Merge agent-mode: v2 rewrite complete

- Removed all v1 code (-2800 lines) - Simplified state to just default_host + base_domain - Atomic port allocation via flock - --container-port flag for Docker - Custom domains shown in ship list - Caddyfiles preserved on redeploy - JSON output by default, --pretty for humans
author: Clawd <ai@clawd.bot> 2026-02-17 08:11:19 -0800
committer: Clawd <ai@clawd.bot> 2026-02-17 08:11:19 -0800
commit: 6f02ec84a8299fc5577f147cc8741c8a4b162b64 (patch)
tree: 020f3690e92732dcba723be0cfaef649f46de137
parent: 4b5a2656df13181b637c59c29ff31751e11cf22a (diff)
parent: 05ea98df57599775c1d5bfea336012b075531670 (diff)
40 files changed, 2919 insertions, 2828 deletions
diff --git a/.gitignore b/.gitignore
index 5927538..67eb35f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,6 @@ go.work
 *.swp
 *.swo
 *~
+# Claude local settings
+.claude/
diff --git a/Makefile b/Makefile
index 13f2835..abab996 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,11 @@
+.PHONY: build install deploy-website
 build:
        go build -o ./bin/ship ./cmd/ship
 install:
        cp ./bin/ship /usr/local/bin/
+deploy-website:
+        ship website/ ship.northwest.io
diff --git a/PROGRESS.md b/PROGRESS.md
new file mode 100644
index 0000000..6ca83af
--- /dev/null
+++ b/PROGRESS.md
@@ -0,0 +1,56 @@
+# Ship v2 Rebuild Progress
+Tracking rebuilding ship for agent-first JSON interface.
+## Status: READY FOR TESTING
+## Completed
+- [x] Design docs (SHIP_V2.md, SPEC.md)
+- [x] JSON output types and helpers (`internal/output`)
+- [x] Auto-detection logic (`internal/detect`)
+- [x] Error codes and exit codes
+- [x] New CLI structure (`ship [PATH]` as primary)
+- [x] Deploy orchestration with placeholder implementations
+## Current Phase: Subcommand Implementations
+- [x] Static site deploy (rsync + Caddyfile)
+- [x] Docker deploy (build + systemd + Caddy)
+- [x] Binary deploy (scp + systemd + Caddy)
+- [x] Health check implementation
+- [x] TTL support (server-side)
+- [x] Port allocation (server-side)
+## Upcoming
+- [ ] Testing with real deploys
+- [ ] Remove v1 code after validation
+## Wiring
+- v2 is now the default interface
+- Set `SHIP_V1=1` to use legacy v1 (human-formatted output)
+## Completed Recently
+- [x] `ship list` - enumerate all deploys from /etc/ship/ports and /var/www
+- [x] `ship status NAME` - show deploy status, port, type, TTL
+- [x] `ship logs NAME` - show journalctl logs (or Caddy logs for static)
+- [x] `ship remove NAME` - full cleanup of all deploy artifacts
+## Completed Recently
+- [x] TTL cleanup timer (server-side systemd timer)
+- [x] `ship host init` with JSON output
+- [x] Docker + Caddy installation
+- [x] Cleanup script for expired TTL deploys
+## Commits
+- `5b88935` feat(v2): add output and detect packages
+- `8094639` feat(v2): add CLI structure and deploy orchestration
+- `1463935` feat(v2): implement deploy flows
+- `a7436df` feat(v2): implement ship host init with JSON output
+- `d6740a0` feat(v2): implement list, status, logs, remove commands
+- `4c20fb3` feat(v2): wire up v2 as default interface
+---
+## Notes
+- Branch: `agent-mode`
+- Keep v1 code for reference until v2 is working
+- Test with real deploys before merging to main
diff --git a/SHIP_V2.md b/SHIP_V2.md
new file mode 100644
index 0000000..7b607cb
--- /dev/null
+++ b/SHIP_V2.md
@@ -0,0 +1,240 @@
+# Ship v2
+**Ship is a deployment tool built for AI agents.**
+Agents write code. Ship puts it on the internet. That's it.
+## The Problem
+AI agents can write code, but deploying it is a mess:
+- Vercel/Railway/Fly require accounts, API tokens, platform-specific config
+- Docker/K8s are overkill for "make this code accessible via URL"
+- Most tools assume a human is reading the output
+Agents need: code → URL. Nothing else.
+## Ship's Approach
+```bash
+ship ./myproject
+# {"status":"ok","url":"https://abc123.example.com","took_ms":4200}
+```
+**That's the entire interface.** Point ship at code, get a URL back as JSON.
+### Core Principles
+1. **JSON in, JSON out** — No human-formatted output. No spinners. No emoji. Agents parse JSON.
+2. **One command** — No workflows. No "init then configure then deploy." One command does everything.
+3. **Verify or fail** — Every deploy is health-checked. If the app isn't responding, ship returns an error. No silent failures.
+4. **Self-cleaning** — Deploys can auto-expire. Agents create lots of previews; they shouldn't pile up forever.
+5. **Zero config** — Point at a directory. Ship figures out if it's static, Docker, or a binary. No config files required.
+6. **SSH-only** — No accounts. No API tokens. No vendor lock-in. Just SSH access to a VPS.
+## Interface
+### Deploy
+```bash
+ship ./myproject
+ship ./myproject --name myapp
+ship ./myproject --name preview --ttl 24h
+ship ./site --static
+ship ./api --health /healthz
+```
+Output:
+```json
+{
+  "status": "ok",
+  "name": "myapp",
+  "url": "https://myapp.example.com",
+  "type": "docker",
+  "took_ms": 4200,
+  "health": {"status": 200, "latency_ms": 45}
+}
+```
+### Error
+```json
+{
+  "status": "error",
+  "code": "HEALTH_CHECK_FAILED",
+  "message": "GET /healthz returned 503 after 30s",
+  "name": "myapp",
+  "url": "https://myapp.example.com"
+}
+```
+### List
+```bash
+ship list
+```
+```json
+{
+  "status": "ok",
+  "deploys": [
+    {"name": "api", "url": "https://api.example.com", "type": "docker", "running": true},
+    {"name": "preview-x7k", "url": "https://preview-x7k.example.com", "type": "static", "expires": "2024-02-16T18:00:00Z"}
+  ]
+}
+```
+### Status / Logs / Remove
+```bash
+ship status myapp
+ship logs myapp
+ship logs myapp --lines 100
+ship remove myapp
+```
+All return JSON with `{"status": "ok", ...}` or `{"status": "error", "code": "...", ...}`.
+## Error Codes
+Machine-readable. No guessing.
+| Code | Meaning |
+|------|---------|
+| `SSH_FAILED` | Can't connect to VPS |
+| `UPLOAD_FAILED` | File transfer failed |
+| `BUILD_FAILED` | Docker build or compile failed |
+| `DEPLOY_FAILED` | systemd/Caddy setup failed |
+| `HEALTH_CHECK_FAILED` | App not responding |
+| `NOT_FOUND` | App doesn't exist |
+| `CONFLICT` | Name already taken |
+## Auto-Detection
+Ship looks at the directory and figures out what to do:
+| Directory contains | Deploy type |
+|-------------------|-------------|
+| `Dockerfile` | Docker build → systemd service |
+| `index.html` | Static site → Caddy file_server |
+| Single executable | Binary → systemd service |
+| `go.mod` | Go build → systemd service |
+| `package.json` + no Dockerfile | Error: "Add a Dockerfile" |
+No config files. No `ship.json`. No `ship init`.
+## TTL (Time-To-Live)
+Agents create previews. Previews should auto-delete.
+```bash
+ship ./site --name pr-123 --ttl 1h
+ship ./site --name pr-123 --ttl 7d
+```
+After TTL expires, the deploy is removed automatically. The `expires` field in JSON tells you when.
+## Health Checks
+Every deploy is verified. Ship waits for the app to respond before returning success.
+- Static sites: `GET /` returns 2xx
+- Apps: `GET /` by default, or specify `--health /healthz`
+- Timeout: 30s
+- If health check fails: `{"status": "error", "code": "HEALTH_CHECK_FAILED", ...}`
+## Name Generation
+No name? Ship generates one.
+```bash
+ship ./site
+# {"name": "ship-a1b2c3", "url": "https://ship-a1b2c3.example.com", ...}
+```
+Provide a name to get a stable URL:
+```bash
+ship ./site --name docs
+# {"name": "docs", "url": "https://docs.example.com", ...}
+```
+## Host Setup
+One-time setup for a VPS:
+```bash
+ship host init user@my-vps.com --domain example.com
+```
+```json
+{
+  "status": "ok",
+  "host": "my-vps.com",
+  "domain": "example.com",
+  "installed": ["caddy", "docker", "systemd"]
+}
+```
+After this, the host is ready. Ship remembers it.
+## Human Output
+Humans are an afterthought, but they can use ship too:
+```bash
+ship ./site --pretty
+```
+```
+✓ Deployed to https://ship-a1b2c3.example.com (4.2s)
+```
+Or set globally:
+```bash
+export SHIP_PRETTY=1
+```
+## Implementation Phases
+### Phase 1: JSON Everything
+- [ ] JSON output on all commands
+- [ ] Structured error codes
+- [ ] Exit codes match error states
+### Phase 2: Smart Deploys
+- [ ] Auto-detect project type
+- [ ] Health checks on every deploy
+- [ ] `--ttl` with server-side cleanup
+### Phase 3: Zero Friction
+- [ ] `ship ./dir` with no flags (auto name, auto detect)
+- [ ] `ship host init` fully automated
+- [ ] One binary, zero dependencies on client
+## Non-Goals
+- **Pretty output** — That's what `--pretty` is for
+- **Interactive prompts** — Never. Agents can't answer prompts.
+- **Config files** — Zero config. Detect everything.
+- **Plugin system** — Keep it simple.
+- **Multi-cloud orchestration** — One VPS at a time.
+## Success Criteria
+Ship is done when an agent can:
+1. Build code
+2. Run `ship ./code`
+3. Parse the JSON response
+4. Use the URL
+No docs. No setup. No tokens. No accounts. Just `ship ./code`.
+---
+*Built for agents. Tolerated by humans.*
diff --git a/SPEC.md b/SPEC.md
new file mode 100644
index 0000000..50b54c2
--- /dev/null
+++ b/SPEC.md
@@ -0,0 +1,499 @@
+# Ship v2 Technical Specification
+## Overview
+Ship deploys code to a VPS. Input: path to code. Output: JSON with URL.
+```bash
+ship ./myproject
+# {"status":"ok","name":"ship-a1b2c3","url":"https://ship-a1b2c3.example.com","type":"docker","took_ms":8200}
+```
+## CLI Interface
+### Primary Command
+```
+ship [PATH] [FLAGS]
+```
+**PATH**: File or directory to deploy. Defaults to `.` (current directory).
+**FLAGS**:
+| Flag | Type | Default | Description |
+|------|------|---------|-------------|
+| `--name` | string | auto-generated | Deploy name (becomes subdomain) |
+| `--host` | string | default host | VPS host (SSH config name or user@host) |
+| `--health` | string | `/` for static, none for apps | Health check endpoint |
+| `--ttl` | duration | none | Auto-delete after duration (e.g., `1h`, `7d`) |
+| `--env` | string[] | none | Environment variables (`KEY=VALUE`) |
+| `--env-file` | string | none | Path to .env file |
+| `--pretty` | bool | false | Human-readable output |
+### Other Commands
+```
+ship list [--host HOST]
+ship status NAME [--host HOST]
+ship logs NAME [--lines N] [--host HOST]
+ship remove NAME [--host HOST]
+ship host init USER@HOST --domain DOMAIN
+ship host status [--host HOST]
+```
+All commands output JSON unless `--pretty` is set.
+## Output Schema
+### Success Response
+```typescript
+{
+  status: "ok",
+  name: string,
+  url: string,
+  type: "static" | "docker" | "binary",
+  took_ms: number,
+  health?: {
+    endpoint: string,
+    status: number,
+    latency_ms: number
+  },
+  expires?: string  // ISO 8601, only if --ttl set
+}
+```
+### Error Response
+```typescript
+{
+  status: "error",
+  code: string,
+  message: string,
+  name?: string,
+  url?: string
+}
+```
+### Exit Codes
+| Code | Meaning |
+|------|---------|
+| 0 | Success |
+| 1 | Deploy failed |
+| 2 | Invalid arguments |
+| 3 | SSH connection failed |
+| 4 | Health check failed |
+## Error Codes
+| Code | Description |
+|------|-------------|
+| `INVALID_PATH` | Path doesn't exist or isn't readable |
+| `UNKNOWN_PROJECT_TYPE` | Can't detect how to deploy |
+| `SSH_CONNECT_FAILED` | Can't establish SSH connection |
+| `SSH_AUTH_FAILED` | SSH key rejected |
+| `UPLOAD_FAILED` | SCP/rsync failed |
+| `BUILD_FAILED` | Docker build or compilation failed |
+| `SERVICE_FAILED` | systemd unit failed to start |
+| `CADDY_FAILED` | Caddy reload failed |
+| `HEALTH_CHECK_FAILED` | App didn't respond in time |
+| `HEALTH_CHECK_TIMEOUT` | Health check timed out |
+| `NOT_FOUND` | Named deploy doesn't exist |
+| `CONFLICT` | Name already in use (if --no-update) |
+| `HOST_NOT_CONFIGURED` | No default host, --host required |
+| `INVALID_TTL` | Can't parse TTL duration |
+## Auto-Detection Logic
+When given a path, ship determines deploy type:
+```
+is_file(path)?
+  → is_executable(path)?
+    → BINARY
+    → ERROR: "Not an executable file"
+  
+is_directory(path)?
+  → has_file("Dockerfile")?
+    → DOCKER
+  → has_file("index.html") OR has_file("index.htm")?
+    → STATIC
+  → has_file("go.mod") AND NOT has_file("Dockerfile")?
+    → ERROR: "Go project without Dockerfile. Add a Dockerfile or build a binary."
+  → has_file("package.json") AND NOT has_file("Dockerfile")?
+    → ERROR: "Node project without Dockerfile. Add a Dockerfile."
+  → is_empty(path)?
+    → ERROR: "Directory is empty"
+  → ERROR: "Can't detect project type. Add a Dockerfile or index.html."
+```
+## Name Generation
+If `--name` not provided:
+```
+name = "ship-" + random_alphanumeric(6)
+```
+Names must match: `^[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$`
+Invalid names return `INVALID_NAME` error.
+## Port Allocation
+Ports are allocated server-side.
+### Server Files
+```
+/etc/ship/ports/<name>     # Contains allocated port number
+```
+### Allocation Algorithm
+```python
+def allocate_port(name):
+    port_file = f"/etc/ship/ports/{name}"
+    
+    if exists(port_file):
+        return int(read(port_file))
+    
+    used_ports = [int(read(f)) for f in glob("/etc/ship/ports/*")]
+    next_port = 9000
+    while next_port in used_ports:
+        next_port += 1
+    
+    write(port_file, str(next_port))
+    return next_port
+```
+### Port Range
+- Start: 9000
+- Max: 9999
+- Error if exhausted: `PORT_EXHAUSTED`
+## Server File Layout
+```
+/etc/ship/
+  ports/<name>              # Port allocation (contains port number)
+  env/<name>.env            # Environment variables
+  ttl/<name>                # TTL expiry timestamp (Unix epoch)
+/var/www/<name>/            # Static site files
+/var/lib/<name>/
+  src/                      # Docker build context (checked out source)
+  data/                     # Persistent data volume
+/etc/systemd/system/<name>.service    # systemd unit
+/etc/caddy/sites-enabled/<name>.caddy # Caddy config
+```
+## Deploy Flows
+### Static Site
+1. Validate path is directory with index.html
+2. Generate name if needed
+3. SSH: Create `/var/www/<name>/`
+4. rsync: Upload directory contents to `/var/www/<name>/`
+5. SSH: Set ownership to `www-data`
+6. Generate Caddyfile
+7. SSH: Write to `/etc/caddy/sites-enabled/<name>.caddy`
+8. SSH: Reload Caddy
+9. Health check: `GET https://<name>.<domain>/`
+10. If TTL: Write expiry to `/etc/ship/ttl/<name>`
+11. Return JSON
+### Docker
+1. Validate path is directory with Dockerfile
+2. Generate name if needed
+3. Allocate port (server-side)
+4. rsync: Upload directory to `/var/lib/<name>/src/`
+5. SSH: `docker build -t <name> /var/lib/<name>/src/`
+6. Generate systemd unit (runs `docker run`)
+7. SSH: Write to `/etc/systemd/system/<name>.service`
+8. SSH: Write env file to `/etc/ship/env/<name>.env`
+9. SSH: `systemctl daemon-reload && systemctl restart <name>`
+10. Generate Caddyfile (reverse proxy to port)
+11. SSH: Write to `/etc/caddy/sites-enabled/<name>.caddy`
+12. SSH: Reload Caddy
+13. Health check: `GET https://<name>.<domain><health_endpoint>`
+14. If TTL: Write expiry to `/etc/ship/ttl/<name>`
+15. Return JSON
+### Binary
+1. Validate path is executable file
+2. Generate name if needed
+3. Allocate port (server-side)
+4. SCP: Upload binary to `/usr/local/bin/<name>`
+5. SSH: `chmod +x /usr/local/bin/<name>`
+6. Generate systemd unit
+7. SSH: Write to `/etc/systemd/system/<name>.service`
+8. SSH: Write env file to `/etc/ship/env/<name>.env`
+9. SSH: `systemctl daemon-reload && systemctl restart <name>`
+10. Generate Caddyfile (reverse proxy to port)
+11. SSH: Write to `/etc/caddy/sites-enabled/<name>.caddy`
+12. SSH: Reload Caddy
+13. Health check: `GET https://<name>.<domain><health_endpoint>`
+14. If TTL: Write expiry to `/etc/ship/ttl/<name>`
+15. Return JSON
+## Health Checks
+### Behavior
+After deploy, verify the app is responding:
+1. Wait 2 seconds (let app start)
+2. `GET https://<name>.<domain><health_endpoint>`
+3. If 2xx or 3xx: success
+4. If error or timeout: retry after 2s
+5. Max retries: 15 (total 30s)
+6. If all retries fail: return `HEALTH_CHECK_FAILED`
+### Health Endpoint
+| Deploy Type | Default | Override |
+|-------------|---------|----------|
+| static | `/` | `--health` |
+| docker | none (skip) | `--health` |
+| binary | none (skip) | `--health` |
+When no health endpoint: skip health check, return success after service starts.
+## TTL (Auto-Expiry)
+### Setting TTL
+```bash
+ship ./site --name preview --ttl 24h
+```
+Supported formats: `30m`, `1h`, `24h`, `7d`
+### Server-Side Cleanup
+A systemd timer runs hourly:
+```ini
+# /etc/systemd/system/ship-cleanup.timer
+[Timer]
+OnCalendar=hourly
+Persistent=true
+# /etc/systemd/system/ship-cleanup.service
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/ship-cleanup
+```
+Cleanup script:
+```bash
+#!/bin/bash
+now=$(date +%s)
+for f in /etc/ship/ttl/*; do
+  name=$(basename "$f")
+  expires=$(cat "$f")
+  if [ "$now" -gt "$expires" ]; then
+    ship remove "$name"
+  fi
+done
+```
+### TTL File Format
+```
+/etc/ship/ttl/<name>
+```
+Contents: Unix timestamp (seconds since epoch)
+## Templates
+### systemd Unit (Docker)
+```ini
+[Unit]
+Description=ship: {{.Name}}
+After=docker.service
+Requires=docker.service
+[Service]
+Restart=always
+RestartSec=5
+EnvironmentFile=/etc/ship/env/{{.Name}}.env
+ExecStartPre=-/usr/bin/docker stop {{.Name}}
+ExecStartPre=-/usr/bin/docker rm {{.Name}}
+ExecStart=/usr/bin/docker run --rm --name {{.Name}} \
+  --env-file /etc/ship/env/{{.Name}}.env \
+  -p 127.0.0.1:{{.Port}}:{{.Port}} \
+  -v /var/lib/{{.Name}}/data:/data \
+  {{.Name}}
+ExecStop=/usr/bin/docker stop {{.Name}}
+[Install]
+WantedBy=multi-user.target
+```
+### systemd Unit (Binary)
+```ini
+[Unit]
+Description=ship: {{.Name}}
+After=network.target
+[Service]
+Type=simple
+Restart=always
+RestartSec=5
+User={{.Name}}
+EnvironmentFile=/etc/ship/env/{{.Name}}.env
+ExecStart=/usr/local/bin/{{.Name}}
+WorkingDirectory=/var/lib/{{.Name}}
+[Install]
+WantedBy=multi-user.target
+```
+### Caddyfile (Reverse Proxy)
+```
+{{.Domain}} {
+    reverse_proxy localhost:{{.Port}}
+}
+```
+### Caddyfile (Static)
+```
+{{.Domain}} {
+    root * /var/www/{{.Name}}
+    file_server
+    encode gzip
+}
+```
+## Environment Variables
+Always set by ship:
+| Variable | Value |
+|----------|-------|
+| `PORT` | Allocated port number |
+| `SHIP_NAME` | Deploy name |
+| `SHIP_URL` | Full URL |
+User variables from `--env` or `--env-file` are merged.
+## Host Initialization
+```bash
+ship host init user@vps.example.com --domain example.com
+```
+### Steps
+1. SSH: Check connectivity
+2. SSH: Install packages (`apt install -y caddy docker.io`)
+3. SSH: Enable services (`systemctl enable --now caddy docker`)
+4. SSH: Create directories (`/etc/ship/ports`, `/etc/ship/env`, `/etc/ship/ttl`)
+5. SSH: Install cleanup timer
+6. SSH: Configure Caddy base
+7. Update local state with host info
+### Output
+```json
+{
+  "status": "ok",
+  "host": "vps.example.com",
+  "domain": "example.com",
+  "installed": ["caddy", "docker"]
+}
+```
+## Local State
+Stored at `~/.config/ship/state.json`:
+```json
+{
+  "default_host": "vps",
+  "hosts": {
+    "vps": {
+      "ssh": "user@vps.example.com",
+      "domain": "example.com"
+    }
+  }
+}
+```
+Local state is minimal — server is source of truth for ports, deploys, TTLs.
+## Pretty Output
+When `--pretty` is set (or `SHIP_PRETTY=1`):
+### Deploy Success
+```
+✓ Deployed to https://myapp.example.com (4.2s)
+```
+### Deploy Failure
+```
+✗ Deploy failed: health check timed out after 30s
+```
+### List
+```
+NAME          URL                              TYPE    STATUS
+api           https://api.example.com          docker  running
+preview-x7k   https://preview-x7k.example.com  static  running (expires in 23h)
+```
+## Implementation Notes
+### SSH Execution
+Use a single SSH connection with multiplexing:
+```bash
+ssh -o ControlMaster=auto -o ControlPath=/tmp/ship-%r@%h:%p -o ControlPersist=60 ...
+```
+### Concurrency
+Ship is not designed for concurrent deploys of the same name. Behavior is undefined.
+Different names can deploy concurrently.
+### Rollback (Future)
+Not in v2.0. Future consideration: keep last N versions, `ship rollback <name>`.
+---
+## Appendix: Example Session
+```bash
+$ mkdir -p /tmp/hello && echo '<h1>Hello</h1>' > /tmp/hello/index.html
+$ ship /tmp/hello --name hello
+{"status":"ok","name":"hello","url":"https://hello.example.com","type":"static","took_ms":3200,"health":{"endpoint":"/","status":200,"latency_ms":45}}
+$ ship list
+{"status":"ok","deploys":[{"name":"hello","url":"https://hello.example.com","type":"static","running":true}]}
+$ ship remove hello
+{"status":"ok","name":"hello","removed":true}
+```
diff --git a/TODO.md b/TODO.md
new file mode 100644
index 0000000..5406485
--- /dev/null
+++ b/TODO.md
@@ -0,0 +1,44 @@
+# Ship TODO
+## Open
+### ~~Support custom Caddyfile~~ ✅ FIXED
+**Fixed in:** commit b976b14
+- Caddyfile is only generated on first deploy
+- Redeploys preserve existing Caddyfile (manual edits survive)
+- SSH in and customize as needed, future deploys won't overwrite
+---
+### ~~ship list should show custom domains~~ ✅ FIXED
+**Fixed in:** commit c1b0bb8
+- Reads actual domain from Caddyfile instead of assuming subdomain
+- Works for both apps and static sites
+---
+## Fixed
+### ~~Port allocation collision bug~~ ✅ FIXED
+**Fixed in:** commit d97bb6f
+- Port allocation now uses atomic flock on `/etc/ship/next_port`
+- Prevents race conditions when multiple deploys run concurrently
+- Each app still gets its port stored in `/etc/ship/ports/<name>`
+### ~~Docker container port assumption~~ ✅ FIXED
+**Fixed in:** commit d97bb6f
+- Added `--container-port` flag (default 80)
+- Template now uses `{{.ContainerPort}}` instead of hardcoded 80
+- Supports containers that listen on 8080, 3000, etc.
+### ~~ship host init doesn't create local state.json~~ ✅ FIXED
+**Fixed in:** commit 6b2c047
+- Removed all v1 code (-2837 lines)
+- Simplified `internal/state/state.go` to just `default_host` + `base_domain`
+- `host init` now creates minimal state.json
+- Ports/deploys tracked on server at `/etc/ship/ports/`
diff --git a/cmd/ship/commands_v2.go b/cmd/ship/commands_v2.go
new file mode 100644
index 0000000..1b0d09c
--- /dev/null
+++ b/cmd/ship/commands_v2.go
@@ -0,0 +1,365 @@
+package main
+import (
+        "fmt"
+        "strconv"
+        "strings"
+        "time"
+        "github.com/bdw/ship/internal/output"
+        "github.com/bdw/ship/internal/ssh"
+        "github.com/bdw/ship/internal/state"
+        "github.com/spf13/cobra"
+)
+// listV2Cmd lists all deployments
+var listV2Cmd = &cobra.Command{
+        Use:   "list",
+        Short: "List all deployments",
+        RunE:  runListV2,
+}
+func runListV2(cmd *cobra.Command, args []string) error {
+        st, err := state.Load()
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, err.Error()))
+        }
+        hostName := hostFlag
+        if hostName == "" {
+                hostName = st.DefaultHost
+        }
+        if hostName == "" {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, "no host specified"))
+        }
+        hostConfig := st.GetHost(hostName)
+        client, err := ssh.Connect(hostName)
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrSSHConnectFailed, err.Error()))
+        }
+        defer client.Close()
+        var deploys []output.DeployInfo
+        // Get all deployed services by checking /etc/ship/ports and /var/www
+        // Check ports (apps and docker)
+        portsOut, _ := client.Run("ls /etc/ship/ports/ 2>/dev/null || true")
+        for _, name := range strings.Fields(portsOut) {
+                if name == "" {
+                        continue
+                }
+                
+                // Get actual domain from Caddyfile (first word of first line)
+                domain := fmt.Sprintf("%s.%s", name, hostConfig.BaseDomain)
+                caddyOut, _ := client.Run(fmt.Sprintf("head -1 /etc/caddy/sites-enabled/%s.caddy 2>/dev/null | awk '{print $1}'", name))
+                if d := strings.TrimSpace(caddyOut); d != "" && d != "{" {
+                        domain = d
+                }
+                info := output.DeployInfo{
+                        Name: name,
+                        URL:  fmt.Sprintf("https://%s", domain),
+                }
+                // Check if it's docker or binary
+                dockerOut, _ := client.Run(fmt.Sprintf("docker inspect %s 2>/dev/null && echo docker", name))
+                if strings.Contains(dockerOut, "docker") {
+                        info.Type = "docker"
+                } else {
+                        info.Type = "binary"
+                }
+                // Check if running
+                statusOut, _ := client.RunSudo(fmt.Sprintf("systemctl is-active %s 2>/dev/null || echo inactive", name))
+                info.Running = strings.TrimSpace(statusOut) == "active"
+                // Check TTL
+                ttlOut, _ := client.Run(fmt.Sprintf("cat /etc/ship/ttl/%s 2>/dev/null || true", name))
+                if ttlOut != "" {
+                        if expires, err := strconv.ParseInt(strings.TrimSpace(ttlOut), 10, 64); err == nil {
+                                info.Expires = time.Unix(expires, 0).UTC().Format(time.RFC3339)
+                        }
+                }
+                deploys = append(deploys, info)
+        }
+        // Check static sites in /var/www
+        wwwOut, _ := client.Run("ls -d /var/www/*/ 2>/dev/null | xargs -n1 basename 2>/dev/null || true")
+        for _, name := range strings.Fields(wwwOut) {
+                if name == "" || name == "html" {
+                        continue
+                }
+                // Skip if already in ports (would be an app, not static)
+                found := false
+                for _, d := range deploys {
+                        if d.Name == name {
+                                found = true
+                                break
+                        }
+                }
+                if found {
+                        continue
+                }
+                // Get actual domain from Caddyfile
+                domain := fmt.Sprintf("%s.%s", name, hostConfig.BaseDomain)
+                caddyOut, _ := client.Run(fmt.Sprintf("head -1 /etc/caddy/sites-enabled/%s.caddy 2>/dev/null | awk '{print $1}'", name))
+                if d := strings.TrimSpace(caddyOut); d != "" && d != "{" {
+                        domain = d
+                }
+                info := output.DeployInfo{
+                        Name:    name,
+                        URL:     fmt.Sprintf("https://%s", domain),
+                        Type:    "static",
+                        Running: true, // Static sites are always "running"
+                }
+                // Check TTL
+                ttlOut, _ := client.Run(fmt.Sprintf("cat /etc/ship/ttl/%s 2>/dev/null || true", name))
+                if ttlOut != "" {
+                        if expires, err := strconv.ParseInt(strings.TrimSpace(ttlOut), 10, 64); err == nil {
+                                info.Expires = time.Unix(expires, 0).UTC().Format(time.RFC3339)
+                        }
+                }
+                deploys = append(deploys, info)
+        }
+        output.PrintAndExit(&output.ListResponse{
+                Status:  "ok",
+                Deploys: deploys,
+        })
+        return nil
+}
+// statusV2Cmd shows status for a single deployment
+var statusV2Cmd = &cobra.Command{
+        Use:   "status NAME",
+        Short: "Check status of a deployment",
+        Args:  cobra.ExactArgs(1),
+        RunE:  runStatusV2,
+}
+func runStatusV2(cmd *cobra.Command, args []string) error {
+        name := args[0]
+        st, err := state.Load()
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, err.Error()))
+        }
+        hostName := hostFlag
+        if hostName == "" {
+                hostName = st.DefaultHost
+        }
+        if hostName == "" {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, "no host specified"))
+        }
+        hostConfig := st.GetHost(hostName)
+        client, err := ssh.Connect(hostName)
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrSSHConnectFailed, err.Error()))
+        }
+        defer client.Close()
+        // Check if deployment exists
+        portOut, _ := client.Run(fmt.Sprintf("cat /etc/ship/ports/%s 2>/dev/null || true", name))
+        wwwExists, _ := client.Run(fmt.Sprintf("test -d /var/www/%s && echo exists || true", name))
+        if strings.TrimSpace(portOut) == "" && strings.TrimSpace(wwwExists) == "" {
+                output.PrintAndExit(output.ErrWithName(output.ErrNotFound, "deployment not found", name))
+        }
+        // Get actual domain from Caddyfile
+        domain := fmt.Sprintf("%s.%s", name, hostConfig.BaseDomain)
+        caddyOut, _ := client.Run(fmt.Sprintf("head -1 /etc/caddy/sites-enabled/%s.caddy 2>/dev/null | awk '{print $1}'", name))
+        if d := strings.TrimSpace(caddyOut); d != "" && d != "{" {
+                domain = d
+        }
+        resp := &output.StatusResponse{
+                Status: "ok",
+                Name:   name,
+                URL:    fmt.Sprintf("https://%s", domain),
+        }
+        // Determine type and get details
+        if portOut != "" {
+                port, _ := strconv.Atoi(strings.TrimSpace(portOut))
+                resp.Port = port
+                // Check if docker
+                dockerOut, _ := client.Run(fmt.Sprintf("docker inspect %s 2>/dev/null && echo docker", name))
+                if strings.Contains(dockerOut, "docker") {
+                        resp.Type = "docker"
+                } else {
+                        resp.Type = "binary"
+                }
+                // Check if running
+                statusOut, _ := client.RunSudo(fmt.Sprintf("systemctl is-active %s 2>/dev/null || echo inactive", name))
+                resp.Running = strings.TrimSpace(statusOut) == "active"
+        } else {
+                resp.Type = "static"
+                resp.Running = true
+        }
+        // Check TTL
+        ttlOut, _ := client.Run(fmt.Sprintf("cat /etc/ship/ttl/%s 2>/dev/null || true", name))
+        if ttlOut != "" {
+                if expires, err := strconv.ParseInt(strings.TrimSpace(ttlOut), 10, 64); err == nil {
+                        resp.Expires = time.Unix(expires, 0).UTC().Format(time.RFC3339)
+                }
+        }
+        output.PrintAndExit(resp)
+        return nil
+}
+// logsV2Cmd shows logs for a deployment
+var logsV2Cmd = &cobra.Command{
+        Use:   "logs NAME",
+        Short: "View logs for a deployment",
+        Args:  cobra.ExactArgs(1),
+        RunE:  runLogsV2,
+}
+func init() {
+        logsV2Cmd.Flags().Int("lines", 50, "Number of log lines to show")
+}
+func runLogsV2(cmd *cobra.Command, args []string) error {
+        name := args[0]
+        lines, _ := cmd.Flags().GetInt("lines")
+        st, err := state.Load()
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, err.Error()))
+        }
+        hostName := hostFlag
+        if hostName == "" {
+                hostName = st.DefaultHost
+        }
+        if hostName == "" {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, "no host specified"))
+        }
+        client, err := ssh.Connect(hostName)
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrSSHConnectFailed, err.Error()))
+        }
+        defer client.Close()
+        // Check if it's a static site (no logs)
+        portOut, _ := client.Run(fmt.Sprintf("cat /etc/ship/ports/%s 2>/dev/null || true", name))
+        if strings.TrimSpace(portOut) == "" {
+                // Check if static site exists
+                wwwExists, _ := client.Run(fmt.Sprintf("test -d /var/www/%s && echo exists || true", name))
+                if strings.TrimSpace(wwwExists) == "" {
+                        output.PrintAndExit(output.ErrWithName(output.ErrNotFound, "deployment not found", name))
+                }
+                // Static site - check Caddy access logs
+                logsOut, err := client.RunSudo(fmt.Sprintf("journalctl -u caddy -n %d --no-pager 2>/dev/null | grep %s || echo 'No logs found'", lines*2, name))
+                if err != nil {
+                        output.PrintAndExit(output.Err(output.ErrServiceFailed, err.Error()))
+                }
+                logLines := strings.Split(strings.TrimSpace(logsOut), "\n")
+                output.PrintAndExit(&output.LogsResponse{
+                        Status: "ok",
+                        Name:   name,
+                        Lines:  logLines,
+                })
+                return nil
+        }
+        // Get journalctl logs
+        logsOut, err := client.RunSudo(fmt.Sprintf("journalctl -u %s -n %d --no-pager 2>/dev/null || echo 'No logs found'", name, lines))
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrServiceFailed, err.Error()))
+        }
+        logLines := strings.Split(strings.TrimSpace(logsOut), "\n")
+        output.PrintAndExit(&output.LogsResponse{
+                Status: "ok",
+                Name:   name,
+                Lines:  logLines,
+        })
+        return nil
+}
+// removeV2Cmd removes a deployment
+var removeV2Cmd = &cobra.Command{
+        Use:   "remove NAME",
+        Short: "Remove a deployment",
+        Args:  cobra.ExactArgs(1),
+        RunE:  runRemoveV2,
+}
+func runRemoveV2(cmd *cobra.Command, args []string) error {
+        name := args[0]
+        st, err := state.Load()
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, err.Error()))
+        }
+        hostName := hostFlag
+        if hostName == "" {
+                hostName = st.DefaultHost
+        }
+        if hostName == "" {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, "no host specified"))
+        }
+        client, err := ssh.Connect(hostName)
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrSSHConnectFailed, err.Error()))
+        }
+        defer client.Close()
+        // Check if deployment exists
+        portOut, _ := client.Run(fmt.Sprintf("cat /etc/ship/ports/%s 2>/dev/null || true", name))
+        wwwExists, _ := client.Run(fmt.Sprintf("test -d /var/www/%s && echo exists || true", name))
+        if strings.TrimSpace(portOut) == "" && strings.TrimSpace(wwwExists) == "" {
+                output.PrintAndExit(output.ErrWithName(output.ErrNotFound, "deployment not found", name))
+        }
+        // Stop and disable service
+        client.RunSudo(fmt.Sprintf("systemctl stop %s 2>/dev/null || true", name))
+        client.RunSudo(fmt.Sprintf("systemctl disable %s 2>/dev/null || true", name))
+        // Remove files
+        client.RunSudo(fmt.Sprintf("rm -f /etc/systemd/system/%s.service", name))
+        client.RunSudo(fmt.Sprintf("rm -f /etc/caddy/sites-enabled/%s.caddy", name))
+        client.RunSudo(fmt.Sprintf("rm -rf /var/www/%s", name))
+        client.RunSudo(fmt.Sprintf("rm -rf /var/lib/%s", name))
+        client.RunSudo(fmt.Sprintf("rm -f /usr/local/bin/%s", name))
+        client.RunSudo(fmt.Sprintf("rm -f /etc/ship/env/%s.env", name))
+        client.RunSudo(fmt.Sprintf("rm -f /etc/ship/ports/%s", name))
+        client.RunSudo(fmt.Sprintf("rm -f /etc/ship/ttl/%s", name))
+        // Remove docker container and image
+        client.Run(fmt.Sprintf("docker rm -f %s 2>/dev/null || true", name))
+        client.Run(fmt.Sprintf("docker rmi %s 2>/dev/null || true", name))
+        // Reload services
+        client.RunSudo("systemctl daemon-reload")
+        client.RunSudo("systemctl reload caddy")
+        output.PrintAndExit(&output.RemoveResponse{
+                Status:  "ok",
+                Name:    name,
+                Removed: true,
+        })
+        return nil
+}
diff --git a/cmd/ship/deploy.go b/cmd/ship/deploy.go
deleted file mode 100644
index 414ade5..0000000
--- a/cmd/ship/deploy.go
+++ /dev/null
@@ -1,664 +0,0 @@
-package main
-import (
-        "bufio"
-        "fmt"
-        "os"
-        "path/filepath"
-        "strconv"
-        "strings"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/bdw/ship/internal/templates"
-        "github.com/spf13/cobra"
-)
-// DeployOptions contains all options for deploying or updating an app
-type DeployOptions struct {
-        Host     string
-        Domain   string
-        Name     string
-        Binary   string
-        Dir      string // for static sites
-        Port     int
-        Args     string
-        Files    []string
-        Memory   string
-        CPU      string
-        Env      map[string]string // merged env vars
-        IsUpdate bool
-}
-func runDeploy(cmd *cobra.Command, args []string) error {
-        flags := cmd.Flags()
-        // Parse CLI flags
-        binary, _ := flags.GetString("binary")
-        static, _ := flags.GetBool("static")
-        dir, _ := flags.GetString("dir")
-        domain, _ := flags.GetString("domain")
-        name, _ := flags.GetString("name")
-        port, _ := flags.GetInt("port")
-        envVars, _ := flags.GetStringArray("env")
-        envFile, _ := flags.GetString("env-file")
-        argsFlag, _ := flags.GetString("args")
-        files, _ := flags.GetStringArray("file")
-        memory, _ := flags.GetString("memory")
-        cpu, _ := flags.GetString("cpu")
-        // Get host from flag or state default
-        host := hostFlag
-        if host == "" {
-                st, err := state.Load()
-                if err != nil {
-                        return fmt.Errorf("error loading state: %w", err)
-                }
-                host = st.GetDefaultHost()
-        }
-        // If no flags provided, show help
-        if domain == "" && binary == "" && !static && name == "" {
-                return cmd.Help()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        // Load state once - this will be used throughout
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        hostState := st.GetHost(host)
-        // Config update mode: --name provided without --binary or --static
-        if name != "" && binary == "" && !static {
-                existingApp, err := st.GetApp(host, name)
-                if err != nil {
-                        return fmt.Errorf("app %s not found (use --binary to deploy a new app)", name)
-                }
-                // Build merged config starting from existing app
-                opts := DeployOptions{
-                        Host:   host,
-                        Name:   name,
-                        Port:   existingApp.Port,
-                        Args:   existingApp.Args,
-                        Files:  existingApp.Files,
-                        Memory: existingApp.Memory,
-                        CPU:    existingApp.CPU,
-                        Env:    make(map[string]string),
-                }
-                for k, v := range existingApp.Env {
-                        opts.Env[k] = v
-                }
-                // Override with CLI flags if provided
-                if argsFlag != "" {
-                        opts.Args = argsFlag
-                }
-                if len(files) > 0 {
-                        opts.Files = files
-                }
-                if memory != "" {
-                        opts.Memory = memory
-                }
-                if cpu != "" {
-                        opts.CPU = cpu
-                }
-                // Merge env vars (CLI overrides existing)
-                for _, e := range envVars {
-                        parts := strings.SplitN(e, "=", 2)
-                        if len(parts) == 2 {
-                                opts.Env[parts[0]] = parts[1]
-                        }
-                }
-                if envFile != "" {
-                        fileEnv, err := parseEnvFile(envFile)
-                        if err != nil {
-                                return fmt.Errorf("error reading env file: %w", err)
-                        }
-                        for k, v := range fileEnv {
-                                opts.Env[k] = v
-                        }
-                }
-                return updateAppConfig(st, opts)
-        }
-        // Infer name early so we can use it for subdomain generation and existing app lookup
-        if name == "" {
-                if static {
-                        name = domain
-                        if name == "" && hostState.BaseDomain != "" {
-                                name = filepath.Base(dir)
-                        }
-                } else {
-                        name = filepath.Base(binary)
-                }
-        }
-        if err := validateName(name); err != nil {
-                return err
-        }
-        // Check if this is an update to an existing app/site
-        existingApp, _ := st.GetApp(host, name)
-        isUpdate := existingApp != nil
-        // For new deployments, require domain or base domain
-        if !isUpdate && domain == "" && hostState.BaseDomain == "" {
-                return fmt.Errorf("--domain required (or configure base domain with 'ship host init --base-domain')")
-        }
-        // Build merged config, starting from existing app if updating
-        opts := DeployOptions{
-                Host:     host,
-                Name:     name,
-                Binary:   binary,
-                Dir:      dir,
-                IsUpdate: isUpdate,
-        }
-        // Merge domain: auto-subdomain + (user-provided or existing custom domain)
-        var domains []string
-        if hostState.BaseDomain != "" {
-                domains = append(domains, name+"."+hostState.BaseDomain)
-        }
-        if domain != "" {
-                domains = append(domains, domain)
-        } else if isUpdate && existingApp.Domain != "" {
-                for _, d := range strings.Split(existingApp.Domain, ",") {
-                        d = strings.TrimSpace(d)
-                        if d != "" && (hostState.BaseDomain == "" || !strings.HasSuffix(d, "."+hostState.BaseDomain)) {
-                                domains = append(domains, d)
-                        }
-                }
-        }
-        opts.Domain = strings.Join(domains, ", ")
-        // For apps, merge all config fields
-        if !static {
-                // Start with existing values if updating
-                if isUpdate {
-                        opts.Port = existingApp.Port
-                        opts.Args = existingApp.Args
-                        opts.Files = existingApp.Files
-                        opts.Memory = existingApp.Memory
-                        opts.CPU = existingApp.CPU
-                        opts.Env = make(map[string]string)
-                        for k, v := range existingApp.Env {
-                                opts.Env[k] = v
-                        }
-                } else {
-                        opts.Port = port
-                        opts.Env = make(map[string]string)
-                }
-                // Override with CLI flags if provided
-                if argsFlag != "" {
-                        opts.Args = argsFlag
-                }
-                if len(files) > 0 {
-                        opts.Files = files
-                }
-                if memory != "" {
-                        opts.Memory = memory
-                }
-                if cpu != "" {
-                        opts.CPU = cpu
-                }
-                // Merge env vars (CLI overrides existing)
-                for _, e := range envVars {
-                        parts := strings.SplitN(e, "=", 2)
-                        if len(parts) == 2 {
-                                opts.Env[parts[0]] = parts[1]
-                        }
-                }
-                if envFile != "" {
-                        fileEnv, err := parseEnvFile(envFile)
-                        if err != nil {
-                                return fmt.Errorf("error reading env file: %w", err)
-                        }
-                        for k, v := range fileEnv {
-                                opts.Env[k] = v
-                        }
-                }
-        }
-        if static {
-                return deployStatic(st, opts)
-        }
-        return deployApp(st, opts)
-}
-func deployApp(st *state.State, opts DeployOptions) error {
-        if opts.Binary == "" {
-                return fmt.Errorf("--binary is required")
-        }
-        if _, err := os.Stat(opts.Binary); err != nil {
-                return fmt.Errorf("binary not found: %s", opts.Binary)
-        }
-        fmt.Printf("Deploying app: %s\n", opts.Name)
-        fmt.Printf("  Domain(s): %s\n", opts.Domain)
-        fmt.Printf("  Binary: %s\n", opts.Binary)
-        // Allocate port for new apps
-        port := opts.Port
-        if opts.IsUpdate {
-                fmt.Printf("  Updating existing deployment (port %d)\n", port)
-        } else {
-                if port == 0 {
-                        port = st.AllocatePort(opts.Host)
-                }
-                fmt.Printf("  Allocated port: %d\n", port)
-        }
-        // Add PORT to env
-        opts.Env["PORT"] = strconv.Itoa(port)
-        client, err := ssh.Connect(opts.Host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        fmt.Println("-> Uploading binary...")
-        remoteTmpPath := fmt.Sprintf("/tmp/%s", opts.Name)
-        if err := client.Upload(opts.Binary, remoteTmpPath); err != nil {
-                return fmt.Errorf("error uploading binary: %w", err)
-        }
-        fmt.Println("-> Creating system user...")
-        client.RunSudo(fmt.Sprintf("useradd -r -s /bin/false %s", opts.Name))
-        fmt.Println("-> Setting up directories...")
-        workDir := fmt.Sprintf("/var/lib/%s", opts.Name)
-        if _, err := client.RunSudo(fmt.Sprintf("mkdir -p %s", workDir)); err != nil {
-                return fmt.Errorf("error creating work directory: %w", err)
-        }
-        if _, err := client.RunSudo(fmt.Sprintf("chown %s:%s %s", opts.Name, opts.Name, workDir)); err != nil {
-                return fmt.Errorf("error setting work directory ownership: %w", err)
-        }
-        fmt.Println("-> Installing binary...")
-        binaryDest := fmt.Sprintf("/usr/local/bin/%s", opts.Name)
-        if _, err := client.RunSudo(fmt.Sprintf("mv %s %s", remoteTmpPath, binaryDest)); err != nil {
-                return fmt.Errorf("error moving binary: %w", err)
-        }
-        if _, err := client.RunSudo(fmt.Sprintf("chmod +x %s", binaryDest)); err != nil {
-                return fmt.Errorf("error making binary executable: %w", err)
-        }
-        if len(opts.Files) > 0 {
-                fmt.Println("-> Uploading config files...")
-                for _, file := range opts.Files {
-                        if _, err := os.Stat(file); err != nil {
-                                return fmt.Errorf("config file not found: %s", file)
-                        }
-                        remotePath := fmt.Sprintf("%s/%s", workDir, filepath.Base(file))
-                        fileTmpPath := fmt.Sprintf("/tmp/%s_%s", opts.Name, filepath.Base(file))
-                        if err := client.Upload(file, fileTmpPath); err != nil {
-                                return fmt.Errorf("error uploading config file %s: %w", file, err)
-                        }
-                        if _, err := client.RunSudo(fmt.Sprintf("mv %s %s", fileTmpPath, remotePath)); err != nil {
-                                return fmt.Errorf("error moving config file %s: %w", file, err)
-                        }
-                        if _, err := client.RunSudo(fmt.Sprintf("chown %s:%s %s", opts.Name, opts.Name, remotePath)); err != nil {
-                                return fmt.Errorf("error setting config file ownership %s: %w", file, err)
-                        }
-                        fmt.Printf("  Uploaded: %s\n", file)
-                }
-        }
-        fmt.Println("-> Creating environment file...")
-        envFilePath := fmt.Sprintf("/etc/ship/env/%s.env", opts.Name)
-        envContent := ""
-        for k, v := range opts.Env {
-                envContent += fmt.Sprintf("%s=%s\n", k, v)
-        }
-        if err := client.WriteSudoFile(envFilePath, envContent); err != nil {
-                return fmt.Errorf("error creating env file: %w", err)
-        }
-        if _, err := client.RunSudo(fmt.Sprintf("chmod 600 %s", envFilePath)); err != nil {
-                return fmt.Errorf("error setting env file permissions: %w", err)
-        }
-        if _, err := client.RunSudo(fmt.Sprintf("chown %s:%s %s", opts.Name, opts.Name, envFilePath)); err != nil {
-                return fmt.Errorf("error setting env file ownership: %w", err)
-        }
-        // Create local .ship directory for deployment configs if they don't exist
-        // (handles both initial deployment and migration of existing deployments)
-        if _, err := os.Stat(".ship/service"); os.IsNotExist(err) {
-                fmt.Println("-> Creating local .ship directory...")
-                if err := os.MkdirAll(".ship", 0755); err != nil {
-                        return fmt.Errorf("error creating .ship directory: %w", err)
-                }
-                fmt.Println("-> Generating systemd service...")
-                serviceContent, err := templates.SystemdService(map[string]string{
-                        "Name":       opts.Name,
-                        "User":       opts.Name,
-                        "WorkDir":    workDir,
-                        "BinaryPath": binaryDest,
-                        "Port":       strconv.Itoa(port),
-                        "EnvFile":    envFilePath,
-                        "Args":       opts.Args,
-                        "Memory":     opts.Memory,
-                        "CPU":        opts.CPU,
-                })
-                if err != nil {
-                        return fmt.Errorf("error generating systemd unit: %w", err)
-                }
-                if err := os.WriteFile(".ship/service", []byte(serviceContent), 0644); err != nil {
-                        return fmt.Errorf("error writing .ship/service: %w", err)
-                }
-        }
-        if _, err := os.Stat(".ship/Caddyfile"); os.IsNotExist(err) {
-                fmt.Println("-> Generating Caddyfile...")
-                caddyContent, err := templates.AppCaddy(map[string]string{
-                        "Domain": opts.Domain,
-                        "Port":   strconv.Itoa(port),
-                })
-                if err != nil {
-                        return fmt.Errorf("error generating Caddy config: %w", err)
-                }
-                if err := os.WriteFile(".ship/Caddyfile", []byte(caddyContent), 0644); err != nil {
-                        return fmt.Errorf("error writing .ship/Caddyfile: %w", err)
-                }
-        }
-        // Upload systemd service from .ship/service
-        fmt.Println("-> Installing systemd service...")
-        serviceContent, err := os.ReadFile(".ship/service")
-        if err != nil {
-                return fmt.Errorf("error reading .ship/service: %w", err)
-        }
-        servicePath := fmt.Sprintf("/etc/systemd/system/%s.service", opts.Name)
-        if err := client.WriteSudoFile(servicePath, string(serviceContent)); err != nil {
-                return fmt.Errorf("error installing systemd unit: %w", err)
-        }
-        // Upload Caddyfile from .ship/Caddyfile
-        fmt.Println("-> Installing Caddy config...")
-        caddyContent, err := os.ReadFile(".ship/Caddyfile")
-        if err != nil {
-                return fmt.Errorf("error reading .ship/Caddyfile: %w", err)
-        }
-        caddyPath := fmt.Sprintf("/etc/caddy/sites-enabled/%s.caddy", opts.Name)
-        if err := client.WriteSudoFile(caddyPath, string(caddyContent)); err != nil {
-                return fmt.Errorf("error installing Caddy config: %w", err)
-        }
-        fmt.Println("-> Reloading systemd...")
-        if _, err := client.RunSudo("systemctl daemon-reload"); err != nil {
-                return fmt.Errorf("error reloading systemd: %w", err)
-        }
-        fmt.Println("-> Starting service...")
-        if _, err := client.RunSudo(fmt.Sprintf("systemctl enable %s", opts.Name)); err != nil {
-                return fmt.Errorf("error enabling service: %w", err)
-        }
-        if _, err := client.RunSudo(fmt.Sprintf("systemctl restart %s", opts.Name)); err != nil {
-                return fmt.Errorf("error starting service: %w", err)
-        }
-        fmt.Println("-> Reloading Caddy...")
-        if _, err := client.RunSudo("systemctl reload caddy"); err != nil {
-                return fmt.Errorf("error reloading Caddy: %w", err)
-        }
-        st.AddApp(opts.Host, opts.Name, &state.App{
-                Type:   "app",
-                Domain: opts.Domain,
-                Port:   port,
-                Env:    opts.Env,
-                Args:   opts.Args,
-                Files:  opts.Files,
-                Memory: opts.Memory,
-                CPU:    opts.CPU,
-        })
-        if err := st.Save(); err != nil {
-                return fmt.Errorf("error saving state: %w", err)
-        }
-        fmt.Printf("\n App deployed successfully!\n")
-        // Show first domain in the URL message
-        primaryDomain := strings.Split(opts.Domain, ",")[0]
-        primaryDomain = strings.TrimSpace(primaryDomain)
-        fmt.Printf("  https://%s (may take a minute for HTTPS cert)\n", primaryDomain)
-        return nil
-}
-func updateAppConfig(st *state.State, opts DeployOptions) error {
-        existingApp, err := st.GetApp(opts.Host, opts.Name)
-        if err != nil {
-                return fmt.Errorf("app %s not found (use --binary to deploy a new app)", opts.Name)
-        }
-        if existingApp.Type != "app" && existingApp.Type != "git-app" {
-                return fmt.Errorf("%s is a static site, not an app", opts.Name)
-        }
-        fmt.Printf("Updating config: %s\n", opts.Name)
-        // Add PORT to env
-        opts.Env["PORT"] = strconv.Itoa(existingApp.Port)
-        client, err := ssh.Connect(opts.Host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        // Update env file
-        fmt.Println("-> Updating environment file...")
-        envFilePath := fmt.Sprintf("/etc/ship/env/%s.env", opts.Name)
-        envContent := ""
-        for k, v := range opts.Env {
-                envContent += fmt.Sprintf("%s=%s\n", k, v)
-        }
-        if err := client.WriteSudoFile(envFilePath, envContent); err != nil {
-                return fmt.Errorf("error creating env file: %w", err)
-        }
-        // For git-app, the systemd unit comes from .ship/service in the repo,
-        // so we only update the env file and restart.
-        if existingApp.Type != "git-app" {
-                // Regenerate systemd unit to .ship/service (resource flags are being updated)
-                fmt.Println("-> Updating systemd service...")
-                workDir := fmt.Sprintf("/var/lib/%s", opts.Name)
-                binaryDest := fmt.Sprintf("/usr/local/bin/%s", opts.Name)
-                serviceContent, err := templates.SystemdService(map[string]string{
-                        "Name":       opts.Name,
-                        "User":       opts.Name,
-                        "WorkDir":    workDir,
-                        "BinaryPath": binaryDest,
-                        "Port":       strconv.Itoa(existingApp.Port),
-                        "EnvFile":    envFilePath,
-                        "Args":       opts.Args,
-                        "Memory":     opts.Memory,
-                        "CPU":        opts.CPU,
-                })
-                if err != nil {
-                        return fmt.Errorf("error generating systemd unit: %w", err)
-                }
-                // Write to local .ship/service
-                if err := os.MkdirAll(".ship", 0755); err != nil {
-                        return fmt.Errorf("error creating .ship directory: %w", err)
-                }
-                if err := os.WriteFile(".ship/service", []byte(serviceContent), 0644); err != nil {
-                        return fmt.Errorf("error writing .ship/service: %w", err)
-                }
-                // Upload to server
-                servicePath := fmt.Sprintf("/etc/systemd/system/%s.service", opts.Name)
-                if err := client.WriteSudoFile(servicePath, serviceContent); err != nil {
-                        return fmt.Errorf("error installing systemd unit: %w", err)
-                }
-                fmt.Println("-> Reloading systemd...")
-                if _, err := client.RunSudo("systemctl daemon-reload"); err != nil {
-                        return fmt.Errorf("error reloading systemd: %w", err)
-                }
-        }
-        fmt.Println("-> Restarting service...")
-        if _, err := client.RunSudo(fmt.Sprintf("systemctl restart %s", opts.Name)); err != nil {
-                return fmt.Errorf("error restarting service: %w", err)
-        }
-        // Update state
-        existingApp.Args = opts.Args
-        existingApp.Memory = opts.Memory
-        existingApp.CPU = opts.CPU
-        existingApp.Env = opts.Env
-        if err := st.Save(); err != nil {
-                return fmt.Errorf("error saving state: %w", err)
-        }
-        fmt.Printf("\n Config updated successfully!\n")
-        return nil
-}
-func deployStatic(st *state.State, opts DeployOptions) error {
-        if _, err := os.Stat(opts.Dir); err != nil {
-                return fmt.Errorf("directory not found: %s", opts.Dir)
-        }
-        fmt.Printf("Deploying static site: %s\n", opts.Name)
-        fmt.Printf("  Domain(s): %s\n", opts.Domain)
-        fmt.Printf("  Directory: %s\n", opts.Dir)
-        if opts.IsUpdate {
-                fmt.Println("  Updating existing deployment")
-        }
-        client, err := ssh.Connect(opts.Host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        remoteDir := fmt.Sprintf("/var/www/%s", opts.Name)
-        fmt.Println("-> Creating remote directory...")
-        if _, err := client.RunSudo(fmt.Sprintf("mkdir -p %s", remoteDir)); err != nil {
-                return fmt.Errorf("error creating remote directory: %w", err)
-        }
-        currentUser, err := client.Run("whoami")
-        if err != nil {
-                return fmt.Errorf("error getting current user: %w", err)
-        }
-        currentUser = strings.TrimSpace(currentUser)
-        if _, err := client.RunSudo(fmt.Sprintf("chown -R %s:%s %s", currentUser, currentUser, remoteDir)); err != nil {
-                return fmt.Errorf("error setting temporary ownership: %w", err)
-        }
-        fmt.Println("-> Uploading files...")
-        if err := client.UploadDir(opts.Dir, remoteDir); err != nil {
-                return fmt.Errorf("error uploading files: %w", err)
-        }
-        fmt.Println("-> Setting permissions...")
-        if _, err := client.RunSudo(fmt.Sprintf("chown -R www-data:www-data %s", remoteDir)); err != nil {
-                return fmt.Errorf("error setting ownership: %w", err)
-        }
-        if _, err := client.RunSudo(fmt.Sprintf("chmod -R 755 %s", remoteDir)); err != nil {
-                return fmt.Errorf("error setting directory permissions: %w", err)
-        }
-        if _, err := client.RunSudo(fmt.Sprintf("find %s -type f -exec chmod 644 {} \\;", remoteDir)); err != nil {
-                return fmt.Errorf("error setting file permissions: %w", err)
-        }
-        // Create local .ship directory and Caddyfile for static sites if it doesn't exist
-        // (handles both initial deployment and migration of existing deployments)
-        shipDir := filepath.Join(opts.Dir, ".ship")
-        caddyfilePath := filepath.Join(shipDir, "Caddyfile")
-        if _, err := os.Stat(caddyfilePath); os.IsNotExist(err) {
-                fmt.Println("-> Creating local .ship directory...")
-                if err := os.MkdirAll(shipDir, 0755); err != nil {
-                        return fmt.Errorf("error creating .ship directory: %w", err)
-                }
-                fmt.Println("-> Generating Caddyfile...")
-                caddyContent, err := templates.StaticCaddy(map[string]string{
-                        "Domain":  opts.Domain,
-                        "RootDir": remoteDir,
-                })
-                if err != nil {
-                        return fmt.Errorf("error generating Caddy config: %w", err)
-                }
-                if err := os.WriteFile(caddyfilePath, []byte(caddyContent), 0644); err != nil {
-                        return fmt.Errorf("error writing .ship/Caddyfile: %w", err)
-                }
-        }
-        // Upload Caddyfile from .ship/Caddyfile
-        fmt.Println("-> Installing Caddy config...")
-        caddyContent, err := os.ReadFile(caddyfilePath)
-        if err != nil {
-                return fmt.Errorf("error reading .ship/Caddyfile: %w", err)
-        }
-        caddyPath := fmt.Sprintf("/etc/caddy/sites-enabled/%s.caddy", opts.Name)
-        if err := client.WriteSudoFile(caddyPath, string(caddyContent)); err != nil {
-                return fmt.Errorf("error installing Caddy config: %w", err)
-        }
-        fmt.Println("-> Reloading Caddy...")
-        if _, err := client.RunSudo("systemctl reload caddy"); err != nil {
-                return fmt.Errorf("error reloading Caddy: %w", err)
-        }
-        st.AddApp(opts.Host, opts.Name, &state.App{
-                Type:   "static",
-                Domain: opts.Domain,
-        })
-        if err := st.Save(); err != nil {
-                return fmt.Errorf("error saving state: %w", err)
-        }
-        fmt.Printf("\n Static site deployed successfully!\n")
-        primaryDomain := strings.Split(opts.Domain, ",")[0]
-        primaryDomain = strings.TrimSpace(primaryDomain)
-        fmt.Printf("  https://%s (may take a minute for HTTPS cert)\n", primaryDomain)
-        return nil
-}
-func parseEnvFile(path string) (map[string]string, error) {
-        file, err := os.Open(path)
-        if err != nil {
-                return nil, err
-        }
-        defer file.Close()
-        env := make(map[string]string)
-        scanner := bufio.NewScanner(file)
-        for scanner.Scan() {
-                line := strings.TrimSpace(scanner.Text())
-                if line == "" || strings.HasPrefix(line, "#") {
-                        continue
-                }
-                parts := strings.SplitN(line, "=", 2)
-                if len(parts) == 2 {
-                        env[parts[0]] = parts[1]
-                }
-        }
-        return env, scanner.Err()
-}
diff --git a/cmd/ship/deploy_cmd.go b/cmd/ship/deploy_cmd.go
deleted file mode 100644
index ba45c4f..0000000
--- a/cmd/ship/deploy_cmd.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package main
-import (
-        "fmt"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var deployGitCmd = &cobra.Command{
-        Use:   "deploy <name>",
-        Short: "Manually rebuild and deploy a git-deployed app",
-        Long: `Trigger a manual rebuild from the latest code in the git repo.
-This runs the same steps as the post-receive hook: checkout code,
-install .ship/ configs, docker build (for apps), and restart.
-Examples:
-  ship deploy myapp`,
-        Args: cobra.ExactArgs(1),
-        RunE: runDeployGit,
-}
-func runDeployGit(cmd *cobra.Command, args []string) error {
-        name := args[0]
-        if err := validateName(name); err != nil {
-                return err
-        }
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host := hostFlag
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        app, err := st.GetApp(host, name)
-        if err != nil {
-                return err
-        }
-        if app.Type != "git-app" && app.Type != "git-static" {
-                return fmt.Errorf("%s is not a git-deployed app (type: %s)", name, app.Type)
-        }
-        fmt.Printf("Deploying %s...\n", name)
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        if app.Type == "git-app" {
-                if err := deployGitApp(client, name); err != nil {
-                        return err
-                }
-        } else {
-                if err := deployGitStatic(client, name); err != nil {
-                        return err
-                }
-        }
-        fmt.Println("\nDeploy complete!")
-        return nil
-}
-func deployGitApp(client *ssh.Client, name string) error {
-        repo := fmt.Sprintf("/srv/git/%s.git", name)
-        src := fmt.Sprintf("/var/lib/%s/src", name)
-        fmt.Println("-> Checking out code...")
-        if _, err := client.RunSudo(fmt.Sprintf("git --work-tree=%s --git-dir=%s checkout -f main", src, repo)); err != nil {
-                return fmt.Errorf("error checking out code: %w", err)
-        }
-        // Install deployment config from repo
-        serviceSrc := fmt.Sprintf("%s/.ship/service", src)
-        serviceDst := fmt.Sprintf("/etc/systemd/system/%s.service", name)
-        fmt.Println("-> Installing systemd unit...")
-        if _, err := client.RunSudo(fmt.Sprintf("cp %s %s", serviceSrc, serviceDst)); err != nil {
-                fmt.Printf("  Warning: no .ship/service found, skipping\n")
-        } else {
-                if _, err := client.RunSudo("systemctl daemon-reload"); err != nil {
-                        return fmt.Errorf("error reloading systemd: %w", err)
-                }
-        }
-        caddySrc := fmt.Sprintf("%s/.ship/Caddyfile", src)
-        caddyDst := fmt.Sprintf("/etc/caddy/sites-enabled/%s.caddy", name)
-        fmt.Println("-> Installing Caddy config...")
-        if _, err := client.RunSudo(fmt.Sprintf("cp %s %s", caddySrc, caddyDst)); err != nil {
-                fmt.Printf("  Warning: no .ship/Caddyfile found, skipping\n")
-        } else {
-                if _, err := client.RunSudo("systemctl reload caddy"); err != nil {
-                        return fmt.Errorf("error reloading Caddy: %w", err)
-                }
-        }
-        fmt.Println("-> Building Docker image...")
-        if err := client.RunSudoStream(fmt.Sprintf("docker build -t %s:latest %s", name, src)); err != nil {
-                return fmt.Errorf("error building Docker image: %w", err)
-        }
-        fmt.Println("-> Restarting service...")
-        if _, err := client.RunSudo(fmt.Sprintf("systemctl restart %s", name)); err != nil {
-                return fmt.Errorf("error restarting service: %w", err)
-        }
-        return nil
-}
-func deployGitStatic(client *ssh.Client, name string) error {
-        repo := fmt.Sprintf("/srv/git/%s.git", name)
-        webroot := fmt.Sprintf("/var/www/%s", name)
-        fmt.Println("-> Deploying static site...")
-        if _, err := client.RunSudo(fmt.Sprintf("git --work-tree=%s --git-dir=%s checkout -f main", webroot, repo)); err != nil {
-                return fmt.Errorf("error checking out code: %w", err)
-        }
-        caddySrc := fmt.Sprintf("%s/.ship/Caddyfile", webroot)
-        caddyDst := fmt.Sprintf("/etc/caddy/sites-enabled/%s.caddy", name)
-        fmt.Println("-> Installing Caddy config...")
-        if _, err := client.RunSudo(fmt.Sprintf("cp %s %s", caddySrc, caddyDst)); err != nil {
-                fmt.Printf("  Warning: no .ship/Caddyfile found, skipping\n")
-        } else {
-                if _, err := client.RunSudo("systemctl reload caddy"); err != nil {
-                        return fmt.Errorf("error reloading Caddy: %w", err)
-                }
-        }
-        return nil
-}
diff --git a/cmd/ship/deploy_impl_v2.go b/cmd/ship/deploy_impl_v2.go
new file mode 100644
index 0000000..5b68dc3
--- /dev/null
+++ b/cmd/ship/deploy_impl_v2.go
@@ -0,0 +1,397 @@
+package main
+import (
+        "fmt"
+        "net/http"
+        "strconv"
+        "strings"
+        "time"
+        "github.com/bdw/ship/internal/output"
+        "github.com/bdw/ship/internal/ssh"
+        "github.com/bdw/ship/internal/templates"
+)
+// deployStaticV2 deploys a static site
+// 1. rsync path to /var/www/<name>/
+// 2. Generate and upload Caddyfile
+// 3. Reload Caddy
+func deployStaticV2(ctx *deployContext) *output.ErrorResponse {
+        client, err := ssh.Connect(ctx.SSHHost)
+        if err != nil {
+                return output.Err(output.ErrSSHConnectFailed, err.Error())
+        }
+        defer client.Close()
+        name := ctx.Name
+        remotePath := fmt.Sprintf("/var/www/%s", name)
+        // Create directory and set ownership for upload
+        user, _ := client.Run("whoami")
+        user = strings.TrimSpace(user)
+        if _, err := client.RunSudo(fmt.Sprintf("mkdir -p %s", remotePath)); err != nil {
+                return output.Err(output.ErrUploadFailed, "failed to create directory: "+err.Error())
+        }
+        if _, err := client.RunSudo(fmt.Sprintf("chown -R %s:%s %s", user, user, remotePath)); err != nil {
+                return output.Err(output.ErrUploadFailed, "failed to set directory ownership: "+err.Error())
+        }
+        // Upload files using rsync
+        if err := client.UploadDir(ctx.Path, remotePath); err != nil {
+                return output.Err(output.ErrUploadFailed, err.Error())
+        }
+        // Set ownership back to www-data
+        if _, err := client.RunSudo(fmt.Sprintf("chown -R www-data:www-data %s", remotePath)); err != nil {
+                // Non-fatal, continue
+        }
+        // Generate Caddyfile only if it doesn't exist (preserve manual edits)
+        caddyPath := fmt.Sprintf("/etc/caddy/sites-enabled/%s.caddy", name)
+        caddyExists, _ := client.Run(fmt.Sprintf("test -f %s && echo exists", caddyPath))
+        if strings.TrimSpace(caddyExists) != "exists" {
+                caddyfile, err := templates.StaticCaddy(map[string]string{
+                        "Domain":  ctx.URL[8:], // Strip https://
+                        "RootDir": remotePath,
+                        "Name":    name,
+                })
+                if err != nil {
+                        return output.Err(output.ErrCaddyFailed, "failed to generate Caddyfile: "+err.Error())
+                }
+                if err := client.WriteSudoFile(caddyPath, caddyfile); err != nil {
+                        return output.Err(output.ErrCaddyFailed, "failed to write Caddyfile: "+err.Error())
+                }
+        }
+        // Reload Caddy
+        if _, err := client.RunSudo("systemctl reload caddy"); err != nil {
+                return output.Err(output.ErrCaddyFailed, "failed to reload Caddy: "+err.Error())
+        }
+        return nil
+}
+// deployDockerV2 deploys a Docker-based app
+// 1. Allocate port
+// 2. rsync path to /var/lib/<name>/src/
+// 3. docker build
+// 4. Generate systemd unit and env file
+// 5. Generate Caddyfile
+// 6. Start service, reload Caddy
+func deployDockerV2(ctx *deployContext) *output.ErrorResponse {
+        client, err := ssh.Connect(ctx.SSHHost)
+        if err != nil {
+                return output.Err(output.ErrSSHConnectFailed, err.Error())
+        }
+        defer client.Close()
+        name := ctx.Name
+        // Allocate port on server
+        port, err := allocatePort(client, name)
+        if err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to allocate port: "+err.Error())
+        }
+        srcPath := fmt.Sprintf("/var/lib/%s/src", name)
+        dataPath := fmt.Sprintf("/var/lib/%s/data", name)
+        // Create directories
+        if _, err := client.RunSudo(fmt.Sprintf("mkdir -p %s %s", srcPath, dataPath)); err != nil {
+                return output.Err(output.ErrUploadFailed, "failed to create directories: "+err.Error())
+        }
+        // Set ownership for upload
+        user, _ := client.Run("whoami")
+        user = strings.TrimSpace(user)
+        if _, err := client.RunSudo(fmt.Sprintf("chown -R %s:%s %s", user, user, srcPath)); err != nil {
+                return output.Err(output.ErrUploadFailed, "failed to set directory ownership: "+err.Error())
+        }
+        // Upload source
+        if err := client.UploadDir(ctx.Path, srcPath); err != nil {
+                return output.Err(output.ErrUploadFailed, err.Error())
+        }
+        // Docker build
+        buildCmd := fmt.Sprintf("docker build -t %s:latest %s", name, srcPath)
+        if _, err := client.RunSudo(buildCmd); err != nil {
+                return output.Err(output.ErrBuildFailed, err.Error())
+        }
+        // Generate and write env file
+        envContent := fmt.Sprintf("PORT=%d\nSHIP_NAME=%s\nSHIP_URL=%s\n", port, name, ctx.URL)
+        for _, e := range ctx.Opts.Env {
+                envContent += e + "\n"
+        }
+        envPath := fmt.Sprintf("/etc/ship/env/%s.env", name)
+        if _, err := client.RunSudo("mkdir -p /etc/ship/env"); err != nil {
+                // Continue, directory might exist
+        }
+        if err := client.WriteSudoFile(envPath, envContent); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to write env file: "+err.Error())
+        }
+        // Generate systemd unit
+        containerPort := ctx.Opts.ContainerPort
+        if containerPort == 0 {
+                containerPort = 80
+        }
+        service, err := templates.DockerService(map[string]string{
+                "Name":          name,
+                "Port":          strconv.Itoa(port),
+                "ContainerPort": strconv.Itoa(containerPort),
+        })
+        if err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to generate systemd unit: "+err.Error())
+        }
+        servicePath := fmt.Sprintf("/etc/systemd/system/%s.service", name)
+        if err := client.WriteSudoFile(servicePath, service); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to write systemd unit: "+err.Error())
+        }
+        // Generate Caddyfile only if it doesn't exist (preserve manual edits)
+        caddyPath := fmt.Sprintf("/etc/caddy/sites-enabled/%s.caddy", name)
+        caddyExists, _ := client.Run(fmt.Sprintf("test -f %s && echo exists", caddyPath))
+        if strings.TrimSpace(caddyExists) != "exists" {
+                caddyfile, err := templates.AppCaddy(map[string]string{
+                        "Domain": ctx.URL[8:], // Strip https://
+                        "Port":   strconv.Itoa(port),
+                })
+                if err != nil {
+                        return output.Err(output.ErrCaddyFailed, "failed to generate Caddyfile: "+err.Error())
+                }
+                if err := client.WriteSudoFile(caddyPath, caddyfile); err != nil {
+                        return output.Err(output.ErrCaddyFailed, "failed to write Caddyfile: "+err.Error())
+                }
+        }
+        // Reload systemd and start service
+        if _, err := client.RunSudo("systemctl daemon-reload"); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to reload systemd: "+err.Error())
+        }
+        if _, err := client.RunSudo(fmt.Sprintf("systemctl restart %s", name)); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to start service: "+err.Error())
+        }
+        // Reload Caddy
+        if _, err := client.RunSudo("systemctl reload caddy"); err != nil {
+                return output.Err(output.ErrCaddyFailed, "failed to reload Caddy: "+err.Error())
+        }
+        return nil
+}
+// deployBinaryV2 deploys a pre-built binary
+// 1. Allocate port
+// 2. scp binary to /usr/local/bin/<name>
+// 3. Create user for service
+// 4. Generate systemd unit and env file
+// 5. Generate Caddyfile
+// 6. Start service, reload Caddy
+func deployBinaryV2(ctx *deployContext) *output.ErrorResponse {
+        client, err := ssh.Connect(ctx.SSHHost)
+        if err != nil {
+                return output.Err(output.ErrSSHConnectFailed, err.Error())
+        }
+        defer client.Close()
+        name := ctx.Name
+        // Allocate port on server
+        port, err := allocatePort(client, name)
+        if err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to allocate port: "+err.Error())
+        }
+        binaryPath := fmt.Sprintf("/usr/local/bin/%s", name)
+        workDir := fmt.Sprintf("/var/lib/%s", name)
+        // Upload binary
+        if err := client.Upload(ctx.Path, "/tmp/"+name); err != nil {
+                return output.Err(output.ErrUploadFailed, err.Error())
+        }
+        // Move to final location and set permissions
+        if _, err := client.RunSudo(fmt.Sprintf("mv /tmp/%s %s && chmod +x %s", name, binaryPath, binaryPath)); err != nil {
+                return output.Err(output.ErrUploadFailed, "failed to install binary: "+err.Error())
+        }
+        // Create work directory
+        if _, err := client.RunSudo(fmt.Sprintf("mkdir -p %s", workDir)); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to create work directory: "+err.Error())
+        }
+        // Create service user (ignore error if exists)
+        client.RunSudo(fmt.Sprintf("useradd -r -s /bin/false %s 2>/dev/null || true", name))
+        client.RunSudo(fmt.Sprintf("chown -R %s:%s %s", name, name, workDir))
+        // Generate and write env file
+        envContent := fmt.Sprintf("PORT=%d\nSHIP_NAME=%s\nSHIP_URL=%s\n", port, name, ctx.URL)
+        for _, e := range ctx.Opts.Env {
+                envContent += e + "\n"
+        }
+        envPath := fmt.Sprintf("/etc/ship/env/%s.env", name)
+        if _, err := client.RunSudo("mkdir -p /etc/ship/env"); err != nil {
+                // Continue
+        }
+        if err := client.WriteSudoFile(envPath, envContent); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to write env file: "+err.Error())
+        }
+        // Generate systemd unit
+        service, err := templates.SystemdService(map[string]string{
+                "Name":       name,
+                "User":       name,
+                "WorkDir":    workDir,
+                "EnvFile":    envPath,
+                "BinaryPath": binaryPath,
+                "Args":       "",
+        })
+        if err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to generate systemd unit: "+err.Error())
+        }
+        servicePath := fmt.Sprintf("/etc/systemd/system/%s.service", name)
+        if err := client.WriteSudoFile(servicePath, service); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to write systemd unit: "+err.Error())
+        }
+        // Generate Caddyfile only if it doesn't exist (preserve manual edits)
+        caddyPath := fmt.Sprintf("/etc/caddy/sites-enabled/%s.caddy", name)
+        caddyExists, _ := client.Run(fmt.Sprintf("test -f %s && echo exists", caddyPath))
+        if strings.TrimSpace(caddyExists) != "exists" {
+                caddyfile, err := templates.AppCaddy(map[string]string{
+                        "Domain": ctx.URL[8:], // Strip https://
+                        "Port":   strconv.Itoa(port),
+                })
+                if err != nil {
+                        return output.Err(output.ErrCaddyFailed, "failed to generate Caddyfile: "+err.Error())
+                }
+                if err := client.WriteSudoFile(caddyPath, caddyfile); err != nil {
+                        return output.Err(output.ErrCaddyFailed, "failed to write Caddyfile: "+err.Error())
+                }
+        }
+        // Reload systemd and start service
+        if _, err := client.RunSudo("systemctl daemon-reload"); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to reload systemd: "+err.Error())
+        }
+        if _, err := client.RunSudo(fmt.Sprintf("systemctl enable --now %s", name)); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to start service: "+err.Error())
+        }
+        // Reload Caddy
+        if _, err := client.RunSudo("systemctl reload caddy"); err != nil {
+                return output.Err(output.ErrCaddyFailed, "failed to reload Caddy: "+err.Error())
+        }
+        return nil
+}
+// allocatePort allocates or retrieves a port for a service
+// Uses atomic increment on /etc/ship/next_port to avoid collisions
+func allocatePort(client *ssh.Client, name string) (int, error) {
+        portFile := fmt.Sprintf("/etc/ship/ports/%s", name)
+        // Try to read existing port for this app
+        out, err := client.Run(fmt.Sprintf("cat %s 2>/dev/null || echo ''", portFile))
+        if err == nil && out != "" {
+                out = strings.TrimSpace(out)
+                if port, err := strconv.Atoi(out); err == nil && port > 0 {
+                        return port, nil
+                }
+        }
+        // Allocate new port atomically using flock
+        // This reads next_port, increments it, and writes back while holding a lock
+        allocScript := `
+flock -x /etc/ship/.port.lock sh -c '
+  mkdir -p /etc/ship/ports
+  PORT=$(cat /etc/ship/next_port 2>/dev/null || echo 9000)
+  echo $((PORT + 1)) > /etc/ship/next_port
+  echo $PORT
+'`
+        out, err = client.RunSudo(allocScript)
+        if err != nil {
+                return 0, fmt.Errorf("failed to allocate port: %w", err)
+        }
+        port, err := strconv.Atoi(strings.TrimSpace(out))
+        if err != nil {
+                return 0, fmt.Errorf("invalid port allocated: %s", out)
+        }
+        // Write port allocation for this app
+        if err := client.WriteSudoFile(portFile, strconv.Itoa(port)); err != nil {
+                return 0, err
+        }
+        return port, nil
+}
+// setTTLV2 sets auto-expiry for a deploy
+func setTTLV2(ctx *deployContext, ttl time.Duration) error {
+        client, err := ssh.Connect(ctx.SSHHost)
+        if err != nil {
+                return err
+        }
+        defer client.Close()
+        expires := time.Now().Add(ttl).Unix()
+        ttlPath := fmt.Sprintf("/etc/ship/ttl/%s", ctx.Name)
+        if _, err := client.RunSudo("mkdir -p /etc/ship/ttl"); err != nil {
+                return err
+        }
+        return client.WriteSudoFile(ttlPath, strconv.FormatInt(expires, 10))
+}
+// runHealthCheck verifies the deploy is responding
+func runHealthCheck(url, endpoint string) (*output.HealthResult, *output.ErrorResponse) {
+        fullURL := url + endpoint
+        // Wait for app to start
+        time.Sleep(2 * time.Second)
+        var lastErr error
+        var lastStatus int
+        for i := 0; i < 15; i++ {
+                start := time.Now()
+                resp, err := http.Get(fullURL)
+                latency := time.Since(start).Milliseconds()
+                if err != nil {
+                        lastErr = err
+                        time.Sleep(2 * time.Second)
+                        continue
+                }
+                resp.Body.Close()
+                lastStatus = resp.StatusCode
+                if resp.StatusCode >= 200 && resp.StatusCode < 400 {
+                        return &output.HealthResult{
+                                Endpoint:  endpoint,
+                                Status:    resp.StatusCode,
+                                LatencyMs: latency,
+                        }, nil
+                }
+                time.Sleep(2 * time.Second)
+        }
+        msg := fmt.Sprintf("health check failed after 30s: ")
+        if lastErr != nil {
+                msg += lastErr.Error()
+        } else {
+                msg += fmt.Sprintf("status %d", lastStatus)
+        }
+        return nil, output.Err(output.ErrHealthCheckFailed, msg)
+}
diff --git a/cmd/ship/deploy_v2.go b/cmd/ship/deploy_v2.go
new file mode 100644
index 0000000..7d498b2
--- /dev/null
+++ b/cmd/ship/deploy_v2.go
@@ -0,0 +1,210 @@
+package main
+import (
+        "crypto/rand"
+        "encoding/hex"
+        "fmt"
+        "regexp"
+        "strings"
+        "time"
+        "github.com/bdw/ship/internal/detect"
+        "github.com/bdw/ship/internal/output"
+        "github.com/bdw/ship/internal/state"
+)
+// deployV2 implements the new agent-first deploy interface.
+// Usage: ship [PATH] [FLAGS]
+// PATH defaults to "." if not provided.
+func deployV2(path string, opts deployV2Options) {
+        start := time.Now()
+        // Validate name if provided
+        if opts.Name != "" {
+                if err := validateNameV2(opts.Name); err != nil {
+                        output.PrintAndExit(err)
+                }
+        }
+        // Parse TTL if provided
+        var ttlDuration time.Duration
+        if opts.TTL != "" {
+                var err error
+                ttlDuration, err = parseTTL(opts.TTL)
+                if err != nil {
+                        output.PrintAndExit(output.Err(output.ErrInvalidTTL, err.Error()))
+                }
+        }
+        // Get host configuration
+        st, err := state.Load()
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, "failed to load state: "+err.Error()))
+        }
+        hostName := opts.Host
+        if hostName == "" {
+                hostName = st.DefaultHost
+        }
+        if hostName == "" {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, "no host specified and no default host configured. Run: ship host init"))
+        }
+        hostConfig := st.GetHost(hostName)
+        if hostConfig.BaseDomain == "" {
+                output.PrintAndExit(output.Err(output.ErrHostNotConfigured, fmt.Sprintf("host %q has no base domain configured. Run: ship host init", hostName)))
+        }
+        // Auto-detect project type
+        result := detect.Detect(path)
+        if result.Error != nil {
+                output.PrintAndExit(result.Error)
+        }
+        // Generate name if not provided
+        name := opts.Name
+        if name == "" {
+                name = generateName()
+        }
+        // Build URL: use custom domain if provided, otherwise use subdomain
+        var url string
+        if opts.Domain != "" {
+                url = fmt.Sprintf("https://%s", opts.Domain)
+        } else {
+                url = fmt.Sprintf("https://%s.%s", name, hostConfig.BaseDomain)
+        }
+        // Build deploy context
+        ctx := &deployContext{
+                SSHHost:    hostName,
+                HostConfig: hostConfig,
+                Name:       name,
+                Path:       result.Path,
+                URL:        url,
+                Opts:       opts,
+        }
+        // Deploy based on type
+        var deployErr *output.ErrorResponse
+        switch result.Type {
+        case detect.TypeStatic:
+                deployErr = deployStaticV2(ctx)
+        case detect.TypeDocker:
+                deployErr = deployDockerV2(ctx)
+        case detect.TypeBinary:
+                deployErr = deployBinaryV2(ctx)
+        }
+        if deployErr != nil {
+                deployErr.Name = name
+                deployErr.URL = url
+                output.PrintAndExit(deployErr)
+        }
+        // Set TTL if specified
+        if ttlDuration > 0 {
+                if err := setTTLV2(ctx, ttlDuration); err != nil {
+                        // Non-fatal, deploy succeeded
+                        // TODO: log warning
+                }
+        }
+        // Health check
+        var healthResult *output.HealthResult
+        if opts.Health != "" || result.Type == detect.TypeStatic {
+                endpoint := opts.Health
+                if endpoint == "" {
+                        endpoint = "/"
+                }
+                healthResult, deployErr = runHealthCheck(url, endpoint)
+                if deployErr != nil {
+                        deployErr.Name = name
+                        deployErr.URL = url
+                        output.PrintAndExit(deployErr)
+                }
+        }
+        // Build response
+        resp := &output.DeployResponse{
+                Status: "ok",
+                Name:   name,
+                URL:    url,
+                Type:   string(result.Type),
+                TookMs: time.Since(start).Milliseconds(),
+                Health: healthResult,
+        }
+        if ttlDuration > 0 {
+                resp.Expires = time.Now().Add(ttlDuration).UTC().Format(time.RFC3339)
+        }
+        output.PrintAndExit(resp)
+}
+type deployV2Options struct {
+        Name          string
+        Host          string
+        Domain        string
+        Health        string
+        TTL           string
+        Env           []string
+        EnvFile       string
+        ContainerPort int // Port the container listens on (default 80 for Docker)
+        Pretty        bool
+}
+// deployContext holds all info needed for a deploy
+type deployContext struct {
+        SSHHost    string       // SSH connection string (config alias or user@host)
+        HostConfig *state.Host  // Host configuration
+        Name       string       // Deploy name
+        Path       string       // Local path to deploy
+        URL        string       // Full URL after deploy
+        Opts       deployV2Options
+}
+// validateNameV2 checks if name matches allowed pattern
+func validateNameV2(name string) *output.ErrorResponse {
+        // Must be lowercase alphanumeric with hyphens, 1-63 chars
+        pattern := regexp.MustCompile(`^[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$|^[a-z0-9]$`)
+        if !pattern.MatchString(name) {
+                return output.Err(output.ErrInvalidName,
+                        "name must be lowercase alphanumeric with hyphens, 1-63 characters")
+        }
+        return nil
+}
+// generateName creates a random deploy name
+func generateName() string {
+        bytes := make([]byte, 3)
+        rand.Read(bytes)
+        return "ship-" + hex.EncodeToString(bytes)
+}
+// parseTTL converts duration strings like "1h", "7d" to time.Duration
+func parseTTL(s string) (time.Duration, error) {
+        s = strings.TrimSpace(s)
+        if s == "" {
+                return 0, nil
+        }
+        // Handle days specially (not supported by time.ParseDuration)
+        if strings.HasSuffix(s, "d") {
+                days := strings.TrimSuffix(s, "d")
+                var d int
+                _, err := fmt.Sscanf(days, "%d", &d)
+                if err != nil {
+                        return 0, fmt.Errorf("invalid TTL: %s", s)
+                }
+                return time.Duration(d) * 24 * time.Hour, nil
+        }
+        d, err := time.ParseDuration(s)
+        if err != nil {
+                return 0, fmt.Errorf("invalid TTL: %s", s)
+        }
+        return d, nil
+}
+// Deploy implementations are in deploy_impl_v2.go
diff --git a/cmd/ship/env/env.go b/cmd/ship/env/env.go
deleted file mode 100644
index 489353a..0000000
--- a/cmd/ship/env/env.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package env
-import (
-        "github.com/spf13/cobra"
-)
-var Cmd = &cobra.Command{
-        Use:   "env",
-        Short: "Manage environment variables",
-        Long:  "Manage environment variables for deployed applications",
-}
-func init() {
-        Cmd.AddCommand(listCmd)
-        Cmd.AddCommand(setCmd)
-        Cmd.AddCommand(unsetCmd)
-}
diff --git a/cmd/ship/env/list.go b/cmd/ship/env/list.go
deleted file mode 100644
index e94b83a..0000000
--- a/cmd/ship/env/list.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package env
-import (
-        "fmt"
-        "strings"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var listCmd = &cobra.Command{
-        Use:   "list <app>",
-        Short: "List environment variables for an app",
-        Args:  cobra.ExactArgs(1),
-        RunE:  runList,
-}
-func runList(cmd *cobra.Command, args []string) error {
-        name := args[0]
-        if err := state.ValidateName(name); err != nil {
-                return err
-        }
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host, _ := cmd.Flags().GetString("host")
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        app, err := st.GetApp(host, name)
-        if err != nil {
-                return err
-        }
-        if app.Type != "app" {
-                return fmt.Errorf("env is only available for apps, not static sites")
-        }
-        fmt.Printf("Environment variables for %s:\n\n", name)
-        if len(app.Env) == 0 {
-                fmt.Println("  (none)")
-        } else {
-                for k, v := range app.Env {
-                        display := v
-                        if isSensitive(k) {
-                                display = "***"
-                        }
-                        fmt.Printf("  %s=%s\n", k, display)
-                }
-        }
-        return nil
-}
-func isSensitive(key string) bool {
-        key = strings.ToLower(key)
-        sensitiveWords := []string{"key", "secret", "password", "token", "api"}
-        for _, word := range sensitiveWords {
-                if strings.Contains(key, word) {
-                        return true
-                }
-        }
-        return false
-}
diff --git a/cmd/ship/env/set.go b/cmd/ship/env/set.go
deleted file mode 100644
index d4292f3..0000000
--- a/cmd/ship/env/set.go
+++ /dev/null
@@ -1,135 +0,0 @@
-package env
-import (
-        "bufio"
-        "fmt"
-        "os"
-        "strings"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var setCmd = &cobra.Command{
-        Use:   "set <app> KEY=VALUE...",
-        Short: "Set environment variable(s)",
-        Long:  "Set one or more environment variables for an app. Variables are specified as KEY=VALUE pairs.",
-        Args:  cobra.MinimumNArgs(2),
-        RunE:  runSet,
-}
-func init() {
-        setCmd.Flags().StringP("file", "f", "", "Load environment from file")
-}
-func runSet(cmd *cobra.Command, args []string) error {
-        name := args[0]
-        if err := state.ValidateName(name); err != nil {
-                return err
-        }
-        envVars := args[1:]
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host, _ := cmd.Flags().GetString("host")
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        app, err := st.GetApp(host, name)
-        if err != nil {
-                return err
-        }
-        if app.Type != "app" {
-                return fmt.Errorf("env is only available for apps, not static sites")
-        }
-        if app.Env == nil {
-                app.Env = make(map[string]string)
-        }
-        // Set variables from args
-        for _, e := range envVars {
-                parts := strings.SplitN(e, "=", 2)
-                if len(parts) == 2 {
-                        app.Env[parts[0]] = parts[1]
-                        fmt.Printf("Set %s\n", parts[0])
-                } else {
-                        return fmt.Errorf("invalid format: %s (expected KEY=VALUE)", e)
-                }
-        }
-        // Set variables from file if provided
-        envFile, _ := cmd.Flags().GetString("file")
-        if envFile != "" {
-                fileEnv, err := parseEnvFile(envFile)
-                if err != nil {
-                        return fmt.Errorf("error reading env file: %w", err)
-                }
-                for k, v := range fileEnv {
-                        app.Env[k] = v
-                        fmt.Printf("Set %s\n", k)
-                }
-        }
-        if err := st.Save(); err != nil {
-                return fmt.Errorf("error saving state: %w", err)
-        }
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        fmt.Println("-> Updating environment file on VPS...")
-        envFilePath := fmt.Sprintf("/etc/ship/env/%s.env", name)
-        envContent := ""
-        for k, v := range app.Env {
-                envContent += fmt.Sprintf("%s=%s\n", k, v)
-        }
-        if err := client.WriteSudoFile(envFilePath, envContent); err != nil {
-                return fmt.Errorf("error updating env file: %w", err)
-        }
-        fmt.Println("-> Restarting service...")
-        if _, err := client.RunSudo(fmt.Sprintf("systemctl restart %s", name)); err != nil {
-                return fmt.Errorf("error restarting service: %w", err)
-        }
-        fmt.Println("Environment variables updated successfully")
-        return nil
-}
-func parseEnvFile(path string) (map[string]string, error) {
-        file, err := os.Open(path)
-        if err != nil {
-                return nil, err
-        }
-        defer file.Close()
-        env := make(map[string]string)
-        scanner := bufio.NewScanner(file)
-        for scanner.Scan() {
-                line := strings.TrimSpace(scanner.Text())
-                if line == "" || strings.HasPrefix(line, "#") {
-                        continue
-                }
-                parts := strings.SplitN(line, "=", 2)
-                if len(parts) == 2 {
-                        env[parts[0]] = parts[1]
-                }
-        }
-        return env, scanner.Err()
-}
diff --git a/cmd/ship/env/unset.go b/cmd/ship/env/unset.go
deleted file mode 100644
index 8292f42..0000000
--- a/cmd/ship/env/unset.go
+++ /dev/null
@@ -1,95 +0,0 @@
-package env
-import (
-        "fmt"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var unsetCmd = &cobra.Command{
-        Use:   "unset <app> KEY...",
-        Short: "Unset environment variable(s)",
-        Long:  "Remove one or more environment variables from an app.",
-        Args:  cobra.MinimumNArgs(2),
-        RunE:  runUnset,
-}
-func runUnset(cmd *cobra.Command, args []string) error {
-        name := args[0]
-        if err := state.ValidateName(name); err != nil {
-                return err
-        }
-        keys := args[1:]
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host, _ := cmd.Flags().GetString("host")
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        app, err := st.GetApp(host, name)
-        if err != nil {
-                return err
-        }
-        if app.Type != "app" {
-                return fmt.Errorf("env is only available for apps, not static sites")
-        }
-        if app.Env == nil {
-                return fmt.Errorf("no environment variables set")
-        }
-        changed := false
-        for _, key := range keys {
-                if _, exists := app.Env[key]; exists {
-                        delete(app.Env, key)
-                        changed = true
-                        fmt.Printf("Unset %s\n", key)
-                } else {
-                        fmt.Printf("Warning: %s not found\n", key)
-                }
-        }
-        if !changed {
-                return nil
-        }
-        if err := st.Save(); err != nil {
-                return fmt.Errorf("error saving state: %w", err)
-        }
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        fmt.Println("-> Updating environment file on VPS...")
-        envFilePath := fmt.Sprintf("/etc/ship/env/%s.env", name)
-        envContent := ""
-        for k, v := range app.Env {
-                envContent += fmt.Sprintf("%s=%s\n", k, v)
-        }
-        if err := client.WriteSudoFile(envFilePath, envContent); err != nil {
-                return fmt.Errorf("error updating env file: %w", err)
-        }
-        fmt.Println("-> Restarting service...")
-        if _, err := client.RunSudo(fmt.Sprintf("systemctl restart %s", name)); err != nil {
-                return fmt.Errorf("error restarting service: %w", err)
-        }
-        fmt.Println("Environment variables updated successfully")
-        return nil
-}
diff --git a/cmd/ship/host/host.go b/cmd/ship/host/host.go
deleted file mode 100644
index 81403f9..0000000
--- a/cmd/ship/host/host.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package host
-import (
-        "github.com/spf13/cobra"
-)
-var Cmd = &cobra.Command{
-        Use:   "host",
-        Short: "Manage VPS host",
-        Long:  "Commands for managing and monitoring the VPS host",
-}
-func init() {
-        Cmd.AddCommand(initCmd)
-        Cmd.AddCommand(statusCmd)
-        Cmd.AddCommand(updateCmd)
-        Cmd.AddCommand(sshCmd)
-        Cmd.AddCommand(setDomainCmd)
-        initCmd.Flags().String("base-domain", "", "Base domain for auto-generated subdomains (e.g., apps.example.com)")
-}
diff --git a/cmd/ship/host/init.go b/cmd/ship/host/init.go
deleted file mode 100644
index cfa2795..0000000
--- a/cmd/ship/host/init.go
+++ /dev/null
@@ -1,316 +0,0 @@
-package host
-import (
-        "fmt"
-        "strings"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/bdw/ship/internal/templates"
-        "github.com/spf13/cobra"
-)
-var initCmd = &cobra.Command{
-        Use:   "init",
-        Short: "Initialize VPS (one-time setup)",
-        Long:  "Set up a fresh VPS with Caddy for automatic HTTPS and required directories",
-        RunE:  runInit,
-}
-func runInit(cmd *cobra.Command, args []string) error {
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host, _ := cmd.Flags().GetString("host")
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        baseDomain, _ := cmd.Flags().GetString("base-domain")
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        fmt.Printf("Initializing VPS: %s\n", host)
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        fmt.Println("-> Detecting OS...")
-        osRelease, err := client.Run("cat /etc/os-release")
-        if err != nil {
-                return fmt.Errorf("error detecting OS: %w", err)
-        }
-        if !strings.Contains(osRelease, "Ubuntu") && !strings.Contains(osRelease, "Debian") {
-                return fmt.Errorf("unsupported OS (only Ubuntu and Debian are supported)")
-        }
-        fmt.Println("  Detected Ubuntu/Debian")
-        fmt.Println("-> Checking for Caddy...")
-        _, err = client.Run("which caddy")
-        if err == nil {
-                fmt.Println("  Caddy already installed")
-        } else {
-                fmt.Println("  Installing Caddy...")
-                if err := installCaddy(client); err != nil {
-                        return err
-                }
-                fmt.Println("  Caddy installed")
-        }
-        fmt.Println("-> Configuring Caddy...")
-        caddyfile := `{
-}
-import /etc/caddy/sites-enabled/*
-`
-        if err := client.WriteSudoFile("/etc/caddy/Caddyfile", caddyfile); err != nil {
-                return fmt.Errorf("error creating Caddyfile: %w", err)
-        }
-        fmt.Println("  Caddyfile created")
-        fmt.Println("-> Creating directories...")
-        if _, err := client.RunSudo("mkdir -p /etc/ship/env"); err != nil {
-                return fmt.Errorf("error creating /etc/ship/env: %w", err)
-        }
-        if _, err := client.RunSudo("mkdir -p /etc/caddy/sites-enabled"); err != nil {
-                return fmt.Errorf("error creating /etc/caddy/sites-enabled: %w", err)
-        }
-        fmt.Println("  Directories created")
-        fmt.Println("-> Starting Caddy...")
-        if _, err := client.RunSudo("systemctl enable caddy"); err != nil {
-                return fmt.Errorf("error enabling Caddy: %w", err)
-        }
-        if _, err := client.RunSudo("systemctl restart caddy"); err != nil {
-                return fmt.Errorf("error starting Caddy: %w", err)
-        }
-        fmt.Println("  Caddy started")
-        fmt.Println("-> Verifying installation...")
-        output, err := client.RunSudo("systemctl is-active caddy")
-        if err != nil || strings.TrimSpace(output) != "active" {
-                fmt.Println("  Warning: Caddy may not be running properly")
-        } else {
-                fmt.Println("  Caddy is active")
-        }
-        hostState := st.GetHost(host)
-        if baseDomain != "" {
-                hostState.BaseDomain = baseDomain
-                fmt.Printf("  Base domain: %s\n", baseDomain)
-        }
-        // Git-centric deployment setup (gated on base domain)
-        if baseDomain != "" {
-                if err := setupGitDeploy(client, baseDomain, hostState); err != nil {
-                        return err
-                }
-        }
-        if st.GetDefaultHost() == "" {
-                st.SetDefaultHost(host)
-                fmt.Printf("  Set %s as default host\n", host)
-        }
-        if err := st.Save(); err != nil {
-                return fmt.Errorf("error saving state: %w", err)
-        }
-        fmt.Println("\nVPS initialized successfully!")
-        fmt.Println("\nNext steps:")
-        fmt.Println("  1. Deploy an app:")
-        fmt.Printf("     ship --binary ./myapp --domain api.example.com\n")
-        fmt.Println("  2. Deploy a static site:")
-        fmt.Printf("     ship --static --dir ./dist --domain example.com\n")
-        if baseDomain != "" {
-                fmt.Println("  3. Initialize a git-deployed app:")
-                fmt.Printf("     ship init myapp\n")
-        }
-        return nil
-}
-func setupGitDeploy(client *ssh.Client, baseDomain string, hostState *state.Host) error {
-        fmt.Println("-> Installing Docker...")
-        dockerCommands := []string{
-                "apt-get install -y ca-certificates curl gnupg",
-                "install -m 0755 -d /etc/apt/keyrings",
-                "curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc",
-                "chmod a+r /etc/apt/keyrings/docker.asc",
-                `sh -c 'echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo ${VERSION_CODENAME}) stable" > /etc/apt/sources.list.d/docker.list'`,
-                "apt-get update",
-                "apt-get install -y docker-ce docker-ce-cli containerd.io",
-        }
-        for _, cmd := range dockerCommands {
-                if _, err := client.RunSudo(cmd); err != nil {
-                        return fmt.Errorf("error installing Docker: %w", err)
-                }
-        }
-        fmt.Println("  Docker installed")
-        fmt.Println("-> Installing git, fcgiwrap, and cgit...")
-        if _, err := client.RunSudo("apt-get install -y git fcgiwrap cgit"); err != nil {
-                return fmt.Errorf("error installing git/fcgiwrap/cgit: %w", err)
-        }
-        // Allow git-http-backend (runs as www-data) to access repos owned by git.
-        // Scoped to www-data only, not system-wide, to preserve CVE-2022-24765 protection.
-        // www-data's home is /var/www; ensure it can write .gitconfig there.
-        client.RunSudo("mkdir -p /var/www")
-        client.RunSudo("chown www-data:www-data /var/www")
-        if _, err := client.RunSudo("sudo -u www-data git config --global --add safe.directory '*'"); err != nil {
-                return fmt.Errorf("error setting git safe.directory: %w", err)
-        }
-        fmt.Println("  git, fcgiwrap, and cgit installed")
-        fmt.Println("-> Creating git user...")
-        // Create git user (ignore error if already exists)
-        client.RunSudo("useradd -r -m -d /home/git -s $(which git-shell) git")
-        if _, err := client.RunSudo("usermod -aG docker git"); err != nil {
-                return fmt.Errorf("error adding git user to docker group: %w", err)
-        }
-        // www-data needs to read git repos for git-http-backend
-        if _, err := client.RunSudo("usermod -aG git www-data"); err != nil {
-                return fmt.Errorf("error adding www-data to git group: %w", err)
-        }
-        // caddy needs to connect to fcgiwrap socket (owned by www-data)
-        if _, err := client.RunSudo("usermod -aG www-data caddy"); err != nil {
-                return fmt.Errorf("error adding caddy to www-data group: %w", err)
-        }
-        fmt.Println("  git user created")
-        fmt.Println("-> Copying SSH keys to git user...")
-        copyKeysCommands := []string{
-                "mkdir -p /home/git/.ssh",
-                "cp ~/.ssh/authorized_keys /home/git/.ssh/authorized_keys",
-                "chown -R git:git /home/git/.ssh",
-                "chmod 700 /home/git/.ssh",
-                "chmod 600 /home/git/.ssh/authorized_keys",
-        }
-        for _, cmd := range copyKeysCommands {
-                if _, err := client.RunSudo(cmd); err != nil {
-                        return fmt.Errorf("error copying SSH keys: %w", err)
-                }
-        }
-        fmt.Println("  SSH keys copied")
-        fmt.Println("-> Creating /srv/git...")
-        if _, err := client.RunSudo("mkdir -p /srv/git"); err != nil {
-                return fmt.Errorf("error creating /srv/git: %w", err)
-        }
-        if _, err := client.RunSudo("chown git:git /srv/git"); err != nil {
-                return fmt.Errorf("error setting /srv/git ownership: %w", err)
-        }
-        fmt.Println("  /srv/git created")
-        fmt.Println("-> Writing sudoers for git user...")
-        sudoersContent := `# Ship git-deploy: allow post-receive hooks to install configs and manage services.
-# App names are validated to [a-z][a-z0-9-] before reaching this point.
-git ALL=(ALL) NOPASSWD: \
-    /bin/systemctl daemon-reload, \
-    /bin/systemctl reload caddy, \
-    /bin/systemctl restart [a-z]*, \
-    /bin/systemctl enable [a-z]*, \
-    /bin/cp /var/lib/*/src/.ship/service /etc/systemd/system/*.service, \
-    /bin/cp /var/lib/*/src/.ship/Caddyfile /etc/caddy/sites-enabled/*.caddy, \
-    /bin/cp /var/www/*/.ship/Caddyfile /etc/caddy/sites-enabled/*.caddy, \
-    /bin/mkdir -p /var/lib/*, \
-    /bin/mkdir -p /var/www/*, \
-    /bin/chown -R git\:git /var/lib/*, \
-    /bin/chown git\:git /var/www/*
-`
-        if err := client.WriteSudoFile("/etc/sudoers.d/ship-git", sudoersContent); err != nil {
-                return fmt.Errorf("error writing sudoers: %w", err)
-        }
-        if _, err := client.RunSudo("chmod 440 /etc/sudoers.d/ship-git"); err != nil {
-                return fmt.Errorf("error setting sudoers permissions: %w", err)
-        }
-        fmt.Println("  sudoers configured")
-        fmt.Println("-> Writing vanity import template...")
-        vanityHTML := `<!DOCTYPE html>
-<html><head>
-{{$path := trimPrefix "/" (placeholder "http.request.orig_uri.path")}}
-{{$parts := splitList "/" $path}}
-{{$module := first $parts}}
-<meta name="go-import" content="{{.Host}}/{{$module}} git https://{{.Host}}/{{$module}}.git">
-</head>
-<body>go get {{.Host}}/{{$module}}</body>
-</html>
-`
-        if _, err := client.RunSudo("mkdir -p /opt/ship/vanity"); err != nil {
-                return fmt.Errorf("error creating vanity directory: %w", err)
-        }
-        if err := client.WriteSudoFile("/opt/ship/vanity/index.html", vanityHTML); err != nil {
-                return fmt.Errorf("error writing vanity template: %w", err)
-        }
-        fmt.Println("  vanity template written")
-        fmt.Println("-> Writing base domain Caddy config...")
-        codeCaddyContent, err := templates.CodeCaddy(map[string]string{
-                "BaseDomain": baseDomain,
-        })
-        if err != nil {
-                return fmt.Errorf("error generating code caddy config: %w", err)
-        }
-        if err := client.WriteSudoFile("/etc/caddy/sites-enabled/ship-code.caddy", codeCaddyContent); err != nil {
-                return fmt.Errorf("error writing code caddy config: %w", err)
-        }
-        fmt.Println("  base domain Caddy config written")
-        fmt.Println("-> Writing cgit config...")
-        cgitrcContent, err := templates.CgitRC(map[string]string{
-                "BaseDomain": baseDomain,
-        })
-        if err != nil {
-                return fmt.Errorf("error generating cgitrc: %w", err)
-        }
-        if err := client.WriteSudoFile("/etc/cgitrc", cgitrcContent); err != nil {
-                return fmt.Errorf("error writing cgitrc: %w", err)
-        }
-        if err := client.WriteSudoFile("/opt/ship/cgit-header.html", templates.CgitHeader()); err != nil {
-                return fmt.Errorf("error writing cgit header: %w", err)
-        }
-        fmt.Println("  cgit config written")
-        fmt.Println("-> Starting Docker and fcgiwrap...")
-        if _, err := client.RunSudo("systemctl enable docker fcgiwrap"); err != nil {
-                return fmt.Errorf("error enabling services: %w", err)
-        }
-        if _, err := client.RunSudo("systemctl restart docker fcgiwrap"); err != nil {
-                return fmt.Errorf("error starting services: %w", err)
-        }
-        fmt.Println("  Docker and fcgiwrap started")
-        fmt.Println("-> Restarting Caddy...")
-        if _, err := client.RunSudo("systemctl restart caddy"); err != nil {
-                return fmt.Errorf("error restarting Caddy: %w", err)
-        }
-        fmt.Println("  Caddy restarted")
-        hostState.GitSetup = true
-        fmt.Println("  Git deployment setup complete")
-        return nil
-}
-func installCaddy(client *ssh.Client) error {
-        commands := []string{
-                "apt-get update",
-                "apt-get install -y debian-keyring debian-archive-keyring apt-transport-https curl",
-                "curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg",
-                "curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list",
-                "apt-get update",
-                "apt-get install -y caddy",
-        }
-        for _, cmd := range commands {
-                if _, err := client.RunSudo(cmd); err != nil {
-                        return fmt.Errorf("error running: %s: %w", cmd, err)
-                }
-        }
-        return nil
-}
diff --git a/cmd/ship/host/set_domain.go b/cmd/ship/host/set_domain.go
deleted file mode 100644
index fed3b31..0000000
--- a/cmd/ship/host/set_domain.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package host
-import (
-        "fmt"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var setDomainCmd = &cobra.Command{
-        Use:   "set-domain [domain]",
-        Short: "Set base domain for auto-generated subdomains",
-        Long: `Set the base domain used to auto-generate subdomains for deployments.
-When a base domain is configured (e.g., apps.example.com), every deployment
-will automatically get a subdomain ({name}.apps.example.com).
-Examples:
-  ship host set-domain apps.example.com    # Set base domain
-  ship host set-domain --clear             # Remove base domain`,
-        RunE: runSetDomain,
-}
-func init() {
-        setDomainCmd.Flags().Bool("clear", false, "Clear the base domain")
-}
-func runSetDomain(cmd *cobra.Command, args []string) error {
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host, _ := cmd.Flags().GetString("host")
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        clear, _ := cmd.Flags().GetBool("clear")
-        if !clear && len(args) == 0 {
-                // Show current base domain
-                hostState := st.GetHost(host)
-                if hostState.BaseDomain == "" {
-                        fmt.Printf("No base domain configured for %s\n", host)
-                } else {
-                        fmt.Printf("Base domain for %s: %s\n", host, hostState.BaseDomain)
-                }
-                return nil
-        }
-        hostState := st.GetHost(host)
-        if clear {
-                hostState.BaseDomain = ""
-                if err := st.Save(); err != nil {
-                        return fmt.Errorf("error saving state: %w", err)
-                }
-                fmt.Printf("Cleared base domain for %s\n", host)
-                return nil
-        }
-        hostState.BaseDomain = args[0]
-        if err := st.Save(); err != nil {
-                return fmt.Errorf("error saving state: %w", err)
-        }
-        fmt.Printf("Set base domain for %s: %s\n", host, args[0])
-        fmt.Println("\nNew deployments will automatically use subdomains like:")
-        fmt.Printf("  myapp.%s\n", args[0])
-        return nil
-}
diff --git a/cmd/ship/host/ssh.go b/cmd/ship/host/ssh.go
deleted file mode 100644
index e480e47..0000000
--- a/cmd/ship/host/ssh.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package host
-import (
-        "fmt"
-        "os"
-        "os/exec"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var sshCmd = &cobra.Command{
-        Use:   "ssh",
-        Short: "Open interactive SSH session",
-        RunE:  runSSH,
-}
-func runSSH(cmd *cobra.Command, args []string) error {
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host, _ := cmd.Flags().GetString("host")
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required (no default host set)")
-        }
-        sshCmd := exec.Command("ssh", host)
-        sshCmd.Stdin = os.Stdin
-        sshCmd.Stdout = os.Stdout
-        sshCmd.Stderr = os.Stderr
-        if err := sshCmd.Run(); err != nil {
-                if exitErr, ok := err.(*exec.ExitError); ok {
-                        os.Exit(exitErr.ExitCode())
-                }
-                return err
-        }
-        return nil
-}
diff --git a/cmd/ship/host/status.go b/cmd/ship/host/status.go
deleted file mode 100644
index eb2de53..0000000
--- a/cmd/ship/host/status.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package host
-import (
-        "fmt"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var statusCmd = &cobra.Command{
-        Use:   "status",
-        Short: "Show VPS health (uptime, disk, memory)",
-        RunE:  runStatus,
-}
-func runStatus(cmd *cobra.Command, args []string) error {
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host, _ := cmd.Flags().GetString("host")
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required (no default host set)")
-        }
-        fmt.Printf("Connecting to %s...\n\n", host)
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        fmt.Println("UPTIME")
-        if output, err := client.Run("uptime -p"); err == nil {
-                fmt.Printf("  %s", output)
-        }
-        if output, err := client.Run("uptime -s"); err == nil {
-                fmt.Printf("  Since: %s", output)
-        }
-        fmt.Println()
-        fmt.Println("LOAD")
-        if output, err := client.Run("cat /proc/loadavg | awk '{print $1, $2, $3}'"); err == nil {
-                fmt.Printf("  1m, 5m, 15m: %s", output)
-        }
-        fmt.Println()
-        fmt.Println("MEMORY")
-        if output, err := client.Run("free -h | awk 'NR==2 {print \"  Used: \" $3 \" / \" $2}'"); err == nil {
-                fmt.Print(output)
-        }
-        if output, err := client.Run("free -h | awk 'NR==2 {printf \"  Available: %s\\n\", $7}'"); err == nil {
-                fmt.Print(output)
-        }
-        fmt.Println()
-        fmt.Println("DISK")
-        if output, err := client.Run("df -h / | awk 'NR==2 {print \"  Used: \" $3 \" / \" $2 \" (\" $5 \")\"}'"); err == nil {
-                fmt.Print(output)
-        }
-        if output, err := client.Run("df -h / | awk 'NR==2 {print \"  Available: \" $4}'"); err == nil {
-                fmt.Print(output)
-        }
-        fmt.Println()
-        fmt.Println("UPDATES")
-        if output, err := client.Run("[ -f /var/lib/update-notifier/updates-available ] && cat /var/lib/update-notifier/updates-available | head -2 || echo '  (update info not available)'"); err == nil {
-                fmt.Print(output)
-        }
-        fmt.Println()
-        fmt.Println("SERVICES")
-        if output, err := client.Run("systemctl is-active caddy 2>/dev/null && echo '  Caddy: active' || echo '  Caddy: inactive'"); err == nil {
-                if output == "active\n" {
-                        fmt.Println("  Caddy: active")
-                } else {
-                        fmt.Println("  Caddy: inactive")
-                }
-        }
-        hostState := st.GetHost(host)
-        if hostState != nil && len(hostState.Apps) > 0 {
-                activeCount := 0
-                for name, app := range hostState.Apps {
-                        if app.Type == "app" {
-                                if output, err := client.Run(fmt.Sprintf("systemctl is-active %s 2>/dev/null", name)); err == nil && output == "active\n" {
-                                        activeCount++
-                                }
-                        }
-                }
-                appCount := 0
-                for _, app := range hostState.Apps {
-                        if app.Type == "app" {
-                                appCount++
-                        }
-                }
-                fmt.Printf("  Deployed apps: %d/%d active\n", activeCount, appCount)
-        }
-        return nil
-}
diff --git a/cmd/ship/host/update.go b/cmd/ship/host/update.go
deleted file mode 100644
index 5f838b6..0000000
--- a/cmd/ship/host/update.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package host
-import (
-        "bufio"
-        "fmt"
-        "os"
-        "strings"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var updateCmd = &cobra.Command{
-        Use:   "update",
-        Short: "Update VPS packages",
-        Long:  "Run apt update && apt upgrade on the VPS",
-        RunE:  runUpdate,
-}
-func init() {
-        updateCmd.Flags().BoolP("yes", "y", false, "Skip confirmation prompt")
-}
-func runUpdate(cmd *cobra.Command, args []string) error {
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host, _ := cmd.Flags().GetString("host")
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required (no default host set)")
-        }
-        yes, _ := cmd.Flags().GetBool("yes")
-        if !yes {
-                fmt.Printf("This will run apt update && apt upgrade on %s\n", host)
-                fmt.Print("Continue? [Y/n]: ")
-                reader := bufio.NewReader(os.Stdin)
-                response, _ := reader.ReadString('\n')
-                response = strings.TrimSpace(response)
-                if response == "n" || response == "N" {
-                        fmt.Println("Aborted.")
-                        return nil
-                }
-        }
-        fmt.Printf("Connecting to %s...\n", host)
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        fmt.Println("\n-> Running apt update...")
-        if err := client.RunSudoStream("apt update"); err != nil {
-                return fmt.Errorf("error running apt update: %w", err)
-        }
-        fmt.Println("\n-> Running apt upgrade...")
-        if err := client.RunSudoStream("DEBIAN_FRONTEND=noninteractive apt upgrade -y"); err != nil {
-                return fmt.Errorf("error running apt upgrade: %w", err)
-        }
-        fmt.Println()
-        if output, err := client.Run("[ -f /var/run/reboot-required ] && echo 'yes' || echo 'no'"); err == nil {
-                if strings.TrimSpace(output) == "yes" {
-                        fmt.Print("A reboot is required to complete the update. Reboot now? [Y/n]: ")
-                        reader := bufio.NewReader(os.Stdin)
-                        response, _ := reader.ReadString('\n')
-                        response = strings.TrimSpace(response)
-                        if response == "" || response == "y" || response == "Y" {
-                                fmt.Println("Rebooting...")
-                                if _, err := client.RunSudo("reboot"); err != nil {
-                                        // reboot command often returns an error as connection drops
-                                        // this is expected behavior
-                                }
-                                fmt.Println("Reboot initiated. The host will be back online shortly.")
-                                return nil
-                        }
-                        fmt.Println("Skipping reboot. Run 'sudo reboot' manually when ready.")
-                }
-        }
-        fmt.Println("Update complete")
-        return nil
-}
diff --git a/cmd/ship/host_v2.go b/cmd/ship/host_v2.go
new file mode 100644
index 0000000..b19c376
--- /dev/null
+++ b/cmd/ship/host_v2.go
@@ -0,0 +1,445 @@
+package main
+import (
+        "encoding/json"
+        "fmt"
+        "os"
+        "os/exec"
+        "path/filepath"
+        "strings"
+        "github.com/bdw/ship/internal/output"
+        "github.com/bdw/ship/internal/ssh"
+        "github.com/bdw/ship/internal/state"
+        "github.com/bdw/ship/internal/templates"
+        "github.com/spf13/cobra"
+)
+func initHostV2() {
+        hostInitV2Cmd.Flags().String("domain", "", "Base domain for deployments (required)")
+        hostInitV2Cmd.MarkFlagRequired("domain")
+        
+        hostV2Cmd.AddCommand(hostInitV2Cmd)
+        hostV2Cmd.AddCommand(hostStatusV2Cmd)
+}
+var hostInitV2Cmd = &cobra.Command{
+        Use:   "init USER@HOST --domain DOMAIN",
+        Short: "Initialize a VPS for deployments",
+        Long: `Set up a fresh VPS with Caddy, Docker, and required directories.
+Example:
+  ship host init user@my-vps --domain example.com`,
+        Args: cobra.ExactArgs(1),
+        RunE: runHostInitV2,
+}
+func runHostInitV2(cmd *cobra.Command, args []string) error {
+        host := args[0]
+        domain, _ := cmd.Flags().GetString("domain")
+        if domain == "" {
+                output.PrintAndExit(output.Err(output.ErrInvalidArgs, "--domain is required"))
+        }
+        // Ensure SSH key exists
+        keyPath, pubkey, err := ensureSSHKey()
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrSSHAuthFailed, "failed to setup SSH key: "+err.Error()))
+        }
+        // Try to connect first (to verify key is authorized)
+        client, err := ssh.Connect(host)
+        if err != nil {
+                // Connection failed - provide helpful error with pubkey
+                resp := map[string]interface{}{
+                        "status":      "error",
+                        "code":        "SSH_AUTH_FAILED",
+                        "message":     "SSH connection failed. Add this public key to your VPS authorized_keys:",
+                        "public_key":  pubkey,
+                        "key_path":    keyPath,
+                        "host":        host,
+                        "setup_command": fmt.Sprintf("ssh-copy-id -i %s %s", keyPath, host),
+                }
+                printJSON(resp)
+                os.Exit(output.ExitSSHFailed)
+        }
+        defer client.Close()
+        // Detect OS
+        osRelease, err := client.Run("cat /etc/os-release")
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrSSHConnectFailed, "failed to detect OS: "+err.Error()))
+        }
+        if !strings.Contains(osRelease, "Ubuntu") && !strings.Contains(osRelease, "Debian") {
+                output.PrintAndExit(output.Err(output.ErrInvalidArgs, "unsupported OS (only Ubuntu and Debian are supported)"))
+        }
+        var installed []string
+        // Install Caddy if needed
+        if _, err := client.Run("which caddy"); err != nil {
+                if err := installCaddyV2(client); err != nil {
+                        output.PrintAndExit(output.Err(output.ErrServiceFailed, "failed to install Caddy: "+err.Error()))
+                }
+                installed = append(installed, "caddy")
+        }
+        // Configure Caddy
+        caddyfile := `{
+}
+import /etc/caddy/sites-enabled/*
+`
+        if err := client.WriteSudoFile("/etc/caddy/Caddyfile", caddyfile); err != nil {
+                output.PrintAndExit(output.Err(output.ErrCaddyFailed, "failed to write Caddyfile: "+err.Error()))
+        }
+        // Create directories
+        dirs := []string{
+                "/etc/ship/env",
+                "/etc/ship/ports",
+                "/etc/ship/ttl",
+                "/etc/caddy/sites-enabled",
+                "/var/www",
+        }
+        for _, dir := range dirs {
+                if _, err := client.RunSudo(fmt.Sprintf("mkdir -p %s", dir)); err != nil {
+                        output.PrintAndExit(output.Err(output.ErrServiceFailed, "failed to create directory: "+err.Error()))
+                }
+        }
+        // Install Docker
+        if _, err := client.Run("which docker"); err != nil {
+                if err := installDockerV2(client); err != nil {
+                        output.PrintAndExit(output.Err(output.ErrServiceFailed, "failed to install Docker: "+err.Error()))
+                }
+                installed = append(installed, "docker")
+        }
+        // Install cleanup timer for TTL
+        if err := installCleanupTimer(client); err != nil {
+                // Non-fatal
+        }
+        // Enable and start services
+        if _, err := client.RunSudo("systemctl enable --now caddy docker"); err != nil {
+                output.PrintAndExit(output.Err(output.ErrServiceFailed, "failed to enable services: "+err.Error()))
+        }
+        // Save state
+        st, err := state.Load()
+        if err != nil {
+                output.PrintAndExit(output.Err(output.ErrServiceFailed, "failed to load state: "+err.Error()))
+        }
+        hostState := st.GetHost(host)
+        hostState.BaseDomain = domain
+        if st.GetDefaultHost() == "" {
+                st.SetDefaultHost(host)
+        }
+        if err := st.Save(); err != nil {
+                output.PrintAndExit(output.Err(output.ErrServiceFailed, "failed to save state: "+err.Error()))
+        }
+        // Success
+        output.PrintAndExit(&output.HostInitResponse{
+                Status:    "ok",
+                Host:      host,
+                Domain:    domain,
+                Installed: installed,
+        })
+        return nil
+}
+func installCaddyV2(client *ssh.Client) error {
+        commands := []string{
+                "apt-get update",
+                "apt-get install -y debian-keyring debian-archive-keyring apt-transport-https curl gnupg",
+                "curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o /tmp/caddy.gpg",
+                "gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg < /tmp/caddy.gpg",
+                "curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' -o /etc/apt/sources.list.d/caddy-stable.list",
+                "apt-get update",
+                "apt-get install -y caddy",
+        }
+        for _, cmd := range commands {
+                if _, err := client.RunSudo(cmd); err != nil {
+                        return fmt.Errorf("command failed: %s: %w", cmd, err)
+                }
+        }
+        return nil
+}
+func installDockerV2(client *ssh.Client) error {
+        commands := []string{
+                "apt-get install -y ca-certificates curl gnupg",
+                "install -m 0755 -d /etc/apt/keyrings",
+                "curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc",
+                "chmod a+r /etc/apt/keyrings/docker.asc",
+                `sh -c 'echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo ${VERSION_CODENAME}) stable" > /etc/apt/sources.list.d/docker.list'`,
+                "apt-get update",
+                "apt-get install -y docker-ce docker-ce-cli containerd.io",
+        }
+        for _, cmd := range commands {
+                if _, err := client.RunSudo(cmd); err != nil {
+                        return fmt.Errorf("command failed: %s: %w", cmd, err)
+                }
+        }
+        return nil
+}
+func installCleanupTimer(client *ssh.Client) error {
+        // Cleanup script
+        script := `#!/bin/bash
+now=$(date +%s)
+for f in /etc/ship/ttl/*; do
+    [ -f "$f" ] || continue
+    name=$(basename "$f")
+    expires=$(cat "$f")
+    if [ "$now" -gt "$expires" ]; then
+        systemctl stop "$name" 2>/dev/null || true
+        systemctl disable "$name" 2>/dev/null || true
+        rm -f "/etc/systemd/system/${name}.service"
+        rm -f "/etc/caddy/sites-enabled/${name}.caddy"
+        rm -rf "/var/www/${name}"
+        rm -rf "/var/lib/${name}"
+        rm -f "/usr/local/bin/${name}"
+        rm -f "/etc/ship/env/${name}.env"
+        rm -f "/etc/ship/ports/${name}"
+        rm -f "/etc/ship/ttl/${name}"
+        docker rm -f "$name" 2>/dev/null || true
+        docker rmi "$name" 2>/dev/null || true
+    fi
+done
+systemctl daemon-reload
+systemctl reload caddy
+`
+        if err := client.WriteSudoFile("/usr/local/bin/ship-cleanup", script); err != nil {
+                return err
+        }
+        if _, err := client.RunSudo("chmod +x /usr/local/bin/ship-cleanup"); err != nil {
+                return err
+        }
+        // Timer unit
+        timer := `[Unit]
+Description=Ship TTL cleanup timer
+[Timer]
+OnCalendar=hourly
+Persistent=true
+[Install]
+WantedBy=timers.target
+`
+        if err := client.WriteSudoFile("/etc/systemd/system/ship-cleanup.timer", timer); err != nil {
+                return err
+        }
+        // Service unit
+        service := `[Unit]
+Description=Ship TTL cleanup
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/ship-cleanup
+`
+        if err := client.WriteSudoFile("/etc/systemd/system/ship-cleanup.service", service); err != nil {
+                return err
+        }
+        // Enable timer
+        if _, err := client.RunSudo("systemctl daemon-reload"); err != nil {
+                return err
+        }
+        if _, err := client.RunSudo("systemctl enable --now ship-cleanup.timer"); err != nil {
+                return err
+        }
+        return nil
+}
+var hostStatusV2Cmd = &cobra.Command{
+        Use:   "status",
+        Short: "Check host status",
+        RunE: func(cmd *cobra.Command, args []string) error {
+                st, err := state.Load()
+                if err != nil {
+                        output.PrintAndExit(output.Err(output.ErrHostNotConfigured, err.Error()))
+                }
+                hostName := hostFlag
+                if hostName == "" {
+                        hostName = st.DefaultHost
+                }
+                if hostName == "" {
+                        output.PrintAndExit(output.Err(output.ErrHostNotConfigured, "no host specified"))
+                }
+                hostConfig := st.GetHost(hostName)
+                client, err := ssh.Connect(hostName)
+                if err != nil {
+                        output.PrintAndExit(output.Err(output.ErrSSHConnectFailed, err.Error()))
+                }
+                defer client.Close()
+                // Check services
+                caddyStatus, _ := client.RunSudo("systemctl is-active caddy")
+                dockerStatus, _ := client.RunSudo("systemctl is-active docker")
+                // Print as JSON directly (custom response type)
+                fmt.Printf(`{"status":"ok","host":%q,"domain":%q,"caddy":%t,"docker":%t}`+"\n",
+                        hostName,
+                        hostConfig.BaseDomain,
+                        strings.TrimSpace(caddyStatus) == "active",
+                        strings.TrimSpace(dockerStatus) == "active",
+                )
+                return nil
+        },
+}
+// Preserve git setup functionality from v1 for advanced users
+func setupGitDeployV2(client *ssh.Client, baseDomain string, hostState *state.Host) *output.ErrorResponse {
+        // Install git, fcgiwrap, cgit
+        if _, err := client.RunSudo("apt-get install -y git fcgiwrap cgit"); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to install git tools: "+err.Error())
+        }
+        // Create git user
+        client.RunSudo("useradd -r -m -d /home/git -s $(which git-shell) git")
+        client.RunSudo("usermod -aG docker git")
+        client.RunSudo("usermod -aG git www-data")
+        client.RunSudo("usermod -aG www-data caddy")
+        // Copy SSH keys
+        copyKeysCommands := []string{
+                "mkdir -p /home/git/.ssh",
+                "cp ~/.ssh/authorized_keys /home/git/.ssh/authorized_keys",
+                "chown -R git:git /home/git/.ssh",
+                "chmod 700 /home/git/.ssh",
+                "chmod 600 /home/git/.ssh/authorized_keys",
+        }
+        for _, cmd := range copyKeysCommands {
+                if _, err := client.RunSudo(cmd); err != nil {
+                        return output.Err(output.ErrServiceFailed, "failed to setup git SSH: "+err.Error())
+                }
+        }
+        // Create /srv/git
+        client.RunSudo("mkdir -p /srv/git")
+        client.RunSudo("chown git:git /srv/git")
+        // Sudoers
+        sudoersContent := `git ALL=(ALL) NOPASSWD: \
+    /bin/systemctl daemon-reload, \
+    /bin/systemctl reload caddy, \
+    /bin/systemctl restart [a-z]*, \
+    /bin/systemctl enable [a-z]*, \
+    /bin/cp /var/lib/*/src/.ship/service /etc/systemd/system/*.service, \
+    /bin/cp /var/lib/*/src/.ship/Caddyfile /etc/caddy/sites-enabled/*.caddy, \
+    /bin/cp /var/www/*/.ship/Caddyfile /etc/caddy/sites-enabled/*.caddy, \
+    /bin/mkdir -p /var/lib/*, \
+    /bin/mkdir -p /var/www/*, \
+    /bin/chown -R git\:git /var/lib/*, \
+    /bin/chown git\:git /var/www/*
+`
+        if err := client.WriteSudoFile("/etc/sudoers.d/ship-git", sudoersContent); err != nil {
+                return output.Err(output.ErrServiceFailed, "failed to write sudoers: "+err.Error())
+        }
+        client.RunSudo("chmod 440 /etc/sudoers.d/ship-git")
+        // Vanity import template
+        vanityHTML := `<!DOCTYPE html>
+<html><head>
+{{$path := trimPrefix "/" (placeholder "http.request.orig_uri.path")}}
+{{$parts := splitList "/" $path}}
+{{$module := first $parts}}
+<meta name="go-import" content="{{.Host}}/{{$module}} git https://{{.Host}}/{{$module}}.git">
+</head>
+<body>go get {{.Host}}/{{$module}}</body>
+</html>
+`
+        client.RunSudo("mkdir -p /opt/ship/vanity")
+        client.WriteSudoFile("/opt/ship/vanity/index.html", vanityHTML)
+        // cgit config
+        codeCaddyContent, _ := templates.CodeCaddy(map[string]string{"BaseDomain": baseDomain})
+        client.WriteSudoFile("/etc/caddy/sites-enabled/ship-code.caddy", codeCaddyContent)
+        cgitrcContent, _ := templates.CgitRC(map[string]string{"BaseDomain": baseDomain})
+        client.WriteSudoFile("/etc/cgitrc", cgitrcContent)
+        client.WriteSudoFile("/opt/ship/cgit-header.html", templates.CgitHeader())
+        // Start services
+        client.RunSudo("systemctl enable --now fcgiwrap")
+        client.RunSudo("systemctl restart caddy")
+        hostState.GitSetup = true
+        return nil
+}
+// ensureSSHKey checks for an existing SSH key or generates a new one.
+// Returns the key path, public key contents, and any error.
+func ensureSSHKey() (keyPath string, pubkey string, err error) {
+        home, err := os.UserHomeDir()
+        if err != nil {
+                return "", "", err
+        }
+        // Check common key locations
+        keyPaths := []string{
+                filepath.Join(home, ".ssh", "id_ed25519"),
+                filepath.Join(home, ".ssh", "id_rsa"),
+                filepath.Join(home, ".ssh", "id_ecdsa"),
+        }
+        for _, kp := range keyPaths {
+                pubPath := kp + ".pub"
+                if _, err := os.Stat(kp); err == nil {
+                        if _, err := os.Stat(pubPath); err == nil {
+                                // Key exists, read public key
+                                pub, err := os.ReadFile(pubPath)
+                                if err != nil {
+                                        continue
+                                }
+                                return kp, strings.TrimSpace(string(pub)), nil
+                        }
+                }
+        }
+        // No key found, generate one
+        keyPath = filepath.Join(home, ".ssh", "id_ed25519")
+        sshDir := filepath.Dir(keyPath)
+        // Ensure .ssh directory exists
+        if err := os.MkdirAll(sshDir, 0700); err != nil {
+                return "", "", fmt.Errorf("failed to create .ssh directory: %w", err)
+        }
+        // Generate key
+        cmd := exec.Command("ssh-keygen", "-t", "ed25519", "-f", keyPath, "-N", "", "-C", "ship")
+        if err := cmd.Run(); err != nil {
+                return "", "", fmt.Errorf("failed to generate SSH key: %w", err)
+        }
+        // Read public key
+        pub, err := os.ReadFile(keyPath + ".pub")
+        if err != nil {
+                return "", "", fmt.Errorf("failed to read public key: %w", err)
+        }
+        return keyPath, strings.TrimSpace(string(pub)), nil
+}
+// printJSON outputs a value as JSON to stdout
+func printJSON(v interface{}) {
+        enc := json.NewEncoder(os.Stdout)
+        enc.Encode(v)
+}
diff --git a/cmd/ship/init.go b/cmd/ship/init.go
deleted file mode 100644
index b495702..0000000
--- a/cmd/ship/init.go
+++ /dev/null
@@ -1,268 +0,0 @@
-package main
-import (
-        "fmt"
-        "os"
-        "os/exec"
-        "path/filepath"
-        "strconv"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/bdw/ship/internal/templates"
-        "github.com/spf13/cobra"
-)
-var initCmd = &cobra.Command{
-        Use:   "init <name>",
-        Short: "Initialize a git-deployed project",
-        Long: `Create a bare git repo on the VPS and generate local .ship/ config files.
-Pushing to the remote triggers an automatic docker build and deploy (for apps)
-or a static file checkout (for static sites). If no Dockerfile is present in an
-app repo, pushes are accepted without triggering a deploy.
-Examples:
-  # Initialize an app (Docker-based)
-  ship init myapp
-  # Initialize with a custom domain
-  ship init myapp --domain custom.example.com
-  # Initialize a static site
-  ship init mysite --static
-  # Initialize a public repo (cloneable via go get / git clone over HTTPS)
-  ship init mylib --public`,
-        Args: cobra.ExactArgs(1),
-        RunE: runInit,
-}
-func init() {
-        initCmd.Flags().Bool("static", false, "Initialize as static site")
-        initCmd.Flags().Bool("public", false, "Make repo publicly cloneable over HTTPS (for go get)")
-        initCmd.Flags().String("domain", "", "Custom domain (default: name.basedomain)")
-}
-func runInit(cmd *cobra.Command, args []string) error {
-        name := args[0]
-        if err := validateName(name); err != nil {
-                return err
-        }
-        static, _ := cmd.Flags().GetBool("static")
-        public, _ := cmd.Flags().GetBool("public")
-        domain, _ := cmd.Flags().GetString("domain")
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host := hostFlag
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        hostState := st.GetHost(host)
-        if !hostState.GitSetup {
-                return fmt.Errorf("git deployment not set up on %s (run 'ship host init --base-domain example.com' first)", host)
-        }
-        // Check if app already exists
-        if _, err := st.GetApp(host, name); err == nil {
-                return fmt.Errorf("app %s already exists", name)
-        }
-        appType := "git-app"
-        if static {
-                appType = "git-static"
-        }
-        // Resolve domain
-        if domain == "" && hostState.BaseDomain != "" {
-                domain = name + "." + hostState.BaseDomain
-        }
-        if domain == "" {
-                return fmt.Errorf("--domain required (or configure base domain)")
-        }
-        // Allocate port for apps only
-        port := 0
-        if !static {
-                port = st.AllocatePort(host)
-        }
-        fmt.Printf("Initializing %s: %s\n", appType, name)
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        // Create bare repo
-        fmt.Println("-> Creating bare git repo...")
-        repo := fmt.Sprintf("/srv/git/%s.git", name)
-        if _, err := client.RunSudo(fmt.Sprintf("sudo -u git git init --bare -b main %s", repo)); err != nil {
-                return fmt.Errorf("error creating bare repo: %w", err)
-        }
-        if public {
-                if _, err := client.RunSudo(fmt.Sprintf("sudo -u git touch %s/git-daemon-export-ok", repo)); err != nil {
-                        return fmt.Errorf("error setting repo public: %w", err)
-                }
-        }
-        if static {
-                // Create web root
-                fmt.Println("-> Creating web root...")
-                if _, err := client.RunSudo(fmt.Sprintf("mkdir -p /var/www/%s", name)); err != nil {
-                        return fmt.Errorf("error creating web root: %w", err)
-                }
-                if _, err := client.RunSudo(fmt.Sprintf("chown git:git /var/www/%s", name)); err != nil {
-                        return fmt.Errorf("error setting web root ownership: %w", err)
-                }
-                // Write post-receive hook
-                fmt.Println("-> Writing post-receive hook...")
-                hookContent, err := templates.PostReceiveHookStatic(map[string]string{
-                        "Name": name,
-                })
-                if err != nil {
-                        return fmt.Errorf("error generating hook: %w", err)
-                }
-                if err := writeHook(client, repo, hookContent); err != nil {
-                        return err
-                }
-        } else {
-                // Create env file
-                fmt.Println("-> Creating environment file...")
-                envContent := fmt.Sprintf("PORT=%d\nDATA_DIR=/data\n", port)
-                envPath := fmt.Sprintf("/etc/ship/env/%s.env", name)
-                if err := client.WriteSudoFile(envPath, envContent); err != nil {
-                        return fmt.Errorf("error creating env file: %w", err)
-                }
-                // Write post-receive hook (handles dir creation on first push)
-                fmt.Println("-> Writing post-receive hook...")
-                hookContent, err := templates.PostReceiveHook(map[string]string{
-                        "Name": name,
-                })
-                if err != nil {
-                        return fmt.Errorf("error generating hook: %w", err)
-                }
-                if err := writeHook(client, repo, hookContent); err != nil {
-                        return err
-                }
-        }
-        // Save state
-        st.AddApp(host, name, &state.App{
-                Type:   appType,
-                Domain: domain,
-                Port:   port,
-                Repo:   repo,
-                Public: public,
-        })
-        if err := st.Save(); err != nil {
-                return fmt.Errorf("error saving state: %w", err)
-        }
-        // Generate local .ship/ files
-        fmt.Println("-> Generating local .ship/ config...")
-        if err := os.MkdirAll(".ship", 0755); err != nil {
-                return fmt.Errorf("error creating .ship directory: %w", err)
-        }
-        if static {
-                caddyContent, err := templates.DefaultStaticCaddy(map[string]string{
-                        "Domain": domain,
-                        "Name":   name,
-                })
-                if err != nil {
-                        return fmt.Errorf("error generating Caddyfile: %w", err)
-                }
-                if err := os.WriteFile(filepath.Join(".ship", "Caddyfile"), []byte(caddyContent), 0644); err != nil {
-                        return fmt.Errorf("error writing Caddyfile: %w", err)
-                }
-        } else {
-                caddyContent, err := templates.DefaultAppCaddy(map[string]string{
-                        "Domain": domain,
-                        "Port":   strconv.Itoa(port),
-                })
-                if err != nil {
-                        return fmt.Errorf("error generating Caddyfile: %w", err)
-                }
-                if err := os.WriteFile(filepath.Join(".ship", "Caddyfile"), []byte(caddyContent), 0644); err != nil {
-                        return fmt.Errorf("error writing Caddyfile: %w", err)
-                }
-                serviceContent, err := templates.DockerService(map[string]string{
-                        "Name": name,
-                        "Port": strconv.Itoa(port),
-                })
-                if err != nil {
-                        return fmt.Errorf("error generating service file: %w", err)
-                }
-                if err := os.WriteFile(filepath.Join(".ship", "service"), []byte(serviceContent), 0644); err != nil {
-                        return fmt.Errorf("error writing service file: %w", err)
-                }
-        }
-        // Initialize local git repo if needed
-        if _, err := os.Stat(".git"); os.IsNotExist(err) {
-                fmt.Println("-> Initializing git repo...")
-                gitInit := exec.Command("git", "init")
-                gitInit.Stdout = os.Stdout
-                gitInit.Stderr = os.Stderr
-                if err := gitInit.Run(); err != nil {
-                        return fmt.Errorf("error initializing git repo: %w", err)
-                }
-        }
-        // Add origin remote (replace if it already exists)
-        sshHost := host
-        remoteURL := fmt.Sprintf("git@%s:%s", sshHost, repo)
-        exec.Command("git", "remote", "remove", "origin").Run() // ignore error if not exists
-        addRemote := exec.Command("git", "remote", "add", "origin", remoteURL)
-        if err := addRemote.Run(); err != nil {
-                return fmt.Errorf("error adding git remote: %w", err)
-        }
-        fmt.Printf("\nProject initialized: %s\n", name)
-        fmt.Println("\nGenerated:")
-        fmt.Println("  .ship/Caddyfile    — Caddy config (edit to customize routing)")
-        if !static {
-                fmt.Println("  .ship/service      — systemd unit (edit to customize resources, ports)")
-        }
-        fmt.Println("\nNext steps:")
-        if static {
-                fmt.Println("  git add .ship/")
-        } else {
-                fmt.Println("  git add .ship/ Dockerfile")
-        }
-        fmt.Println("  git commit -m \"initial deploy\"")
-        fmt.Println("  git push origin main")
-        if !static {
-                fmt.Println("\n  (No Dockerfile? Just push — deploy is skipped until one is added.)")
-        }
-        return nil
-}
-func writeHook(client *ssh.Client, repo, content string) error {
-        hookPath := fmt.Sprintf("%s/hooks/post-receive", repo)
-        if err := client.WriteSudoFile(hookPath, content); err != nil {
-                return fmt.Errorf("error writing hook: %w", err)
-        }
-        if _, err := client.RunSudo(fmt.Sprintf("chmod +x %s", hookPath)); err != nil {
-                return fmt.Errorf("error making hook executable: %w", err)
-        }
-        if _, err := client.RunSudo(fmt.Sprintf("chown git:git %s", hookPath)); err != nil {
-                return fmt.Errorf("error setting hook ownership: %w", err)
-        }
-        return nil
-}
diff --git a/cmd/ship/list.go b/cmd/ship/list.go
deleted file mode 100644
index af5baf8..0000000
--- a/cmd/ship/list.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package main
-import (
-        "fmt"
-        "os"
-        "text/tabwriter"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var listCmd = &cobra.Command{
-        Use:   "list",
-        Short: "List all deployed apps and sites",
-        RunE:  runList,
-}
-func runList(cmd *cobra.Command, args []string) error {
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host := hostFlag
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        apps := st.ListApps(host)
-        if len(apps) == 0 {
-                fmt.Printf("No deployments found for %s\n", host)
-                return nil
-        }
-        w := tabwriter.NewWriter(os.Stdout, 0, 0, 3, ' ', 0)
-        fmt.Fprintln(w, "NAME\tTYPE\tVISIBILITY\tDOMAIN\tPORT")
-        for name, app := range apps {
-                port := ""
-                if app.Type == "app" || app.Type == "git-app" {
-                        port = fmt.Sprintf(":%d", app.Port)
-                }
-                domain := app.Domain
-                if domain == "" {
-                        domain = "-"
-                }
-                visibility := ""
-                if app.Repo != "" {
-                        visibility = "private"
-                        if app.Public {
-                                visibility = "public"
-                        }
-                }
-                fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", name, app.Type, visibility, domain, port)
-        }
-        w.Flush()
-        return nil
-}
diff --git a/cmd/ship/logs.go b/cmd/ship/logs.go
deleted file mode 100644
index 4c58a9c..0000000
--- a/cmd/ship/logs.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package main
-import (
-        "fmt"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var logsCmd = &cobra.Command{
-        Use:   "logs <app>",
-        Short: "View logs for a deployment",
-        Args:  cobra.ExactArgs(1),
-        RunE:  runLogs,
-}
-func init() {
-        logsCmd.Flags().BoolP("follow", "f", false, "Follow logs")
-        logsCmd.Flags().IntP("lines", "n", 50, "Number of lines to show")
-}
-func runLogs(cmd *cobra.Command, args []string) error {
-        name := args[0]
-        if err := validateName(name); err != nil {
-                return err
-        }
-        follow, _ := cmd.Flags().GetBool("follow")
-        lines, _ := cmd.Flags().GetInt("lines")
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host := hostFlag
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        app, err := st.GetApp(host, name)
-        if err != nil {
-                return err
-        }
-        if app.Type != "app" && app.Type != "git-app" {
-                return fmt.Errorf("logs are only available for apps, not static sites")
-        }
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        journalCmd := fmt.Sprintf("journalctl -u %s -n %d", name, lines)
-        if follow {
-                journalCmd += " -f"
-        }
-        if follow {
-                if err := client.RunStream(journalCmd); err != nil {
-                        return fmt.Errorf("error fetching logs: %w", err)
-                }
-        } else {
-                output, err := client.Run(journalCmd)
-                if err != nil {
-                        return fmt.Errorf("error fetching logs: %w", err)
-                }
-                fmt.Print(output)
-        }
-        return nil
-}
diff --git a/cmd/ship/main.go b/cmd/ship/main.go
index f7d95c1..17516fb 100644
--- a/cmd/ship/main.go
+++ b/cmd/ship/main.go
@@ -1,13 +1,10 @@
 package main
-import (
+import "os"
-        "fmt"
-        "os"
-)
 func main() {
-        if err := rootCmd.Execute(); err != nil {
+        initV2()
-                fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+        if err := rootV2Cmd.Execute(); err != nil {
                os.Exit(1)
        }
 }
diff --git a/cmd/ship/remove.go b/cmd/ship/remove.go
deleted file mode 100644
index b55d0c8..0000000
--- a/cmd/ship/remove.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package main
-import (
-        "fmt"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var removeCmd = &cobra.Command{
-        Use:     "remove <app>",
-        Aliases: []string{"rm"},
-        Short:   "Remove a deployment",
-        Args:    cobra.ExactArgs(1),
-        RunE:    runRemove,
-}
-func runRemove(cmd *cobra.Command, args []string) error {
-        name := args[0]
-        if err := validateName(name); err != nil {
-                return err
-        }
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host := hostFlag
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        app, err := st.GetApp(host, name)
-        if err != nil {
-                return err
-        }
-        fmt.Printf("Removing deployment: %s\n", name)
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        switch app.Type {
-        case "app":
-                fmt.Println("-> Stopping service...")
-                client.RunSudo(fmt.Sprintf("systemctl stop %s", name))
-                client.RunSudo(fmt.Sprintf("systemctl disable %s", name))
-                client.RunSudo(fmt.Sprintf("rm -f /etc/systemd/system/%s.service", name))
-                client.RunSudo("systemctl daemon-reload")
-                client.RunSudo(fmt.Sprintf("rm -f /usr/local/bin/%s", name))
-                client.RunSudo(fmt.Sprintf("rm -rf /var/lib/%s", name))
-                client.RunSudo(fmt.Sprintf("rm -f /etc/ship/env/%s.env", name))
-                client.RunSudo(fmt.Sprintf("userdel %s", name))
-        case "git-app":
-                fmt.Println("-> Stopping service...")
-                client.RunSudo(fmt.Sprintf("systemctl stop %s", name))
-                client.RunSudo(fmt.Sprintf("systemctl disable %s", name))
-                client.RunSudo(fmt.Sprintf("rm -f /etc/systemd/system/%s.service", name))
-                client.RunSudo("systemctl daemon-reload")
-                fmt.Println("-> Removing Docker image...")
-                client.RunSudo(fmt.Sprintf("docker rmi %s:latest", name))
-                fmt.Println("-> Removing files...")
-                client.RunSudo(fmt.Sprintf("rm -rf /var/lib/%s", name))
-                client.RunSudo(fmt.Sprintf("rm -rf /srv/git/%s.git", name))
-                client.RunSudo(fmt.Sprintf("rm -f /etc/ship/env/%s.env", name))
-        case "git-static":
-                fmt.Println("-> Removing files...")
-                client.RunSudo(fmt.Sprintf("rm -rf /var/www/%s", name))
-                client.RunSudo(fmt.Sprintf("rm -rf /srv/git/%s.git", name))
-        default: // "static"
-                fmt.Println("-> Removing files...")
-                client.RunSudo(fmt.Sprintf("rm -rf /var/www/%s", name))
-        }
-        fmt.Println("-> Removing Caddy config...")
-        client.RunSudo(fmt.Sprintf("rm -f /etc/caddy/sites-enabled/%s.caddy", name))
-        fmt.Println("-> Reloading Caddy...")
-        if _, err := client.RunSudo("systemctl reload caddy"); err != nil {
-                fmt.Printf("Warning: Error reloading Caddy: %v\n", err)
-        }
-        if err := st.RemoveApp(host, name); err != nil {
-                return fmt.Errorf("error updating state: %w", err)
-        }
-        if err := st.Save(); err != nil {
-                return fmt.Errorf("error saving state: %w", err)
-        }
-        fmt.Println("Deployment removed successfully")
-        return nil
-}
diff --git a/cmd/ship/restart.go b/cmd/ship/restart.go
deleted file mode 100644
index c902adb..0000000
--- a/cmd/ship/restart.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package main
-import (
-        "fmt"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var restartCmd = &cobra.Command{
-        Use:   "restart <app>",
-        Short: "Restart a deployment",
-        Args:  cobra.ExactArgs(1),
-        RunE:  runRestart,
-}
-func runRestart(cmd *cobra.Command, args []string) error {
-        name := args[0]
-        if err := validateName(name); err != nil {
-                return err
-        }
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host := hostFlag
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        app, err := st.GetApp(host, name)
-        if err != nil {
-                return err
-        }
-        if app.Type != "app" && app.Type != "git-app" {
-                return fmt.Errorf("restart is only available for apps, not static sites")
-        }
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        fmt.Printf("Restarting %s...\n", name)
-        if _, err := client.RunSudo(fmt.Sprintf("systemctl restart %s", name)); err != nil {
-                return fmt.Errorf("error restarting service: %w", err)
-        }
-        fmt.Println("Service restarted successfully")
-        return nil
-}
diff --git a/cmd/ship/root.go b/cmd/ship/root.go
deleted file mode 100644
index 93280f5..0000000
--- a/cmd/ship/root.go
+++ /dev/null
@@ -1,97 +0,0 @@
-package main
-import (
-        "github.com/bdw/ship/cmd/ship/env"
-        "github.com/bdw/ship/cmd/ship/host"
-        "github.com/spf13/cobra"
-)
-var (
-        // Persistent flags
-        hostFlag string
-        // Version info (set via ldflags)
-        version = "dev"
-        commit  = "none"
-        date    = "unknown"
-)
-const banner = `
-        ~
-    ___|___
-   |   _   |
-  _|__|_|__|_
- |   SHIP   |  Ship apps to your VPS
-  \_________/   with automatic HTTPS
-   ~~~~~~~~~
-`
-var rootCmd = &cobra.Command{
-        Use:   "ship",
-        Short: "Ship apps and static sites to a VPS with automatic HTTPS",
-        Long: banner + `
-A CLI tool for deploying applications and static sites to a VPS.
-How it works:
-  Ship uses only SSH to deploy - no agents, containers, or external services.
-  It uploads your binary or static website, creates a systemd service, and configures Caddy
-  for automatic HTTPS. Ports are assigned automatically. Your app runs directly on the VPS
-  with minimal overhead.
-Requirements:
-  • A VPS with SSH access (use 'ship host init' to set up a new server)
-  • An SSH config entry or user@host for your server
-  • A domain pointing to your VPS
-Examples:
-  # Deploy a Go binary
-  ship --binary ./myapp --domain api.example.com
-  # Deploy with auto-generated subdomain (requires base domain)
-  ship --binary ./myapp --name myapp
-  # Deploy a static site
-  ship --static --dir ./dist --domain example.com
-  # Update config without redeploying binary
-  ship --name myapp --memory 512M --cpu 50%
-  ship --name myapp --env DEBUG=true
-  # Set up a new VPS with base domain
-  ship host init --host user@vps --base-domain apps.example.com`,
-        RunE:          runDeploy,
-        SilenceUsage:  true,
-        SilenceErrors: true,
-}
-func init() {
-        // Persistent flags available to all subcommands
-        rootCmd.PersistentFlags().StringVar(&hostFlag, "host", "", "VPS host (SSH config alias or user@host)")
-        // Root command (deploy) flags
-        rootCmd.Flags().String("binary", "", "Path to Go binary (for app deployment)")
-        rootCmd.Flags().Bool("static", false, "Deploy as static site")
-        rootCmd.Flags().String("dir", ".", "Directory to deploy (for static sites)")
-        rootCmd.Flags().String("domain", "", "Custom domain (optional if base domain configured)")
-        rootCmd.Flags().String("name", "", "App name (default: inferred from binary or directory)")
-        rootCmd.Flags().Int("port", 0, "Port override (default: auto-allocate)")
-        rootCmd.Flags().StringArray("env", nil, "Environment variable (KEY=VALUE, can be specified multiple times)")
-        rootCmd.Flags().String("env-file", "", "Path to .env file")
-        rootCmd.Flags().String("args", "", "Arguments to pass to binary")
-        rootCmd.Flags().StringArray("file", nil, "Config file to upload to working directory (can be specified multiple times)")
-        rootCmd.Flags().String("memory", "", "Memory limit (e.g., 512M, 1G)")
-        rootCmd.Flags().String("cpu", "", "CPU limit (e.g., 50%, 200% for 2 cores)")
-        // Add subcommands
-        rootCmd.AddCommand(listCmd)
-        rootCmd.AddCommand(logsCmd)
-        rootCmd.AddCommand(statusCmd)
-        rootCmd.AddCommand(restartCmd)
-        rootCmd.AddCommand(removeCmd)
-        rootCmd.AddCommand(initCmd)
-        rootCmd.AddCommand(deployGitCmd)
-        rootCmd.AddCommand(env.Cmd)
-        rootCmd.AddCommand(host.Cmd)
-        rootCmd.AddCommand(uiCmd)
-        rootCmd.AddCommand(versionCmd)
-}
diff --git a/cmd/ship/root_v2.go b/cmd/ship/root_v2.go
new file mode 100644
index 0000000..aa81d1e
--- /dev/null
+++ b/cmd/ship/root_v2.go
@@ -0,0 +1,98 @@
+package main
+import (
+        "os"
+        "github.com/bdw/ship/internal/output"
+        "github.com/spf13/cobra"
+)
+var hostFlag string
+// This file defines the v2 CLI structure.
+// The primary command is: ship [PATH] [FLAGS]
+// All output is JSON by default.
+var rootV2Cmd = &cobra.Command{
+        Use:   "ship [PATH]",
+        Short: "Deploy code to a VPS. JSON output for agents.",
+        Long: `Ship deploys code to a VPS. Point it at a directory or binary, get a URL back.
+  ship ./myproject              # auto-detect and deploy
+  ship ./site --name docs       # deploy with specific name
+  ship ./api --health /healthz  # deploy with health check
+  ship ./preview --ttl 24h      # deploy with auto-expiry
+All output is JSON. Use --pretty for human-readable output.`,
+        Args:              cobra.MaximumNArgs(1),
+        RunE:              runDeployV2,
+        SilenceUsage:      true,
+        SilenceErrors:     true,
+        DisableAutoGenTag: true,
+}
+func initV2() {
+        // Global flags
+        rootV2Cmd.PersistentFlags().StringVar(&hostFlag, "host", "", "VPS host (SSH config alias or user@host)")
+        rootV2Cmd.PersistentFlags().BoolVar(&output.Pretty, "pretty", false, "Human-readable output")
+        // Deploy flags
+        rootV2Cmd.Flags().String("name", "", "Deploy name (becomes subdomain)")
+        rootV2Cmd.Flags().String("domain", "", "Custom domain for deployment")
+        rootV2Cmd.Flags().String("health", "", "Health check endpoint (e.g., /healthz)")
+        rootV2Cmd.Flags().String("ttl", "", "Auto-delete after duration (e.g., 1h, 7d)")
+        rootV2Cmd.Flags().StringArray("env", nil, "Environment variable (KEY=VALUE)")
+        rootV2Cmd.Flags().String("env-file", "", "Path to .env file")
+        rootV2Cmd.Flags().Int("container-port", 80, "Port the container listens on (Docker only)")
+        // Check for SHIP_PRETTY env var
+        if os.Getenv("SHIP_PRETTY") == "1" {
+                output.Pretty = true
+        }
+        // Add subcommands
+        rootV2Cmd.AddCommand(listV2Cmd)
+        rootV2Cmd.AddCommand(statusV2Cmd)
+        rootV2Cmd.AddCommand(logsV2Cmd)
+        rootV2Cmd.AddCommand(removeV2Cmd)
+        rootV2Cmd.AddCommand(hostV2Cmd)
+        // Initialize host subcommands (from host_v2.go)
+        initHostV2()
+}
+func runDeployV2(cmd *cobra.Command, args []string) error {
+        path := "."
+        if len(args) > 0 {
+                path = args[0]
+        }
+        opts := deployV2Options{
+                Host:   hostFlag,
+                Pretty: output.Pretty,
+        }
+        // Get flag values
+        opts.Name, _ = cmd.Flags().GetString("name")
+        opts.Domain, _ = cmd.Flags().GetString("domain")
+        opts.Health, _ = cmd.Flags().GetString("health")
+        opts.TTL, _ = cmd.Flags().GetString("ttl")
+        opts.Env, _ = cmd.Flags().GetStringArray("env")
+        opts.EnvFile, _ = cmd.Flags().GetString("env-file")
+        opts.ContainerPort, _ = cmd.Flags().GetInt("container-port")
+        // deployV2 handles all output and exits
+        deployV2(path, opts)
+        // Should not reach here (deployV2 calls os.Exit)
+        return nil
+}
+// Subcommands (list, status, logs, remove) are defined in commands_v2.go
+var hostV2Cmd = &cobra.Command{
+        Use:   "host",
+        Short: "Manage VPS host",
+}
+// hostInitV2Cmd, hostStatusV2Cmd, and initHostV2() are defined in host_v2.go
diff --git a/cmd/ship/status.go b/cmd/ship/status.go
deleted file mode 100644
index 4774fad..0000000
--- a/cmd/ship/status.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package main
-import (
-        "fmt"
-        "github.com/bdw/ship/internal/ssh"
-        "github.com/bdw/ship/internal/state"
-        "github.com/spf13/cobra"
-)
-var statusCmd = &cobra.Command{
-        Use:   "status <app>",
-        Short: "Check status of a deployment",
-        Args:  cobra.ExactArgs(1),
-        RunE:  runStatus,
-}
-func runStatus(cmd *cobra.Command, args []string) error {
-        name := args[0]
-        if err := validateName(name); err != nil {
-                return err
-        }
-        st, err := state.Load()
-        if err != nil {
-                return fmt.Errorf("error loading state: %w", err)
-        }
-        host := hostFlag
-        if host == "" {
-                host = st.GetDefaultHost()
-        }
-        if host == "" {
-                return fmt.Errorf("--host is required")
-        }
-        app, err := st.GetApp(host, name)
-        if err != nil {
-                return err
-        }
-        if app.Type != "app" && app.Type != "git-app" {
-                return fmt.Errorf("status is only available for apps, not static sites")
-        }
-        client, err := ssh.Connect(host)
-        if err != nil {
-                return fmt.Errorf("error connecting to VPS: %w", err)
-        }
-        defer client.Close()
-        output, err := client.RunSudo(fmt.Sprintf("systemctl status %s", name))
-        if err != nil {
-                // systemctl status returns non-zero for non-active services
-                // but we still want to show the output
-                fmt.Print(output)
-                return nil
-        }
-        fmt.Print(output)
-        return nil
-}
diff --git a/cmd/ship/ui.go b/cmd/ship/ui.go
deleted file mode 100644
index cfaea08..0000000
--- a/cmd/ship/ui.go
+++ /dev/null
@@ -1,199 +0,0 @@
-package main
-import (
-        "embed"
-        "encoding/json"
-        "fmt"
-        "html/template"
-        "net/http"
-        "sort"
-        "strconv"
-        "github.com/bdw/ship/internal/state"
-        "github.com/bdw/ship/internal/templates"
-        "github.com/spf13/cobra"
-)
-//go:embed templates/*.html
-var templatesFS embed.FS
-var uiCmd = &cobra.Command{
-        Use:   "ui",
-        Short: "Launch web management UI",
-        RunE:  runUI,
-}
-func init() {
-        uiCmd.Flags().StringP("port", "p", "8080", "Port to run the web UI on")
-}
-func runUI(cmd *cobra.Command, args []string) error {
-        port, _ := cmd.Flags().GetString("port")
-        tmpl, err := template.ParseFS(templatesFS, "templates/webui.html")
-        if err != nil {
-                return fmt.Errorf("error parsing template: %w", err)
-        }
-        http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-                st, err := state.Load()
-                if err != nil {
-                        http.Error(w, fmt.Sprintf("Error loading state: %v", err), http.StatusInternalServerError)
-                        return
-                }
-                type AppData struct {
-                        Name   string
-                        Type   string
-                        Domain string
-                        Port   int
-                        Env    map[string]string
-                        Host   string
-                }
-                type HostData struct {
-                        Host string
-                        Apps []AppData
-                }
-                var hosts []HostData
-                for hostName, host := range st.Hosts {
-                        var apps []AppData
-                        for appName, app := range host.Apps {
-                                apps = append(apps, AppData{
-                                        Name:   appName,
-                                        Type:   app.Type,
-                                        Domain: app.Domain,
-                                        Port:   app.Port,
-                                        Env:    app.Env,
-                                        Host:   hostName,
-                                })
-                        }
-                        sort.Slice(apps, func(i, j int) bool {
-                                return apps[i].Name < apps[j].Name
-                        })
-                        hosts = append(hosts, HostData{
-                                Host: hostName,
-                                Apps: apps,
-                        })
-                }
-                sort.Slice(hosts, func(i, j int) bool {
-                        return hosts[i].Host < hosts[j].Host
-                })
-                data := struct {
-                        Hosts []HostData
-                }{
-                        Hosts: hosts,
-                }
-                if err := tmpl.Execute(w, data); err != nil {
-                        http.Error(w, fmt.Sprintf("Error rendering template: %v", err), http.StatusInternalServerError)
-                        return
-                }
-        })
-        http.HandleFunc("/api/state", func(w http.ResponseWriter, r *http.Request) {
-                st, err := state.Load()
-                if err != nil {
-                        http.Error(w, fmt.Sprintf("Error loading state: %v", err), http.StatusInternalServerError)
-                        return
-                }
-                w.Header().Set("Content-Type", "application/json")
-                json.NewEncoder(w).Encode(st)
-        })
-        http.HandleFunc("/api/configs", func(w http.ResponseWriter, r *http.Request) {
-                host := r.URL.Query().Get("host")
-                appName := r.URL.Query().Get("app")
-                if host == "" || appName == "" {
-                        http.Error(w, "Missing host or app parameter", http.StatusBadRequest)
-                        return
-                }
-                st, err := state.Load()
-                if err != nil {
-                        http.Error(w, fmt.Sprintf("Error loading state: %v", err), http.StatusInternalServerError)
-                        return
-                }
-                app, err := st.GetApp(host, appName)
-                if err != nil {
-                        http.Error(w, fmt.Sprintf("App not found: %v", err), http.StatusNotFound)
-                        return
-                }
-                configs := make(map[string]string)
-                if app.Env != nil && len(app.Env) > 0 {
-                        envContent := ""
-                        for k, v := range app.Env {
-                                envContent += fmt.Sprintf("%s=%s\n", k, v)
-                        }
-                        configs["env"] = envContent
-                        configs["envPath"] = fmt.Sprintf("/etc/ship/env/%s.env", appName)
-                }
-                if app.Type == "app" {
-                        workDir := fmt.Sprintf("/var/lib/%s", appName)
-                        binaryPath := fmt.Sprintf("/usr/local/bin/%s", appName)
-                        envFilePath := fmt.Sprintf("/etc/ship/env/%s.env", appName)
-                        serviceContent, err := templates.SystemdService(map[string]string{
-                                "Name":       appName,
-                                "User":       appName,
-                                "WorkDir":    workDir,
-                                "BinaryPath": binaryPath,
-                                "Port":       strconv.Itoa(app.Port),
-                                "EnvFile":    envFilePath,
-                                "Args":       app.Args,
-                        })
-                        if err != nil {
-                                http.Error(w, fmt.Sprintf("Error rendering systemd service: %v", err), http.StatusInternalServerError)
-                                return
-                        }
-                        configs["systemd"] = serviceContent
-                        configs["systemdPath"] = fmt.Sprintf("/etc/systemd/system/%s.service", appName)
-                        caddyContent, err := templates.AppCaddy(map[string]string{
-                                "Domain": app.Domain,
-                                "Port":   strconv.Itoa(app.Port),
-                        })
-                        if err != nil {
-                                http.Error(w, fmt.Sprintf("Error rendering Caddy config: %v", err), http.StatusInternalServerError)
-                                return
-                        }
-                        configs["caddy"] = caddyContent
-                        configs["caddyPath"] = fmt.Sprintf("/etc/caddy/sites-enabled/%s.caddy", appName)
-                } else if app.Type == "static" {
-                        remoteDir := fmt.Sprintf("/var/www/%s", appName)
-                        caddyContent, err := templates.StaticCaddy(map[string]string{
-                                "Domain":  app.Domain,
-                                "RootDir": remoteDir,
-                        })
-                        if err != nil {
-                                http.Error(w, fmt.Sprintf("Error rendering Caddy config: %v", err), http.StatusInternalServerError)
-                                return
-                        }
-                        configs["caddy"] = caddyContent
-                        configs["caddyPath"] = fmt.Sprintf("/etc/caddy/sites-enabled/%s.caddy", appName)
-                }
-                w.Header().Set("Content-Type", "application/json")
-                json.NewEncoder(w).Encode(configs)
-        })
-        addr := fmt.Sprintf("localhost:%s", port)
-        fmt.Printf("Starting web UI on http://%s\n", addr)
-        fmt.Printf("Press Ctrl+C to stop\n")
-        if err := http.ListenAndServe(addr, nil); err != nil {
-                return fmt.Errorf("error starting server: %w", err)
-        }
-        return nil
-}
diff --git a/cmd/ship/validate.go b/cmd/ship/validate.go
deleted file mode 100644
index 00275af..0000000
--- a/cmd/ship/validate.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package main
-import "github.com/bdw/ship/internal/state"
-// validateName checks that an app/project name is safe for use in shell
-// commands, file paths, systemd units, and DNS labels.
-func validateName(name string) error {
-        return state.ValidateName(name)
-}
diff --git a/cmd/ship/version.go b/cmd/ship/version.go
deleted file mode 100644
index 6e4314a..0000000
--- a/cmd/ship/version.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package main
-import (
-        "fmt"
-        "github.com/spf13/cobra"
-)
-var versionCmd = &cobra.Command{
-        Use:   "version",
-        Short: "Show version information",
-        Run: func(cmd *cobra.Command, args []string) {
-                fmt.Printf("ship version %s\n", version)
-                fmt.Printf("  commit: %s\n", commit)
-                fmt.Printf("  built:  %s\n", date)
-        },
-}
diff --git a/internal/detect/detect.go b/internal/detect/detect.go
new file mode 100644
index 0000000..f3efd22
--- /dev/null
+++ b/internal/detect/detect.go
@@ -0,0 +1,105 @@
+// Package detect provides auto-detection of project types.
+package detect
+import (
+        "os"
+        "path/filepath"
+        "github.com/bdw/ship/internal/output"
+)
+// ProjectType represents the detected deployment type
+type ProjectType string
+const (
+        TypeStatic ProjectType = "static"
+        TypeDocker ProjectType = "docker"
+        TypeBinary ProjectType = "binary"
+)
+// Result is the detection outcome
+type Result struct {
+        Type    ProjectType
+        Path    string // Absolute path to deploy
+        Error   *output.ErrorResponse
+}
+// Detect examines a path and determines how to deploy it.
+// Follows the logic from SPEC.md:
+//   - File: must be executable → binary
+//   - Directory with Dockerfile → docker
+//   - Directory with index.html → static
+//   - Go/Node without Dockerfile → error with guidance
+//   - Empty or unknown → error
+func Detect(path string) Result {
+        absPath, err := filepath.Abs(path)
+        if err != nil {
+                return Result{Error: output.Err(output.ErrInvalidPath, "cannot resolve path: "+err.Error())}
+        }
+        info, err := os.Stat(absPath)
+        if err != nil {
+                if os.IsNotExist(err) {
+                        return Result{Error: output.Err(output.ErrInvalidPath, "path does not exist: "+path)}
+                }
+                return Result{Error: output.Err(output.ErrInvalidPath, "cannot access path: "+err.Error())}
+        }
+        // File: must be executable binary
+        if !info.IsDir() {
+                return detectFile(absPath, info)
+        }
+        // Directory: check contents
+        return detectDirectory(absPath)
+}
+func detectFile(path string, info os.FileInfo) Result {
+        // Check if executable
+        if info.Mode()&0111 == 0 {
+                return Result{Error: output.Err(output.ErrUnknownProjectType, "file is not executable")}
+        }
+        return Result{Type: TypeBinary, Path: path}
+}
+func detectDirectory(path string) Result {
+        // Check for Dockerfile first (highest priority)
+        if hasFile(path, "Dockerfile") {
+                return Result{Type: TypeDocker, Path: path}
+        }
+        // Check for static site
+        if hasFile(path, "index.html") || hasFile(path, "index.htm") {
+                return Result{Type: TypeStatic, Path: path}
+        }
+        // Check for Go project without Dockerfile
+        if hasFile(path, "go.mod") {
+                return Result{Error: output.Err(output.ErrUnknownProjectType,
+                        "Go project without Dockerfile. Add a Dockerfile or build a binary first.")}
+        }
+        // Check for Node project without Dockerfile
+        if hasFile(path, "package.json") {
+                return Result{Error: output.Err(output.ErrUnknownProjectType,
+                        "Node project without Dockerfile. Add a Dockerfile.")}
+        }
+        // Check if empty
+        entries, err := os.ReadDir(path)
+        if err != nil {
+                return Result{Error: output.Err(output.ErrInvalidPath, "cannot read directory: "+err.Error())}
+        }
+        if len(entries) == 0 {
+                return Result{Error: output.Err(output.ErrInvalidPath, "directory is empty")}
+        }
+        // Unknown
+        return Result{Error: output.Err(output.ErrUnknownProjectType,
+                "cannot detect project type. Add a Dockerfile or index.html.")}
+}
+func hasFile(dir, name string) bool {
+        _, err := os.Stat(filepath.Join(dir, name))
+        return err == nil
+}
diff --git a/internal/output/output.go b/internal/output/output.go
new file mode 100644
index 0000000..a9a1036
--- /dev/null
+++ b/internal/output/output.go
@@ -0,0 +1,226 @@
+// Package output provides JSON response types for ship v2.
+// All commands output JSON by default. Human-readable output is opt-in via --pretty.
+package output
+import (
+        "encoding/json"
+        "fmt"
+        "os"
+)
+// Response is the base interface for all output types
+type Response interface {
+        IsError() bool
+}
+// DeployResponse is returned on successful deploy
+type DeployResponse struct {
+        Status  string          `json:"status"`
+        Name    string          `json:"name"`
+        URL     string          `json:"url"`
+        Type    string          `json:"type"` // "static", "docker", "binary"
+        TookMs  int64           `json:"took_ms"`
+        Health  *HealthResult   `json:"health,omitempty"`
+        Expires string          `json:"expires,omitempty"` // ISO 8601, only if TTL set
+}
+func (r DeployResponse) IsError() bool { return false }
+// HealthResult is the health check outcome
+type HealthResult struct {
+        Endpoint  string `json:"endpoint"`
+        Status    int    `json:"status"`
+        LatencyMs int64  `json:"latency_ms"`
+}
+// ListResponse is returned by ship list
+type ListResponse struct {
+        Status  string       `json:"status"`
+        Deploys []DeployInfo `json:"deploys"`
+}
+func (r ListResponse) IsError() bool { return false }
+// DeployInfo is a single deploy in a list
+type DeployInfo struct {
+        Name    string `json:"name"`
+        URL     string `json:"url"`
+        Type    string `json:"type"`
+        Running bool   `json:"running"`
+        Expires string `json:"expires,omitempty"`
+}
+// StatusResponse is returned by ship status
+type StatusResponse struct {
+        Status    string `json:"status"`
+        Name      string `json:"name"`
+        URL       string `json:"url"`
+        Type      string `json:"type"`
+        Running   bool   `json:"running"`
+        Port      int    `json:"port,omitempty"`
+        Expires   string `json:"expires,omitempty"`
+        Memory    string `json:"memory,omitempty"`
+        CPU       string `json:"cpu,omitempty"`
+}
+func (r StatusResponse) IsError() bool { return false }
+// LogsResponse is returned by ship logs
+type LogsResponse struct {
+        Status string   `json:"status"`
+        Name   string   `json:"name"`
+        Lines  []string `json:"lines"`
+}
+func (r LogsResponse) IsError() bool { return false }
+// RemoveResponse is returned by ship remove
+type RemoveResponse struct {
+        Status  string `json:"status"`
+        Name    string `json:"name"`
+        Removed bool   `json:"removed"`
+}
+func (r RemoveResponse) IsError() bool { return false }
+// HostInitResponse is returned by ship host init
+type HostInitResponse struct {
+        Status    string   `json:"status"`
+        Host      string   `json:"host"`
+        Domain    string   `json:"domain"`
+        Installed []string `json:"installed"`
+}
+func (r HostInitResponse) IsError() bool { return false }
+// ErrorResponse is returned on any failure
+type ErrorResponse struct {
+        Status  string `json:"status"` // always "error"
+        Code    string `json:"code"`
+        Message string `json:"message"`
+        Name    string `json:"name,omitempty"`
+        URL     string `json:"url,omitempty"`
+}
+func (r ErrorResponse) IsError() bool { return true }
+// Error implements the error interface for compatibility with v1 code
+func (r *ErrorResponse) Error() string { return r.Message }
+// Error codes
+const (
+        ErrInvalidPath         = "INVALID_PATH"
+        ErrInvalidArgs         = "INVALID_ARGS"
+        ErrUnknownProjectType  = "UNKNOWN_PROJECT_TYPE"
+        ErrSSHConnectFailed    = "SSH_CONNECT_FAILED"
+        ErrSSHAuthFailed       = "SSH_AUTH_FAILED"
+        ErrUploadFailed        = "UPLOAD_FAILED"
+        ErrBuildFailed         = "BUILD_FAILED"
+        ErrServiceFailed       = "SERVICE_FAILED"
+        ErrCaddyFailed         = "CADDY_FAILED"
+        ErrHealthCheckFailed   = "HEALTH_CHECK_FAILED"
+        ErrHealthCheckTimeout  = "HEALTH_CHECK_TIMEOUT"
+        ErrNotFound            = "NOT_FOUND"
+        ErrConflict            = "CONFLICT"
+        ErrHostNotConfigured   = "HOST_NOT_CONFIGURED"
+        ErrInvalidTTL          = "INVALID_TTL"
+        ErrInvalidName         = "INVALID_NAME"
+        ErrPortExhausted       = "PORT_EXHAUSTED"
+)
+// Exit codes
+const (
+        ExitSuccess       = 0
+        ExitDeployFailed  = 1
+        ExitInvalidArgs   = 2
+        ExitSSHFailed     = 3
+        ExitHealthFailed  = 4
+)
+// Pretty controls human-readable output
+var Pretty bool
+// Print outputs the response as JSON (or pretty if enabled)
+func Print(r Response) {
+        if Pretty {
+                printPretty(r)
+                return
+        }
+        enc := json.NewEncoder(os.Stdout)
+        enc.Encode(r)
+}
+// PrintAndExit outputs the response and exits with appropriate code
+func PrintAndExit(r Response) {
+        Print(r)
+        if r.IsError() {
+                os.Exit(exitCodeForError(r.(*ErrorResponse).Code))
+        }
+        os.Exit(ExitSuccess)
+}
+// Err creates an ErrorResponse
+func Err(code, message string) *ErrorResponse {
+        return &ErrorResponse{
+                Status:  "error",
+                Code:    code,
+                Message: message,
+        }
+}
+// ErrWithName creates an ErrorResponse with name context
+func ErrWithName(code, message, name string) *ErrorResponse {
+        return &ErrorResponse{
+                Status:  "error",
+                Code:    code,
+                Message: message,
+                Name:    name,
+        }
+}
+func exitCodeForError(code string) int {
+        switch code {
+        case ErrSSHConnectFailed, ErrSSHAuthFailed:
+                return ExitSSHFailed
+        case ErrHealthCheckFailed, ErrHealthCheckTimeout:
+                return ExitHealthFailed
+        case ErrInvalidPath, ErrInvalidTTL, ErrInvalidName, ErrHostNotConfigured, ErrInvalidArgs:
+                return ExitInvalidArgs
+        default:
+                return ExitDeployFailed
+        }
+}
+func printPretty(r Response) {
+        switch v := r.(type) {
+        case *DeployResponse:
+                fmt.Printf("✓ Deployed to %s (%.1fs)\n", v.URL, float64(v.TookMs)/1000)
+        case *ListResponse:
+                if len(v.Deploys) == 0 {
+                        fmt.Println("No deployments")
+                        return
+                }
+                fmt.Printf("%-20s %-40s %-8s %s\n", "NAME", "URL", "TYPE", "STATUS")
+                for _, d := range v.Deploys {
+                        status := "running"
+                        if !d.Running {
+                                status = "stopped"
+                        }
+                        if d.Expires != "" {
+                                status += " (expires " + d.Expires + ")"
+                        }
+                        fmt.Printf("%-20s %-40s %-8s %s\n", d.Name, d.URL, d.Type, status)
+                }
+        case *RemoveResponse:
+                fmt.Printf("✓ Removed %s\n", v.Name)
+        case *ErrorResponse:
+                fmt.Printf("✗ %s: %s\n", v.Code, v.Message)
+        case *HostInitResponse:
+                fmt.Printf("✓ Initialized %s with domain %s\n", v.Host, v.Domain)
+        default:
+                // Fallback to JSON
+                enc := json.NewEncoder(os.Stdout)
+                enc.SetIndent("", "  ")
+                enc.Encode(r)
+        }
+}
diff --git a/internal/state/state.go b/internal/state/state.go
index c9aa21d..9b06179 100644
--- a/internal/state/state.go
+++ b/internal/state/state.go
@@ -8,38 +8,18 @@ import (
        "regexp"
 )
-// State represents the entire local deployment state
+// State represents the local ship configuration
 type State struct {
        DefaultHost string           `json:"default_host,omitempty"`
        Hosts       map[string]*Host `json:"hosts"`
 }
-// Host represents deployment state for a single VPS
+// Host represents configuration for a single VPS
 type Host struct {
-        NextPort   int             `json:"next_port"`
+        BaseDomain string `json:"base_domain,omitempty"`
-        BaseDomain string          `json:"base_domain,omitempty"`
+        GitSetup   bool   `json:"git_setup,omitempty"`
-        GitSetup   bool            `json:"git_setup,omitempty"`
-        Apps       map[string]*App `json:"apps"`
 }
-// App represents a deployed application or static site
-type App struct {
-        Type   string            `json:"type"`             // "app", "static", "git-app", or "git-static"
-        Domain string            `json:"domain"`
-        Port   int               `json:"port,omitempty"`   // only for type="app" or "git-app"
-        Repo   string            `json:"repo,omitempty"`   // only for git types, e.g. "/srv/git/foo.git"
-        Public bool              `json:"public,omitempty"` // only for git types, enables HTTP clone access
-        Env    map[string]string `json:"env,omitempty"`    // only for type="app" or "git-app"
-        Args   string            `json:"args,omitempty"`   // only for type="app"
-        Files  []string          `json:"files,omitempty"`  // only for type="app"
-        Memory string            `json:"memory,omitempty"` // only for type="app"
-        CPU    string            `json:"cpu,omitempty"`    // only for type="app"
-}
-const (
-        startPort = 8001
-)
 var validName = regexp.MustCompile(`^[a-z][a-z0-9-]{0,62}$`)
 // ValidateName checks that a name is safe for use in shell commands,
@@ -55,7 +35,6 @@ func ValidateName(name string) error {
 func Load() (*State, error) {
        path := statePath()
-        // If file doesn't exist, return empty state
        if _, err := os.Stat(path); os.IsNotExist(err) {
                return &State{
                        Hosts: make(map[string]*Host),
@@ -72,7 +51,6 @@ func Load() (*State, error) {
                return nil, fmt.Errorf("failed to parse state file: %w", err)
        }
-        // Initialize maps if nil
        if state.Hosts == nil {
                state.Hosts = make(map[string]*Host)
        }
@@ -84,7 +62,6 @@ func Load() (*State, error) {
 func (s *State) Save() error {
        path := statePath()
-        // Ensure directory exists
        dir := filepath.Dir(path)
        if err := os.MkdirAll(dir, 0755); err != nil {
                return fmt.Errorf("failed to create config directory: %w", err)
@@ -102,60 +79,14 @@ func (s *State) Save() error {
        return nil
 }
-// GetHost returns the host state, creating it if it doesn't exist
+// GetHost returns the host config, creating it if it doesn't exist
 func (s *State) GetHost(host string) *Host {
        if s.Hosts[host] == nil {
-                s.Hosts[host] = &Host{
+                s.Hosts[host] = &Host{}
-                        NextPort: startPort,
-                        Apps:     make(map[string]*App),
-                }
-        }
-        if s.Hosts[host].Apps == nil {
-                s.Hosts[host].Apps = make(map[string]*App)
        }
        return s.Hosts[host]
 }
-// AllocatePort returns the next available port for a host
-func (s *State) AllocatePort(host string) int {
-        h := s.GetHost(host)
-        port := h.NextPort
-        h.NextPort++
-        return port
-}
-// AddApp adds or updates an app in the state
-func (s *State) AddApp(host, name string, app *App) {
-        h := s.GetHost(host)
-        h.Apps[name] = app
-}
-// RemoveApp removes an app from the state
-func (s *State) RemoveApp(host, name string) error {
-        h := s.GetHost(host)
-        if _, exists := h.Apps[name]; !exists {
-                return fmt.Errorf("app %s not found", name)
-        }
-        delete(h.Apps, name)
-        return nil
-}
-// GetApp returns an app from the state
-func (s *State) GetApp(host, name string) (*App, error) {
-        h := s.GetHost(host)
-        app, exists := h.Apps[name]
-        if !exists {
-                return nil, fmt.Errorf("app %s not found", name)
-        }
-        return app, nil
-}
-// ListApps returns all apps for a host
-func (s *State) ListApps(host string) map[string]*App {
-        h := s.GetHost(host)
-        return h.Apps
-}
 // GetDefaultHost returns the default host, or empty string if not set
 func (s *State) GetDefaultHost() string {
        return s.DefaultHost
@@ -166,11 +97,9 @@ func (s *State) SetDefaultHost(host string) {
        s.DefaultHost = host
 }
-// statePath returns the path to the state file
 func statePath() string {
        home, err := os.UserHomeDir()
        if err != nil {
-                // Fallback to current directory (should rarely happen)
                return ".ship-state.json"
        }
        return filepath.Join(home, ".config", "ship", "state.json")
diff --git a/internal/templates/templates.go b/internal/templates/templates.go
index b68a504..2163f47 100644
--- a/internal/templates/templates.go
+++ b/internal/templates/templates.go
@@ -216,7 +216,7 @@ Requires=docker.service
 Type=simple
 ExecStartPre=-/usr/bin/docker rm -f {{.Name}}
 ExecStart=/usr/bin/docker run --rm --name {{.Name}} \
-  -p 127.0.0.1:{{.Port}}:{{.Port}} \
+  -p 127.0.0.1:{{.Port}}:{{.ContainerPort}} \
  --env-file /etc/ship/env/{{.Name}}.env \
  -v /var/lib/{{.Name}}/data:/data \
  {{.Name}}:latest
diff --git a/ship-new b/ship-new
new file mode 100755
index 0000000..28b9780
--- /dev/null
+++ b/ship-new
Binary files differ
diff --git a/website/index.html b/website/index.html
new file mode 100644
index 0000000..e7e6d7a
--- /dev/null
+++ b/website/index.html
@@ -0,0 +1,216 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>ship — deploy to your VPS</title>
+  <style>
+    :root {
+      --bg: #f5f2eb;
+      --fg: #2c2c2c;
+      --muted: #6b6b6b;
+      --accent: #1a1a1a;
+      --border: #d4d0c8;
+    }
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: 'JetBrains Mono', 'IBM Plex Mono', ui-monospace, monospace;
+      font-size: 16px;
+      line-height: 1.6;
+      background: var(--bg);
+      color: var(--fg);
+    }
+    main {
+      max-width: 640px;
+      margin: 0 auto;
+      padding: 4rem 1.5rem;
+    }
+    h1 {
+      font-size: 1.5rem;
+      font-weight: 600;
+      margin-bottom: 0.5rem;
+    }
+    .tagline {
+      color: var(--muted);
+      margin-bottom: 3rem;
+    }
+    section {
+      margin-bottom: 3rem;
+    }
+    h2 {
+      font-size: 0.875rem;
+      font-weight: 600;
+      text-transform: uppercase;
+      letter-spacing: 0.05em;
+      color: var(--muted);
+      margin-bottom: 1rem;
+    }
+    p {
+      margin-bottom: 1rem;
+    }
+    pre {
+      background: var(--accent);
+      color: var(--bg);
+      padding: 1rem 1.25rem;
+      overflow-x: auto;
+      font-size: 0.875rem;
+      line-height: 1.7;
+      margin-bottom: 1rem;
+    }
+    code {
+      font-family: inherit;
+    }
+    .comment { color: #888; }
+    .output { color: #a0a0a0; }
+    ul {
+      list-style: none;
+      margin-bottom: 1rem;
+    }
+    li {
+      padding-left: 1.25rem;
+      position: relative;
+      margin-bottom: 0.5rem;
+    }
+    li::before {
+      content: "—";
+      position: absolute;
+      left: 0;
+      color: var(--muted);
+    }
+    a {
+      color: var(--fg);
+      text-decoration: underline;
+      text-underline-offset: 2px;
+    }
+    a:hover {
+      color: var(--muted);
+    }
+    .features {
+      display: grid;
+      gap: 1.5rem;
+      margin-bottom: 1rem;
+    }
+    .feature {
+      border: 1px solid var(--border);
+      padding: 1rem 1.25rem;
+    }
+    .feature strong {
+      display: block;
+      margin-bottom: 0.25rem;
+    }
+    .feature span {
+      color: var(--muted);
+      font-size: 0.875rem;
+    }
+    footer {
+      border-top: 1px solid var(--border);
+      padding-top: 2rem;
+      color: var(--muted);
+      font-size: 0.875rem;
+    }
+  </style>
+</head>
+<body>
+  <main>
+    <header>
+      <h1>ship</h1>
+      <p class="tagline">Deploy code to your VPS. Get a URL back.</p>
+    </header>
+    <section>
+      <h2>What it does</h2>
+      <p>Point ship at a directory or binary. It figures out what you're deploying, uploads it, configures HTTPS, and gives you a URL. No containers required. No YAML. No config files.</p>
+      <p>Built for AI agents. JSON output by default, predictable behavior, and an <a href="https://github.com/bdw/ship/tree/main/skill">agent skill</a> so your assistant can deploy code without hand-holding.</p>
+    </section>
+    <section>
+      <h2>Usage</h2>
+      <pre><span class="comment"># static site</span>
+ship ./dist
+<span class="output">→ https://ship-a1b2c3.example.com</span>
+<span class="comment"># with a name</span>
+ship ./dist --name docs
+<span class="output">→ https://docs.example.com</span>
+<span class="comment"># binary with health check</span>
+ship ./myapp --name api --health /healthz
+<span class="output">→ https://api.example.com</span>
+<span class="comment"># temporary preview (auto-deletes)</span>
+ship ./preview --ttl 1h
+<span class="output">→ https://ship-x7y8z9.example.com (expires in 1h)</span>
+<span class="comment"># custom domain</span>
+ship ./site --domain myapp.com
+<span class="output">→ https://myapp.com</span></pre>
+    </section>
+    <section>
+      <h2>Features</h2>
+      <div class="features">
+        <div class="feature">
+          <strong>Auto-detection</strong>
+          <span>Static sites, Docker apps, binaries — ship figures it out.</span>
+        </div>
+        <div class="feature">
+          <strong>Automatic HTTPS</strong>
+          <span>Caddy handles certificates. You get HTTPS by default.</span>
+        </div>
+        <div class="feature">
+          <strong>TTL support</strong>
+          <span>Temporary deploys that clean themselves up.</span>
+        </div>
+        <div class="feature">
+          <strong>JSON output</strong>
+          <span>Built for scripts and automation. Parseable by default.</span>
+        </div>
+      </div>
+    </section>
+    <section>
+      <h2>One-time setup</h2>
+      <pre><span class="comment"># point ship at your VPS</span>
+ship host init user@your-server --domain example.com</pre>
+      <p>That's it. No manual VPS configuration. Init installs everything — Caddy, Docker, systemd services, SSH keys. Just bring a fresh VPS with SSH access (Ubuntu/Debian).</p>
+    </section>
+    <section>
+      <h2>Commands</h2>
+      <ul>
+        <li><code>ship &lt;path&gt;</code> — deploy</li>
+        <li><code>ship list</code> — show all deployments</li>
+        <li><code>ship status &lt;name&gt;</code> — check a deployment</li>
+        <li><code>ship logs &lt;name&gt;</code> — view logs</li>
+        <li><code>ship remove &lt;name&gt;</code> — take it down</li>
+      </ul>
+    </section>
+    <footer>
+      <p>Built for people who just want to put things on the internet.</p>
+      <p><a href="https://code.northwest.io/ship.git">source</a></p>
+    </footer>
+  </main>
+</body>
+</html>
author	Clawd <ai@clawd.bot>	2026-02-17 08:11:19 -0800
committer	Clawd <ai@clawd.bot>	2026-02-17 08:11:19 -0800
commit	6f02ec84a8299fc5577f147cc8741c8a4b162b64 (patch)
tree	020f3690e92732dcba723be0cfaef649f46de137
parent	4b5a2656df13181b637c59c29ff31751e11cf22a (diff)
parent	05ea98df57599775c1d5bfea336012b075531670 (diff)