboard.middlewares=\"auth\"` and so on.
-
-### Traefik alternate entrypoints
-
-You can configure multiple entrypoints for Traefik like so:
-
-```yaml
-service: myservice
-
-labels:
-  traefik.tcp.routers.other.rule: 'HostSNI(`*`)'
-  traefik.tcp.routers.other.entrypoints: otherentrypoint
-  traefik.tcp.services.other.loadbalancer.server.port: 9000
-  traefik.http.routers.myservice.entrypoints: web
-  traefik.http.services.myservice.loadbalancer.server.port: 8080
-
-traefik:
-  options:
-    publish:
-      - 9000:9000
-  args:
-    entrypoints.web.address: ':80'
-    entrypoints.otherentrypoint.address: ':9000'
-```
-
-### Configuring build args for new images
-
-Build arguments that aren't secret can also be configured:
-
-```yaml
-builder:
-  args:
-    RUBY_VERSION: 3.2.0
-```
-
-This build argument can then be used in the Dockerfile:
-
-```
-ARG RUBY_VERSION
-FROM ruby:$RUBY_VERSION-slim as base
-```
-
-### Using accessories for database, cache, search services
-
-You can manage your accessory services via MRSK as well. Accessories are long-lived services that your app depends on. They are not updated when you deploy.
-
-```yaml
-accessories:
-  mysql:
-    image: mysql:5.7
-    host: 1.1.1.3
-    port: 3306
-    env:
-      clear:
-        MYSQL_ROOT_HOST: '%'
-      secret:
-        - MYSQL_ROOT_PASSWORD
-    volumes:
-      - /var/lib/mysql:/var/lib/mysql
-    options:
-      cpus: 4
-      memory: "2GB"
-  redis:
-    image: redis:latest
-    roles:
-      - web
-    port: "36379:6379"
-    volumes:
-      - /var/lib/redis:/data
-  internal-example:
-    image: registry.digitalocean.com/user/otherservice:latest
-    host: 1.1.1.5
-    port: 44444
-```
-
-The hosts that the accessories will run on can be specified by hosts or roles:
-
-```yaml
-  # Single host
-  mysql:
-    host: 1.1.1.1
-  # Multiple hosts
-  redis:
-    hosts:
-      - 1.1.1.1
-      - 1.1.1.2
-  # By role
-  monitoring:
-    roles:
-      - web
-      - jobs
-```
-
-Now run `mrsk accessory start mysql` to start the MySQL server on 1.1.1.3. See `mrsk accessory` for all the commands possible.
-
-Accessory images must be public or tagged in your private registry.
-
-### Using Cron
-
-You can use a specific container to run your Cron jobs:
-
-```yaml
-servers:
-  cron:
-    hosts:
-      - 192.168.0.1
-    cmd:
-      bash -c "cat config/crontab | crontab - && cron -f"
-```
-
-This assumes the Cron settings are stored in `config/crontab`.
-
-### Using audit broadcasts
-
-If you'd like to broadcast audits of deploys, rollbacks, etc to a chatroom or elsewhere, you can configure the `audit_broadcast_cmd` setting with the path to a bin file that will be passed the audit line as the first argument:
-
-```yaml
-audit_broadcast_cmd:
-  bin/audit_broadcast
-```
-
-The broadcast command could look something like:
-
-```bash
-#!/usr/bin/env bash
-curl -q -d content="[My App] ${1}" https://3.basecamp.com/XXXXX/integrations/XXXXX/buckets/XXXXX/chats/XXXXX/lines
-```
-
-That'll post a line like follows to a preconfigured chatbot in Basecamp:
-
-```
-[My App] [dhh] Rolled back to version d264c4e92470ad1bd18590f04466787262f605de
-```
-
-### Custom healthcheck
-
-MRSK defaults to checking the health of your application again `/up` on port 3000 up to 7 times. You can tailor the behaviour with the `healthcheck` setting:
-
-```yaml
-healthcheck:
-  path: /healthz
-  port: 4000
-  max_attempts: 7
-```
-
-This will ensure your application is configured with a traefik label for the healthcheck against `/healthz` and that the pre-deploy healthcheck that MRSK performs is done against the same path on port 4000.
-
-The healthcheck also allows for an optional `max_attempts` setting, which will attempt the healthcheck up to the specified number of times before failing the deploy. This is useful for applications that take a while to start up. The default is 7.
-
-## Commands
-
-### Running commands on servers
-
-You can execute one-off commands on the servers:
-
-```bash
-# Runs command on all servers
-mrsk app exec 'ruby -v'
-App Host: 192.168.0.1
-ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
-
-App Host: 192.168.0.2
-ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
-
-# Runs command on primary server
-mrsk app exec --primary 'cat .ruby-version'
-App Host: 192.168.0.1
-3.1.3
-
-# Runs Rails command on all servers
-mrsk app exec 'bin/rails about'
-App Host: 192.168.0.1
-About your application's environment
-Rails version             7.1.0.alpha
-Ruby version              ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
-RubyGems version          3.3.26
-Rack version              2.2.5
-Middleware                ActionDispatch::HostAuthorization, Rack::Sendfile, ActionDispatch::Static, ActionDispatch::Executor, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, ActionDispatch::RemoteIp, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::Callbacks, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ContentSecurityPolicy::Middleware, ActionDispatch::PermissionsPolicy::Middleware, Rack::Head, Rack::ConditionalGet, Rack::ETag, Rack::TempfileReaper
-Application root          /rails
-Environment               production
-Database adapter          sqlite3
-Database schema version   20221231233303
-
-App Host: 192.168.0.2
-About your application's environment
-Rails version             7.1.0.alpha
-Ruby version              ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
-RubyGems version          3.3.26
-Rack version              2.2.5
-Middleware                ActionDispatch::HostAuthorization, Rack::Sendfile, ActionDispatch::Static, ActionDispatch::Executor, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, ActionDispatch::RemoteIp, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::Callbacks, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ContentSecurityPolicy::Middleware, ActionDispatch::PermissionsPolicy::Middleware, Rack::Head, Rack::ConditionalGet, Rack::ETag, Rack::TempfileReaper
-Application root          /rails
-Environment               production
-Database adapter          sqlite3
-Database schema version   20221231233303
-
-# Run Rails runner on primary server
-mrsk app exec -p 'bin/rails runner "puts Rails.application.config.time_zone"'
-UTC
-```
-
-### Running interactive commands over SSH
-
-You can run interactive commands, like a Rails console or a bash session, on a server (default is primary, use `--hosts` to connect to another):
-
-```bash
-# Starts a bash session in a new container made from the most recent app image
-mrsk app exec -i bash
-
-# Starts a bash session in the currently running container for the app
-mrsk app exec -i --reuse bash
-
-# Starts a Rails console in a new container made from the most recent app image
-mrsk app exec -i 'bin/rails console'
-```
-
-
-### Running details to show state of containers
-
-You can see the state of your servers by running `mrsk details`:
-
-```
-Traefik Host: 192.168.0.1
-CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                               NAMES
-6195b2a28c81   traefik   "/entrypoint.sh --pr…"   30 minutes ago   Up 19 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   traefik
-
-Traefik Host: 192.168.0.2
-CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                               NAMES
-de14a335d152   traefik   "/entrypoint.sh --pr…"   30 minutes ago   Up 19 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   traefik
-
-App Host: 192.168.0.1
-CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS          PORTS      NAMES
-badb1aa51db3   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   13 minutes ago   Up 13 minutes   3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
-
-App Host: 192.168.0.2
-CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS          PORTS      NAMES
-1d3c91ed1f55   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   13 minutes ago   Up 13 minutes   3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
-```
-
-You can also see just info for app containers with `mrsk app details` or just for Traefik with `mrsk traefik details`.
-
-### Running rollback to fix a bad deploy
-
-If you've discovered a bad deploy, you can quickly rollback by reactivating the old, paused container image. You can see what old containers are available for rollback by running `mrsk app containers`. It'll give you a presentation similar to `mrsk app details`, but include all the old containers as well. Showing something like this:
-
-```
-App Host: 192.168.0.1
-CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS                      PORTS      NAMES
-1d3c91ed1f51   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   19 minutes ago   Up 19 minutes               3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
-539f26b28369   registry.digitalocean.com/user/app:e5d9d7c2b898289dfbc5f7f1334140d984eedae4   "/rails/bin/docker-e…"   31 minutes ago   Exited (1) 27 minutes ago              chat-e5d9d7c2b898289dfbc5f7f1334140d984eedae4
-
-App Host: 192.168.0.2
-CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS                      PORTS      NAMES
-badb1aa51db4   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   19 minutes ago   Up 19 minutes               3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
-6f170d1172ae   registry.digitalocean.com/user/app:e5d9d7c2b898289dfbc5f7f1334140d984eedae4   "/rails/bin/docker-e…"   31 minutes ago   Exited (1) 27 minutes ago              chat-e5d9d7c2b898289dfbc5f7f1334140d984eedae4
-```
-
-From the example above, we can see that `e5d9d7c2b898289dfbc5f7f1334140d984eedae4` was the last version, so it's available as a rollback target. We can perform this rollback by running `mrsk rollback e5d9d7c2b898289dfbc5f7f1334140d984eedae4`. That'll stop `6ef8a6a84c525b123c5245345a8483f86d05a123` and then start `e5d9d7c2b898289dfbc5f7f1334140d984eedae4`. Because the old container is still available, this is very quick. Nothing to download from the registry.
-
-Note that by default old containers are pruned after 3 days when you run `mrsk deploy`.
-
-### Running removal to clean up servers
-
-If you wish to remove the entire application, including Traefik, containers, images, and registry session, you can run `mrsk remove`. This will leave the servers clean.
-
-## Locking
-
-Commands that are unsafe to run concurrently will take a deploy lock while they run. The lock is the `mrsk_lock` directory on the primary server.
-
-You can check the lock status with:
-
-```
-mrsk lock status
-
-Locked by: AN Other at 2023-03-24 09:49:03 UTC
-Version: 77f45c0686811c68989d6576748475a60bf53fc2
-Message: Automatic deploy lock
-```
-
-You can also manually acquire and release the lock
-
-```
-mrsk lock acquire -m "Doing maintanence"
-```
-
-```
-mrsk lock release
-```
-
-## Stage of development
-
-This is beta software. Commands may still move around. But we're live in production at [37signals](https://37signals.com).
+Please help us improve Kamal's documentation on the [the basecamp/kamal-site repository](https://github.com/basecamp/kamal-site).

 ## License

-MRSK is released under the [MIT License](https://opensource.org/licenses/MIT).
+Kamal is released under the [MIT License](https://opensource.org/licenses/MIT).
--- a/bin/docs
+++ b/bin/docs
@@ -0,0 +1,141 @@
+#!/usr/bin/env ruby
+require "stringio"
+
+def usage
+  puts "Usage: #{$0} <kamal_site_repo>"
+  exit 1
+end
+
+usage if ARGV.size != 1
+
+kamal_site_repo = ARGV[0]
+
+if !File.directory?(kamal_site_repo)
+  puts "Error: #{kamal_site_repo} is not a directory"
+  exit 1
+end
+
+DOCS = {
+  "accessory" => "Accessories",
+  "alias" => "Aliases",
+  "boot" => "Booting",
+  "builder" => "Builders",
+  "configuration" => "Configuration overview",
+  "env" => "Environment variables",
+  "logging" => "Logging",
+  "proxy" => "Proxy",
+  "registry" => "Docker Registry",
+  "role" => "Roles",
+  "servers" => "Servers",
+  "ssh" => "SSH",
+  "sshkit" => "SSHKit"
+}
+DOCS_PATH = "lib/kamal/configuration/docs"
+
+class DocWriter
+  attr_reader :from_file, :to_file, :key, :heading, :body, :output, :in_yaml
+
+  def initialize(from_file, to_dir)
+    @from_file = from_file
+    @key = File.basename(from_file, ".yml")
+    @to_file = File.join(to_dir, "#{linkify(DOCS[key])}.md")
+    @body = File.readlines(from_file)
+    @heading = body.shift.chomp("\n")
+    @output = nil
+  end
+
+  def write
+    puts "Writing #{to_file}"
+    generate_markdown
+    File.write(to_file, output.string)
+  end
+
+  private
+    def generate_markdown
+      @output = StringIO.new
+
+      generate_header
+
+      place = :in_section
+
+      loop do
+        line = body.shift&.chomp("\n")
+        break if line.nil?
+
+        case place
+        when :new_section, :in_section
+          if line.empty?
+            output.puts
+            place = :new_section
+          elsif line =~ /^ *#/
+            generate_line(line, heading: place == :new_section)
+            place = :in_section
+          else
+            output.puts
+            output.puts "```yaml"
+            output.puts line
+            place = :in_yaml
+          end
+        when :in_yaml, :in_empty_line_yaml
+          if line =~ /^ *#/
+            output.puts "```"
+            output.puts
+            generate_line(line, heading: place == :in_empty_line_yaml)
+            place = :in_section
+          elsif line.empty?
+            place = :in_empty_line_yaml
+          else
+            output.puts line
+          end
+        end
+      end
+
+      output.puts "```" if place == :in_yaml
+    end
+
+    def generate_header
+      output.puts "---"
+      output.puts "# This file has been generated from the Kamal source, do not edit directly."
+      output.puts "# Find the source of this file at #{DOCS_PATH}/#{key}.yml in the Kamal repository."
+      output.puts "title: #{heading[2..-1]}"
+      output.puts "---"
+      output.puts
+      output.puts heading
+    end
+
+    def generate_line(line, heading: false)
+      line = line.gsub(/^ *#\s?/, "")
+
+      if line =~ /(.*)kamal docs ([a-z]*)(.*)/
+        line = "#{$1}[#{DOCS[$2]}](../#{linkify(DOCS[$2])})#{$3}"
+      end
+
+      if line =~ /(.*)https:\/\/kamal-deploy.org([a-z\/-]*)(.*)/
+        line = "#{$1}[#{titlify($2.split("/").last)}](#{$2})#{$3}"
+      end
+
+      if heading
+        output.puts "## [#{line}](##{linkify(line)})"
+      else
+        output.puts line
+      end
+    end
+
+    def linkify(text)
+      if text == "Configuration overview"
+        "overview"
+      else
+        text.downcase.gsub(" ", "-")
+      end
+    end
+
+    def titlify(text)
+      text.capitalize.gsub("-", " ")
+    end
+end
+
+from_dir = File.join(File.dirname(__FILE__), "../#{DOCS_PATH}")
+to_dir = File.join(kamal_site_repo, "docs/configuration")
+Dir.glob("#{from_dir}/*") do |from_file|
+  DocWriter.new(from_file, to_dir).write
+end
--- a/bin/kamal
+++ b/bin/kamal
@@ -3,12 +3,12 @@
 # Prevent failures from being reported twice.
 Thread.report_on_exception = false

-require "mrsk"
+require "kamal"

 begin
-  Mrsk::Cli::Main.start(ARGV)
+  Kamal::Cli::Main.start(ARGV)
 rescue SSHKit::Runner::ExecuteError => e
-  puts "  \e[31mERROR (#{e.cause.class}): #{e.cause.message}\e[0m"
+  puts "  \e[31mERROR (#{e.cause.class}): #{e.message}\e[0m"
  puts e.cause.backtrace if ENV["VERBOSE"]
  exit 1
 rescue => e
--- a/bin/release
+++ b/bin/release
@@ -2,13 +2,13 @@

 VERSION=$1

-printf "module Mrsk\n  VERSION = \"$VERSION\"\nend\n" > ./lib/mrsk/version.rb
+printf "module Kamal\n  VERSION = \"$VERSION\"\nend\n" > ./lib/kamal/version.rb
 bundle
-git add Gemfile.lock lib/mrsk/version.rb
+git add Gemfile.lock lib/kamal/version.rb
 git commit -m "Bump version for $VERSION"
 git push
 git tag v$VERSION
 git push --tags
-gem build mrsk.gemspec
-gem push "mrsk-$VERSION.gem" --host https://rubygems.org
-rm "mrsk-$VERSION.gem"
+gem build kamal.gemspec
+gem push "kamal-$VERSION.gem" --host https://rubygems.org
+rm "kamal-$VERSION.gem"
--- a/kamal.gemspec
+++ b/kamal.gemspec
@@ -1,25 +1,26 @@
-require_relative "lib/mrsk/version"
+require_relative "lib/kamal/version"

 Gem::Specification.new do |spec|
-  spec.name        = "mrsk"
-  spec.version     = Mrsk::VERSION
+  spec.name        = "kamal"
+  spec.version     = Kamal::VERSION
  spec.authors     = [ "David Heinemeier Hansson" ]
  spec.email       = "dhh@hey.com"
-  spec.homepage    = "https://github.com/rails/mrsk"
+  spec.homepage    = "https://github.com/basecamp/kamal"
  spec.summary     = "Deploy web apps in containers to servers running Docker with zero downtime."
  spec.license     = "MIT"
-
  spec.files = Dir["lib/**/*", "MIT-LICENSE", "README.md"]
-  spec.executables = %w[ mrsk ]
+  spec.executables = %w[ kamal ]

  spec.add_dependency "activesupport", ">= 7.0"
-  spec.add_dependency "sshkit", "~> 1.21"
-  spec.add_dependency "net-ssh", "~> 7.0"
-  spec.add_dependency "thor", "~> 1.2"
-  spec.add_dependency "dotenv", "~> 2.8"
-  spec.add_dependency "zeitwerk", "~> 2.5"
+  spec.add_dependency "sshkit", ">= 1.23.0", "< 2.0"
+  spec.add_dependency "net-ssh", "~> 7.3"
+  spec.add_dependency "thor", "~> 1.3"
+  spec.add_dependency "dotenv", "~> 3.1"
+  spec.add_dependency "zeitwerk", ">= 2.6.18", "< 3.0"
  spec.add_dependency "ed25519", "~> 1.2"
  spec.add_dependency "bcrypt_pbkdf", "~> 1.0"
+  spec.add_dependency "concurrent-ruby", "~> 1.2"
+  spec.add_dependency "base64", "~> 0.2"

  spec.add_development_dependency "debug"
  spec.add_development_dependency "mocha"
--- a/lib/kamal.rb
+++ b/lib/kamal.rb
@@ -0,0 +1,14 @@
+module Kamal
+  class ConfigurationError < StandardError; end
+end
+
+require "active_support"
+require "zeitwerk"
+require "yaml"
+require "tmpdir"
+require "pathname"
+
+loader = Zeitwerk::Loader.for_gem
+loader.ignore(File.join(__dir__, "kamal", "sshkit_with_ext.rb"))
+loader.setup
+loader.eager_load_namespace(Kamal::Cli) # We need all commands loaded.
--- a/lib/kamal/cli.rb
+++ b/lib/kamal/cli.rb
@@ -0,0 +1,9 @@
+module Kamal::Cli
+  class BootError < StandardError; end
+  class HookError < StandardError; end
+  class LockError < StandardError; end
+  class DependencyError < StandardError; end
+end
+
+# SSHKit uses instance eval, so we need a global const for ergonomics
+KAMAL = Kamal::Commander.new
--- a/lib/kamal/cli/accessory.rb
+++ b/lib/kamal/cli/accessory.rb
@@ -0,0 +1,302 @@
+require "active_support/core_ext/array/conversions"
+
+class Kamal::Cli::Accessory < Kamal::Cli::Base
+  desc "boot [NAME]", "Boot new accessory service on host (use NAME=all to boot all accessories)"
+  def boot(name, prepare: true)
+    with_lock do
+      if name == "all"
+        KAMAL.accessory_names.each { |accessory_name| boot(accessory_name) }
+      else
+        prepare(name) if prepare
+
+        with_accessory(name) do |accessory, hosts|
+          directories(name)
+          upload(name)
+
+          on(hosts) do
+            execute *KAMAL.auditor.record("Booted #{name} accessory"), verbosity: :debug
+            execute *accessory.ensure_env_directory
+            upload! accessory.secrets_io, accessory.secrets_path, mode: "0600"
+            execute *accessory.run
+
+            if accessory.running_proxy?
+              target = capture_with_info(*accessory.container_id_for(container_name: accessory.service_name, only_running: true)).strip
+              execute *accessory.deploy(target: target)
+            end
+          end
+        end
+      end
+    end
+  end
+
+  desc "upload [NAME]", "Upload accessory files to host", hide: true
+  def upload(name)
+    with_lock do
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) do
+          accessory.files.each do |(local, remote)|
+            accessory.ensure_local_file_present(local)
+
+            execute *accessory.make_directory_for(remote)
+            upload! local, remote
+            execute :chmod, "755", remote
+          end
+        end
+      end
+    end
+  end
+
+  desc "directories [NAME]", "Create accessory directories on host", hide: true
+  def directories(name)
+    with_lock do
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) do
+          accessory.directories.keys.each do |host_path|
+            execute *accessory.make_directory(host_path)
+          end
+        end
+      end
+    end
+  end
+
+  desc "reboot [NAME]", "Reboot existing accessory on host (stop container, remove container, start new container; use NAME=all to boot all accessories)"
+  def reboot(name)
+    with_lock do
+      if name == "all"
+        KAMAL.accessory_names.each { |accessory_name| reboot(accessory_name) }
+      else
+        prepare(name)
+        stop(name)
+        remove_container(name)
+        boot(name, prepare: false)
+      end
+    end
+  end
+
+  desc "start [NAME]", "Start existing accessory container on host"
+  def start(name)
+    with_lock do
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) do
+          execute *KAMAL.auditor.record("Started #{name} accessory"), verbosity: :debug
+          execute *accessory.start
+          if accessory.running_proxy?
+            target = capture_with_info(*accessory.container_id_for(container_name: accessory.service_name, only_running: true)).strip
+            execute *accessory.deploy(target: target)
+          end
+        end
+      end
+    end
+  end
+
+  desc "stop [NAME]", "Stop existing accessory container on host"
+  def stop(name)
+    with_lock do
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) do
+          execute *KAMAL.auditor.record("Stopped #{name} accessory"), verbosity: :debug
+          execute *accessory.stop, raise_on_non_zero_exit: false
+
+          if accessory.running_proxy?
+            target = capture_with_info(*accessory.container_id_for(container_name: accessory.service_name, only_running: true)).strip
+            execute *accessory.remove if target
+          end
+        end
+      end
+    end
+  end
+
+  desc "restart [NAME]", "Restart existing accessory container on host"
+  def restart(name)
+    with_lock do
+      stop(name)
+      start(name)
+    end
+  end
+
+  desc "details [NAME]", "Show details about accessory on host (use NAME=all to show all accessories)"
+  def details(name)
+    if name == "all"
+      KAMAL.accessory_names.each { |accessory_name| details(accessory_name) }
+    else
+      type = "Accessory #{name}"
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) { puts_by_host host, capture_with_info(*accessory.info), type: type }
+      end
+    end
+  end
+
+  desc "exec [NAME] [CMD...]", "Execute a custom command on servers within the accessory container (use --help to show options)"
+  option :interactive, aliases: "-i", type: :boolean, default: false, desc: "Execute command over ssh for an interactive shell (use for console/bash)"
+  option :reuse, type: :boolean, default: false, desc: "Reuse currently running container instead of starting a new one"
+  def exec(name, *cmd)
+    cmd = Kamal::Utils.join_commands(cmd)
+    with_accessory(name) do |accessory, hosts|
+      case
+      when options[:interactive] && options[:reuse]
+        say "Launching interactive command via SSH from existing container...", :magenta
+        run_locally { exec accessory.execute_in_existing_container_over_ssh(cmd) }
+
+      when options[:interactive]
+        say "Launching interactive command via SSH from new container...", :magenta
+        run_locally { exec accessory.execute_in_new_container_over_ssh(cmd) }
+
+      when options[:reuse]
+        say "Launching command from existing container...", :magenta
+        on(hosts) do |host|
+          execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
+          puts_by_host host, capture_with_info(*accessory.execute_in_existing_container(cmd))
+        end
+
+      else
+        say "Launching command from new container...", :magenta
+        on(hosts) do |host|
+          execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
+          puts_by_host host, capture_with_info(*accessory.execute_in_new_container(cmd))
+        end
+      end
+    end
+  end
+
+  desc "logs [NAME]", "Show log lines from accessory on host (use --help to show options)"
+  option :since, aliases: "-s", desc: "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
+  option :lines, type: :numeric, aliases: "-n", desc: "Number of log lines to pull from each server"
+  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
+  option :grep_options, desc: "Additional options supplied to grep"
+  option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
+  option :skip_timestamps, type: :boolean, aliases: "-T", desc: "Skip appending timestamps to logging output"
+  def logs(name)
+    with_accessory(name) do |accessory, hosts|
+      grep = options[:grep]
+      grep_options = options[:grep_options]
+      timestamps = !options[:skip_timestamps]
+
+      if options[:follow]
+        run_locally do
+          info "Following logs on #{hosts}..."
+          info accessory.follow_logs(timestamps: timestamps, grep: grep, grep_options: grep_options)
+          exec accessory.follow_logs(timestamps: timestamps, grep: grep, grep_options: grep_options)
+        end
+      else
+        since = options[:since]
+        lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
+
+        on(hosts) do
+          puts capture_with_info(*accessory.logs(timestamps: timestamps, since: since, lines: lines, grep: grep, grep_options: grep_options))
+        end
+      end
+    end
+  end
+
+  desc "remove [NAME]", "Remove accessory container, image and data directory from host (use NAME=all to remove all accessories)"
+  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
+  def remove(name)
+    confirming "This will remove all containers, images and data directories for #{name}. Are you sure?" do
+      with_lock do
+        if name == "all"
+          KAMAL.accessory_names.each { |accessory_name| remove_accessory(accessory_name) }
+        else
+          remove_accessory(name)
+        end
+      end
+    end
+  end
+
+  desc "remove_container [NAME]", "Remove accessory container from host", hide: true
+  def remove_container(name)
+    with_lock do
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) do
+          execute *KAMAL.auditor.record("Remove #{name} accessory container"), verbosity: :debug
+          execute *accessory.remove_container
+        end
+      end
+    end
+  end
+
+  desc "remove_image [NAME]", "Remove accessory image from host", hide: true
+  def remove_image(name)
+    with_lock do
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) do
+          execute *KAMAL.auditor.record("Removed #{name} accessory image"), verbosity: :debug
+          execute *accessory.remove_image
+        end
+      end
+    end
+  end
+
+  desc "remove_service_directory [NAME]", "Remove accessory directory used for uploaded files and data directories from host", hide: true
+  def remove_service_directory(name)
+    with_lock do
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) do
+          execute *accessory.remove_service_directory
+        end
+      end
+    end
+  end
+
+  desc "upgrade", "Upgrade accessories from Kamal 1.x to 2.0 (restart them in 'kamal' network)"
+  option :rolling, type: :boolean, default: false, desc: "Upgrade one host at a time"
+  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
+  def upgrade(name)
+    confirming "This will restart all accessories" do
+      with_lock do
+        host_groups = options[:rolling] ? KAMAL.accessory_hosts : [ KAMAL.accessory_hosts ]
+        host_groups.each do |hosts|
+          host_list = Array(hosts).join(",")
+          KAMAL.with_specific_hosts(hosts) do
+            say "Upgrading #{name} accessories on #{host_list}...", :magenta
+            reboot name
+            say "Upgraded #{name} accessories on #{host_list}...", :magenta
+          end
+        end
+      end
+    end
+  end
+
+  private
+    def with_accessory(name)
+      if KAMAL.config.accessory(name)
+        accessory = KAMAL.accessory(name)
+        yield accessory, accessory_hosts(accessory)
+      else
+        error_on_missing_accessory(name)
+      end
+    end
+
+    def error_on_missing_accessory(name)
+      options = KAMAL.accessory_names.presence
+
+      error \
+        "No accessory by the name of '#{name}'" +
+        (options ? " (options: #{options.to_sentence})" : "")
+    end
+
+    def accessory_hosts(accessory)
+      if KAMAL.specific_hosts&.any?
+        KAMAL.specific_hosts & accessory.hosts
+      else
+        accessory.hosts
+      end
+    end
+
+    def remove_accessory(name)
+      stop(name)
+      remove_container(name)
+      remove_image(name)
+      remove_service_directory(name)
+    end
+
+    def prepare(name)
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) do
+          execute *KAMAL.registry.login(registry_config: accessory.registry)
+          execute *KAMAL.docker.create_network
+        rescue SSHKit::Command::Failed => e
+          raise unless e.message.include?("already exists")
+        end
+      end
+    end
+end
--- a/lib/kamal/cli/alias/command.rb
+++ b/lib/kamal/cli/alias/command.rb
@@ -0,0 +1,10 @@
+class Kamal::Cli::Alias::Command < Thor::DynamicCommand
+  def run(instance, args = [])
+    if (_alias = KAMAL.config.aliases[name])
+      KAMAL.reset
+      Kamal::Cli::Main.start(Shellwords.split(_alias.command) + ARGV[1..-1])
+    else
+      super
+    end
+  end
+end
--- a/lib/kamal/cli/app.rb
+++ b/lib/kamal/cli/app.rb
@@ -0,0 +1,355 @@
+class Kamal::Cli::App < Kamal::Cli::Base
+  desc "boot", "Boot app on servers (or reboot app if already running)"
+  def boot
+    with_lock do
+      say "Get most recent version available as an image...", :magenta unless options[:version]
+      using_version(version_or_latest) do |version|
+        say "Start container with version #{version} (or reboot if already running)...", :magenta
+
+        # Assets are prepared in a separate step to ensure they are on all hosts before booting
+        on(KAMAL.hosts) do
+          KAMAL.roles_on(host).each do |role|
+            Kamal::Cli::App::PrepareAssets.new(host, role, self).run
+          end
+        end
+
+        # Primary hosts and roles are returned first, so they can open the barrier
+        barrier = Kamal::Cli::Healthcheck::Barrier.new
+
+        host_boot_groups.each do |hosts|
+          host_list = Array(hosts).join(",")
+          run_hook "pre-app-boot", hosts: host_list
+
+          on(hosts) do |host|
+            KAMAL.roles_on(host).each do |role|
+              Kamal::Cli::App::Boot.new(host, role, self, version, barrier).run
+            end
+          end
+
+          run_hook "post-app-boot", hosts: host_list
+          sleep KAMAL.config.boot.wait if KAMAL.config.boot.wait
+        end
+
+        # Tag once the app booted on all hosts
+        on(KAMAL.hosts) do |host|
+          execute *KAMAL.auditor.record("Tagging #{KAMAL.config.absolute_image} as the latest image"), verbosity: :debug
+          execute *KAMAL.app.tag_latest_image
+        end
+      end
+    end
+  end
+
+  desc "start", "Start existing app container on servers"
+  def start
+    with_lock do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          app = KAMAL.app(role: role, host: host)
+          execute *KAMAL.auditor.record("Started app version #{KAMAL.config.version}"), verbosity: :debug
+          execute *app.start, raise_on_non_zero_exit: false
+
+          if role.running_proxy?
+            version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
+            endpoint = capture_with_info(*app.container_id_for_version(version)).strip
+            raise Kamal::Cli::BootError, "Failed to get endpoint for #{role} on #{host}, did the container boot?" if endpoint.empty?
+
+            execute *app.deploy(target: endpoint)
+          end
+        end
+      end
+    end
+  end
+
+  desc "stop", "Stop app container on servers"
+  def stop
+    with_lock do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          app = KAMAL.app(role: role, host: host)
+          execute *KAMAL.auditor.record("Stopped app", role: role), verbosity: :debug
+
+          if role.running_proxy?
+            version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
+            endpoint = capture_with_info(*app.container_id_for_version(version)).strip
+            if endpoint.present?
+              execute *app.remove, raise_on_non_zero_exit: false
+            end
+          end
+
+          execute *app.stop, raise_on_non_zero_exit: false
+        end
+      end
+    end
+  end
+
+  # FIXME: Drop in favor of just containers?
+  desc "details", "Show details about app containers"
+  def details
+    on(KAMAL.hosts) do |host|
+      roles = KAMAL.roles_on(host)
+
+      roles.each do |role|
+        puts_by_host host, capture_with_info(*KAMAL.app(role: role, host: host).info)
+      end
+    end
+  end
+
+  desc "exec [CMD...]", "Execute a custom command on servers within the app container (use --help to show options)"
+  option :interactive, aliases: "-i", type: :boolean, default: false, desc: "Execute command over ssh for an interactive shell (use for console/bash)"
+  option :reuse, type: :boolean, default: false, desc: "Reuse currently running container instead of starting a new one"
+  option :env, aliases: "-e", type: :hash, desc: "Set environment variables for the command"
+  option :detach, type: :boolean, default: false, desc: "Execute command in a detached container"
+  def exec(*cmd)
+    if (incompatible_options = [ :interactive, :reuse ].select { |key| options[:detach] && options[key] }.presence)
+      raise ArgumentError, "Detach is not compatible with #{incompatible_options.join(" or ")}"
+    end
+
+    cmd = Kamal::Utils.join_commands(cmd)
+    env = options[:env]
+    detach = options[:detach]
+    case
+    when options[:interactive] && options[:reuse]
+      say "Get current version of running container...", :magenta unless options[:version]
+      using_version(options[:version] || current_running_version) do |version|
+        say "Launching interactive command with version #{version} via SSH from existing container on #{KAMAL.primary_host}...", :magenta
+        run_locally { exec KAMAL.app(role: KAMAL.primary_role, host: KAMAL.primary_host).execute_in_existing_container_over_ssh(cmd, env: env) }
+      end
+
+    when options[:interactive]
+      say "Get most recent version available as an image...", :magenta unless options[:version]
+      using_version(version_or_latest) do |version|
+        say "Launching interactive command with version #{version} via SSH from new container on #{KAMAL.primary_host}...", :magenta
+        run_locally do
+          exec KAMAL.app(role: KAMAL.primary_role, host: KAMAL.primary_host).execute_in_new_container_over_ssh(cmd, env: env)
+        end
+      end
+
+    when options[:reuse]
+      say "Get current version of running container...", :magenta unless options[:version]
+      using_version(options[:version] || current_running_version) do |version|
+        say "Launching command with version #{version} from existing container...", :magenta
+
+        on(KAMAL.hosts) do |host|
+          roles = KAMAL.roles_on(host)
+
+          roles.each do |role|
+            execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on app version #{version}", role: role), verbosity: :debug
+            puts_by_host host, capture_with_info(*KAMAL.app(role: role, host: host).execute_in_existing_container(cmd, env: env))
+          end
+        end
+      end
+
+    else
+      say "Get most recent version available as an image...", :magenta unless options[:version]
+      using_version(version_or_latest) do |version|
+        say "Launching command with version #{version} from new container...", :magenta
+        on(KAMAL.hosts) do |host|
+          roles = KAMAL.roles_on(host)
+
+          roles.each do |role|
+            execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on app version #{version}"), verbosity: :debug
+            puts_by_host host, capture_with_info(*KAMAL.app(role: role, host: host).execute_in_new_container(cmd, env: env, detach: detach))
+          end
+        end
+      end
+    end
+  end
+
+  desc "containers", "Show app containers on servers"
+  def containers
+    on(KAMAL.hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.app.list_containers) }
+  end
+
+  desc "stale_containers", "Detect app stale containers"
+  option :stop, aliases: "-s", type: :boolean, default: false, desc: "Stop the stale containers found"
+  def stale_containers
+    stop = options[:stop]
+
+    with_lock_if_stopping do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          app = KAMAL.app(role: role, host: host)
+          versions = capture_with_info(*app.list_versions, raise_on_non_zero_exit: false).split("\n")
+          versions -= [ capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip ]
+
+          versions.each do |version|
+            if stop
+              puts_by_host host, "Stopping stale container for role #{role} with version #{version}"
+              execute *app.stop(version: version), raise_on_non_zero_exit: false
+            else
+              puts_by_host host,  "Detected stale container for role #{role} with version #{version} (use `kamal app stale_containers --stop` to stop)"
+            end
+          end
+        end
+      end
+    end
+  end
+
+  desc "images", "Show app images on servers"
+  def images
+    on(KAMAL.hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.app.list_images) }
+  end
+
+  desc "logs", "Show log lines from app on servers (use --help to show options)"
+  option :since, aliases: "-s", desc: "Show lines since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
+  option :lines, type: :numeric, aliases: "-n", desc: "Number of lines to show from each server"
+  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
+  option :grep_options, desc: "Additional options supplied to grep"
+  option :follow, aliases: "-f", desc: "Follow log on primary server (or specific host set by --hosts)"
+  option :skip_timestamps, type: :boolean, aliases: "-T", desc: "Skip appending timestamps to logging output"
+  option :container_id, desc: "Docker container ID to fetch logs"
+  def logs
+    # FIXME: Catch when app containers aren't running
+
+    grep = options[:grep]
+    grep_options = options[:grep_options]
+    since = options[:since]
+    container_id = options[:container_id]
+    timestamps = !options[:skip_timestamps]
+
+    if options[:follow]
+      lines = options[:lines].presence || ((since || grep) ? nil : 10) # Default to 10 lines if since or grep isn't set
+
+      run_locally do
+        info "Following logs on #{KAMAL.primary_host}..."
+
+        KAMAL.specific_roles ||= [ KAMAL.primary_role.name ]
+        role = KAMAL.roles_on(KAMAL.primary_host).first
+
+        app = KAMAL.app(role: role, host: host)
+        info app.follow_logs(host: KAMAL.primary_host, container_id: container_id, timestamps: timestamps, lines: lines, grep: grep, grep_options: grep_options)
+        exec app.follow_logs(host: KAMAL.primary_host, container_id: container_id, timestamps: timestamps, lines: lines, grep: grep, grep_options: grep_options)
+      end
+    else
+      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
+
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          begin
+            puts_by_host host, capture_with_info(*KAMAL.app(role: role, host: host).logs(container_id: container_id, timestamps: timestamps, since: since, lines: lines, grep: grep, grep_options: grep_options))
+          rescue SSHKit::Command::Failed
+            puts_by_host host, "Nothing found"
+          end
+        end
+      end
+    end
+  end
+
+  desc "remove", "Remove app containers and images from servers"
+  def remove
+    with_lock do
+      stop
+      remove_containers
+      remove_images
+      remove_app_directory
+    end
+  end
+
+  desc "remove_container [VERSION]", "Remove app container with given version from servers", hide: true
+  def remove_container(version)
+    with_lock do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          execute *KAMAL.auditor.record("Removed app container with version #{version}", role: role), verbosity: :debug
+          execute *KAMAL.app(role: role, host: host).remove_container(version: version)
+        end
+      end
+    end
+  end
+
+  desc "remove_containers", "Remove all app containers from servers", hide: true
+  def remove_containers
+    with_lock do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          execute *KAMAL.auditor.record("Removed all app containers", role: role), verbosity: :debug
+          execute *KAMAL.app(role: role, host: host).remove_containers
+        end
+      end
+    end
+  end
+
+  desc "remove_images", "Remove all app images from servers", hide: true
+  def remove_images
+    with_lock do
+      on(KAMAL.hosts) do
+        execute *KAMAL.auditor.record("Removed all app images"), verbosity: :debug
+        execute *KAMAL.app.remove_images
+      end
+    end
+  end
+
+  desc "remove_app_directory", "Remove the service directory from servers", hide: true
+  def remove_app_directory
+    with_lock do
+      on(KAMAL.hosts) do |host|
+        roles = KAMAL.roles_on(host)
+
+        roles.each do |role|
+          execute *KAMAL.auditor.record("Removed #{KAMAL.config.app_directory} on all servers", role: role), verbosity: :debug
+          execute *KAMAL.server.remove_app_directory, raise_on_non_zero_exit: false
+        end
+      end
+    end
+  end
+
+  desc "version", "Show app version currently running on servers"
+  def version
+    on(KAMAL.hosts) do |host|
+      role = KAMAL.roles_on(host).first
+      puts_by_host host, capture_with_info(*KAMAL.app(role: role, host: host).current_running_version).strip
+    end
+  end
+
+  private
+    def using_version(new_version)
+      if new_version
+        begin
+          old_version = KAMAL.config.version
+          KAMAL.config.version = new_version
+          yield new_version
+        ensure
+          KAMAL.config.version = old_version
+        end
+      else
+        yield KAMAL.config.version
+      end
+    end
+
+    def current_running_version(host: KAMAL.primary_host)
+      version = nil
+      on(host) do
+        role = KAMAL.roles_on(host).first
+        version = capture_with_info(*KAMAL.app(role: role, host: host).current_running_version).strip
+      end
+      version.presence
+    end
+
+    def version_or_latest
+      options[:version] || KAMAL.config.latest_tag
+    end
+
+    def with_lock_if_stopping
+      if options[:stop]
+        with_lock { yield }
+      else
+        yield
+      end
+    end
+
+    def host_boot_groups
+      KAMAL.config.boot.limit ? KAMAL.hosts.each_slice(KAMAL.config.boot.limit).to_a : [ KAMAL.hosts ]
+    end
+end
--- a/lib/kamal/cli/app/boot.rb
+++ b/lib/kamal/cli/app/boot.rb
@@ -0,0 +1,125 @@
+class Kamal::Cli::App::Boot
+  attr_reader :host, :role, :version, :barrier, :sshkit
+  delegate :execute, :capture_with_info, :capture_with_pretty_json, :info, :error, :upload!, to: :sshkit
+  delegate :assets?, :running_proxy?, to: :role
+
+  def initialize(host, role, sshkit, version, barrier)
+    @host = host
+    @role = role
+    @version = version
+    @barrier = barrier
+    @sshkit = sshkit
+  end
+
+  def run
+    old_version = old_version_renamed_if_clashing
+
+    wait_at_barrier if queuer?
+
+    begin
+      start_new_version
+    rescue => e
+      close_barrier if gatekeeper?
+      stop_new_version
+      raise
+    end
+
+    release_barrier if gatekeeper?
+
+    if old_version
+      stop_old_version(old_version)
+    end
+  end
+
+  private
+    def old_version_renamed_if_clashing
+      if capture_with_info(*app.container_id_for_version(version), raise_on_non_zero_exit: false).present?
+        renamed_version = "#{version}_replaced_#{SecureRandom.hex(8)}"
+        info "Renaming container #{version} to #{renamed_version} as already deployed on #{host}"
+        audit("Renaming container #{version} to #{renamed_version}")
+        execute *app.rename_container(version: version, new_version: renamed_version)
+      end
+
+      capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip.presence
+    end
+
+    def start_new_version
+      audit "Booted app version #{version}"
+      hostname = "#{host.to_s[0...51].chomp(".")}-#{SecureRandom.hex(6)}"
+
+      execute *app.ensure_env_directory
+      upload! role.secrets_io(host), role.secrets_path, mode: "0600"
+
+      execute *app.run(hostname: hostname)
+      if running_proxy?
+        endpoint = capture_with_info(*app.container_id_for_version(version)).strip
+        raise Kamal::Cli::BootError, "Failed to get endpoint for #{role} on #{host}, did the container boot?" if endpoint.empty?
+        execute *app.deploy(target: endpoint)
+      else
+        Kamal::Cli::Healthcheck::Poller.wait_for_healthy(pause_after_ready: true) { capture_with_info(*app.status(version: version)) }
+      end
+    rescue => e
+      error "Failed to boot #{role} on #{host}"
+      raise e
+    end
+
+    def stop_new_version
+      execute *app.stop(version: version), raise_on_non_zero_exit: false
+    end
+
+    def stop_old_version(version)
+      execute *app.stop(version: version), raise_on_non_zero_exit: false
+      execute *app.clean_up_assets if assets?
+    end
+
+    def release_barrier
+      if barrier.open
+        info "First #{KAMAL.primary_role} container is healthy on #{host}, booting any other roles"
+      end
+    end
+
+    def wait_at_barrier
+      info "Waiting for the first healthy #{KAMAL.primary_role} container before booting #{role} on #{host}..."
+      barrier.wait
+      info "First #{KAMAL.primary_role} container is healthy, booting #{role} on #{host}..."
+    rescue Kamal::Cli::Healthcheck::Error
+      info "First #{KAMAL.primary_role} container is unhealthy, not booting #{role} on #{host}"
+      raise
+    end
+
+    def close_barrier
+      if barrier.close
+        info "First #{KAMAL.primary_role} container is unhealthy on #{host}, not booting any other roles"
+        begin
+          error capture_with_info(*app.logs(container_id: app.container_id_for_version(version)))
+          error capture_with_info(*app.container_health_log(version: version))
+        rescue SSHKit::Command::Failed
+          error "Could not fetch logs for #{version}"
+        end
+      end
+    end
+
+    def barrier_role?
+      role == KAMAL.primary_role
+    end
+
+    def app
+      @app ||= KAMAL.app(role: role, host: host)
+    end
+
+    def auditor
+      @auditor = KAMAL.auditor(role: role)
+    end
+
+    def audit(message)
+      execute *auditor.record(message), verbosity: :debug
+    end
+
+    def gatekeeper?
+      barrier && barrier_role?
+    end
+
+    def queuer?
+      barrier && !barrier_role?
+    end
+end
--- a/lib/kamal/cli/app/prepare_assets.rb
+++ b/lib/kamal/cli/app/prepare_assets.rb
@@ -0,0 +1,24 @@
+class Kamal::Cli::App::PrepareAssets
+  attr_reader :host, :role, :sshkit
+  delegate :execute, :capture_with_info, :info, to: :sshkit
+  delegate :assets?, to: :role
+
+  def initialize(host, role, sshkit)
+    @host = host
+    @role = role
+    @sshkit = sshkit
+  end
+
+  def run
+    if assets?
+      execute *app.extract_assets
+      old_version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
+      execute *app.sync_asset_volumes(old_version: old_version)
+    end
+  end
+
+  private
+    def app
+      @app ||= KAMAL.app(role: role, host: host)
+    end
+end
--- a/lib/kamal/cli/base.rb
+++ b/lib/kamal/cli/base.rb
@@ -0,0 +1,213 @@
+require "thor"
+require "kamal/sshkit_with_ext"
+
+module Kamal::Cli
+  class Base < Thor
+    include SSHKit::DSL
+
+    def self.exit_on_failure?() true end
+    def self.dynamic_command_class() Kamal::Cli::Alias::Command end
+
+    class_option :verbose, type: :boolean, aliases: "-v", desc: "Detailed logging"
+    class_option :quiet, type: :boolean, aliases: "-q", desc: "Minimal logging"
+
+    class_option :version, desc: "Run commands against a specific app version"
+
+    class_option :primary, type: :boolean, aliases: "-p", desc: "Run commands only on primary host instead of all"
+    class_option :hosts, aliases: "-h", desc: "Run commands on these hosts instead of all (separate by comma, supports wildcards with *)"
+    class_option :roles, aliases: "-r", desc: "Run commands on these roles instead of all (separate by comma, supports wildcards with *)"
+
+    class_option :config_file, aliases: "-c", default: "config/deploy.yml", desc: "Path to config file"
+    class_option :destination, aliases: "-d", desc: "Specify destination to be used for config file (staging -> deploy.staging.yml)"
+
+    class_option :skip_hooks, aliases: "-H", type: :boolean, default: false, desc: "Don't run hooks"
+
+    def initialize(args = [], local_options = {}, config = {})
+      if config[:current_command].is_a?(Kamal::Cli::Alias::Command)
+        # When Thor generates a dynamic command, it doesn't attempt to parse the arguments.
+        # For our purposes, it means the arguments are passed in args rather than local_options.
+        super([], args, config)
+      else
+        super
+      end
+
+      initialize_commander unless KAMAL.configured?
+    end
+
+    private
+      def options_with_subcommand_class_options
+        options.merge(@_initializer.last[:class_options] || {})
+      end
+
+      def initialize_commander
+        KAMAL.tap do |commander|
+          if options[:verbose]
+            ENV["VERBOSE"] = "1" # For backtraces via cli/start
+            commander.verbosity = :debug
+          end
+
+          if options[:quiet]
+            commander.verbosity = :error
+          end
+
+          commander.configure \
+            config_file: Pathname.new(File.expand_path(options[:config_file])),
+            destination: options[:destination],
+            version: options[:version]
+
+          commander.specific_hosts    = options[:hosts]&.split(",")
+          commander.specific_roles    = options[:roles]&.split(",")
+          commander.specific_primary! if options[:primary]
+        end
+      end
+
+      def print_runtime
+        started_at = Time.now
+        yield
+        Time.now - started_at
+      ensure
+        runtime = Time.now - started_at
+        puts "  Finished all in #{sprintf("%.1f seconds", runtime)}"
+      end
+
+      def with_lock
+        if KAMAL.holding_lock?
+          yield
+        else
+          acquire_lock
+
+          begin
+            yield
+          rescue
+            begin
+              release_lock
+            rescue => e
+              say "Error releasing the deploy lock: #{e.message}", :red
+            end
+            raise
+          end
+
+          release_lock
+        end
+      end
+
+      def confirming(question)
+        return yield if options[:confirmed]
+
+        if ask(question, limited_to: %w[ y N ], default: "N") == "y"
+          yield
+        else
+          say "Aborted", :red
+        end
+      end
+
+      def acquire_lock
+        ensure_run_directory
+
+        raise_if_locked do
+          say "Acquiring the deploy lock...", :magenta
+          on(KAMAL.primary_host) { execute *KAMAL.lock.acquire("Automatic deploy lock", KAMAL.config.version), verbosity: :debug }
+        end
+
+        KAMAL.holding_lock = true
+      end
+
+      def release_lock
+        say "Releasing the deploy lock...", :magenta
+        on(KAMAL.primary_host) { execute *KAMAL.lock.release, verbosity: :debug }
+
+        KAMAL.holding_lock = false
+      end
+
+      def raise_if_locked
+        yield
+      rescue SSHKit::Runner::ExecuteError => e
+        if e.message =~ /cannot create directory/
+          say "Deploy lock already in place!", :red
+          on(KAMAL.primary_host) { puts capture_with_debug(*KAMAL.lock.status) }
+          raise LockError, "Deploy lock found. Run 'kamal lock help' for more information"
+        else
+          raise e
+        end
+      end
+
+      def run_hook(hook, **extra_details)
+        if !options[:skip_hooks] && KAMAL.hook.hook_exists?(hook)
+          details = { hosts: KAMAL.hosts.join(","), command: command, subcommand: subcommand }
+
+          say "Running the #{hook} hook...", :magenta
+          with_env KAMAL.hook.env(**details, **extra_details) do
+            run_locally do
+              execute *KAMAL.hook.run(hook)
+            end
+          rescue SSHKit::Command::Failed => e
+            raise HookError.new("Hook `#{hook}` failed:\n#{e.message}")
+          end
+        end
+      end
+
+      def on(*args, &block)
+        if !KAMAL.connected?
+          run_hook "pre-connect"
+          KAMAL.connected = true
+        end
+
+        super
+      end
+
+      def command
+        @kamal_command ||= begin
+          invocation_class, invocation_commands = *first_invocation
+          if invocation_class == Kamal::Cli::Main
+            invocation_commands[0]
+          else
+            Kamal::Cli::Main.subcommand_classes.find { |command, clazz| clazz == invocation_class }[0]
+          end
+        end
+      end
+
+      def subcommand
+        @kamal_subcommand ||= begin
+          invocation_class, invocation_commands = *first_invocation
+          invocation_commands[0] if invocation_class != Kamal::Cli::Main
+        end
+      end
+
+      def first_invocation
+        instance_variable_get("@_invocations").first
+      end
+
+      def reset_invocation(cli_class)
+        instance_variable_get("@_invocations")[cli_class].pop
+      end
+
+      def ensure_run_directory
+        on(KAMAL.hosts) do
+          execute(*KAMAL.server.ensure_run_directory)
+        end
+      end
+
+      def with_env(env)
+        current_env = ENV.to_h.dup
+        ENV.update(env)
+        yield
+      ensure
+        ENV.clear
+        ENV.update(current_env)
+      end
+
+      def ensure_docker_installed
+        run_locally do
+          begin
+            execute *KAMAL.builder.ensure_docker_installed
+          rescue SSHKit::Command::Failed => e
+            error = e.message =~ /command not found/ ?
+              "Docker is not installed locally" :
+              "Docker buildx plugin is not installed locally"
+
+            raise DependencyError, error
+          end
+        end
+      end
+  end
+end
--- a/lib/kamal/cli/build.rb
+++ b/lib/kamal/cli/build.rb
@@ -0,0 +1,184 @@
+require "uri"
+
+class Kamal::Cli::Build < Kamal::Cli::Base
+  class BuildError < StandardError; end
+
+  desc "deliver", "Build app and push app image to registry then pull image on servers"
+  def deliver
+    invoke :push
+    invoke :pull
+  end
+
+  desc "push", "Build and push app image to registry"
+  option :output, type: :string, default: "registry", banner: "export_type", desc: "Exported type for the build result, and may be any exported type supported by 'buildx --output'."
+  def push
+    cli = self
+
+    ensure_docker_installed
+    run_hook "pre-build"
+
+    uncommitted_changes = Kamal::Git.uncommitted_changes
+
+    if KAMAL.config.builder.git_clone?
+      if uncommitted_changes.present?
+        say "Building from a local git clone, so ignoring these uncommitted changes:\n #{uncommitted_changes}", :yellow
+      end
+
+      run_locally do
+        Clone.new(self).prepare
+      end
+    elsif uncommitted_changes.present?
+      say "Building with uncommitted changes:\n #{uncommitted_changes}", :yellow
+    end
+
+    with_env(KAMAL.config.builder.secrets) do
+      run_locally do
+        begin
+          execute *KAMAL.builder.inspect_builder
+        rescue SSHKit::Command::Failed => e
+          if e.message =~ /(context not found|no builder|no compatible builder|does not exist)/
+            warn "Missing compatible builder, so creating a new one first"
+            begin
+              cli.remove
+            rescue SSHKit::Command::Failed
+              raise unless e.message =~ /(context not found|no builder|does not exist)/
+            end
+            cli.create
+          else
+            raise
+          end
+        end
+
+        # Get the command here to ensure the Dir.chdir doesn't interfere with it
+        push = KAMAL.builder.push(cli.options[:output])
+
+        KAMAL.with_verbosity(:debug) do
+          Dir.chdir(KAMAL.config.builder.build_directory) { execute *push }
+        end
+      end
+    end
+  end
+
+  desc "pull", "Pull app image from registry onto servers"
+  def pull
+    if (first_hosts = mirror_hosts).any?
+      #  Pull on a single host per mirror first to seed them
+      say "Pulling image on #{first_hosts.join(", ")} to seed the #{"mirror".pluralize(first_hosts.count)}...", :magenta
+      pull_on_hosts(first_hosts)
+      say "Pulling image on remaining hosts...", :magenta
+      pull_on_hosts(KAMAL.hosts - first_hosts)
+    else
+      pull_on_hosts(KAMAL.hosts)
+    end
+  end
+
+  desc "create", "Create a build setup"
+  def create
+    if (remote_host = KAMAL.config.builder.remote)
+      connect_to_remote_host(remote_host)
+    end
+
+    run_locally do
+      begin
+        debug "Using builder: #{KAMAL.builder.name}"
+        execute *KAMAL.builder.create
+      rescue SSHKit::Command::Failed => e
+        if e.message =~ /stderr=(.*)/
+          error "Couldn't create remote builder: #{$1}"
+          false
+        else
+          raise
+        end
+      end
+    end
+  end
+
+  desc "remove", "Remove build setup"
+  def remove
+    run_locally do
+      debug "Using builder: #{KAMAL.builder.name}"
+      execute *KAMAL.builder.remove
+    end
+  end
+
+  desc "details", "Show build setup"
+  def details
+    run_locally do
+      puts "Builder: #{KAMAL.builder.name}"
+      puts capture(*KAMAL.builder.info)
+    end
+  end
+
+  desc "dev", "Build using the working directory, tag it as dirty, and push to local image store."
+  option :output, type: :string, default: "docker", banner: "export_type", desc: "Exported type for the build result, and may be any exported type supported by 'buildx --output'."
+  def dev
+    cli = self
+
+    ensure_docker_installed
+
+    docker_included_files = Set.new(Kamal::Docker.included_files)
+    git_uncommitted_files = Set.new(Kamal::Git.uncommitted_files)
+    git_untracked_files = Set.new(Kamal::Git.untracked_files)
+
+    docker_uncommitted_files = docker_included_files & git_uncommitted_files
+    if docker_uncommitted_files.any?
+      say "WARNING: Files with uncommitted changes will be present in the dev container:", :yellow
+      docker_uncommitted_files.sort.each { |f| say "  #{f}", :yellow }
+      say
+    end
+
+    docker_untracked_files = docker_included_files & git_untracked_files
+    if docker_untracked_files.any?
+      say "WARNING: Untracked files will be present in the dev container:", :yellow
+      docker_untracked_files.sort.each { |f| say "  #{f}", :yellow }
+      say
+    end
+
+    with_env(KAMAL.config.builder.secrets) do
+      run_locally do
+        build = KAMAL.builder.push(cli.options[:output], tag_as_dirty: true)
+        KAMAL.with_verbosity(:debug) do
+          execute(*build)
+        end
+      end
+    end
+  end
+
+  private
+    def connect_to_remote_host(remote_host)
+      remote_uri = URI.parse(remote_host)
+      if remote_uri.scheme == "ssh"
+        host = SSHKit::Host.new(
+          hostname: remote_uri.host,
+          ssh_options: { user: remote_uri.user, port: remote_uri.port }.compact
+        )
+        on(host, options) do
+          execute "true"
+        end
+      end
+    end
+
+    def mirror_hosts
+      if KAMAL.hosts.many?
+        mirror_hosts = Concurrent::Hash.new
+        on(KAMAL.hosts) do |host|
+          first_mirror = capture_with_info(*KAMAL.builder.first_mirror).strip.presence
+          mirror_hosts[first_mirror] ||= host.to_s if first_mirror
+        rescue SSHKit::Command::Failed => e
+          raise unless e.message =~ /error calling index: reflect: slice index out of range/
+        end
+        mirror_hosts.values
+      else
+        []
+      end
+    end
+
+    def pull_on_hosts(hosts)
+      on(hosts) do
+        execute *KAMAL.auditor.record("Pulled image with version #{KAMAL.config.version}"), verbosity: :debug
+        execute *KAMAL.builder.clean, raise_on_non_zero_exit: false
+        execute *KAMAL.builder.pull
+        execute *KAMAL.builder.validate_image
+      end
+    end
+end
--- a/lib/kamal/cli/build/clone.rb
+++ b/lib/kamal/cli/build/clone.rb
@@ -0,0 +1,61 @@
+require "uri"
+
+class Kamal::Cli::Build::Clone
+  attr_reader :sshkit
+  delegate :info, :error, :execute, :capture_with_info, to: :sshkit
+
+  def initialize(sshkit)
+    @sshkit = sshkit
+  end
+
+  def prepare
+    begin
+      clone_repo
+    rescue SSHKit::Command::Failed => e
+      if e.message =~ /already exists and is not an empty directory/
+        reset
+      else
+        raise Kamal::Cli::Build::BuildError, "Failed to clone repo: #{e.message}"
+      end
+    end
+
+    validate!
+  rescue Kamal::Cli::Build::BuildError => e
+    error "Error preparing clone: #{e.message}, deleting and retrying..."
+
+    FileUtils.rm_rf KAMAL.config.builder.clone_directory
+    clone_repo
+    validate!
+  end
+
+  private
+    def clone_repo
+      info "Cloning repo into build directory `#{KAMAL.config.builder.build_directory}`..."
+
+      FileUtils.mkdir_p KAMAL.config.builder.clone_directory
+      execute *KAMAL.builder.clone
+    end
+
+    def reset
+      info "Resetting local clone as `#{KAMAL.config.builder.build_directory}` already exists..."
+
+      KAMAL.builder.clone_reset_steps.each { |step| execute *step }
+    rescue SSHKit::Command::Failed => e
+      raise Kamal::Cli::Build::BuildError, "Failed to clone repo: #{e.message}"
+    end
+
+    def validate!
+      status = capture_with_info(*KAMAL.builder.clone_status).strip
+
+      unless status.empty?
+        raise Kamal::Cli::Build::BuildError, "Clone in #{KAMAL.config.builder.build_directory} is dirty, #{status}"
+      end
+
+      revision = capture_with_info(*KAMAL.builder.clone_revision).strip
+      if revision != Kamal::Git.revision
+        raise Kamal::Cli::Build::BuildError, "Clone in #{KAMAL.config.builder.build_directory} is not on the correct revision, expected `#{Kamal::Git.revision}` but got `#{revision}`"
+      end
+    rescue SSHKit::Command::Failed => e
+      raise Kamal::Cli::Build::BuildError, "Failed to validate clone: #{e.message}"
+    end
+end
--- a/lib/kamal/cli/healthcheck/barrier.rb
+++ b/lib/kamal/cli/healthcheck/barrier.rb
@@ -0,0 +1,33 @@
+require "concurrent/ivar"
+
+class Kamal::Cli::Healthcheck::Barrier
+  def initialize
+    @ivar = Concurrent::IVar.new
+  end
+
+  def close
+    set(false)
+  end
+
+  def open
+    set(true)
+  end
+
+  def wait
+    unless opened?
+      raise Kamal::Cli::Healthcheck::Error.new("Halted at barrier")
+    end
+  end
+
+  private
+    def opened?
+      @ivar.value
+    end
+
+    def set(value)
+      @ivar.set(value)
+      true
+    rescue Concurrent::MultipleAssignmentError
+      false
+    end
+end
--- a/lib/kamal/cli/healthcheck/error.rb
+++ b/lib/kamal/cli/healthcheck/error.rb
@@ -0,0 +1,2 @@
+class Kamal::Cli::Healthcheck::Error < StandardError
+end
--- a/lib/kamal/cli/healthcheck/poller.rb
+++ b/lib/kamal/cli/healthcheck/poller.rb
@@ -0,0 +1,42 @@
+module Kamal::Cli::Healthcheck::Poller
+  extend self
+
+  def wait_for_healthy(role, &block)
+    attempt = 1
+    timeout_at = Time.now + KAMAL.config.deploy_timeout
+    readiness_delay = KAMAL.config.readiness_delay
+
+    begin
+      status = block.call
+
+      if status == "running"
+        # Wait for the readiness delay and confirm it is still running
+        if readiness_delay > 0
+          info "Container is running, waiting for readiness delay of #{readiness_delay} seconds"
+          sleep readiness_delay
+          status = block.call
+        end
+      end
+
+      unless %w[ running healthy ].include?(status)
+        raise Kamal::Cli::Healthcheck::Error, "container not ready after #{KAMAL.config.deploy_timeout} seconds (#{status})"
+      end
+    rescue Kamal::Cli::Healthcheck::Error => e
+      time_left = timeout_at - Time.now
+      if time_left > 0
+        sleep [ attempt, time_left ].min
+        attempt += 1
+        retry
+      else
+        raise
+      end
+    end
+
+    info "Container is healthy!"
+  end
+
+  private
+    def info(message)
+      SSHKit.config.output.info(message)
+    end
+end
--- a/lib/kamal/cli/lock.rb
+++ b/lib/kamal/cli/lock.rb
@@ -1,17 +1,23 @@
-class Mrsk::Cli::Lock < Mrsk::Cli::Base
+class Kamal::Cli::Lock < Kamal::Cli::Base
  desc "status", "Report lock status"
  def status
    handle_missing_lock do
-      on(MRSK.primary_host) { puts capture_with_info(*MRSK.lock.status) }
+      on(KAMAL.primary_host) do
+        puts capture_with_debug(*KAMAL.lock.status)
+      end
    end
  end

  desc "acquire", "Acquire the deploy lock"
-  option :message, aliases: "-m", type: :string, desc: "A lock mesasge", required: true
+  option :message, aliases: "-m", type: :string, desc: "A lock message", required: true
  def acquire
    message = options[:message]
-    handle_missing_lock do
-      on(MRSK.primary_host) { execute *MRSK.lock.acquire(message, MRSK.config.version) }
+    ensure_run_directory
+
+    raise_if_locked do
+      on(KAMAL.primary_host) do
+        execute *KAMAL.lock.acquire(message, KAMAL.config.version), verbosity: :debug
+      end
      say "Acquired the deploy lock"
    end
  end
@@ -19,7 +25,9 @@ class Mrsk::Cli::Lock < Mrsk::Cli::Base
  desc "release", "Release the deploy lock"
  def release
    handle_missing_lock do
-      on(MRSK.primary_host) { execute *MRSK.lock.release }
+      on(KAMAL.primary_host) do
+        execute *KAMAL.lock.release, verbosity: :debug
+      end
      say "Released the deploy lock"
    end
  end
--- a/lib/kamal/cli/main.rb
+++ b/lib/kamal/cli/main.rb
@@ -0,0 +1,280 @@
+class Kamal::Cli::Main < Kamal::Cli::Base
+  desc "setup", "Setup all accessories, push the env, and deploy app to servers"
+  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  def setup
+    print_runtime do
+      with_lock do
+        invoke_options = deploy_options
+
+        say "Ensure Docker is installed...", :magenta
+        invoke "kamal:cli:server:bootstrap", [], invoke_options
+
+        deploy(boot_accessories: true)
+      end
+    end
+  end
+
+  desc "deploy", "Deploy app to servers"
+  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  def deploy(boot_accessories: false)
+    runtime = print_runtime do
+      invoke_options = deploy_options
+
+      say "Log into image registry...", :magenta
+      invoke "kamal:cli:registry:login", [], invoke_options.merge(skip_local: options[:skip_push])
+
+      if options[:skip_push]
+        say "Pull app image...", :magenta
+        invoke "kamal:cli:build:pull", [], invoke_options
+      else
+        say "Build and push app image...", :magenta
+        invoke "kamal:cli:build:deliver", [], invoke_options
+      end
+
+      with_lock do
+        run_hook "pre-deploy", secrets: true
+
+        say "Ensure kamal-proxy is running...", :magenta
+        invoke "kamal:cli:proxy:boot", [], invoke_options
+
+        invoke "kamal:cli:accessory:boot", [ "all" ], invoke_options if boot_accessories
+
+        say "Detect stale containers...", :magenta
+        invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
+
+        invoke "kamal:cli:app:boot", [], invoke_options
+
+        say "Prune old containers and images...", :magenta
+        invoke "kamal:cli:prune:all", [], invoke_options
+      end
+    end
+
+    run_hook "post-deploy", secrets: true, runtime: runtime.round.to_s
+  end
+
+  desc "redeploy", "Deploy app to servers without bootstrapping servers, starting kamal-proxy, pruning, and registry login"
+  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  def redeploy
+    runtime = print_runtime do
+      invoke_options = deploy_options
+
+      if options[:skip_push]
+        say "Pull app image...", :magenta
+        invoke "kamal:cli:build:pull", [], invoke_options
+      else
+        say "Build and push app image...", :magenta
+        invoke "kamal:cli:build:deliver", [], invoke_options
+      end
+
+      with_lock do
+        run_hook "pre-deploy", secrets: true
+
+        say "Detect stale containers...", :magenta
+        invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
+
+        invoke "kamal:cli:app:boot", [], invoke_options
+      end
+    end
+
+    run_hook "post-deploy", secrets: true, runtime: runtime.round.to_s
+  end
+
+  desc "rollback [VERSION]", "Rollback app to VERSION"
+  def rollback(version)
+    rolled_back = false
+    runtime = print_runtime do
+      with_lock do
+        invoke_options = deploy_options
+
+        KAMAL.config.version = version
+        old_version = nil
+
+        if container_available?(version)
+          run_hook "pre-deploy", secrets: true
+
+          invoke "kamal:cli:app:boot", [], invoke_options.merge(version: version)
+          rolled_back = true
+        else
+          say "The app version '#{version}' is not available as a container (use 'kamal app containers' for available versions)", :red
+        end
+      end
+    end
+
+    run_hook "post-deploy", secrets: true, runtime: runtime.round.to_s if rolled_back
+  end
+
+  desc "details", "Show details about all containers"
+  def details
+    invoke "kamal:cli:proxy:details"
+    invoke "kamal:cli:app:details"
+    invoke "kamal:cli:accessory:details", [ "all" ]
+  end
+
+  desc "audit", "Show audit log from servers"
+  def audit
+    on(KAMAL.hosts) do |host|
+      puts_by_host host, capture_with_info(*KAMAL.auditor.reveal)
+    end
+  end
+
+  desc "config", "Show combined config (including secrets!)"
+  def config
+    run_locally do
+      puts Kamal::Utils.redacted(KAMAL.config.to_h).to_yaml
+    end
+  end
+
+  desc "docs [SECTION]", "Show Kamal configuration documentation"
+  def docs(section = nil)
+    case section
+    when NilClass
+      puts Kamal::Configuration.validation_doc
+    else
+      puts Kamal::Configuration.const_get(section.titlecase.to_sym).validation_doc
+    end
+  rescue NameError
+    puts "No documentation found for #{section}"
+  end
+
+  desc "init", "Create config stub in config/deploy.yml and secrets stub in .kamal"
+  option :bundle, type: :boolean, default: false, desc: "Add Kamal to the Gemfile and create a bin/kamal binstub"
+  def init
+    require "fileutils"
+
+    if (deploy_file = Pathname.new(File.expand_path("config/deploy.yml"))).exist?
+      puts "Config file already exists in config/deploy.yml (remove first to create a new one)"
+    else
+      FileUtils.mkdir_p deploy_file.dirname
+      FileUtils.cp_r Pathname.new(File.expand_path("templates/deploy.yml", __dir__)), deploy_file
+      puts "Created configuration file in config/deploy.yml"
+    end
+
+    unless (secrets_file = Pathname.new(File.expand_path(".kamal/secrets"))).exist?
+      FileUtils.mkdir_p secrets_file.dirname
+      FileUtils.cp_r Pathname.new(File.expand_path("templates/secrets", __dir__)), secrets_file
+      puts "Created .kamal/secrets file"
+    end
+
+    unless (hooks_dir = Pathname.new(File.expand_path(".kamal/hooks"))).exist?
+      hooks_dir.mkpath
+      Pathname.new(File.expand_path("templates/sample_hooks", __dir__)).each_child do |sample_hook|
+        FileUtils.cp sample_hook, hooks_dir, preserve: true
+      end
+      puts "Created sample hooks in .kamal/hooks"
+    end
+
+    if options[:bundle]
+      if (binstub = Pathname.new(File.expand_path("bin/kamal"))).exist?
+        puts "Binstub already exists in bin/kamal (remove first to create a new one)"
+      else
+        puts "Adding Kamal to Gemfile and bundle..."
+        run_locally do
+          execute :bundle, :add, :kamal
+          execute :bundle, :binstubs, :kamal
+        end
+        puts "Created binstub file in bin/kamal"
+      end
+    end
+  end
+
+  desc "remove", "Remove kamal-proxy, app, accessories, and registry session from servers"
+  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
+  def remove
+    confirming "This will remove all containers and images. Are you sure?" do
+      with_lock do
+        invoke "kamal:cli:app:remove", [], options.without(:confirmed)
+        invoke "kamal:cli:proxy:remove", [], options.without(:confirmed)
+        invoke "kamal:cli:accessory:remove", [ "all" ], options
+        invoke "kamal:cli:registry:logout", [], options.without(:confirmed).merge(skip_local: true)
+      end
+    end
+  end
+
+  desc "upgrade", "Upgrade from Kamal 1.x to 2.0"
+  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
+  option :rolling, type: :boolean, default: false, desc: "Upgrade one host at a time"
+  def upgrade
+    confirming "This will replace Traefik with kamal-proxy and restart all accessories" do
+      with_lock do
+        if options[:rolling]
+          (KAMAL.hosts | KAMAL.accessory_hosts).each do |host|
+            KAMAL.with_specific_hosts(host) do
+              say "Upgrading #{host}...", :magenta
+              if KAMAL.hosts.include?(host)
+                invoke "kamal:cli:proxy:upgrade", [], options.merge(confirmed: true, rolling: false)
+                reset_invocation(Kamal::Cli::Proxy)
+              end
+              if KAMAL.accessory_hosts.include?(host)
+                invoke "kamal:cli:accessory:upgrade", [ "all" ], options.merge(confirmed: true, rolling: false)
+                reset_invocation(Kamal::Cli::Accessory)
+              end
+              say "Upgraded #{host}", :magenta
+            end
+          end
+        else
+          say "Upgrading all hosts...", :magenta
+          invoke "kamal:cli:proxy:upgrade", [], options.merge(confirmed: true)
+          invoke "kamal:cli:accessory:upgrade", [ "all" ], options.merge(confirmed: true)
+          say "Upgraded all hosts", :magenta
+        end
+      end
+    end
+  end
+
+  desc "version", "Show Kamal version"
+  def version
+    puts Kamal::VERSION
+  end
+
+  desc "accessory", "Manage accessories (db/redis/search)"
+  subcommand "accessory", Kamal::Cli::Accessory
+
+  desc "app", "Manage application"
+  subcommand "app", Kamal::Cli::App
+
+  desc "build", "Build application image"
+  subcommand "build", Kamal::Cli::Build
+
+  desc "lock", "Manage the deploy lock"
+  subcommand "lock", Kamal::Cli::Lock
+
+  desc "proxy", "Manage kamal-proxy"
+  subcommand "proxy", Kamal::Cli::Proxy
+
+  desc "prune", "Prune old application images and containers"
+  subcommand "prune", Kamal::Cli::Prune
+
+  desc "registry", "Login and -out of the image registry"
+  subcommand "registry", Kamal::Cli::Registry
+
+  desc "secrets", "Helpers for extracting secrets"
+  subcommand "secrets", Kamal::Cli::Secrets
+
+  desc "server", "Bootstrap servers with curl and Docker"
+  subcommand "server", Kamal::Cli::Server
+
+  private
+    def container_available?(version)
+      begin
+        on(KAMAL.hosts) do
+          KAMAL.roles_on(host).each do |role|
+            container_id = capture_with_info(*KAMAL.app(role: role, host: host).container_id_for_version(version))
+            raise "Container not found" unless container_id.present?
+          end
+        end
+      rescue SSHKit::Runner::ExecuteError, SSHKit::Runner::MultipleExecuteError => e
+        if e.message =~ /Container not found/
+          say "Error looking for container version #{version}: #{e.message}"
+          return false
+        else
+          raise
+        end
+      end
+
+      true
+    end
+
+    def deploy_options
+      { "version" => KAMAL.config.version }.merge(options.without("skip_push"))
+    end
+end
--- a/lib/kamal/cli/proxy.rb
+++ b/lib/kamal/cli/proxy.rb
@@ -0,0 +1,255 @@
+class Kamal::Cli::Proxy < Kamal::Cli::Base
+  desc "boot", "Boot proxy on servers"
+  def boot
+    with_lock do
+      on(KAMAL.hosts) do |host|
+        execute *KAMAL.docker.create_network
+      rescue SSHKit::Command::Failed => e
+        raise unless e.message.include?("already exists")
+      end
+
+      on(KAMAL.proxy_hosts) do |host|
+        execute *KAMAL.registry.login
+
+        version = capture_with_info(*KAMAL.proxy.version).strip.presence
+
+        if version && Kamal::Utils.older_version?(version, Kamal::Configuration::PROXY_MINIMUM_VERSION)
+          raise "kamal-proxy version #{version} is too old, run `kamal proxy reboot` in order to update to at least #{Kamal::Configuration::PROXY_MINIMUM_VERSION}"
+        end
+        execute *KAMAL.proxy.start_or_run
+      end
+    end
+  end
+
+  desc "boot_config <set|get|reset>", "Manage kamal-proxy boot configuration"
+  option :publish, type: :boolean, default: true, desc: "Publish the proxy ports on the host"
+  option :publish_host_ip, type: :string, repeatable: true, default: nil, desc: "Host IP address to bind HTTP/HTTPS traffic to. Defaults to all interfaces"
+  option :http_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTP_PORT, desc: "HTTP port to publish on the host"
+  option :https_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTPS_PORT, desc: "HTTPS port to publish on the host"
+  option :log_max_size, type: :string, default: Kamal::Configuration::PROXY_LOG_MAX_SIZE, desc: "Max size of proxy logs"
+  option :docker_options, type: :array, default: [], desc: "Docker options to pass to the proxy container", banner: "option=value option2=value2"
+  def boot_config(subcommand)
+    case subcommand
+    when "set"
+      boot_options = [
+        *(KAMAL.config.proxy_publish_args(options[:http_port], options[:https_port], options[:publish_host_ip]) if options[:publish]),
+        *(KAMAL.config.proxy_logging_args(options[:log_max_size])),
+        *options[:docker_options].map { |option| "--#{option}" }
+      ]
+
+      on(KAMAL.proxy_hosts) do |host|
+        execute(*KAMAL.proxy.ensure_proxy_directory)
+        upload! StringIO.new(boot_options.join(" ")), KAMAL.config.proxy_options_file
+      end
+    when "get"
+      on(KAMAL.proxy_hosts) do |host|
+        puts "Host #{host}: #{capture_with_info(*KAMAL.proxy.get_boot_options)}"
+      end
+    when "reset"
+      on(KAMAL.proxy_hosts) do |host|
+        execute *KAMAL.proxy.reset_boot_options
+      end
+    else
+      raise ArgumentError, "Unknown boot_config subcommand #{subcommand}"
+    end
+  end
+
+  desc "reboot", "Reboot proxy on servers (stop container, remove container, start new container)"
+  option :rolling, type: :boolean, default: false, desc: "Reboot proxy on hosts in sequence, rather than in parallel"
+  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
+  def reboot
+    confirming "This will cause a brief outage on each host. Are you sure?" do
+      with_lock do
+        host_groups = options[:rolling] ? KAMAL.proxy_hosts : [ KAMAL.proxy_hosts ]
+        host_groups.each do |hosts|
+          host_list = Array(hosts).join(",")
+          run_hook "pre-proxy-reboot", hosts: host_list
+          on(hosts) do |host|
+            execute *KAMAL.auditor.record("Rebooted proxy"), verbosity: :debug
+            execute *KAMAL.registry.login
+
+            "Stopping and removing kamal-proxy on #{host}, if running..."
+            execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
+            execute *KAMAL.proxy.remove_container
+
+            execute *KAMAL.proxy.run
+
+            KAMAL.roles_on(host).select(&:running_proxy?).each do |role|
+              app = KAMAL.app(role: role, host: host)
+
+              version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
+              endpoint = capture_with_info(*app.container_id_for_version(version)).strip
+
+              if endpoint.present?
+                info "Deploying #{endpoint} for role `#{role}` on #{host}..."
+                execute *app.deploy(target: endpoint)
+              end
+            end
+          end
+          run_hook "post-proxy-reboot", hosts: host_list
+        end
+      end
+    end
+  end
+
+  desc "upgrade", "Upgrade to kamal-proxy on servers (stop container, remove container, start new container, reboot app)", hide: true
+  option :rolling, type: :boolean, default: false, desc: "Reboot proxy on hosts in sequence, rather than in parallel"
+  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
+  def upgrade
+    invoke_options = { "version" => KAMAL.config.latest_tag }.merge(options)
+
+    confirming "This will cause a brief outage on each host. Are you sure?" do
+      host_groups = options[:rolling] ? KAMAL.hosts : [ KAMAL.hosts ]
+      host_groups.each do |hosts|
+        host_list = Array(hosts).join(",")
+        say "Upgrading proxy on #{host_list}...", :magenta
+        run_hook "pre-proxy-reboot", hosts: host_list
+        on(hosts) do |host|
+          execute *KAMAL.auditor.record("Rebooted proxy"), verbosity: :debug
+          execute *KAMAL.registry.login
+
+          "Stopping and removing Traefik on #{host}, if running..."
+          execute *KAMAL.proxy.cleanup_traefik
+
+          "Stopping and removing kamal-proxy on #{host}, if running..."
+          execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
+          execute *KAMAL.proxy.remove_container
+          execute *KAMAL.proxy.remove_image
+        end
+
+        KAMAL.with_specific_hosts(hosts) do
+          invoke "kamal:cli:proxy:boot", [], invoke_options
+          reset_invocation(Kamal::Cli::Proxy)
+          invoke "kamal:cli:app:boot", [], invoke_options
+          reset_invocation(Kamal::Cli::App)
+          invoke "kamal:cli:prune:all", [], invoke_options
+          reset_invocation(Kamal::Cli::Prune)
+        end
+
+        run_hook "post-proxy-reboot", hosts: host_list
+        say "Upgraded proxy on #{host_list}", :magenta
+      end
+    end
+  end
+
+  desc "start", "Start existing proxy container on servers"
+  def start
+    with_lock do
+      on(KAMAL.proxy_hosts) do |host|
+        execute *KAMAL.auditor.record("Started proxy"), verbosity: :debug
+        execute *KAMAL.proxy.start
+      end
+    end
+  end
+
+  desc "stop", "Stop existing proxy container on servers"
+  def stop
+    with_lock do
+      on(KAMAL.proxy_hosts) do |host|
+        execute *KAMAL.auditor.record("Stopped proxy"), verbosity: :debug
+        execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
+      end
+    end
+  end
+
+  desc "restart", "Restart existing proxy container on servers"
+  def restart
+    with_lock do
+      stop
+      start
+    end
+  end
+
+  desc "details", "Show details about proxy container from servers"
+  def details
+    on(KAMAL.proxy_hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.proxy.info), type: "Proxy" }
+  end
+
+  desc "logs", "Show log lines from proxy on servers"
+  option :since, aliases: "-s", desc: "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
+  option :lines, type: :numeric, aliases: "-n", desc: "Number of log lines to pull from each server"
+  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
+  option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
+  option :skip_timestamps, type: :boolean, aliases: "-T", desc: "Skip appending timestamps to logging output"
+  def logs
+    grep = options[:grep]
+    timestamps = !options[:skip_timestamps]
+
+    if options[:follow]
+      run_locally do
+        info "Following logs on #{KAMAL.primary_host}..."
+        info KAMAL.proxy.follow_logs(host: KAMAL.primary_host, timestamps: timestamps, grep: grep)
+        exec KAMAL.proxy.follow_logs(host: KAMAL.primary_host, timestamps: timestamps, grep: grep)
+      end
+    else
+      since = options[:since]
+      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
+
+      on(KAMAL.proxy_hosts) do |host|
+        puts_by_host host, capture(*KAMAL.proxy.logs(timestamps: timestamps, since: since, lines: lines, grep: grep)), type: "Proxy"
+      end
+    end
+  end
+
+  desc "remove", "Remove proxy container and image from servers"
+  option :force, type: :boolean, default: false, desc: "Force removing proxy when apps are still installed"
+  def remove
+    with_lock do
+      if removal_allowed?(options[:force])
+        stop
+        remove_container
+        remove_image
+        remove_proxy_directory
+      end
+    end
+  end
+
+  desc "remove_container", "Remove proxy container from servers", hide: true
+  def remove_container
+    with_lock do
+      on(KAMAL.proxy_hosts) do
+        execute *KAMAL.auditor.record("Removed proxy container"), verbosity: :debug
+        execute *KAMAL.proxy.remove_container
+      end
+    end
+  end
+
+  desc "remove_image", "Remove proxy image from servers", hide: true
+  def remove_image
+    with_lock do
+      on(KAMAL.proxy_hosts) do
+        execute *KAMAL.auditor.record("Removed proxy image"), verbosity: :debug
+        execute *KAMAL.proxy.remove_image
+      end
+    end
+  end
+
+  desc "remove_proxy_directory", "Remove the proxy directory from servers", hide: true
+  def remove_proxy_directory
+    with_lock do
+      on(KAMAL.proxy_hosts) do
+        execute *KAMAL.proxy.remove_proxy_directory, raise_on_non_zero_exit: false
+      end
+    end
+  end
+
+  private
+    def removal_allowed?(force)
+      on(KAMAL.proxy_hosts) do |host|
+        app_count = capture_with_info(*KAMAL.server.app_directory_count).chomp.to_i
+        raise "The are other applications installed on #{host}" if app_count > 0
+      end
+
+      true
+    rescue SSHKit::Runner::ExecuteError => e
+      raise unless e.message.include?("The are other applications installed on")
+
+      if force
+        say "Forcing, so removing the proxy, even though other apps are installed", :magenta
+      else
+        say "Not removing the proxy, as other apps are installed, ignore this check with kamal proxy remove --force", :magenta
+      end
+
+      force
+    end
+end
--- a/lib/kamal/cli/prune.rb
+++ b/lib/kamal/cli/prune.rb
@@ -0,0 +1,34 @@
+class Kamal::Cli::Prune < Kamal::Cli::Base
+  desc "all", "Prune unused images and stopped containers"
+  def all
+    with_lock do
+      containers
+      images
+    end
+  end
+
+  desc "images", "Prune unused images"
+  def images
+    with_lock do
+      on(KAMAL.hosts) do
+        execute *KAMAL.auditor.record("Pruned images"), verbosity: :debug
+        execute *KAMAL.prune.dangling_images
+        execute *KAMAL.prune.tagged_images
+      end
+    end
+  end
+
+  desc "containers", "Prune all stopped containers, except the last n (default 5)"
+  option :retain, type: :numeric, default: nil, desc: "Number of containers to retain"
+  def containers
+    retain = options.fetch(:retain, KAMAL.config.retain_containers)
+    raise "retain must be at least 1" if retain < 1
+
+    with_lock do
+      on(KAMAL.hosts) do
+        execute *KAMAL.auditor.record("Pruned containers"), verbosity: :debug
+        execute *KAMAL.prune.app_containers(retain: retain)
+      end
+    end
+  end
+end
--- a/lib/kamal/cli/registry.rb
+++ b/lib/kamal/cli/registry.rb
@@ -0,0 +1,19 @@
+class Kamal::Cli::Registry < Kamal::Cli::Base
+  desc "login", "Log in to registry locally and remotely"
+  option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
+  option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
+  def login
+    ensure_docker_installed unless options[:skip_local]
+
+    run_locally    { execute *KAMAL.registry.login } unless options[:skip_local]
+    on(KAMAL.hosts) { execute *KAMAL.registry.login } unless options[:skip_remote]
+  end
+
+  desc "logout", "Log out of registry locally and remotely"
+  option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
+  option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
+  def logout
+    run_locally    { execute *KAMAL.registry.logout } unless options[:skip_local]
+    on(KAMAL.hosts) { execute *KAMAL.registry.logout } unless options[:skip_remote]
+  end
+end
--- a/lib/kamal/cli/secrets.rb
+++ b/lib/kamal/cli/secrets.rb
@@ -0,0 +1,49 @@
+class Kamal::Cli::Secrets < Kamal::Cli::Base
+  desc "fetch [SECRETS...]", "Fetch secrets from a vault"
+  option :adapter, type: :string, aliases: "-a", required: true, desc: "Which vault adapter to use"
+  option :account, type: :string, required: false, desc: "The account identifier or username"
+  option :from, type: :string, required: false, desc: "A vault or folder to fetch the secrets from"
+  option :inline, type: :boolean, required: false, hidden: true
+  def fetch(*secrets)
+    adapter = initialize_adapter(options[:adapter])
+
+    if adapter.requires_account? && options[:account].blank?
+      return puts "No value provided for required options '--account'"
+    end
+
+    results = adapter.fetch(secrets, **options.slice(:account, :from).symbolize_keys)
+
+    return_or_puts JSON.dump(results).shellescape, inline: options[:inline]
+  end
+
+  desc "extract", "Extract a single secret from the results of a fetch call"
+  option :inline, type: :boolean, required: false, hidden: true
+  def extract(name, secrets)
+    parsed_secrets = JSON.parse(secrets)
+    value = parsed_secrets[name] || parsed_secrets.find { |k, v| k.end_with?("/#{name}") }&.last
+
+    raise "Could not find secret #{name}" if value.nil?
+
+    return_or_puts value, inline: options[:inline]
+  end
+
+  desc "print", "Print the secrets (for debugging)"
+  def print
+    KAMAL.config.secrets.to_h.each do |key, value|
+      puts "#{key}=#{value}"
+    end
+  end
+
+  private
+    def initialize_adapter(adapter)
+      Kamal::Secrets::Adapters.lookup(adapter)
+    end
+
+    def return_or_puts(value, inline: nil)
+      if inline
+        value
+      else
+        puts value
+      end
+    end
+end
--- a/lib/kamal/cli/server.rb
+++ b/lib/kamal/cli/server.rb
@@ -0,0 +1,48 @@
+class Kamal::Cli::Server < Kamal::Cli::Base
+  desc "exec", "Run a custom command on the server (use --help to show options)"
+  option :interactive, type: :boolean, aliases: "-i", default: false, desc: "Run the command interactively (use for console/bash)"
+  def exec(*cmd)
+    cmd = Kamal::Utils.join_commands(cmd)
+    hosts = KAMAL.hosts | KAMAL.accessory_hosts
+
+    case
+    when options[:interactive]
+      host = KAMAL.primary_host
+
+      say "Running '#{cmd}' on #{host} interactively...", :magenta
+
+      run_locally { exec KAMAL.server.run_over_ssh(cmd, host: host) }
+    else
+      say "Running '#{cmd}' on #{hosts.join(', ')}...", :magenta
+
+      on(hosts) do |host|
+        execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on #{host}"), verbosity: :debug
+        puts_by_host host, capture_with_info(cmd)
+      end
+    end
+  end
+
+  desc "bootstrap", "Set up Docker to run Kamal apps"
+  def bootstrap
+    with_lock do
+      missing = []
+
+      on(KAMAL.hosts | KAMAL.accessory_hosts) do |host|
+        unless execute(*KAMAL.docker.installed?, raise_on_non_zero_exit: false)
+          if execute(*KAMAL.docker.superuser?, raise_on_non_zero_exit: false)
+            info "Missing Docker on #{host}. Installing…"
+            execute *KAMAL.docker.install
+          else
+            missing << host
+          end
+        end
+      end
+
+      if missing.any?
+        raise "Docker is not installed on #{missing.join(", ")} and can't be automatically installed without having root access and either `wget` or `curl`. Install Docker manually: https://docs.docker.com/engine/install/"
+      end
+
+      run_hook "docker-setup"
+    end
+  end
+end
--- a/lib/kamal/cli/templates/deploy.yml
+++ b/lib/kamal/cli/templates/deploy.yml
@@ -0,0 +1,101 @@
+# Name of your application. Used to uniquely configure containers.
+service: my-app
+
+# Name of the container image.
+image: my-user/my-app
+
+# Deploy to these servers.
+servers:
+  web:
+    - 192.168.0.1
+  # job:
+  #   hosts:
+  #     - 192.168.0.1
+  #   cmd: bin/jobs
+
+# Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server.
+# Remove this section when using multiple web servers and ensure you terminate SSL at your load balancer.
+#
+# Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
+proxy:
+  ssl: true
+  host: app.example.com
+  # Proxy connects to your container on port 80 by default.
+  # app_port: 3000
+
+# Credentials for your image host.
+registry:
+  # Specify the registry server, if you're not using Docker Hub
+  # server: registry.digitalocean.com / ghcr.io / ...
+  username: my-user
+
+  # Always use an access token rather than real password (pulled from .kamal/secrets).
+  password:
+    - KAMAL_REGISTRY_PASSWORD
+
+# Configure builder setup.
+builder:
+  arch: amd64
+  # Pass in additional build args needed for your Dockerfile.
+  # args:
+  #   RUBY_VERSION: <%= ENV["RBENV_VERSION"] || ENV["rvm_ruby_string"] || "#{RUBY_ENGINE}-#{RUBY_ENGINE_VERSION}" %>
+
+# Inject ENV variables into containers (secrets come from .kamal/secrets).
+#
+# env:
+#   clear:
+#     DB_HOST: 192.168.0.2
+#   secret:
+#     - RAILS_MASTER_KEY
+
+# Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation:
+# "bin/kamal app logs -r job" will tail logs from the first server in the job section.
+#
+# aliases:
+#   shell: app exec --interactive --reuse "bash"
+
+# Use a different ssh user than root
+#
+# ssh:
+#   user: app
+
+# Use a persistent storage volume.
+#
+# volumes:
+#   - "app_storage:/app/storage"
+
+# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
+# hitting 404 on in-flight requests. Combines all files from new and old
+# version inside the asset_path.
+#
+# asset_path: /app/public/assets
+
+# Configure rolling deploys by setting a wait time between batches of restarts.
+#
+# boot:
+#   limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
+#   wait: 2
+
+# Use accessory services (secrets come from .kamal/secrets).
+#
+# accessories:
+#   db:
+#     image: mysql:8.0
+#     host: 192.168.0.2
+#     port: 3306
+#     env:
+#       clear:
+#         MYSQL_ROOT_HOST: '%'
+#       secret:
+#         - MYSQL_ROOT_PASSWORD
+#     files:
+#       - config/mysql/production.cnf:/etc/mysql/my.cnf
+#       - db/production.sql:/docker-entrypoint-initdb.d/setup.sql
+#     directories:
+#       - data:/var/lib/mysql
+#   redis:
+#     image: valkey/valkey:8
+#     host: 192.168.0.2
+#     port: 6379
+#     directories:
+#       - data:/data
--- a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample
+++ b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Docker set up on $KAMAL_HOSTS..."
--- a/lib/kamal/cli/templates/sample_hooks/post-app-boot.sample
+++ b/lib/kamal/cli/templates/sample_hooks/post-app-boot.sample
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Booted app version $KAMAL_VERSION on $KAMAL_HOSTS..."
--- a/lib/kamal/cli/templates/sample_hooks/post-deploy.sample
+++ b/lib/kamal/cli/templates/sample_hooks/post-deploy.sample
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# A sample post-deploy hook
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+# KAMAL_RUNTIME
+
+echo "$KAMAL_PERFORMER deployed $KAMAL_VERSION to $KAMAL_DESTINATION in $KAMAL_RUNTIME seconds"
--- a/lib/kamal/cli/templates/sample_hooks/post-proxy-reboot.sample
+++ b/lib/kamal/cli/templates/sample_hooks/post-proxy-reboot.sample
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Rebooted kamal-proxy on $KAMAL_HOSTS"
--- a/lib/kamal/cli/templates/sample_hooks/pre-app-boot.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-app-boot.sample
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Booting app version $KAMAL_VERSION on $KAMAL_HOSTS..."
--- a/lib/kamal/cli/templates/sample_hooks/pre-build.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-build.sample
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# A sample pre-build hook
+#
+# Checks:
+# 1. We have a clean checkout
+# 2. A remote is configured
+# 3. The branch has been pushed to the remote
+# 4. The version we are deploying matches the remote
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+
+if [ -n "$(git status --porcelain)" ]; then
+  echo "Git checkout is not clean, aborting..." >&2
+  git status --porcelain >&2
+  exit 1
+fi
+
+first_remote=$(git remote)
+
+if [ -z "$first_remote" ]; then
+  echo "No git remote set, aborting..." >&2
+  exit 1
+fi
+
+current_branch=$(git branch --show-current)
+
+if [ -z "$current_branch" ]; then
+  echo "Not on a git branch, aborting..." >&2
+  exit 1
+fi
+
+remote_head=$(git ls-remote $first_remote --tags $current_branch | cut -f1)
+
+if [ -z "$remote_head" ]; then
+  echo "Branch not pushed to remote, aborting..." >&2
+  exit 1
+fi
+
+if [ "$KAMAL_VERSION" != "$remote_head" ]; then
+  echo "Version ($KAMAL_VERSION) does not match remote HEAD ($remote_head), aborting..." >&2
+  exit 1
+fi
+
+exit 0
--- a/lib/kamal/cli/templates/sample_hooks/pre-connect.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-connect.sample
@@ -0,0 +1,47 @@
+#!/usr/bin/env ruby
+
+# A sample pre-connect check
+#
+# Warms DNS before connecting to hosts in parallel
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+# KAMAL_RUNTIME
+
+hosts = ENV["KAMAL_HOSTS"].split(",")
+results = nil
+max = 3
+
+elapsed = Benchmark.realtime do
+  results = hosts.map do |host|
+    Thread.new do
+      tries = 1
+
+      begin
+        Socket.getaddrinfo(host, 0, Socket::AF_UNSPEC, Socket::SOCK_STREAM, nil, Socket::AI_CANONNAME)
+      rescue SocketError
+        if tries < max
+          puts "Retrying DNS warmup: #{host}"
+          tries += 1
+          sleep rand
+          retry
+        else
+          puts "DNS warmup failed: #{host}"
+          host
+        end
+      end
+
+      tries
+    end
+  end.map(&:value)
+end
+
+retries = results.sum - hosts.size
+nopes = results.count { |r| r == max }
+
+puts "Prewarmed %d DNS lookups in %.2f sec: %d retries, %d failures" % [ hosts.size, elapsed, retries, nopes ]
--- a/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample
@@ -0,0 +1,109 @@
+#!/usr/bin/env ruby
+
+# A sample pre-deploy hook
+#
+# Checks the Github status of the build, waiting for a pending build to complete for up to 720 seconds.
+#
+# Fails unless the combined status is "success"
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_COMMAND
+# KAMAL_SUBCOMMAND
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+
+# Only check the build status for production deployments
+if ENV["KAMAL_COMMAND"] == "rollback" || ENV["KAMAL_DESTINATION"] != "production"
+  exit 0
+end
+
+require "bundler/inline"
+
+# true = install gems so this is fast on repeat invocations
+gemfile(true, quiet: true) do
+  source "https://rubygems.org"
+
+  gem "octokit"
+  gem "faraday-retry"
+end
+
+MAX_ATTEMPTS = 72
+ATTEMPTS_GAP = 10
+
+def exit_with_error(message)
+  $stderr.puts message
+  exit 1
+end
+
+class GithubStatusChecks
+  attr_reader :remote_url, :git_sha, :github_client, :combined_status
+
+  def initialize
+    @remote_url = `git config --get remote.origin.url`.strip.delete_prefix("https://github.com/")
+    @git_sha = `git rev-parse HEAD`.strip
+    @github_client = Octokit::Client.new(access_token: ENV["GITHUB_TOKEN"])
+    refresh!
+  end
+
+  def refresh!
+    @combined_status = github_client.combined_status(remote_url, git_sha)
+  end
+
+  def state
+    combined_status[:state]
+  end
+
+  def first_status_url
+    first_status = combined_status[:statuses].find { |status| status[:state] == state }
+    first_status && first_status[:target_url]
+  end
+
+  def complete_count
+    combined_status[:statuses].count { |status| status[:state] != "pending"}
+  end
+
+  def total_count
+    combined_status[:statuses].count
+  end
+
+  def current_status
+    if total_count > 0
+      "Completed #{complete_count}/#{total_count} checks, see #{first_status_url} ..."
+    else
+      "Build not started..."
+    end
+  end
+end
+
+
+$stdout.sync = true
+
+puts "Checking build status..."
+attempts = 0
+checks = GithubStatusChecks.new
+
+begin
+  loop do
+    case checks.state
+    when "success"
+      puts "Checks passed, see #{checks.first_status_url}"
+      exit 0
+    when "failure"
+      exit_with_error "Checks failed, see #{checks.first_status_url}"
+    when "pending"
+      attempts += 1
+    end
+
+    exit_with_error "Checks are still pending, gave up after #{MAX_ATTEMPTS * ATTEMPTS_GAP} seconds" if attempts == MAX_ATTEMPTS
+
+    puts checks.current_status
+    sleep(ATTEMPTS_GAP)
+    checks.refresh!
+  end
+rescue Octokit::NotFound
+  exit_with_error "Build status could not be found"
+end
--- a/lib/kamal/cli/templates/sample_hooks/pre-proxy-reboot.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-proxy-reboot.sample
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Rebooting kamal-proxy on $KAMAL_HOSTS..."
--- a/lib/kamal/cli/templates/secrets
+++ b/lib/kamal/cli/templates/secrets
@@ -0,0 +1,17 @@
+# Secrets defined here are available for reference under registry/password, env/secret, builder/secrets,
+# and accessories/*/env/secret in config/deploy.yml. All secrets should be pulled from either
+# password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git.
+
+# Option 1: Read secrets from the environment
+KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
+
+# Option 2: Read secrets via a command
+# RAILS_MASTER_KEY=$(cat config/master.key)
+
+# Option 3: Read secrets via kamal secrets helpers
+# These will handle logging in and fetching the secrets in as few calls as possible
+# There are adapters for 1Password, LastPass + Bitwarden
+#
+# SECRETS=$(kamal secrets fetch --adapter 1password --account my-account --from MyVault/MyItem KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY)
+# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD $SECRETS)
+# RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY $SECRETS)
--- a/lib/kamal/commander.rb
+++ b/lib/kamal/commander.rb
@@ -0,0 +1,167 @@
+require "active_support/core_ext/enumerable"
+require "active_support/core_ext/module/delegation"
+require "active_support/core_ext/object/blank"
+
+class Kamal::Commander
+  attr_accessor :verbosity, :holding_lock, :connected
+  attr_reader :specific_roles, :specific_hosts
+  delegate :hosts, :roles, :primary_host, :primary_role, :roles_on, :proxy_hosts, :accessory_hosts, to: :specifics
+
+  def initialize
+    reset
+  end
+
+  def reset
+    self.verbosity = :info
+    self.holding_lock = false
+    self.connected = false
+    @specifics = @specific_roles = @specific_hosts = nil
+    @config = @config_kwargs = nil
+    @commands = {}
+  end
+
+  def config
+    @config ||= Kamal::Configuration.create_from(**@config_kwargs).tap do |config|
+      @config_kwargs = nil
+      configure_sshkit_with(config)
+    end
+  end
+
+  def configure(**kwargs)
+    @config, @config_kwargs = nil, kwargs
+  end
+
+  def configured?
+    @config || @config_kwargs
+  end
+
+  def specific_primary!
+    @specifics = nil
+    if specific_roles.present?
+      self.specific_hosts = [ specific_roles.first.primary_host ]
+    else
+      self.specific_hosts = [ config.primary_host ]
+    end
+  end
+
+  def specific_roles=(role_names)
+    @specifics = nil
+    if role_names.present?
+      @specific_roles = Kamal::Utils.filter_specific_items(role_names, config.roles)
+
+      if @specific_roles.empty?
+        raise ArgumentError, "No --roles match for #{role_names.join(',')}"
+      end
+
+      @specific_roles
+    end
+  end
+
+  def specific_hosts=(hosts)
+    @specifics = nil
+    if hosts.present?
+      @specific_hosts = Kamal::Utils.filter_specific_items(hosts, config.all_hosts)
+
+      if @specific_hosts.empty?
+        raise ArgumentError, "No --hosts match for #{hosts.join(',')}"
+      end
+
+      @specific_hosts
+    end
+  end
+
+  def with_specific_hosts(hosts)
+    original_hosts, self.specific_hosts = specific_hosts, hosts
+    yield
+  ensure
+    self.specific_hosts = original_hosts
+  end
+
+  def accessory_names
+    config.accessories&.collect(&:name) || []
+  end
+
+  def app(role: nil, host: nil)
+    Kamal::Commands::App.new(config, role: role, host: host)
+  end
+
+  def accessory(name)
+    Kamal::Commands::Accessory.new(config, name: name)
+  end
+
+  def auditor(**details)
+    Kamal::Commands::Auditor.new(config, **details)
+  end
+
+  def builder
+    @commands[:builder] ||= Kamal::Commands::Builder.new(config)
+  end
+
+  def docker
+    @commands[:docker] ||= Kamal::Commands::Docker.new(config)
+  end
+
+  def hook
+    @commands[:hook] ||= Kamal::Commands::Hook.new(config)
+  end
+
+  def lock
+    @commands[:lock] ||= Kamal::Commands::Lock.new(config)
+  end
+
+  def proxy
+    @commands[:proxy] ||= Kamal::Commands::Proxy.new(config)
+  end
+
+  def prune
+    @commands[:prune] ||= Kamal::Commands::Prune.new(config)
+  end
+
+  def registry
+    @commands[:registry] ||= Kamal::Commands::Registry.new(config)
+  end
+
+  def server
+    @commands[:server] ||= Kamal::Commands::Server.new(config)
+  end
+
+  def alias(name)
+    config.aliases[name]
+  end
+
+  def with_verbosity(level)
+    old_level = self.verbosity
+
+    self.verbosity = level
+    SSHKit.config.output_verbosity = level
+
+    yield
+  ensure
+    self.verbosity = old_level
+    SSHKit.config.output_verbosity = old_level
+  end
+
+  def holding_lock?
+    self.holding_lock
+  end
+
+  def connected?
+    self.connected
+  end
+
+  private
+    # Lazy setup of SSHKit
+    def configure_sshkit_with(config)
+      SSHKit::Backend::Netssh.pool.idle_timeout = config.sshkit.pool_idle_timeout
+      SSHKit::Backend::Netssh.configure do |sshkit|
+        sshkit.max_concurrent_starts = config.sshkit.max_concurrent_starts
+        sshkit.ssh_options = config.ssh.options
+      end
+      SSHKit.config.command_map[:docker] = "docker" # No need to use /usr/bin/env, just clogs up the logs
+      SSHKit.config.output_verbosity = verbosity
+    end
+
+    def specifics
+      @specifics ||= Kamal::Commander::Specifics.new(config, specific_hosts, specific_roles)
+    end
+end
--- a/lib/kamal/commander/specifics.rb
+++ b/lib/kamal/commander/specifics.rb
@@ -0,0 +1,54 @@
+class Kamal::Commander::Specifics
+  attr_reader :primary_host, :primary_role, :hosts, :roles
+  delegate :stable_sort!, to: Kamal::Utils
+
+  def initialize(config, specific_hosts, specific_roles)
+    @config, @specific_hosts, @specific_roles = config, specific_hosts, specific_roles
+
+    @roles, @hosts = specified_roles, specified_hosts
+
+    @primary_host = specific_hosts&.first || primary_specific_role&.primary_host || config.primary_host
+    @primary_role = primary_or_first_role(roles_on(primary_host))
+
+    stable_sort!(roles) { |role| role == primary_role ? 0 : 1 }
+    stable_sort!(hosts) { |host| roles_on(host).any? { |role| role == primary_role } ? 0 : 1 }
+  end
+
+  def roles_on(host)
+    roles.select { |role| role.hosts.include?(host.to_s) }
+  end
+
+  def proxy_hosts
+    config.proxy_hosts & specified_hosts
+  end
+
+  def accessory_hosts
+    config.accessories.flat_map(&:hosts) & specified_hosts
+  end
+
+  private
+    attr_reader :config, :specific_hosts, :specific_roles
+
+    def primary_specific_role
+      primary_or_first_role(specific_roles) if specific_roles.present?
+    end
+
+    def primary_or_first_role(roles)
+      roles.detect { |role| role == config.primary_role } || roles.first
+    end
+
+    def specified_roles
+      (specific_roles || config.roles) \
+        .select { |role| ((specific_hosts || config.all_hosts) & role.hosts).any? }
+    end
+
+    def specified_hosts
+      specified_hosts = specific_hosts || config.all_hosts
+
+      if (specific_role_hosts = specific_roles&.flat_map(&:hosts)).present?
+        specified_hosts.select { |host| specific_role_hosts.include?(host) }
+      else
+        specified_hosts
+      end
+    end
+end
--- a/lib/kamal/commands.rb
+++ b/lib/kamal/commands.rb
@@ -0,0 +1,2 @@
+module Kamal::Commands
+end
--- a/lib/kamal/commands/accessory.rb
+++ b/lib/kamal/commands/accessory.rb
@@ -1,7 +1,12 @@
-class Mrsk::Commands::Accessory < Mrsk::Commands::Base
+class Kamal::Commands::Accessory < Kamal::Commands::Base
+  include Proxy
+
  attr_reader :accessory_config
  delegate :service_name, :image, :hosts, :port, :files, :directories, :cmd,
-           :publish_args, :env_args, :volume_args, :label_args, :option_args, to: :accessory_config
+           :network_args, :publish_args, :env_args, :volume_args, :label_args, :option_args,
+           :secrets_io, :secrets_path, :env_directory, :proxy, :running_proxy?, :registry,
+           to: :accessory_config
+  delegate :proxy_container_name, to: :config

  def initialize(config, name:)
    super(config)
@@ -13,6 +18,7 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
      "--name", service_name,
      "--detach",
      "--restart", "unless-stopped",
+      *network_args,
      *config.logging_args,
      *publish_args,
      *env_args,
@@ -35,21 +41,19 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
    docker :ps, *service_filter
  end

-
-  def logs(since: nil, lines: nil, grep: nil)
+  def logs(timestamps: true, since: nil, lines: nil, grep: nil, grep_options: nil)
    pipe \
-      docker(:logs, service_name, (" --since #{since}" if since), (" --tail #{lines}" if lines), "--timestamps", "2>&1"),
-      ("grep '#{grep}'" if grep)
+      docker(:logs, service_name, (" --since #{since}" if since), (" --tail #{lines}" if lines), ("--timestamps" if timestamps), "2>&1"),
+      ("grep '#{grep}'#{" #{grep_options}" if grep_options}" if grep)
  end

-  def follow_logs(grep: nil)
+  def follow_logs(timestamps: true, grep: nil, grep_options: nil)
    run_over_ssh \
      pipe \
-        docker(:logs, service_name, "--timestamps", "--tail", "10", "--follow", "2>&1"),
-        (%(grep "#{grep}") if grep)
+        docker(:logs, service_name, ("--timestamps" if timestamps), "--tail", "10", "--follow", "2>&1"),
+        (%(grep "#{grep}"#{" #{grep_options}" if grep_options}) if grep)
  end

-
  def execute_in_existing_container(*command, interactive: false)
    docker :exec,
      ("-it" if interactive),
@@ -61,6 +65,7 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
    docker :run,
      ("-it" if interactive),
      "--rm",
+      *network_args,
      *env_args,
      *volume_args,
      image,
@@ -79,21 +84,12 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
    super command, host: hosts.first
  end

-
  def ensure_local_file_present(local_file)
    if !local_file.is_a?(StringIO) && !Pathname.new(local_file).exist?
      raise "Missing file: #{local_file}"
    end
  end

-  def make_directory_for(remote_file)
-    make_directory Pathname.new(remote_file).dirname.to_s
-  end
-
-  def make_directory(path)
-    [ :mkdir, "-p", path ]
-  end
-
  def remove_service_directory
    [ :rm, "-rf", service_name ]
  end
@@ -106,6 +102,10 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
    docker :image, :rm, "--force", image
  end

+  def ensure_env_directory
+    make_directory env_directory
+  end
+
  private
    def service_filter
      [ "--filter", "label=service=#{service_name}" ]
--- a/lib/kamal/commands/accessory/proxy.rb
+++ b/lib/kamal/commands/accessory/proxy.rb
@@ -0,0 +1,16 @@
+module Kamal::Commands::Accessory::Proxy
+  delegate :proxy_container_name, to: :config
+
+  def deploy(target:)
+    proxy_exec :deploy, service_name, *proxy.deploy_command_args(target: target)
+  end
+
+  def remove
+    proxy_exec :remove, service_name
+  end
+
+  private
+    def proxy_exec(*command)
+      docker :exec, proxy_container_name, "kamal-proxy", *command
+    end
+end
--- a/lib/kamal/commands/app.rb
+++ b/lib/kamal/commands/app.rb
@@ -0,0 +1,123 @@
+class Kamal::Commands::App < Kamal::Commands::Base
+  include Assets, Containers, Execution, Images, Logging, Proxy
+
+  ACTIVE_DOCKER_STATUSES = [ :running, :restarting ]
+
+  attr_reader :role, :host
+
+  delegate :container_name, to: :role
+
+  def initialize(config, role: nil, host: nil)
+    super(config)
+    @role = role
+    @host = host
+  end
+
+  def run(hostname: nil)
+    docker :run,
+      "--detach",
+      "--restart unless-stopped",
+      "--name", container_name,
+      "--network", "kamal",
+      *([ "--hostname", hostname ] if hostname),
+      "-e", "KAMAL_CONTAINER_NAME=\"#{container_name}\"",
+      "-e", "KAMAL_VERSION=\"#{config.version}\"",
+      *role.env_args(host),
+      *role.logging_args,
+      *config.volume_args,
+      *role.asset_volume_args,
+      *role.label_args,
+      *role.option_args,
+      config.absolute_image,
+      role.cmd
+  end
+
+  def start
+    docker :start, container_name
+  end
+
+  def status(version:)
+    pipe container_id_for_version(version), xargs(docker(:inspect, "--format", DOCKER_HEALTH_STATUS_FORMAT))
+  end
+
+  def stop(version: nil)
+    pipe \
+      version ? container_id_for_version(version) : current_running_container_id,
+      xargs(docker(:stop, *role.stop_args))
+  end
+
+  def info
+    docker :ps, *container_filter_args
+  end
+
+
+  def current_running_container_id
+    current_running_container(format: "--quiet")
+  end
+
+  def container_id_for_version(version, only_running: false)
+    container_id_for(container_name: container_name(version), only_running: only_running)
+  end
+
+  def current_running_version
+    pipe \
+      current_running_container(format: "--format '{{.Names}}'"),
+      extract_version_from_name
+  end
+
+  def list_versions(*docker_args, statuses: nil)
+    pipe \
+      docker(:ps, *container_filter_args(statuses: statuses), *docker_args, "--format", '"{{.Names}}"'),
+      extract_version_from_name
+  end
+
+  def ensure_env_directory
+    make_directory role.env_directory
+  end
+
+  private
+    def latest_image_id
+      docker :image, :ls, *argumentize("--filter", "reference=#{config.latest_image}"), "--format", "'{{.ID}}'"
+    end
+
+    def current_running_container(format:)
+      pipe \
+        shell(chain(latest_image_container(format: format), latest_container(format: format))),
+        [ :head, "-1" ]
+    end
+
+    def latest_image_container(format:)
+      latest_container format: format, filters: [ "ancestor=$(#{latest_image_id.join(" ")})" ]
+    end
+
+    def latest_container(format:, filters: nil)
+      docker :ps, "--latest", *format, *container_filter_args(statuses: ACTIVE_DOCKER_STATUSES), argumentize("--filter", filters)
+    end
+
+    def container_filter_args(statuses: nil)
+      argumentize "--filter", container_filters(statuses: statuses)
+    end
+
+    def image_filter_args
+      argumentize "--filter", image_filters
+    end
+
+    def extract_version_from_name
+      # Extract SHA from "service-role-dest-SHA"
+      %(while read line; do echo ${line##{role.container_prefix}-}; done)
+    end
+
+    def container_filters(statuses: nil)
+      [ "label=service=#{config.service}" ].tap do |filters|
+        filters << "label=destination=#{config.destination}"
+        filters << "label=role=#{role}" if role
+        statuses&.each do |status|
+          filters << "status=#{status}"
+        end
+      end
+    end
+
+    def image_filters
+      [ "label=service=#{config.service}" ]
+    end
+end
--- a/lib/kamal/commands/app/assets.rb
+++ b/lib/kamal/commands/app/assets.rb
@@ -0,0 +1,51 @@
+module Kamal::Commands::App::Assets
+  def extract_assets
+    asset_container = "#{role.container_prefix}-assets"
+
+    combine \
+      make_directory(role.asset_extracted_directory),
+      [ *docker(:container, :rm, asset_container, "2> /dev/null"), "|| true" ],
+      docker(:container, :create, "--name", asset_container, config.absolute_image),
+      docker(:container, :cp, "-L", "#{asset_container}:#{role.asset_path}/.", role.asset_extracted_directory),
+      docker(:container, :rm, asset_container),
+      by: "&&"
+  end
+
+  def sync_asset_volumes(old_version: nil)
+    new_extracted_path, new_volume_path = role.asset_extracted_directory(config.version), role.asset_volume.host_path
+    if old_version.present?
+      old_extracted_path, old_volume_path = role.asset_extracted_directory(old_version), role.asset_volume(old_version).host_path
+    end
+
+    commands = [ make_directory(new_volume_path), copy_contents(new_extracted_path, new_volume_path) ]
+
+    if old_version.present?
+      commands << copy_contents(new_extracted_path, old_volume_path, continue_on_error: true)
+      commands << copy_contents(old_extracted_path, new_volume_path, continue_on_error: true)
+    end
+
+    chain *commands
+  end
+
+  def clean_up_assets
+    chain \
+      find_and_remove_older_siblings(role.asset_extracted_directory),
+      find_and_remove_older_siblings(role.asset_volume_directory)
+  end
+
+  private
+    def find_and_remove_older_siblings(path)
+      [
+        :find,
+        Pathname.new(path).dirname.to_s,
+        "-maxdepth 1",
+        "-name", "'#{role.name}-*'",
+        "!", "-name", Pathname.new(path).basename.to_s,
+        "-exec rm -rf \"{}\" +"
+      ]
+    end
+
+    def copy_contents(source, destination, continue_on_error: false)
+      [ :cp, "-rnT", "#{source}", destination, *("|| true" if continue_on_error) ]
+    end
+end
--- a/lib/kamal/commands/app/containers.rb
+++ b/lib/kamal/commands/app/containers.rb
@@ -0,0 +1,31 @@
+module Kamal::Commands::App::Containers
+  DOCKER_HEALTH_LOG_FORMAT    = "'{{json .State.Health}}'"
+
+  def list_containers
+    docker :container, :ls, "--all", *container_filter_args
+  end
+
+  def list_container_names
+    [ *list_containers, "--format", "'{{ .Names }}'" ]
+  end
+
+  def remove_container(version:)
+    pipe \
+      container_id_for(container_name: container_name(version)),
+      xargs(docker(:container, :rm))
+  end
+
+  def rename_container(version:, new_version:)
+    docker :rename, container_name(version), container_name(new_version)
+  end
+
+  def remove_containers
+    docker :container, :prune, "--force", *container_filter_args
+  end
+
+  def container_health_log(version:)
+    pipe \
+      container_id_for(container_name: container_name(version)),
+      xargs(docker(:inspect, "--format", DOCKER_HEALTH_LOG_FORMAT))
+  end
+end
--- a/lib/kamal/commands/app/execution.rb
+++ b/lib/kamal/commands/app/execution.rb
@@ -0,0 +1,32 @@
+module Kamal::Commands::App::Execution
+  def execute_in_existing_container(*command, interactive: false, env:)
+    docker :exec,
+      ("-it" if interactive),
+      *argumentize("--env", env),
+      container_name,
+      *command
+  end
+
+  def execute_in_new_container(*command, interactive: false, detach: false, env:)
+    docker :run,
+      ("-it" if interactive),
+      ("--detach" if detach),
+      ("--rm" unless detach),
+      "--network", "kamal",
+      *role&.env_args(host),
+      *argumentize("--env", env),
+      *role.logging_args,
+      *config.volume_args,
+      *role&.option_args,
+      config.absolute_image,
+      *command
+  end
+
+  def execute_in_existing_container_over_ssh(*command,  env:)
+    run_over_ssh execute_in_existing_container(*command, interactive: true, env: env), host: host
+  end
+
+  def execute_in_new_container_over_ssh(*command, env:)
+    run_over_ssh execute_in_new_container(*command, interactive: true, env: env), host: host
+  end
+end
--- a/lib/kamal/commands/app/images.rb
+++ b/lib/kamal/commands/app/images.rb
@@ -0,0 +1,13 @@
+module Kamal::Commands::App::Images
+  def list_images
+    docker :image, :ls, config.repository
+  end
+
+  def remove_images
+    docker :image, :prune, "--all", "--force", *image_filter_args
+  end
+
+  def tag_latest_image
+    docker :tag, config.absolute_image, config.latest_image
+  end
+end
--- a/lib/kamal/commands/app/logging.rb
+++ b/lib/kamal/commands/app/logging.rb
@@ -0,0 +1,28 @@
+module Kamal::Commands::App::Logging
+  def logs(container_id: nil, timestamps: true, since: nil, lines: nil, grep: nil, grep_options: nil)
+    pipe \
+      container_id_command(container_id),
+      "xargs docker logs#{" --timestamps" if timestamps}#{" --since #{since}" if since}#{" --tail #{lines}" if lines} 2>&1",
+      ("grep '#{grep}'#{" #{grep_options}" if grep_options}" if grep)
+  end
+
+  def follow_logs(host:, container_id: nil, timestamps: true, lines: nil, grep: nil, grep_options: nil)
+    run_over_ssh \
+      pipe(
+        container_id_command(container_id),
+        "xargs docker logs#{" --timestamps" if timestamps}#{" --tail #{lines}" if lines} --follow 2>&1",
+        (%(grep "#{grep}"#{" #{grep_options}" if grep_options}) if grep)
+      ),
+      host: host
+  end
+
+  private
+
+  def container_id_command(container_id)
+    case container_id
+    when Array then container_id
+    when String, Symbol then "echo #{container_id}"
+    else current_running_container_id
+    end
+  end
+end
--- a/lib/kamal/commands/app/proxy.rb
+++ b/lib/kamal/commands/app/proxy.rb
@@ -0,0 +1,16 @@
+module Kamal::Commands::App::Proxy
+  delegate :proxy_container_name, to: :config
+
+  def deploy(target:)
+    proxy_exec :deploy, role.container_prefix, *role.proxy.deploy_command_args(target: target)
+  end
+
+  def remove
+    proxy_exec :remove, role.container_prefix
+  end
+
+  private
+    def proxy_exec(*command)
+      docker :exec, proxy_container_name, "kamal-proxy", *command
+    end
+end
--- a/lib/kamal/commands/auditor.rb
+++ b/lib/kamal/commands/auditor.rb
@@ -0,0 +1,33 @@
+class Kamal::Commands::Auditor < Kamal::Commands::Base
+  attr_reader :details
+
+  def initialize(config, **details)
+    super(config)
+    @details = details
+  end
+
+  # Runs remotely
+  def record(line, **details)
+    combine \
+      [ :mkdir, "-p", config.run_directory ],
+      append(
+        [ :echo, audit_tags(**details).except(:version, :service_version, :service).to_s, line ],
+        audit_log_file
+      )
+  end
+
+  def reveal
+    [ :tail, "-n", 50, audit_log_file ]
+  end
+
+  private
+    def audit_log_file
+      file = [ config.service, config.destination, "audit.log" ].compact.join("-")
+
+      File.join(config.run_directory, file)
+    end
+
+    def audit_tags(**details)
+      tags(**self.details, **details)
+    end
+end
--- a/lib/kamal/commands/base.rb
+++ b/lib/kamal/commands/base.rb
@@ -0,0 +1,126 @@
+module Kamal::Commands
+  class Base
+    delegate :sensitive, :argumentize, to: Kamal::Utils
+
+    DOCKER_HEALTH_STATUS_FORMAT = "'{{if .State.Health}}{{.State.Health.Status}}{{else}}{{.State.Status}}{{end}}'"
+
+    attr_accessor :config
+
+    def initialize(config)
+      @config = config
+    end
+
+    def run_over_ssh(*command, host:)
+      "ssh#{ssh_proxy_args}#{ssh_keys_args} -t #{config.ssh.user}@#{host} -p #{config.ssh.port} '#{command.join(" ").gsub("'", "'\\\\''")}'"
+    end
+
+    def container_id_for(container_name:, only_running: false)
+      docker :container, :ls, *("--all" unless only_running), "--filter", "name=^#{container_name}$", "--quiet"
+    end
+
+    def make_directory_for(remote_file)
+      make_directory Pathname.new(remote_file).dirname.to_s
+    end
+
+    def make_directory(path)
+      [ :mkdir, "-p", path ]
+    end
+
+    def remove_directory(path)
+      [ :rm, "-r", path ]
+    end
+
+    def remove_file(path)
+      [ :rm, path ]
+    end
+
+    def ensure_docker_installed
+      combine \
+        ensure_local_docker_installed,
+        ensure_local_buildx_installed
+    end
+
+    private
+      def combine(*commands, by: "&&")
+        commands
+          .compact
+          .collect { |command| Array(command) + [ by ] }.flatten # Join commands
+          .tap     { |commands| commands.pop } # Remove trailing combiner
+      end
+
+      def chain(*commands)
+        combine *commands, by: ";"
+      end
+
+      def pipe(*commands)
+        combine *commands, by: "|"
+      end
+
+      def append(*commands)
+        combine *commands, by: ">>"
+      end
+
+      def write(*commands)
+        combine *commands, by: ">"
+      end
+
+      def any(*commands)
+        combine *commands, by: "||"
+      end
+
+      def xargs(command)
+        [ :xargs, command ].flatten
+      end
+
+      def shell(command)
+        [ :sh, "-c", "'#{command.flatten.join(" ").gsub("'", "'\\\\''")}'" ]
+      end
+
+      def eval(*args)
+        [ :eval, *args ]
+      end
+
+      def docker(*args)
+        args.compact.unshift :docker
+      end
+
+      def git(*args, path: nil)
+        [ :git, *([ "-C", path ] if path), *args.compact ]
+      end
+
+      def grep(*args)
+        args.compact.unshift :grep
+      end
+
+      def tags(**details)
+        Kamal::Tags.from_config(config, **details)
+      end
+
+      def ssh_proxy_args
+        case config.ssh.proxy
+        when Net::SSH::Proxy::Jump
+          " -J #{config.ssh.proxy.jump_proxies}"
+        when Net::SSH::Proxy::Command
+          " -o ProxyCommand='#{config.ssh.proxy.command_line_template}'"
+        end
+      end
+
+      def ssh_keys_args
+        "#{ ssh_keys.join("") if ssh_keys}" + "#{" -o IdentitiesOnly=yes" if config.ssh&.keys_only}"
+      end
+
+      def ssh_keys
+        config.ssh.keys&.map do |key|
+          " -i #{key}"
+        end
+      end
+
+      def ensure_local_docker_installed
+        docker "--version"
+      end
+
+      def ensure_local_buildx_installed
+        docker :buildx, "version"
+      end
+  end
+end
--- a/lib/kamal/commands/builder.rb
+++ b/lib/kamal/commands/builder.rb
@@ -0,0 +1,42 @@
+require "active_support/core_ext/string/filters"
+
+class Kamal::Commands::Builder < Kamal::Commands::Base
+  delegate :create, :remove, :dev, :push, :clean, :pull, :info, :inspect_builder, :validate_image, :first_mirror, to: :target
+  delegate :local?, :remote?, :cloud?, to: "config.builder"
+
+  include Clone
+
+  def name
+    target.class.to_s.remove("Kamal::Commands::Builder::").underscore.inquiry
+  end
+
+  def target
+    if remote?
+      if local?
+        hybrid
+      else
+        remote
+      end
+    elsif cloud?
+      cloud
+    else
+      local
+    end
+  end
+
+  def remote
+    @remote ||= Kamal::Commands::Builder::Remote.new(config)
+  end
+
+  def local
+    @local ||= Kamal::Commands::Builder::Local.new(config)
+  end
+
+  def hybrid
+    @hybrid ||= Kamal::Commands::Builder::Hybrid.new(config)
+  end
+
+  def cloud
+    @cloud ||= Kamal::Commands::Builder::Cloud.new(config)
+  end
+end
--- a/lib/kamal/commands/builder/base.rb
+++ b/lib/kamal/commands/builder/base.rb
@@ -0,0 +1,122 @@
+class Kamal::Commands::Builder::Base < Kamal::Commands::Base
+  class BuilderError < StandardError; end
+
+  ENDPOINT_DOCKER_HOST_INSPECT = "'{{.Endpoints.docker.Host}}'"
+
+  delegate :argumentize, to: Kamal::Utils
+  delegate \
+    :args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
+    :cache_from, :cache_to, :ssh, :provenance, :sbom, :driver, :docker_driver?,
+    to: :builder_config
+
+  def clean
+    docker :image, :rm, "--force", config.absolute_image
+  end
+
+  def push(export_action = "registry", tag_as_dirty: false)
+    docker :buildx, :build,
+      "--output=type=#{export_action}",
+      *platform_options(arches),
+      *([ "--builder", builder_name ] unless docker_driver?),
+      *build_tag_options(tag_as_dirty: tag_as_dirty),
+      *build_options,
+      build_context
+  end
+
+  def pull
+    docker :pull, config.absolute_image
+  end
+
+  def info
+    combine \
+      docker(:context, :ls),
+      docker(:buildx, :ls)
+  end
+
+  def inspect_builder
+    docker :buildx, :inspect, builder_name unless docker_driver?
+  end
+
+  def build_options
+    [ *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh, *builder_provenance, *builder_sbom ]
+  end
+
+  def build_context
+    config.builder.context
+  end
+
+  def validate_image
+    pipe \
+      docker(:inspect, "-f", "'{{ .Config.Labels.service }}'", config.absolute_image),
+      any(
+        [ :grep, "-x", config.service ],
+        "(echo \"Image #{config.absolute_image} is missing the 'service' label\" && exit 1)"
+      )
+  end
+
+  def first_mirror
+    docker(:info, "--format '{{index .RegistryConfig.Mirrors 0}}'")
+  end
+
+  private
+    def build_tag_names(tag_as_dirty: false)
+      tag_names = [ config.absolute_image, config.latest_image ]
+      tag_names.map! { |t| "#{t}-dirty" } if tag_as_dirty
+      tag_names
+    end
+
+    def build_tag_options(tag_as_dirty: false)
+      build_tag_names(tag_as_dirty: tag_as_dirty).flat_map { |name| [ "-t", name ] }
+    end
+
+    def build_cache
+      if cache_to && cache_from
+        [ "--cache-to", cache_to,
+          "--cache-from", cache_from ]
+      end
+    end
+
+    def build_labels
+      argumentize "--label", { service: config.service }
+    end
+
+    def build_args
+      argumentize "--build-arg", args, sensitive: true
+    end
+
+    def build_secrets
+      argumentize "--secret", secrets.keys.collect { |secret| [ "id", secret ] }
+    end
+
+    def build_dockerfile
+      if Pathname.new(File.expand_path(dockerfile)).exist?
+        argumentize "--file", dockerfile
+      else
+        raise BuilderError, "Missing #{dockerfile}"
+      end
+    end
+
+    def build_target
+      argumentize "--target", target if target.present?
+    end
+
+    def build_ssh
+      argumentize "--ssh", ssh if ssh.present?
+    end
+
+    def builder_provenance
+      argumentize "--provenance", provenance unless provenance.nil?
+    end
+
+    def builder_sbom
+      argumentize "--sbom", sbom unless sbom.nil?
+    end
+
+    def builder_config
+      config.builder
+    end
+
+    def platform_options(arches)
+      argumentize "--platform", arches.map { |arch| "linux/#{arch}" }.join(",") if arches.any?
+    end
+end
--- a/lib/kamal/commands/builder/clone.rb
+++ b/lib/kamal/commands/builder/clone.rb
@@ -0,0 +1,31 @@
+module Kamal::Commands::Builder::Clone
+  def clone
+    git :clone, escaped_root, "--recurse-submodules", path: config.builder.clone_directory.shellescape
+  end
+
+  def clone_reset_steps
+    [
+      git(:remote, "set-url", :origin, escaped_root, path: escaped_build_directory),
+      git(:fetch, :origin, path: escaped_build_directory),
+      git(:reset, "--hard", Kamal::Git.revision, path: escaped_build_directory),
+      git(:clean, "-fdx", path: escaped_build_directory),
+      git(:submodule, :update, "--init", path: escaped_build_directory)
+    ]
+  end
+
+  def clone_status
+    git :status, "--porcelain", path: escaped_build_directory
+  end
+
+  def clone_revision
+    git :"rev-parse", :HEAD, path: escaped_build_directory
+  end
+
+  def escaped_root
+    Kamal::Git.root.shellescape
+  end
+
+  def escaped_build_directory
+    config.builder.build_directory.shellescape
+  end
+end
--- a/lib/kamal/commands/builder/cloud.rb
+++ b/lib/kamal/commands/builder/cloud.rb
@@ -0,0 +1,22 @@
+class Kamal::Commands::Builder::Cloud < Kamal::Commands::Builder::Base
+  # Expects `driver` to be of format "cloud docker-org-name/builder-name"
+
+  def create
+    docker :buildx, :create, "--driver", driver
+  end
+
+  def remove
+    docker :buildx, :rm, builder_name
+  end
+
+  private
+    def builder_name
+      driver.gsub(/[ \/]/, "-")
+    end
+
+    def inspect_buildx
+      pipe \
+        docker(:buildx, :inspect, builder_name),
+        grep("-q", "Endpoint:.*cloud://.*")
+    end
+end
--- a/lib/kamal/commands/builder/hybrid.rb
+++ b/lib/kamal/commands/builder/hybrid.rb
@@ -0,0 +1,21 @@
+class Kamal::Commands::Builder::Hybrid < Kamal::Commands::Builder::Remote
+  def create
+    combine \
+      create_local_buildx,
+      create_remote_context,
+      append_remote_buildx
+  end
+
+  private
+    def builder_name
+      "kamal-hybrid-#{driver}-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
+    end
+
+    def create_local_buildx
+      docker :buildx, :create, *platform_options(local_arches), "--name", builder_name, "--driver=#{driver}"
+    end
+
+    def append_remote_buildx
+      docker :buildx, :create, *platform_options(remote_arches), "--append", "--name", builder_name, remote_context_name
+    end
+end
--- a/lib/kamal/commands/builder/local.rb
+++ b/lib/kamal/commands/builder/local.rb
@@ -0,0 +1,14 @@
+class Kamal::Commands::Builder::Local < Kamal::Commands::Builder::Base
+  def create
+    docker :buildx, :create, "--name", builder_name, "--driver=#{driver}" unless docker_driver?
+  end
+
+  def remove
+    docker :buildx, :rm, builder_name unless docker_driver?
+  end
+
+  private
+    def builder_name
+      "kamal-local-#{driver}"
+    end
+end
--- a/lib/kamal/commands/builder/remote.rb
+++ b/lib/kamal/commands/builder/remote.rb
@@ -0,0 +1,63 @@
+class Kamal::Commands::Builder::Remote < Kamal::Commands::Builder::Base
+  def create
+    chain \
+      create_remote_context,
+      create_buildx
+  end
+
+  def remove
+    chain \
+      remove_remote_context,
+      remove_buildx
+  end
+
+  def info
+    chain \
+      docker(:context, :ls),
+      docker(:buildx, :ls)
+  end
+
+  def inspect_builder
+    combine \
+      combine inspect_buildx, inspect_remote_context,
+      [ "(echo no compatible builder && exit 1)" ],
+      by: "||"
+  end
+
+  private
+    def builder_name
+      "kamal-remote-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
+    end
+
+    def remote_context_name
+      "#{builder_name}-context"
+    end
+
+    def inspect_buildx
+      pipe \
+        docker(:buildx, :inspect, builder_name),
+        grep("-q", "Endpoint:.*#{remote_context_name}")
+    end
+
+    def inspect_remote_context
+      pipe \
+        docker(:context, :inspect, remote_context_name, "--format", ENDPOINT_DOCKER_HOST_INSPECT),
+        grep("-xq", remote)
+    end
+
+    def create_remote_context
+      docker :context, :create, remote_context_name, "--description", "'#{builder_name} host'", "--docker", "'host=#{remote}'"
+    end
+
+    def remove_remote_context
+      docker :context, :rm, remote_context_name
+    end
+
+    def create_buildx
+      docker :buildx, :create, "--name", builder_name, remote_context_name
+    end
+
+    def remove_buildx
+      docker :buildx, :rm, builder_name
+    end
+end
--- a/lib/kamal/commands/docker.rb
+++ b/lib/kamal/commands/docker.rb
@@ -0,0 +1,34 @@
+class Kamal::Commands::Docker < Kamal::Commands::Base
+  # Install Docker using the https://github.com/docker/docker-install convenience script.
+  def install
+    pipe get_docker, :sh
+  end
+
+  # Checks the Docker client version. Fails if Docker is not installed.
+  def installed?
+    docker "-v"
+  end
+
+  # Checks the Docker server version. Fails if Docker is not running.
+  def running?
+    docker :version
+  end
+
+  # Do we have superuser access to install Docker and start system services?
+  def superuser?
+    [ '[ "${EUID:-$(id -u)}" -eq 0 ] || command -v sudo >/dev/null || command -v su >/dev/null' ]
+  end
+
+  def create_network
+    docker :network, :create, :kamal
+  end
+
+  private
+    def get_docker
+      shell \
+        any \
+          [ :curl, "-fsSL", "https://get.docker.com" ],
+          [ :wget, "-O -", "https://get.docker.com" ],
+          [ :echo, "\"exit 1\"" ]
+    end
+end
--- a/lib/kamal/commands/hook.rb
+++ b/lib/kamal/commands/hook.rb
@@ -0,0 +1,20 @@
+class Kamal::Commands::Hook < Kamal::Commands::Base
+  def run(hook)
+    [ hook_file(hook) ]
+  end
+
+  def env(secrets: false, **details)
+    tags(**details).env.tap do |env|
+      env.merge!(config.secrets.to_h) if secrets
+    end
+  end
+
+  def hook_exists?(hook)
+    Pathname.new(hook_file(hook)).exist?
+  end
+
+  private
+    def hook_file(hook)
+      File.join(config.hooks_path, hook)
+    end
+end
--- a/lib/kamal/commands/lock.rb
+++ b/lib/kamal/commands/lock.rb
@@ -1,17 +1,18 @@
 require "active_support/duration"
-require "active_support/core_ext/numeric/time"
+require "time"
+require "base64"

-class Mrsk::Commands::Lock < Mrsk::Commands::Base
+class Kamal::Commands::Lock < Kamal::Commands::Base
  def acquire(message, version)
    combine \
-      [:mkdir, lock_dir],
+      [ :mkdir, lock_dir ],
      write_lock_details(message, version)
  end

  def release
    combine \
-      [:rm, lock_details_file],
-      [:rm, "-r", lock_dir]
+      [ :rm, lock_details_file ],
+      [ :rm, "-r", lock_dir ]
  end

  def status
@@ -20,43 +21,49 @@ class Mrsk::Commands::Lock < Mrsk::Commands::Base
      read_lock_details
  end

+  def ensure_locks_directory
+    [ :mkdir, "-p", locks_dir ]
+  end
+
  private
    def write_lock_details(message, version)
      write \
-        [:echo, "\"#{Base64.encode64(lock_details(message, version))}\""],
+        [ :echo, "\"#{Base64.encode64(lock_details(message, version))}\"" ],
        lock_details_file
    end

    def read_lock_details
      pipe \
-        [:cat, lock_details_file],
-        [:base64, "-d"]
+        [ :cat, lock_details_file ],
+        [ :base64, "-d" ]
    end

    def stat_lock_dir
      write \
-        [:stat, lock_dir],
+        [ :stat, lock_dir ],
        "/dev/null"
    end

    def lock_dir
-      :mrsk_lock
+      dir_name = [ "lock", config.service, config.destination ].compact.join("-")
+
+      File.join(config.run_directory, dir_name)
    end

    def lock_details_file
-      [lock_dir, :details].join("/")
+      File.join(lock_dir, "details")
    end

    def lock_details(message, version)
      <<~DETAILS.strip
-        Locked by: #{locked_by} at #{Time.now.gmtime}
+        Locked by: #{locked_by} at #{Time.now.utc.iso8601}
        Version: #{version}
        Message: #{message}
      DETAILS
    end

    def locked_by
-      `git config user.name`.strip
+      Kamal::Git.user_name
    rescue Errno::ENOENT
      "Unknown"
    end
--- a/lib/kamal/commands/proxy.rb
+++ b/lib/kamal/commands/proxy.rb
@@ -0,0 +1,98 @@
+class Kamal::Commands::Proxy < Kamal::Commands::Base
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  def run
+    shell \
+      chain \
+        boot_options,
+        eval(
+          docker(
+            :run,
+            "--name", container_name,
+            "--network", "kamal",
+            "--detach",
+            "--restart", "unless-stopped",
+            "--volume", "kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy",
+            "\$OPTIONS",
+            config.proxy_image
+          )
+        )
+  end
+
+  def start
+    docker :container, :start, container_name
+  end
+
+  def stop(name: container_name)
+    docker :container, :stop, name
+  end
+
+  def start_or_run
+    combine start, run, by: "||"
+  end
+
+  def info
+    docker :ps, "--filter", "name=^#{container_name}$"
+  end
+
+  def version
+    pipe \
+      docker(:inspect, container_name, "--format '{{.Config.Image}}'"),
+      [ :cut, "-d:", "-f2" ]
+  end
+
+  def logs(timestamps: true, since: nil, lines: nil, grep: nil, grep_options: nil)
+    pipe \
+      docker(:logs, container_name, ("--since #{since}" if since), ("--tail #{lines}" if lines), ("--timestamps" if timestamps), "2>&1"),
+      ("grep '#{grep}'#{" #{grep_options}" if grep_options}" if grep)
+  end
+
+  def follow_logs(host:, timestamps: true, grep: nil, grep_options: nil)
+    run_over_ssh pipe(
+      docker(:logs, container_name, ("--timestamps" if timestamps), "--tail", "10", "--follow", "2>&1"),
+      (%(grep "#{grep}"#{" #{grep_options}" if grep_options}) if grep)
+    ).join(" "), host: host
+  end
+
+  def remove_container
+    docker :container, :prune, "--force", "--filter", "label=org.opencontainers.image.title=kamal-proxy"
+  end
+
+  def remove_image
+    docker :image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=kamal-proxy"
+  end
+
+  def cleanup_traefik
+    chain \
+      docker(:container, :stop, "traefik"),
+      combine(
+        docker(:container, :prune, "--force", "--filter", "label=org.opencontainers.image.title=Traefik"),
+        docker(:image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=Traefik")
+      )
+  end
+
+  def ensure_proxy_directory
+    make_directory config.proxy_directory
+  end
+
+  def remove_proxy_directory
+    remove_directory config.proxy_directory
+  end
+
+  def boot_options
+    "OPTIONS=$(cat #{config.proxy_options_file} 2> /dev/null || echo \"#{config.proxy_options_default.join(" ")}\")"
+  end
+
+  def get_boot_options
+    combine [ :cat, config.proxy_options_file ], [ :echo, "\"#{config.proxy_options_default.join(" ")}\"" ], by: "||"
+  end
+
+  def reset_boot_options
+    remove_file config.proxy_options_file
+  end
+
+  private
+    def container_name
+      config.proxy_container_name
+    end
+end
--- a/lib/kamal/commands/prune.rb
+++ b/lib/kamal/commands/prune.rb
@@ -0,0 +1,38 @@
+require "active_support/duration"
+require "active_support/core_ext/numeric/time"
+
+class Kamal::Commands::Prune < Kamal::Commands::Base
+  def dangling_images
+    docker :image, :prune, "--force", "--filter", "label=service=#{config.service}"
+  end
+
+  def tagged_images
+    pipe \
+      docker(:image, :ls, *service_filter, "--format", "'{{.ID}} {{.Repository}}:{{.Tag}}'"),
+      grep("-v -w \"#{active_image_list}\""),
+      "while read image tag; do docker rmi $tag; done"
+  end
+
+  def app_containers(retain:)
+    pipe \
+      docker(:ps, "-q", "-a", *service_filter, *stopped_containers_filters),
+      "tail -n +#{retain + 1}",
+      "while read container_id; do docker rm $container_id; done"
+  end
+
+  private
+    def stopped_containers_filters
+      [ "created", "exited", "dead" ].flat_map { |status| [ "--filter", "status=#{status}" ] }
+    end
+
+    def active_image_list
+      # Pull the images that are used by any containers
+      # Append repo:latest - to avoid deleting the latest tag
+      # Append repo:<none> - to avoid deleting dangling images that are in use. Unused dangling images are deleted separately
+      "$(docker container ls -a --format '{{.Image}}\\|' --filter label=service=#{config.service} | tr -d '\\n')#{config.latest_image}\\|#{config.repository}:<none>"
+    end
+
+    def service_filter
+      [ "--filter", "label=service=#{config.service}" ]
+    end
+end
--- a/lib/kamal/commands/registry.rb
+++ b/lib/kamal/commands/registry.rb
@@ -0,0 +1,16 @@
+class Kamal::Commands::Registry < Kamal::Commands::Base
+  def login(registry_config: nil)
+    registry_config ||= config.registry
+
+    docker :login,
+      registry_config.server,
+      "-u", sensitive(Kamal::Utils.escape_shell_value(registry_config.username)),
+      "-p", sensitive(Kamal::Utils.escape_shell_value(registry_config.password))
+  end
+
+  def logout(registry_config: nil)
+    registry_config ||= config.registry
+
+    docker :logout, registry_config.server
+  end
+end
--- a/lib/kamal/commands/server.rb
+++ b/lib/kamal/commands/server.rb
@@ -0,0 +1,15 @@
+class Kamal::Commands::Server < Kamal::Commands::Base
+  def ensure_run_directory
+    make_directory config.run_directory
+  end
+
+  def remove_app_directory
+    remove_directory config.app_directory
+  end
+
+  def app_directory_count
+    pipe \
+      [ :ls, config.apps_directory ],
+      [ :wc, "-l" ]
+  end
+end
--- a/lib/kamal/configuration.rb
+++ b/lib/kamal/configuration.rb
@@ -0,0 +1,410 @@
+require "active_support/ordered_options"
+require "active_support/core_ext/string/inquiry"
+require "active_support/core_ext/module/delegation"
+require "active_support/core_ext/hash/keys"
+require "erb"
+require "net/ssh/proxy/jump"
+
+class Kamal::Configuration
+  delegate :service, :image, :labels, :hooks_path, to: :raw_config, allow_nil: true
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  attr_reader :destination, :raw_config, :secrets
+  attr_reader :accessories, :aliases, :boot, :builder, :env, :logging, :proxy, :servers, :ssh, :sshkit, :registry
+
+  include Validation
+
+  PROXY_MINIMUM_VERSION = "v0.8.6"
+  PROXY_HTTP_PORT = 80
+  PROXY_HTTPS_PORT = 443
+  PROXY_LOG_MAX_SIZE = "10m"
+
+  class << self
+    def create_from(config_file:, destination: nil, version: nil)
+      ENV["KAMAL_DESTINATION"] = destination
+
+      raw_config = load_config_files(config_file, *destination_config_file(config_file, destination))
+
+      new raw_config, destination: destination, version: version
+    end
+
+    private
+      def load_config_files(*files)
+        files.inject({}) { |config, file| config.deep_merge! load_config_file(file) }
+      end
+
+      def load_config_file(file)
+        if file.exist?
+          # Newer Psych doesn't load aliases by default
+          load_method = YAML.respond_to?(:unsafe_load) ? :unsafe_load : :load
+          YAML.send(load_method, ERB.new(File.read(file)).result).symbolize_keys
+        else
+          raise "Configuration file not found in #{file}"
+        end
+      end
+
+      def destination_config_file(base_config_file, destination)
+        base_config_file.sub_ext(".#{destination}.yml") if destination
+      end
+  end
+
+  def initialize(raw_config, destination: nil, version: nil, validate: true)
+    @raw_config = ActiveSupport::InheritableOptions.new(raw_config)
+    @destination = destination
+    @declared_version = version
+
+    validate! raw_config, example: validation_yml.symbolize_keys, context: "", with: Kamal::Configuration::Validator::Configuration
+
+    @secrets = Kamal::Secrets.new(destination: destination)
+
+    # Eager load config to validate it, these are first as they have dependencies later on
+    @servers = Servers.new(config: self)
+    @registry = Registry.new(config: @raw_config, secrets: secrets)
+
+    @accessories = @raw_config.accessories&.keys&.collect { |name| Accessory.new(name, config: self) } || []
+    @aliases = @raw_config.aliases&.keys&.to_h { |name| [ name, Alias.new(name, config: self) ] } || {}
+    @boot = Boot.new(config: self)
+    @builder = Builder.new(config: self)
+    @env = Env.new(config: @raw_config.env || {}, secrets: secrets)
+
+    @logging = Logging.new(logging_config: @raw_config.logging)
+    @proxy = Proxy.new(config: self, proxy_config: @raw_config.proxy || {})
+    @ssh = Ssh.new(config: self)
+    @sshkit = Sshkit.new(config: self)
+
+    ensure_destination_if_required
+    ensure_required_keys_present
+    ensure_valid_kamal_version
+    ensure_retain_containers_valid
+    ensure_valid_service_name
+    ensure_no_traefik_reboot_hooks
+    ensure_one_host_for_ssl_roles
+    ensure_unique_hosts_for_ssl_roles
+  end
+
+  def version=(version)
+    @declared_version = version
+  end
+
+  def version
+    @declared_version.presence || ENV["VERSION"] || git_version
+  end
+
+  def abbreviated_version
+    if version
+      # Don't abbreviate <sha>_uncommitted_<etc>
+      if version.include?("_")
+        version
+      else
+        version[0...7]
+      end
+    end
+  end
+
+  def minimum_version
+    raw_config.minimum_version
+  end
+
+  def roles
+    servers.roles
+  end
+
+  def role(name)
+    roles.detect { |r| r.name == name.to_s }
+  end
+
+  def accessory(name)
+    accessories.detect { |a| a.name == name.to_s }
+  end
+
+  def all_hosts
+    (roles + accessories).flat_map(&:hosts).uniq
+  end
+
+  def primary_host
+    primary_role&.primary_host
+  end
+
+  def primary_role_name
+    raw_config.primary_role || "web"
+  end
+
+  def primary_role
+    role(primary_role_name)
+  end
+
+  def allow_empty_roles?
+    raw_config.allow_empty_roles
+  end
+
+  def proxy_roles
+    roles.select(&:running_proxy?)
+  end
+
+  def proxy_role_names
+    proxy_roles.flat_map(&:name)
+  end
+
+  def proxy_hosts
+    proxy_roles.flat_map(&:hosts).uniq
+  end
+
+  def repository
+    [ registry.server, image ].compact.join("/")
+  end
+
+  def absolute_image
+    "#{repository}:#{version}"
+  end
+
+  def latest_image
+    "#{repository}:#{latest_tag}"
+  end
+
+  def latest_tag
+    [ "latest", *destination ].join("-")
+  end
+
+  def service_with_version
+    "#{service}-#{version}"
+  end
+
+  def require_destination?
+    raw_config.require_destination
+  end
+
+  def retain_containers
+    raw_config.retain_containers || 5
+  end
+
+  def volume_args
+    if raw_config.volumes.present?
+      argumentize "--volume", raw_config.volumes
+    else
+      []
+    end
+  end
+
+  def logging_args
+    logging.args
+  end
+
+  def readiness_delay
+    raw_config.readiness_delay || 7
+  end
+
+  def deploy_timeout
+    raw_config.deploy_timeout || 30
+  end
+
+  def drain_timeout
+    raw_config.drain_timeout || 30
+  end
+
+  def run_directory
+    ".kamal"
+  end
+
+  def apps_directory
+    File.join run_directory, "apps"
+  end
+
+  def app_directory
+    File.join apps_directory, [ service, destination ].compact.join("-")
+  end
+
+  def env_directory
+    File.join app_directory, "env"
+  end
+
+  def assets_directory
+    File.join app_directory, "assets"
+  end
+
+  def hooks_path
+    raw_config.hooks_path || ".kamal/hooks"
+  end
+
+  def asset_path
+    raw_config.asset_path
+  end
+
+  def env_tags
+    @env_tags ||= if (tags = raw_config.env["tags"])
+      tags.collect { |name, config| Env::Tag.new(name, config: config, secrets: secrets) }
+    else
+      []
+    end
+  end
+
+  def env_tag(name)
+    env_tags.detect { |t| t.name == name.to_s }
+  end
+
+  def proxy_publish_args(http_port, https_port, bind_ips = nil)
+    ensure_valid_bind_ips(bind_ips)
+
+    (bind_ips || [ nil ]).map do |bind_ip|
+      bind_ip = format_bind_ip(bind_ip)
+      publish_http = [ bind_ip, http_port, PROXY_HTTP_PORT ].compact.join(":")
+      publish_https = [ bind_ip, https_port, PROXY_HTTPS_PORT ].compact.join(":")
+
+      argumentize "--publish", [ publish_http, publish_https ]
+    end.join(" ")
+  end
+
+  def proxy_logging_args(max_size)
+    argumentize "--log-opt", "max-size=#{max_size}" if max_size.present?
+  end
+
+  def proxy_options_default
+    [ *proxy_publish_args(PROXY_HTTP_PORT, PROXY_HTTPS_PORT), *proxy_logging_args(PROXY_LOG_MAX_SIZE) ]
+  end
+
+  def proxy_image
+    "basecamp/kamal-proxy:#{PROXY_MINIMUM_VERSION}"
+  end
+
+  def proxy_container_name
+    "kamal-proxy"
+  end
+
+  def proxy_directory
+    File.join run_directory, "proxy"
+  end
+
+  def proxy_options_file
+    File.join proxy_directory, "options"
+  end
+
+  def to_h
+    {
+      roles: role_names,
+      hosts: all_hosts,
+      primary_host: primary_host,
+      version: version,
+      repository: repository,
+      absolute_image: absolute_image,
+      service_with_version: service_with_version,
+      volume_args: volume_args,
+      ssh_options: ssh.to_h,
+      sshkit: sshkit.to_h,
+      builder: builder.to_h,
+      accessories: raw_config.accessories,
+      logging: logging_args
+    }.compact
+  end
+
+  private
+    # Will raise ArgumentError if any required config keys are missing
+    def ensure_destination_if_required
+      if require_destination? && destination.nil?
+        raise ArgumentError, "You must specify a destination"
+      end
+
+      true
+    end
+
+    def ensure_required_keys_present
+      %i[ service image registry servers ].each do |key|
+        raise Kamal::ConfigurationError, "Missing required configuration for #{key}" unless raw_config[key].present?
+      end
+
+      unless role(primary_role_name).present?
+        raise Kamal::ConfigurationError, "The primary_role #{primary_role_name} isn't defined"
+      end
+
+      if primary_role.hosts.empty?
+        raise Kamal::ConfigurationError, "No servers specified for the #{primary_role.name} primary_role"
+      end
+
+      unless allow_empty_roles?
+        roles.each do |role|
+          if role.hosts.empty?
+            raise Kamal::ConfigurationError, "No servers specified for the #{role.name} role. You can ignore this with allow_empty_roles: true"
+          end
+        end
+      end
+
+      true
+    end
+
+    def ensure_valid_service_name
+      raise Kamal::ConfigurationError, "Service name can only include alphanumeric characters, hyphens, and underscores" unless raw_config[:service] =~ /^[a-z0-9_-]+$/i
+
+      true
+    end
+
+    def ensure_valid_kamal_version
+      if minimum_version && Gem::Version.new(minimum_version) > Gem::Version.new(Kamal::VERSION)
+        raise Kamal::ConfigurationError, "Current version is #{Kamal::VERSION}, minimum required is #{minimum_version}"
+      end
+
+      true
+    end
+
+    def ensure_valid_bind_ips(bind_ips)
+      bind_ips.present? && bind_ips.each do |ip|
+        next if ip =~ Resolv::IPv4::Regex || ip =~ Resolv::IPv6::Regex
+        raise ArgumentError, "Invalid publish IP address: #{ip}"
+      end
+
+      true
+    end
+
+    def ensure_retain_containers_valid
+      raise Kamal::ConfigurationError, "Must retain at least 1 container" if retain_containers < 1
+
+      true
+    end
+
+    def ensure_no_traefik_reboot_hooks
+      hooks = %w[ pre-traefik-reboot post-traefik-reboot ].select { |hook_file| File.exist?(File.join(hooks_path, hook_file)) }
+
+      if hooks.any?
+        raise Kamal::ConfigurationError, "Found #{hooks.join(", ")}, these should be renamed to (pre|post)-proxy-reboot"
+      end
+
+      true
+    end
+
+    def ensure_one_host_for_ssl_roles
+      roles.each(&:ensure_one_host_for_ssl)
+
+      true
+    end
+
+    def ensure_unique_hosts_for_ssl_roles
+      hosts = roles.select(&:ssl?).flat_map { |role| role.proxy.hosts }
+      duplicates = hosts.tally.filter_map { |host, count| host if count > 1 }
+
+      raise Kamal::ConfigurationError, "Different roles can't share the same host for SSL: #{duplicates.join(", ")}" if duplicates.any?
+
+      true
+    end
+
+    def format_bind_ip(ip)
+      # Ensure IPv6 address inside square brackets - e.g. [::1]
+      if ip =~ Resolv::IPv6::Regex && ip !~ /\[.*\]/
+        "[#{ip}]"
+      else
+        ip
+      end
+    end
+
+    def role_names
+      raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
+    end
+
+    def git_version
+      @git_version ||=
+        if Kamal::Git.used?
+          if Kamal::Git.uncommitted_changes.present? && !builder.git_clone?
+            uncommitted_suffix = "_uncommitted_#{SecureRandom.hex(8)}"
+          end
+          [ Kamal::Git.revision, uncommitted_suffix ].compact.join
+        else
+          raise "Can't use commit hash as version, no git repository found in #{Dir.pwd}"
+        end
+    end
+end
--- a/lib/kamal/configuration/accessory.rb
+++ b/lib/kamal/configuration/accessory.rb
@@ -0,0 +1,218 @@
+class Kamal::Configuration::Accessory
+  include Kamal::Configuration::Validation
+
+  DEFAULT_NETWORK = "kamal"
+
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  attr_reader :name, :env, :proxy, :registry
+
+  def initialize(name, config:)
+    @name, @config, @accessory_config = name.inquiry, config, config.raw_config["accessories"][name]
+
+    validate! \
+      accessory_config,
+      example: validation_yml["accessories"]["mysql"],
+      context: "accessories/#{name}",
+      with: Kamal::Configuration::Validator::Accessory
+
+    ensure_valid_roles
+
+    @env = initialize_env
+    @proxy = initialize_proxy if running_proxy?
+    @registry = initialize_registry if accessory_config["registry"].present?
+  end
+
+  def service_name
+    accessory_config["service"] || "#{config.service}-#{name}"
+  end
+
+  def image
+    [ registry&.server, accessory_config["image"] ].compact.join("/")
+  end
+
+  def hosts
+    hosts_from_host || hosts_from_hosts || hosts_from_roles
+  end
+
+  def port
+    if port = accessory_config["port"]&.to_s
+      port.include?(":") ? port : "#{port}:#{port}"
+    end
+  end
+
+  def network_args
+    argumentize "--network", network
+  end
+
+  def publish_args
+    argumentize "--publish", port if port
+  end
+
+  def labels
+    default_labels.merge(accessory_config["labels"] || {})
+  end
+
+  def label_args
+    argumentize "--label", labels
+  end
+
+  def env_args
+    [ *env.clear_args, *argumentize("--env-file", secrets_path) ]
+  end
+
+  def env_directory
+    File.join(config.env_directory, "accessories")
+  end
+
+  def secrets_io
+    env.secrets_io
+  end
+
+  def secrets_path
+    File.join(config.env_directory, "accessories", "#{name}.env")
+  end
+
+  def files
+    accessory_config["files"]&.to_h do |local_to_remote_mapping|
+      local_file, remote_file = local_to_remote_mapping.split(":")
+      [ expand_local_file(local_file), expand_remote_file(remote_file) ]
+    end || {}
+  end
+
+  def directories
+    accessory_config["directories"]&.to_h do |host_to_container_mapping|
+      host_path, container_path = host_to_container_mapping.split(":")
+      [ expand_host_path(host_path), container_path ]
+    end || {}
+  end
+
+  def volumes
+    specific_volumes + remote_files_as_volumes + remote_directories_as_volumes
+  end
+
+  def volume_args
+    argumentize "--volume", volumes
+  end
+
+  def option_args
+    if args = accessory_config["options"]
+      optionize args
+    else
+      []
+    end
+  end
+
+  def cmd
+    accessory_config["cmd"]
+  end
+
+  def running_proxy?
+    accessory_config["proxy"].present?
+  end
+
+  private
+    attr_reader :config, :accessory_config
+
+    def initialize_env
+      Kamal::Configuration::Env.new \
+        config: accessory_config.fetch("env", {}),
+        secrets: config.secrets,
+        context: "accessories/#{name}/env"
+    end
+
+    def initialize_proxy
+      Kamal::Configuration::Proxy.new \
+        config: config,
+        proxy_config: accessory_config["proxy"],
+        context: "accessories/#{name}/proxy"
+    end
+
+    def initialize_registry
+      Kamal::Configuration::Registry.new \
+        config: accessory_config,
+        secrets: config.secrets,
+        context: "accessories/#{name}/registry"
+    end
+
+    def default_labels
+      { "service" => service_name }
+    end
+
+    def expand_local_file(local_file)
+      if local_file.end_with?("erb")
+        with_clear_env_loaded { read_dynamic_file(local_file) }
+      else
+        Pathname.new(File.expand_path(local_file)).to_s
+      end
+    end
+
+    def with_clear_env_loaded
+      env.clear.each { |k, v| ENV[k] = v }
+      yield
+    ensure
+      env.clear.each { |k, v| ENV.delete(k) }
+    end
+
+    def read_dynamic_file(local_file)
+      StringIO.new(ERB.new(File.read(local_file)).result)
+    end
+
+    def expand_remote_file(remote_file)
+      service_name + remote_file
+    end
+
+    def specific_volumes
+      accessory_config["volumes"] || []
+    end
+
+    def remote_files_as_volumes
+      accessory_config["files"]&.collect do |local_to_remote_mapping|
+        _, remote_file = local_to_remote_mapping.split(":")
+        "#{service_data_directory + remote_file}:#{remote_file}"
+      end || []
+    end
+
+    def remote_directories_as_volumes
+      accessory_config["directories"]&.collect do |host_to_container_mapping|
+        host_path, container_path = host_to_container_mapping.split(":")
+        [ expand_host_path(host_path), container_path ].join(":")
+      end || []
+    end
+
+    def expand_host_path(host_path)
+      absolute_path?(host_path) ? host_path : File.join(service_data_directory, host_path)
+    end
+
+    def absolute_path?(path)
+      Pathname.new(path).absolute?
+    end
+
+    def service_data_directory
+      "$PWD/#{service_name}"
+    end
+
+    def hosts_from_host
+      [ accessory_config["host"] ] if accessory_config.key?("host")
+    end
+
+    def hosts_from_hosts
+      accessory_config["hosts"] if accessory_config.key?("hosts")
+    end
+
+    def hosts_from_roles
+      if accessory_config.key?("roles")
+        accessory_config["roles"].flat_map { |role| config.role(role)&.hosts }
+      end
+    end
+
+    def network
+      accessory_config["network"] || DEFAULT_NETWORK
+    end
+
+    def ensure_valid_roles
+      if accessory_config["roles"] && (missing_roles = accessory_config["roles"] - config.roles.map(&:name)).any?
+        raise Kamal::ConfigurationError, "accessories/#{name}: unknown roles #{missing_roles.join(", ")}"
+      end
+    end
+end
--- a/lib/kamal/configuration/alias.rb
+++ b/lib/kamal/configuration/alias.rb
@@ -0,0 +1,15 @@
+class Kamal::Configuration::Alias
+  include Kamal::Configuration::Validation
+
+  attr_reader :name, :command
+
+  def initialize(name, config:)
+    @name, @command = name.inquiry, config.raw_config["aliases"][name]
+
+    validate! \
+      command,
+      example: validation_yml["aliases"]["uname"],
+      context: "aliases/#{name}",
+      with: Kamal::Configuration::Validator::Alias
+  end
+end
--- a/lib/kamal/configuration/boot.rb
+++ b/lib/kamal/configuration/boot.rb
@@ -0,0 +1,25 @@
+class Kamal::Configuration::Boot
+  include Kamal::Configuration::Validation
+
+  attr_reader :boot_config, :host_count
+
+  def initialize(config:)
+    @boot_config = config.raw_config.boot || {}
+    @host_count = config.all_hosts.count
+    validate! boot_config
+  end
+
+  def limit
+    limit = boot_config["limit"]
+
+    if limit.to_s.end_with?("%")
+      [ host_count * limit.to_i / 100, 1 ].max
+    else
+      limit
+    end
+  end
+
+  def wait
+    boot_config["wait"]
+  end
+end
--- a/lib/kamal/configuration/builder.rb
+++ b/lib/kamal/configuration/builder.rb
@@ -0,0 +1,199 @@
+class Kamal::Configuration::Builder
+  include Kamal::Configuration::Validation
+
+  attr_reader :config, :builder_config
+  delegate :image, :service, to: :config
+  delegate :server, to: :"config.registry"
+
+  def initialize(config:)
+    @config = config
+    @builder_config = config.raw_config.builder || {}
+    @image = config.image
+    @server = config.registry.server
+    @service = config.service
+
+    validate! builder_config, with: Kamal::Configuration::Validator::Builder
+  end
+
+  def to_h
+    builder_config
+  end
+
+  def remote
+    builder_config["remote"]
+  end
+
+  def arches
+    Array(builder_config.fetch("arch", default_arch))
+  end
+
+  def local_arches
+    @local_arches ||= if local_disabled?
+      []
+    elsif remote
+      arches & [ Kamal::Utils.docker_arch ]
+    else
+      arches
+    end
+  end
+
+  def remote_arches
+    @remote_arches ||= if remote
+      arches - local_arches
+    else
+      []
+    end
+  end
+
+  def remote?
+    remote_arches.any?
+  end
+
+  def local?
+    !local_disabled? && (arches.empty? || local_arches.any?)
+  end
+
+  def cloud?
+    driver.start_with? "cloud"
+  end
+
+  def cached?
+    !!builder_config["cache"]
+  end
+
+  def args
+    builder_config["args"] || {}
+  end
+
+  def secrets
+    (builder_config["secrets"] || []).to_h { |key| [ key, config.secrets[key] ] }
+  end
+
+  def dockerfile
+    builder_config["dockerfile"] || "Dockerfile"
+  end
+
+  def target
+    builder_config["target"]
+  end
+
+  def context
+    builder_config["context"] || "."
+  end
+
+  def driver
+    builder_config.fetch("driver", "docker-container")
+  end
+
+  def local_disabled?
+    builder_config["local"] == false
+  end
+
+  def cache_from
+    if cached?
+      case builder_config["cache"]["type"]
+      when "gha"
+        cache_from_config_for_gha
+      when "registry"
+        cache_from_config_for_registry
+      end
+    end
+  end
+
+  def cache_to
+    if cached?
+      case builder_config["cache"]["type"]
+      when "gha"
+        cache_to_config_for_gha
+      when "registry"
+        cache_to_config_for_registry
+      end
+    end
+  end
+
+  def ssh
+    builder_config["ssh"]
+  end
+
+  def provenance
+    builder_config["provenance"]
+  end
+
+  def sbom
+    builder_config["sbom"]
+  end
+
+  def git_clone?
+    Kamal::Git.used? && builder_config["context"].nil?
+  end
+
+  def clone_directory
+    @clone_directory ||= File.join Dir.tmpdir, "kamal-clones", [ service, pwd_sha ].compact.join("-")
+  end
+
+  def build_directory
+    @build_directory ||=
+      if git_clone?
+        File.join clone_directory, repo_basename, repo_relative_pwd
+      else
+        "."
+      end
+  end
+
+  def docker_driver?
+    driver == "docker"
+  end
+
+  private
+    def valid?
+      if docker_driver?
+        raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support remote builders" if remote
+        raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support caching" if cached?
+        raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support multiple arches" if arches.many?
+      end
+
+      if @options["cache"] && @options["cache"]["type"]
+        raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless [ "gha", "registry" ].include?(@options["cache"]["type"])
+      end
+    end
+
+    def cache_image
+      builder_config["cache"]&.fetch("image", nil) || "#{image}-build-cache"
+    end
+
+    def cache_image_ref
+      [ server, cache_image ].compact.join("/")
+    end
+
+    def cache_from_config_for_gha
+      "type=gha"
+    end
+
+    def cache_from_config_for_registry
+      [ "type=registry", "ref=#{cache_image_ref}" ].compact.join(",")
+    end
+
+    def cache_to_config_for_gha
+      [ "type=gha", builder_config["cache"]&.fetch("options", nil) ].compact.join(",")
+    end
+
+    def cache_to_config_for_registry
+      [ "type=registry", "ref=#{cache_image_ref}", builder_config["cache"]&.fetch("options", nil) ].compact.join(",")
+    end
+
+    def repo_basename
+      File.basename(Kamal::Git.root)
+    end
+
+    def repo_relative_pwd
+      Dir.pwd.delete_prefix(Kamal::Git.root)
+    end
+
+    def pwd_sha
+      Digest::SHA256.hexdigest(Dir.pwd)[0..12]
+    end
+
+    def default_arch
+      docker_driver? ? [] : [ "amd64", "arm64" ]
+    end
+end
--- a/lib/kamal/configuration/docs/accessory.yml
+++ b/lib/kamal/configuration/docs/accessory.yml
@@ -0,0 +1,123 @@
+# Accessories
+#
+# Accessories can be booted on a single host, a list of hosts, or on specific roles.
+# The hosts do not need to be defined in the Kamal servers configuration.
+#
+# Accessories are managed separately from the main service — they are not updated
+# when you deploy, and they do not have zero-downtime deployments.
+#
+# Run `kamal accessory boot <accessory>` to boot an accessory.
+# See `kamal accessory --help` for more information.
+
+# Configuring accessories
+#
+# First, define the accessory in the `accessories`:
+accessories:
+  mysql:
+
+    # Service name
+    #
+    # This is used in the service label and defaults to `<service>-<accessory>`,
+    # where `<service>` is the main service name from the root configuration:
+    service: mysql
+
+    # Image
+    #
+    # The Docker image to use.
+    # Prefix it with its server when using root level registry different from Docker Hub.
+    # Define registry directly or via anchors when it differs from root level registry.
+    image: mysql:8.0
+
+    # Registry
+    #
+    # By default accessories use Docker Hub registry.
+    # You can specify different registry per accessory with this option.
+    # Don't prefix image with this registry server.
+    # Use anchors if you need to set the same specific registry for several accessories.
+    #
+    # ```yml
+    # registry:
+    #   <<: *specific-registry
+    # ```
+    #
+    # See kamal docs registry for more information:
+    registry:
+      ...
+
+    # Accessory hosts
+    #
+    # Specify one of `host`, `hosts`, or `roles`:
+    host: mysql-db1
+    hosts:
+      - mysql-db1
+      - mysql-db2
+    roles:
+      - mysql
+
+    # Custom command
+    #
+    # You can set a custom command to run in the container if you do not want to use the default:
+    cmd: "bin/mysqld"
+
+    # Port mappings
+    #
+    # See [https://docs.docker.com/network/](https://docs.docker.com/network/), and
+    # especially note the warning about the security implications of exposing ports publicly.
+    port: "127.0.0.1:3306:3306"
+
+    # Labels
+    labels:
+      app: myapp
+
+    # Options
+    #
+    # These are passed to the Docker run command in the form `--<name> <value>`:
+    options:
+      restart: always
+      cpus: 2
+
+    # Environment variables
+    #
+    # See kamal docs env for more information:
+    env:
+      ...
+
+    # Copying files
+    #
+    # You can specify files to mount into the container.
+    # The format is `local:remote`, where `local` is the path to the file on the local machine
+    # and `remote` is the path to the file in the container.
+    #
+    # They will be uploaded from the local repo to the host and then mounted.
+    #
+    # ERB files will be evaluated before being copied.
+    files:
+      - config/my.cnf.erb:/etc/mysql/my.cnf
+      - config/myoptions.cnf:/etc/mysql/myoptions.cnf
+
+    # Directories
+    #
+    # You can specify directories to mount into the container. They will be created on the host
+    # before being mounted:
+    directories:
+      - mysql-logs:/var/log/mysql
+
+    # Volumes
+    #
+    # Any other volumes to mount, in addition to the files and directories.
+    # They are not created or copied before mounting:
+    volumes:
+      - /path/to/mysql-logs:/var/log/mysql
+
+    # Network
+    #
+    # The network the accessory will be attached to.
+    #
+    # Defaults to kamal:
+    network: custom
+
+    # Proxy
+    #
+    # You can run your accessory behind the Kamal proxy. See kamal docs proxy for more information
+    proxy:
+      ...
--- a/lib/kamal/configuration/docs/alias.yml
+++ b/lib/kamal/configuration/docs/alias.yml
@@ -0,0 +1,26 @@
+# Aliases
+#
+# Aliases are shortcuts for Kamal commands.
+#
+# For example, for a Rails app, you might open a console with:
+#
+# ```shell
+# kamal app exec -i --reuse "bin/rails console"
+# ```
+#
+# By defining an alias, like this:
+aliases:
+  console: app exec -i --reuse "bin/rails console"
+# You can now open the console with:
+#
+# ```shell
+# kamal console
+# ```
+
+# Configuring aliases
+#
+# Aliases are defined in the root config under the alias key.
+#
+# Each alias is named and can only contain lowercase letters, numbers, dashes, and underscores:
+aliases:
+  uname: app exec -p -q -r web "uname -a"
--- a/lib/kamal/configuration/docs/boot.yml
+++ b/lib/kamal/configuration/docs/boot.yml
@@ -0,0 +1,19 @@
+# Booting
+#
+# When deploying to large numbers of hosts, you might prefer not to restart your services on every host at the same time.
+#
+# Kamal’s default is to boot new containers on all hosts in parallel. However, you can control this with the boot configuration.
+
+# Fixed group sizes
+#
+# Here, we boot 2 hosts at a time with a 10-second gap between each group:
+boot:
+  limit: 2
+  wait: 10
+
+# Percentage of hosts
+#
+# Here, we boot 25% of the hosts at a time with a 2-second gap between each group:
+boot:
+  limit: 25%
+  wait: 2
--- a/lib/kamal/configuration/docs/builder.yml
+++ b/lib/kamal/configuration/docs/builder.yml
@@ -0,0 +1,119 @@
+# Builder
+#
+# The builder configuration controls how the application is built with `docker build`.
+#
+# See https://kamal-deploy.org/docs/configuration/builder-examples/ for more information.
+
+# Builder options
+#
+# Options go under the builder key in the root configuration.
+builder:
+
+  # Arch
+  #
+  # The architectures to build for — you can set an array or just a single value.
+  #
+  # Allowed values are `amd64` and `arm64`:
+  arch:
+    - amd64
+
+  # Remote
+  #
+  # The connection string for a remote builder. If supplied, Kamal will use this
+  # for builds that do not match the local architecture of the deployment host.
+  remote: ssh://docker@docker-builder
+
+  # Local
+  #
+  # If set to false, Kamal will always use the remote builder even when building
+  # the local architecture.
+  #
+  # Defaults to true:
+  local: true
+
+  # Builder cache
+  #
+  # The type must be either 'gha' or 'registry'.
+  #
+  # The image is only used for registry cache and is not compatible with the Docker driver:
+  cache:
+    type: registry
+    options: mode=max
+    image: kamal-app-build-cache
+
+  # Build context
+  #
+  # If this is not set, then a local Git clone of the repo is used.
+  # This ensures a clean build with no uncommitted changes.
+  #
+  # To use the local checkout instead, you can set the context to `.`, or a path to another directory.
+  context: .
+
+  # Dockerfile
+  #
+  # The Dockerfile to use for building, defaults to `Dockerfile`:
+  dockerfile: Dockerfile.production
+
+  # Build target
+  #
+  # If not set, then the default target is used:
+  target: production
+
+  # Build arguments
+  #
+  # Any additional build arguments, passed to `docker build` with `--build-arg <key>=<value>`:
+  args:
+    ENVIRONMENT: production
+
+  # Referencing build arguments
+  #
+  # ```shell
+  # ARG RUBY_VERSION
+  # FROM ruby:$RUBY_VERSION-slim as base
+  # ```
+
+  # Build secrets
+  #
+  # Values are read from `.kamal/secrets`:
+  secrets:
+    - SECRET1
+    - SECRET2
+
+  # Referencing build secrets
+  #
+  # ```shell
+  # # Copy Gemfiles
+  # COPY Gemfile Gemfile.lock ./
+  #
+  # # Install dependencies, including private repositories via access token
+  # # Then remove bundle cache with exposed GITHUB_TOKEN
+  # RUN --mount=type=secret,id=GITHUB_TOKEN \
+  #   BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
+  #   bundle install && \
+  #   rm -rf /usr/local/bundle/cache
+  # ```
+
+  # SSH
+  #
+  # SSH agent socket or keys to expose to the build:
+  ssh: default=$SSH_AUTH_SOCK
+
+  # Driver
+  #
+  # The build driver to use, defaults to `docker-container`:
+  driver: docker
+  #
+  # If you want to use Docker Build Cloud (https://www.docker.com/products/build-cloud/), you can set the driver to:
+  driver: cloud org-name/builder-name
+
+  # Provenance
+  #
+  # It is used to configure provenance attestations for the build result.
+  # The value can also be a boolean to enable or disable provenance attestations.
+  provenance: mode=max
+
+  # SBOM (Software Bill of Materials)
+  #
+  # It is used to configure SBOM generation for the build result.
+  # The value can also be a boolean to enable or disable SBOM generation.
+  sbom: true
--- a/lib/kamal/configuration/docs/configuration.yml
+++ b/lib/kamal/configuration/docs/configuration.yml
@@ -0,0 +1,178 @@
+# Kamal Configuration
+#
+# Configuration is read from the `config/deploy.yml`.
+
+# Destinations
+#
+# When running commands, you can specify a destination with the `-d` flag,
+# e.g., `kamal deploy -d staging`.
+#
+# In this case, the configuration will also be read from `config/deploy.staging.yml`
+# and merged with the base configuration.
+
+# Extensions
+#
+# Kamal will not accept unrecognized keys in the configuration file.
+#
+# However, you might want to declare a configuration block using YAML anchors
+# and aliases to avoid repetition.
+#
+# You can prefix a configuration section with `x-` to indicate that it is an
+# extension. Kamal will ignore the extension and not raise an error.
+
+# The service name
+#
+# This is a required value. It is used as the container name prefix.
+service: myapp
+
+# The Docker image name
+#
+# The image will be pushed to the configured registry.
+image: my-image
+
+# Labels
+#
+# Additional labels to add to the container:
+labels:
+  my-label: my-value
+
+# Volumes
+#
+# Additional volumes to mount into the container:
+volumes:
+  - /path/on/host:/path/in/container:ro
+
+# Registry
+#
+# The Docker registry configuration, see kamal docs registry:
+registry:
+  ...
+
+# Servers
+#
+# The servers to deploy to, optionally with custom roles, see kamal docs servers:
+servers:
+  ...
+
+# Environment variables
+#
+# See kamal docs env:
+env:
+  ...
+
+# Asset path
+#
+# Used for asset bridging across deployments, default to `nil`.
+#
+# If there are changes to CSS or JS files, we may get requests
+# for the old versions on the new container, and vice versa.
+#
+# To avoid 404s, we can specify an asset path.
+# Kamal will replace that path in the container with a mapped
+# volume containing both sets of files.
+# This requires that file names change when the contents change
+# (e.g., by including a hash of the contents in the name).
+#
+# To configure this, set the path to the assets:
+asset_path: /path/to/assets
+
+# Hooks path
+#
+# Path to hooks, defaults to `.kamal/hooks`.
+# See https://kamal-deploy.org/docs/hooks for more information:
+hooks_path: /user_home/kamal/hooks
+
+# Require destinations
+#
+# Whether deployments require a destination to be specified, defaults to `false`:
+require_destination: true
+
+# Primary role
+#
+# This defaults to `web`, but if you have no web role, you can change this:
+primary_role: workers
+
+# Allowing empty roles
+#
+# Whether roles with no servers are allowed. Defaults to `false`:
+allow_empty_roles: false
+
+# Retain containers
+#
+# How many old containers and images we retain, defaults to 5:
+retain_containers: 3
+
+# Minimum version
+#
+# The minimum version of Kamal required to deploy this configuration, defaults to `nil`:
+minimum_version: 1.3.0
+
+# Readiness delay
+#
+# Seconds to wait for a container to boot after it is running, default 7.
+#
+# This only applies to containers that do not run a proxy or specify a healthcheck:
+readiness_delay: 4
+
+# Deploy timeout
+#
+# How long to wait for a container to become ready, default 30:
+deploy_timeout: 10
+
+# Drain timeout
+#
+# How long to wait for a container to drain, default 30:
+drain_timeout: 10
+
+# Run directory
+#
+# Directory to store kamal runtime files in on the host, default `.kamal`:
+run_directory: /etc/kamal
+
+# SSH options
+#
+# See kamal docs ssh:
+ssh:
+  ...
+
+# Builder options
+#
+# See kamal docs builder:
+builder:
+  ...
+
+# Accessories
+#
+# Additional services to run in Docker, see kamal docs accessory:
+accessories:
+  ...
+
+# Proxy
+#
+# Configuration for kamal-proxy, see kamal docs proxy:
+proxy:
+  ...
+
+# SSHKit
+#
+# See kamal docs sshkit:
+sshkit:
+  ...
+
+# Boot options
+#
+# See kamal docs boot:
+boot:
+  ...
+
+# Logging
+#
+# Docker logging configuration, see kamal docs logging:
+logging:
+  ...
+
+# Aliases
+#
+# Alias configuration, see kamal docs alias:
+aliases:
+  ...
--- a/lib/kamal/configuration/docs/env.yml
+++ b/lib/kamal/configuration/docs/env.yml
@@ -0,0 +1,109 @@
+# Environment variables
+#
+# Environment variables can be set directly in the Kamal configuration or
+# read from `.kamal/secrets`.
+
+# Reading environment variables from the configuration
+#
+# Environment variables can be set directly in the configuration file.
+#
+# These are passed to the `docker run` command when deploying.
+env:
+  DATABASE_HOST: mysql-db1
+  DATABASE_PORT: 3306
+
+# Secrets
+#
+# Kamal uses dotenv to automatically load environment variables set in the `.kamal/secrets` file.
+#
+# If you are using destinations, secrets will instead be read from `.kamal/secrets.<DESTINATION>` if
+# it exists.
+#
+# Common secrets across all destinations can be set in `.kamal/secrets-common`.
+#
+# This file can be used to set variables like `KAMAL_REGISTRY_PASSWORD` or database passwords.
+# You can use variable or command substitution in the secrets file.
+#
+# ```shell
+# KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
+# RAILS_MASTER_KEY=$(cat config/master.key)
+# ```
+#
+# You can also use [secret helpers](../../commands/secrets) for some common password managers.
+#
+# ```shell
+# SECRETS=$(kamal secrets fetch ...)
+#
+# REGISTRY_PASSWORD=$(kamal secrets extract REGISTRY_PASSWORD $SECRETS)
+# DB_PASSWORD=$(kamal secrets extract DB_PASSWORD $SECRETS)
+# ```
+#
+# If you store secrets directly in `.kamal/secrets`, ensure that it is not checked into version control.
+#
+# To pass the secrets, you should list them under the `secret` key. When you do this, the
+# other variables need to be moved under the `clear` key.
+#
+# Unlike clear values, secrets are not passed directly to the container
+# but are stored in an env file on the host:
+env:
+  clear:
+    DB_USER: app
+  secret:
+    - DB_PASSWORD
+
+# Aliased secrets
+#
+# You can also alias secrets to other secrets using a `:` separator.
+#
+# This is useful when the ENV name is different from the secret name. For example, if you have two
+# places where you need to define the ENV variable `DB_PASSWORD`, but the value is different depending
+# on the context.
+#
+# ```shell
+# SECRETS=$(kamal secrets fetch ...)
+#
+# MAIN_DB_PASSWORD=$(kamal secrets extract MAIN_DB_PASSWORD $SECRETS)
+# SECONDARY_DB_PASSWORD=$(kamal secrets extract SECONDARY_DB_PASSWORD $SECRETS)
+# ```
+accessories:
+  main_db_accessory:
+    env:
+      secret:
+        - DB_PASSWORD:MAIN_DB_PASSWORD
+  secondary_db_accessory:
+    env:
+      secret:
+        - DB_PASSWORD:SECONDARY_DB_PASSWORD
+
+# Tags
+#
+# Tags are used to add extra env variables to specific hosts.
+# See kamal docs servers for how to tag hosts.
+#
+# Tags are only allowed in the top-level env configuration (i.e., not under a role-specific env).
+#
+# The env variables can be specified with secret and clear values as explained above.
+env:
+  tags:
+    <tag1>:
+      MYSQL_USER: monitoring
+    <tag2>:
+      clear:
+        MYSQL_USER: readonly
+      secret:
+        - MYSQL_PASSWORD
+
+# Example configuration
+env:
+  clear:
+    MYSQL_USER: app
+  secret:
+    - MYSQL_PASSWORD
+  tags:
+    monitoring:
+      MYSQL_USER: monitoring
+    replica:
+      clear:
+        MYSQL_USER: readonly
+      secret:
+        - READONLY_PASSWORD
--- a/lib/kamal/configuration/docs/logging.yml
+++ b/lib/kamal/configuration/docs/logging.yml
@@ -0,0 +1,21 @@
+# Custom logging configuration
+#
+# Set these to control the Docker logging driver and options.
+
+# Logging settings
+#
+# These go under the logging key in the configuration file.
+#
+# This can be specified at the root level or for a specific role.
+logging:
+
+  # Driver
+  #
+  # The logging driver to use, passed to Docker via `--log-driver`:
+  driver: json-file
+
+  # Options
+  #
+  # Any logging options to pass to the driver, passed to Docker via `--log-opt`:
+  options:
+    max-size: 100m
--- a/lib/kamal/configuration/docs/proxy.yml
+++ b/lib/kamal/configuration/docs/proxy.yml
@@ -0,0 +1,108 @@
+# Proxy
+#
+# Kamal uses [kamal-proxy](https://github.com/basecamp/kamal-proxy) to provide
+# gapless deployments. It runs on ports 80 and 443 and forwards requests to the
+# application container.
+#
+# The proxy is configured in the root configuration under `proxy`. These are
+# options that are set when deploying the application, not when booting the proxy.
+#
+# They are application-specific, so they are not shared when multiple applications
+# run on the same proxy.
+#
+# The proxy is enabled by default on the primary role but can be disabled by
+# setting `proxy: false`.
+#
+# It is disabled by default on all other roles but can be enabled by setting
+# `proxy: true` or providing a proxy configuration.
+proxy:
+
+  # Hosts
+  #
+  # The hosts that will be used to serve the app. The proxy will only route requests
+  # to this host to your app.
+  #
+  # If no hosts are set, then all requests will be forwarded, except for matching
+  # requests for other apps deployed on that server that do have a host set.
+  #
+  # Specify one of `host` or `hosts`.
+  host: foo.example.com
+  hosts:
+    - foo.example.com
+    - bar.example.com
+
+  # App port
+  #
+  # The port the application container is exposed on.
+  #
+  # Defaults to 80:
+  app_port: 3000
+
+  # SSL
+  #
+  # kamal-proxy can provide automatic HTTPS for your application via Let's Encrypt.
+  #
+  # This requires that we are deploying to one server and the host option is set.
+  # The host value must point to the server we are deploying to, and port 443 must be
+  # open for the Let's Encrypt challenge to succeed.
+  #
+  # If you set `ssl` to `true`, `kamal-proxy` will stop forwarding headers to your app,
+  # unless you explicitly set `forward_headers: true`
+  #
+  # Defaults to `false`:
+  ssl: true
+
+  # Forward headers
+  #
+  # Whether to forward the `X-Forwarded-For` and `X-Forwarded-Proto` headers.
+  #
+  # If you are behind a trusted proxy, you can set this to `true` to forward the headers.
+  #
+  # By default, kamal-proxy will not forward the headers if the `ssl` option is set to `true`, and
+  # will forward them if it is set to `false`.
+  forward_headers: true
+
+  # Response timeout
+  #
+  # How long to wait for requests to complete before timing out, defaults to 30 seconds:
+  response_timeout: 10
+
+  # Healthcheck
+  #
+  # When deploying, the proxy will by default hit `/up` once every second until we hit
+  # the deploy timeout, with a 5-second timeout for each request.
+  #
+  # Once the app is up, the proxy will stop hitting the healthcheck endpoint.
+  healthcheck:
+    interval: 3
+    path: /health
+    timeout: 3
+
+  # Buffering
+  #
+  # Whether to buffer request and response bodies in the proxy.
+  #
+  # By default, buffering is enabled with a max request body size of 1GB and no limit
+  # for response size.
+  #
+  # You can also set the memory limit for buffering, which defaults to 1MB; anything
+  # larger than that is written to disk.
+  buffering:
+    requests: true
+    responses: true
+    max_request_body: 40_000_000
+    max_response_body: 0
+    memory: 2_000_000
+
+  # Logging
+  #
+  # Configure request logging for the proxy.
+  # You can specify request and response headers to log.
+  # By default, `Cache-Control`, `Last-Modified`, and `User-Agent` request headers are logged:
+  logging:
+    request_headers:
+      - Cache-Control
+      - X-Forwarded-Proto
+    response_headers:
+      - X-Request-ID
+      - X-Request-Start
--- a/lib/kamal/configuration/docs/registry.yml
+++ b/lib/kamal/configuration/docs/registry.yml
@@ -0,0 +1,56 @@
+# Registry
+#
+# The default registry is Docker Hub, but you can change it using `registry/server`.
+#
+# By default, Docker Hub creates public repositories. To avoid making your images public,
+# set up a private repository before deploying, or change the default repository privacy
+# settings to private in your [Docker Hub settings](https://hub.docker.com/repository-settings/default-privacy).
+#
+# A reference to a secret (in this case, `DOCKER_REGISTRY_TOKEN`) will look up the secret
+# in the local environment:
+registry:
+  server: registry.digitalocean.com
+  username:
+    - DOCKER_REGISTRY_TOKEN
+  password:
+    - DOCKER_REGISTRY_TOKEN
+
+# Using AWS ECR as the container registry
+#
+# You will need to have the AWS CLI installed locally for this to work.
+# AWS ECR’s access token is only valid for 12 hours. In order to avoid having to manually regenerate the token every time, you can use ERB in the `deploy.yml` file to shell out to the AWS CLI command and obtain the token:
+registry:
+  server: <your aws account id>.dkr.ecr.<your aws region id>.amazonaws.com
+  username: AWS
+  password: <%= %x(aws ecr get-login-password) %>
+
+# Using GCP Artifact Registry as the container registry
+#
+# To sign into Artifact Registry, you need to
+# [create a service account](https://cloud.google.com/iam/docs/service-accounts-create#creating)
+# and [set up roles and permissions](https://cloud.google.com/artifact-registry/docs/access-control#permissions).
+# Normally, assigning the `roles/artifactregistry.writer` role should be sufficient.
+#
+# Once the service account is ready, you need to generate and download a JSON key and base64 encode it:
+#
+# ```shell
+# base64 -i /path/to/key.json | tr -d "\\n"
+# ```
+#
+# You'll then need to set the `KAMAL_REGISTRY_PASSWORD` secret to that value.
+#
+# Use the environment variable as the password along with `_json_key_base64` as the username.
+# Here’s the final configuration:
+registry:
+  server: <your registry region>-docker.pkg.dev
+  username: _json_key_base64
+  password:
+    - KAMAL_REGISTRY_PASSWORD
+
+# Validating the configuration
+#
+# You can validate the configuration by running:
+#
+# ```shell
+# kamal registry login
+# ```
--- a/lib/kamal/configuration/docs/role.yml
+++ b/lib/kamal/configuration/docs/role.yml
@@ -0,0 +1,53 @@
+# Roles
+#
+# Roles are used to configure different types of servers in the deployment.
+# The most common use for this is to run web servers and job servers.
+#
+# Kamal expects there to be a `web` role, unless you set a different `primary_role`
+# in the root configuration.
+
+# Role configuration
+#
+# Roles are specified under the servers key:
+servers:
+
+  # Simple role configuration
+  #
+  # This can be a list of hosts if you don't need custom configuration for the role.
+  #
+  # You can set tags on the hosts for custom env variables (see kamal docs env):
+  web:
+    - 172.1.0.1
+    - 172.1.0.2: experiment1
+    - 172.1.0.2: [ experiment1, experiment2 ]
+
+  # Custom role configuration
+  #
+  # When there are other options to set, the list of hosts goes under the `hosts` key.
+  #
+  # By default, only the primary role uses a proxy.
+  #
+  # For other roles, you can set it to `proxy: true` to enable it and inherit the root proxy
+  # configuration or provide a map of options to override the root configuration.
+  #
+  # For the primary role, you can set `proxy: false` to disable the proxy.
+  #
+  # You can also set a custom `cmd` to run in the container and overwrite other settings
+  # from the root configuration.
+  workers:
+    hosts:
+      - 172.1.0.3
+      - 172.1.0.4: experiment1
+    cmd: "bin/jobs"
+    options:
+      memory: 2g
+      cpus: 4
+    logging:
+      ...
+    proxy:
+      ...
+    labels:
+      my-label: workers
+    env:
+      ...
+    asset_path: /public
--- a/lib/kamal/configuration/docs/servers.yml
+++ b/lib/kamal/configuration/docs/servers.yml
@@ -0,0 +1,27 @@
+# Servers
+#
+# Servers are split into different roles, with each role having its own configuration.
+#
+# For simpler deployments, though, where all servers are identical, you can just specify a list of servers.
+# They will be implicitly assigned to the `web` role.
+servers:
+  - 172.0.0.1
+  - 172.0.0.2
+  - 172.0.0.3
+
+# Tagging servers
+#
+# Servers can be tagged, with the tags used to add custom env variables (see kamal docs env).
+servers:
+  - 172.0.0.1
+  - 172.0.0.2: experiments
+  - 172.0.0.3: [ experiments, three ]
+
+# Roles
+#
+# For more complex deployments (e.g., if you are running job hosts), you can specify roles and configure each separately (see kamal docs role):
+servers:
+  web:
+    ...
+  workers:
+    ...
--- a/lib/kamal/configuration/docs/ssh.yml
+++ b/lib/kamal/configuration/docs/ssh.yml
@@ -0,0 +1,70 @@
+# SSH configuration
+#
+# Kamal uses SSH to connect and run commands on your hosts.
+# By default, it will attempt to connect to the root user on port 22.
+#
+# If you are using a non-root user, you may need to bootstrap your servers manually before using them with Kamal. On Ubuntu, you’d do:
+#
+# ```shell
+# sudo apt update
+# sudo apt upgrade -y
+# sudo apt install -y docker.io curl git
+# sudo usermod -a -G docker app
+# ```
+
+# SSH options
+#
+# The options are specified under the ssh key in the configuration file.
+ssh:
+
+  # The SSH user
+  #
+  # Defaults to `root`:
+  user: app
+
+  # The SSH port
+  #
+  # Defaults to 22:
+  port: "2222"
+
+  # Proxy host
+  #
+  # Specified in the form <host> or <user>@<host>:
+  proxy: root@proxy-host
+
+  # Proxy command
+  #
+  # A custom proxy command, required for older versions of SSH:
+  proxy_command: "ssh -W %h:%p user@proxy"
+
+  # Log level
+  #
+  # Defaults to `fatal`. Set this to `debug` if you are having SSH connection issues.
+  log_level: debug
+
+  # Keys only
+  #
+  # Set to `true` to use only private keys from the `keys` and `key_data` parameters,
+  # even if ssh-agent offers more identities. This option is intended for
+  # situations where ssh-agent offers many different identities or you
+  # need to overwrite all identities and force a single one.
+  keys_only: false
+
+  # Keys
+  #
+  # An array of file names of private keys to use for public key
+  # and host-based authentication:
+  keys: [ "~/.ssh/id.pem" ]
+
+  # Key data
+  #
+  # An array of strings, with each element of the array being
+  # a raw private key in PEM format.
+  key_data: [ "-----BEGIN OPENSSH PRIVATE KEY-----" ]
+
+  # Config
+  #
+  # Set to true to load the default OpenSSH config files (~/.ssh/config,
+  # /etc/ssh_config), to false ignore config files, or to a file path
+  # (or array of paths) to load specific configuration. Defaults to true.
+  config: true
--- a/lib/kamal/configuration/docs/sshkit.yml
+++ b/lib/kamal/configuration/docs/sshkit.yml
@@ -0,0 +1,23 @@
+# SSHKit
+#
+# [SSHKit](https://github.com/capistrano/sshkit) is the SSH toolkit used by Kamal.
+#
+# The default, settings should be sufficient for most use cases, but
+# when connecting to a large number of hosts, you may need to adjust.
+
+# SSHKit options
+#
+# The options are specified under the sshkit key in the configuration file.
+sshkit:
+
+  # Max concurrent starts
+  #
+  # Creating SSH connections concurrently can be an issue when deploying to many servers.
+  # By default, Kamal will limit concurrent connection starts to 30 at a time.
+  max_concurrent_starts: 10
+
+  # Pool idle timeout
+  #
+  # Kamal sets a long idle timeout of 900 seconds on connections to try to avoid
+  # re-connection storms after an idle period, such as building an image or waiting for CI.
+  pool_idle_timeout: 300
--- a/lib/kamal/configuration/env.rb
+++ b/lib/kamal/configuration/env.rb
@@ -0,0 +1,37 @@
+class Kamal::Configuration::Env
+  include Kamal::Configuration::Validation
+
+  attr_reader :context, :secrets
+  attr_reader :clear, :secret_keys
+  delegate :argumentize, to: Kamal::Utils
+
+  def initialize(config:, secrets:, context: "env")
+    @clear = config.fetch("clear", config.key?("secret") || config.key?("tags") ? {} : config)
+    @secrets = secrets
+    @secret_keys = config.fetch("secret", [])
+    @context = context
+    validate! config, context: context, with: Kamal::Configuration::Validator::Env
+  end
+
+  def clear_args
+    argumentize("--env", clear)
+  end
+
+  def secrets_io
+    Kamal::EnvFile.new(secrets_hash).to_io
+  end
+
+  def merge(other)
+    self.class.new \
+      config: { "clear" => clear.merge(other.clear), "secret" => secret_keys | other.secret_keys },
+      secrets: secrets
+  end
+
+  private
+    def secrets_hash
+      secret_keys.to_h do |key|
+        key_name, key_aliased_to = key.split(":")
+        [ key_name, secrets[key_aliased_to || key_name] ]
+      end
+    end
+end
--- a/lib/kamal/configuration/env/tag.rb
+++ b/lib/kamal/configuration/env/tag.rb
@@ -0,0 +1,13 @@
+class Kamal::Configuration::Env::Tag
+  attr_reader :name, :config, :secrets
+
+  def initialize(name, config:, secrets:)
+    @name = name
+    @config = config
+    @secrets = secrets
+  end
+
+  def env
+    Kamal::Configuration::Env.new(config: config, secrets: secrets)
+  end
+end
--- a/lib/kamal/configuration/logging.rb
+++ b/lib/kamal/configuration/logging.rb
@@ -0,0 +1,33 @@
+class Kamal::Configuration::Logging
+  delegate :optionize, :argumentize, to: Kamal::Utils
+
+  include Kamal::Configuration::Validation
+
+  attr_reader :logging_config
+
+  def initialize(logging_config:, context: "logging")
+    @logging_config = logging_config || {}
+    validate! @logging_config, context: context
+  end
+
+  def driver
+    logging_config["driver"]
+  end
+
+  def options
+    logging_config.fetch("options", {})
+  end
+
+  def merge(other)
+    self.class.new logging_config: logging_config.deep_merge(other.logging_config)
+  end
+
+  def args
+    if driver.present? || options.present?
+      optionize({ "log-driver" => driver }.compact) +
+        argumentize("--log-opt", options)
+    else
+      argumentize("--log-opt", { "max-size" => "10m" })
+    end
+  end
+end
--- a/lib/kamal/configuration/proxy.rb
+++ b/lib/kamal/configuration/proxy.rb
@@ -0,0 +1,62 @@
+class Kamal::Configuration::Proxy
+  include Kamal::Configuration::Validation
+
+  DEFAULT_LOG_REQUEST_HEADERS = [ "Cache-Control", "Last-Modified", "User-Agent" ]
+  CONTAINER_NAME = "kamal-proxy"
+
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  attr_reader :config, :proxy_config
+
+  def initialize(config:, proxy_config:, context: "proxy")
+    @config = config
+    @proxy_config = proxy_config
+    validate! @proxy_config, with: Kamal::Configuration::Validator::Proxy, context: context
+  end
+
+  def app_port
+    proxy_config.fetch("app_port", 80)
+  end
+
+  def ssl?
+    proxy_config.fetch("ssl", false)
+  end
+
+  def hosts
+    proxy_config["hosts"] || proxy_config["host"]&.split(",") || []
+  end
+
+  def deploy_options
+    {
+      host: hosts,
+      tls: proxy_config["ssl"].presence,
+      "deploy-timeout": seconds_duration(config.deploy_timeout),
+      "drain-timeout": seconds_duration(config.drain_timeout),
+      "health-check-interval": seconds_duration(proxy_config.dig("healthcheck", "interval")),
+      "health-check-timeout": seconds_duration(proxy_config.dig("healthcheck", "timeout")),
+      "health-check-path": proxy_config.dig("healthcheck", "path"),
+      "target-timeout": seconds_duration(proxy_config["response_timeout"]),
+      "buffer-requests": proxy_config.fetch("buffering", { "requests": true }).fetch("requests", true),
+      "buffer-responses": proxy_config.fetch("buffering", { "responses": true }).fetch("responses", true),
+      "buffer-memory": proxy_config.dig("buffering", "memory"),
+      "max-request-body": proxy_config.dig("buffering", "max_request_body"),
+      "max-response-body": proxy_config.dig("buffering", "max_response_body"),
+      "forward-headers": proxy_config.dig("forward_headers"),
+      "log-request-header": proxy_config.dig("logging", "request_headers") || DEFAULT_LOG_REQUEST_HEADERS,
+      "log-response-header": proxy_config.dig("logging", "response_headers")
+    }.compact
+  end
+
+  def deploy_command_args(target:)
+    optionize ({ target: "#{target}:#{app_port}" }).merge(deploy_options), with: "="
+  end
+
+  def merge(other)
+    self.class.new config: config, proxy_config: proxy_config.deep_merge(other.proxy_config)
+  end
+
+  private
+    def seconds_duration(value)
+      value ? "#{value}s" : nil
+    end
+end
--- a/lib/kamal/configuration/registry.rb
+++ b/lib/kamal/configuration/registry.rb
@@ -0,0 +1,32 @@
+class Kamal::Configuration::Registry
+  include Kamal::Configuration::Validation
+
+  def initialize(config:, secrets:, context: "registry")
+    @registry_config = config["registry"] || {}
+    @secrets = secrets
+    validate! registry_config, context: context, with: Kamal::Configuration::Validator::Registry
+  end
+
+  def server
+    registry_config["server"]
+  end
+
+  def username
+    lookup("username")
+  end
+
+  def password
+    lookup("password")
+  end
+
+  private
+    attr_reader :registry_config, :secrets
+
+    def lookup(key)
+      if registry_config[key].is_a?(Array)
+        secrets[registry_config[key].first]
+      else
+        registry_config[key]
+      end
+    end
+end
--- a/lib/kamal/configuration/role.rb
+++ b/lib/kamal/configuration/role.rb
@@ -0,0 +1,220 @@
+class Kamal::Configuration::Role
+  include Kamal::Configuration::Validation
+
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  attr_reader :name, :config, :specialized_env, :specialized_logging, :specialized_proxy
+
+  alias to_s name
+
+  def initialize(name, config:)
+    @name, @config = name.inquiry, config
+    validate! \
+      role_config,
+      example: validation_yml["servers"]["workers"],
+      context: "servers/#{name}",
+      with: Kamal::Configuration::Validator::Role
+
+    @specialized_env = Kamal::Configuration::Env.new \
+      config: specializations.fetch("env", {}),
+      secrets: config.secrets,
+      context: "servers/#{name}/env"
+
+    @specialized_logging = Kamal::Configuration::Logging.new \
+      logging_config: specializations.fetch("logging", {}),
+      context: "servers/#{name}/logging"
+
+    initialize_specialized_proxy
+  end
+
+  def primary_host
+    hosts.first
+  end
+
+  def hosts
+    tagged_hosts.keys
+  end
+
+  def env_tags(host)
+    tagged_hosts.fetch(host).collect { |tag| config.env_tag(tag) }
+  end
+
+  def cmd
+    specializations["cmd"]
+  end
+
+  def option_args
+    if args = specializations["options"]
+      optionize args
+    else
+      []
+    end
+  end
+
+  def labels
+    default_labels.merge(custom_labels)
+  end
+
+  def label_args
+    argumentize "--label", labels
+  end
+
+  def logging_args
+    logging.args
+  end
+
+  def logging
+    @logging ||= config.logging.merge(specialized_logging)
+  end
+
+  def proxy
+    @proxy ||= config.proxy.merge(specialized_proxy) if running_proxy?
+  end
+
+  def running_proxy?
+    @running_proxy
+  end
+
+  def ssl?
+    running_proxy? && proxy.ssl?
+  end
+
+  def stop_args
+    # When deploying with the proxy, kamal-proxy will drain request before returning so we don't need to wait.
+    timeout = running_proxy? ? nil : config.drain_timeout
+
+    [ *argumentize("-t", timeout) ]
+  end
+
+  def env(host)
+    @envs ||= {}
+    @envs[host] ||= [ config.env, specialized_env, *env_tags(host).map(&:env) ].reduce(:merge)
+  end
+
+  def env_args(host)
+    [ *env(host).clear_args, *argumentize("--env-file", secrets_path) ]
+  end
+
+  def env_directory
+    File.join(config.env_directory, "roles")
+  end
+
+  def secrets_io(host)
+    env(host).secrets_io
+  end
+
+  def secrets_path
+    File.join(config.env_directory, "roles", "#{name}.env")
+  end
+
+  def asset_volume_args
+    asset_volume&.docker_args
+  end
+
+
+  def primary?
+    name == @config.primary_role_name
+  end
+
+
+  def container_name(version = nil)
+    [ container_prefix, version || config.version ].compact.join("-")
+  end
+
+  def container_prefix
+    [ config.service, name, config.destination ].compact.join("-")
+  end
+
+
+  def asset_path
+    specializations["asset_path"] || config.asset_path
+  end
+
+  def assets?
+    asset_path.present? && running_proxy?
+  end
+
+  def asset_volume(version = config.version)
+    if assets?
+      Kamal::Configuration::Volume.new \
+        host_path: asset_volume_directory(version), container_path: asset_path
+    end
+  end
+
+  def asset_extracted_directory(version = config.version)
+    File.join config.assets_directory, "extracted", [ name, version ].join("-")
+  end
+
+  def asset_volume_directory(version = config.version)
+    File.join config.assets_directory, "volumes", [ name, version ].join("-")
+  end
+
+  def ensure_one_host_for_ssl
+    if running_proxy? && proxy.ssl? && hosts.size > 1
+      raise Kamal::ConfigurationError, "SSL is only supported on a single server, found #{hosts.size} servers for role #{name}"
+    end
+  end
+
+  private
+    def initialize_specialized_proxy
+      proxy_specializations = specializations["proxy"]
+
+      if primary?
+        # only false means no proxy for non-primary roles
+        @running_proxy = proxy_specializations != false
+      else
+        # false and nil both mean no proxy for non-primary roles
+        @running_proxy = !!proxy_specializations
+      end
+
+      if running_proxy?
+        proxy_config = proxy_specializations == true || proxy_specializations.nil? ? {} : proxy_specializations
+
+        @specialized_proxy = Kamal::Configuration::Proxy.new \
+          config: config,
+          proxy_config: proxy_config,
+          context: "servers/#{name}/proxy"
+      end
+    end
+
+    def tagged_hosts
+      {}.tap do |tagged_hosts|
+        extract_hosts_from_config.map do |host_config|
+          if host_config.is_a?(Hash)
+            host, tags = host_config.first
+            tagged_hosts[host] = Array(tags)
+          elsif host_config.is_a?(String)
+            tagged_hosts[host_config] = []
+          end
+        end
+      end
+    end
+
+    def extract_hosts_from_config
+      if config.raw_config.servers.is_a?(Array)
+        config.raw_config.servers
+      else
+        servers = config.raw_config.servers[name]
+        servers.is_a?(Array) ? servers : Array(servers["hosts"])
+      end
+    end
+
+    def default_labels
+      { "service" => config.service, "role" => name, "destination" => config.destination }
+    end
+
+    def specializations
+      @specializations ||= role_config.is_a?(Array) ? {} : role_config
+    end
+
+    def role_config
+      @role_config ||= config.raw_config.servers.is_a?(Array) ? {} : config.raw_config.servers[name]
+    end
+
+    def custom_labels
+      Hash.new.tap do |labels|
+        labels.merge!(config.labels) if config.labels.present?
+        labels.merge!(specializations["labels"]) if specializations["labels"].present?
+      end
+    end
+end
--- a/lib/kamal/configuration/servers.rb
+++ b/lib/kamal/configuration/servers.rb
@@ -0,0 +1,18 @@
+class Kamal::Configuration::Servers
+  include Kamal::Configuration::Validation
+
+  attr_reader :config, :servers_config, :roles
+
+  def initialize(config:)
+    @config = config
+    @servers_config = config.raw_config.servers
+    validate! servers_config, with: Kamal::Configuration::Validator::Servers
+
+    @roles = role_names.map { |role_name| Kamal::Configuration::Role.new role_name, config: config }
+  end
+
+  private
+    def role_names
+      servers_config.is_a?(Array) ? [ "web" ] : servers_config.keys.sort
+    end
+end
--- a/lib/kamal/configuration/ssh.rb
+++ b/lib/kamal/configuration/ssh.rb
@@ -0,0 +1,57 @@
+class Kamal::Configuration::Ssh
+  LOGGER = ::Logger.new(STDERR)
+
+  include Kamal::Configuration::Validation
+
+  attr_reader :ssh_config
+
+  def initialize(config:)
+    @ssh_config = config.raw_config.ssh || {}
+    validate! ssh_config
+  end
+
+  def user
+    ssh_config.fetch("user", "root")
+  end
+
+  def port
+    ssh_config.fetch("port", 22)
+  end
+
+  def proxy
+    if (proxy = ssh_config["proxy"])
+      Net::SSH::Proxy::Jump.new(proxy.include?("@") ? proxy : "root@#{proxy}")
+    elsif (proxy_command = ssh_config["proxy_command"])
+      Net::SSH::Proxy::Command.new(proxy_command)
+    end
+  end
+
+  def keys_only
+    ssh_config["keys_only"]
+  end
+
+  def keys
+    ssh_config["keys"]
+  end
+
+  def key_data
+    ssh_config["key_data"]
+  end
+
+  def options
+    { user: user, port: port, proxy: proxy, logger: logger, keepalive: true, keepalive_interval: 30, keys_only: keys_only, keys: keys, key_data: key_data }.compact
+  end
+
+  def to_h
+    options.except(:logger).merge(log_level: log_level)
+  end
+
+  private
+    def logger
+      LOGGER.tap { |logger| logger.level = log_level }
+    end
+
+    def log_level
+      ssh_config.fetch("log_level", :fatal)
+    end
+end
--- a/lib/kamal/configuration/sshkit.rb
+++ b/lib/kamal/configuration/sshkit.rb
@@ -0,0 +1,22 @@
+class Kamal::Configuration::Sshkit
+  include Kamal::Configuration::Validation
+
+  attr_reader :sshkit_config
+
+  def initialize(config:)
+    @sshkit_config = config.raw_config.sshkit || {}
+    validate! sshkit_config
+  end
+
+  def max_concurrent_starts
+    sshkit_config.fetch("max_concurrent_starts", 30)
+  end
+
+  def pool_idle_timeout
+    sshkit_config.fetch("pool_idle_timeout", 900)
+  end
+
+  def to_h
+    sshkit_config
+  end
+end
--- a/lib/kamal/configuration/validation.rb
+++ b/lib/kamal/configuration/validation.rb
@@ -0,0 +1,27 @@
+require "yaml"
+require "active_support/inflector"
+
+module Kamal::Configuration::Validation
+  extend ActiveSupport::Concern
+
+  class_methods do
+    def validation_doc
+      @validation_doc ||= File.read(File.join(File.dirname(__FILE__), "docs", "#{validation_config_key}.yml"))
+    end
+
+    def validation_config_key
+      @validation_config_key ||= name.demodulize.underscore
+    end
+  end
+
+  def validate!(config, example: nil, context: nil, with: Kamal::Configuration::Validator)
+    context ||= self.class.validation_config_key
+    example ||= validation_yml[self.class.validation_config_key]
+
+    with.new(config, example: example, context: context).validate!
+  end
+
+  def validation_yml
+    @validation_yml ||= YAML.load(self.class.validation_doc)
+  end
+end
--- a/Show More
+++ b/Show More