Merge pull request 'multi-port-service' (#980 ) from multi-port-service into main

Reviewed-on: cerc-io/stack-orchestrator#980
Merge origin/main into multi-port-service
2026-01-24 23:05:14 +00:00 · 2026-01-24 16:48:11 -05:00 · 2026-01-24 16:39:11 -05:00 · 2026-01-24 16:39:00 -05:00 · 2026-01-24 15:44:54 -05:00 · 2026-01-24 15:14:48 -05:00
172 changed files with 8170 additions and 1687 deletions
--- a/.gitea/workflows/fixturenet-eth-plugeth-test.yml
+++ b/.gitea/workflows/fixturenet-eth-plugeth-test.yml
@ -1,57 +0,0 @@
 name: Fixturenet-Eth-Plugeth-Test
 on:
  push:
    branches: '*'
    paths:
      - '!**'
      - '.gitea/workflows/triggers/fixturenet-eth-plugeth-test'
  schedule: # Note: coordinate with other tests to not overload runners at the same time of day
    - cron: '2 14 * * *'
 jobs:
  test:
    name: "Run an Ethereum plugeth fixturenet test"
    runs-on: ubuntu-latest
    steps:
      - name: "Clone project repository"
        uses: actions/checkout@v3
      # At present the stock setup-python action fails on Linux/aarch64
      # Conditional steps below workaroud this by using deadsnakes for that case only
      - name: "Install Python for ARM on Linux"
        if: ${{ runner.arch == 'arm64' && runner.os == 'Linux' }}
        uses: deadsnakes/action@v3.0.1
        with:
          python-version: '3.8'
      - name: "Install Python cases other than ARM on Linux"
        if: ${{ ! (runner.arch == 'arm64' && runner.os == 'Linux') }}
        uses: actions/setup-python@v4
        with:
          python-version: '3.8'
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
        run: pip install shiv
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
        run: ./scripts/build_shiv_package.sh
      - name: "Run fixturenet-eth tests"
        run: ./tests/fixturenet-eth-plugeth/run-test.sh
      - name: Notify Vulcanize Slack on CI failure
        if: ${{ always() && github.ref_name == 'main' }}
        uses: ravsamhq/notify-slack-action@v2
        with:
          status: ${{ job.status }}
          notify_when: 'failure'
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.VULCANIZE_SLACK_CI_ALERTS }}
      - name: Notify DeepStack Slack on CI failure
        if: ${{ always() && github.ref_name == 'main' }}
        uses: ravsamhq/notify-slack-action@v2
        with:
          status: ${{ job.status }}
          notify_when: 'failure'
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.DEEPSTACK_SLACK_CI_ALERTS }}
--- a/.gitea/workflows/fixturenet-eth-test.yml
+++ b/.gitea/workflows/fixturenet-eth-test.yml
@ -1,55 +0,0 @@
 name: Fixturenet-Eth-Test
 on:
  push:
    branches: '*'
    paths:
      - '!**'
      - '.gitea/workflows/triggers/fixturenet-eth-test'
 jobs:
  test:
    name: "Run an Ethereum fixturenet test"
    runs-on: ubuntu-latest
    steps:
      - name: "Clone project repository"
        uses: actions/checkout@v3
      # At present the stock setup-python action fails on Linux/aarch64
      # Conditional steps below workaroud this by using deadsnakes for that case only
      - name: "Install Python for ARM on Linux"
        if: ${{ runner.arch == 'arm64' && runner.os == 'Linux' }}
        uses: deadsnakes/action@v3.0.1
        with:
          python-version: '3.8'
      - name: "Install Python cases other than ARM on Linux"
        if: ${{ ! (runner.arch == 'arm64' && runner.os == 'Linux') }}
        uses: actions/setup-python@v4
        with:
          python-version: '3.8'
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
        run: pip install shiv
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
        run: ./scripts/build_shiv_package.sh
      - name: "Run fixturenet-eth tests"
        run: ./tests/fixturenet-eth/run-test.sh
      - name: Notify Vulcanize Slack on CI failure
        if: ${{ always() && github.ref_name == 'main' }}
        uses: ravsamhq/notify-slack-action@v2
        with:
          status: ${{ job.status }}
          notify_when: 'failure'
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.VULCANIZE_SLACK_CI_ALERTS }}
      - name: Notify DeepStack Slack on CI failure
        if: ${{ always() && github.ref_name == 'main' }}
        uses: ravsamhq/notify-slack-action@v2
        with:
          status: ${{ job.status }}
          notify_when: 'failure'
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.DEEPSTACK_SLACK_CI_ALERTS }}
--- a/.gitea/workflows/fixturenet-laconicd-test.yml
+++ b/.gitea/workflows/fixturenet-laconicd-test.yml
@ -39,7 +39,7 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
--- a/.gitea/workflows/publish.yml
+++ b/.gitea/workflows/publish.yml
@ -35,7 +35,7 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Build local shiv package"
        id: build
        run: |
--- a/.gitea/workflows/test-container-registry.yml
+++ b/.gitea/workflows/test-container-registry.yml
@ -33,7 +33,7 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
--- a/.gitea/workflows/test-database.yml
+++ b/.gitea/workflows/test-database.yml
@ -33,7 +33,7 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
--- a/.gitea/workflows/test-deploy.yml
+++ b/.gitea/workflows/test-deploy.yml
@ -2,7 +2,8 @@ name: Deploy Test
 on:
  pull_request:
-    branches: '*'
+    branches:
      - main
  push:
    branches:
      - main
@ -33,7 +34,7 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
--- a/.gitea/workflows/test-external-stack.yml
+++ b/.gitea/workflows/test-external-stack.yml
@ -33,7 +33,7 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
--- a/.gitea/workflows/test-k8s-deploy.yml
+++ b/.gitea/workflows/test-k8s-deploy.yml
@ -2,7 +2,8 @@ name: K8s Deploy Test
 on:
  pull_request:
-    branches: '*'
+    branches:
      - main
  push:
    branches: '*'
    paths:
@ -35,7 +36,7 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
--- a/.gitea/workflows/fixturenet-eth-plugeth-arm-test.yml
+++ b/.gitea/workflows/fixturenet-eth-plugeth-arm-test.yml
@ -1,19 +1,23 @@
-name: Fixturenet-Eth-Plugeth-Arm-Test
+name: K8s Deployment Control Test
 on:
  pull_request:
    branches:
      - main
  push:
    branches: '*'
    paths:
      - '!**'
-      - '.gitea/workflows/triggers/fixturenet-eth-plugeth-arm-test'
+      - '.gitea/workflows/triggers/test-k8s-deployment-control'
      - '.gitea/workflows/test-k8s-deployment-control.yml'
      - 'tests/k8s-deployment-control/run-test.sh'
  schedule: # Note: coordinate with other tests to not overload runners at the same time of day
-    - cron: '2 14 * * *'
+    - cron: '3 30 * * *'
 jobs:
  test:
-    name: "Run an Ethereum plugeth fixturenet test"
+    name: "Run deployment control suite on kind/k8s"
-    runs-on: ubuntu-latest-arm
+    runs-on: ubuntu-22.04
    steps:
      - name: "Clone project repository"
        uses: actions/checkout@v3
@ -32,13 +36,22 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
        run: ./scripts/build_shiv_package.sh
-      - name: "Run fixturenet-eth tests"
+      - name: "Check cgroups version"
-        run: ./tests/fixturenet-eth-plugeth/run-test.sh
+        run: mount | grep cgroup
      - name: "Install kind"
        run: ./tests/scripts/install-kind.sh
      - name: "Install Kubectl"
        run: ./tests/scripts/install-kubectl.sh
      - name: "Run k8s deployment control test"
        run: |
          source /opt/bash-utils/cgroup-helper.sh
          join_cgroup
          ./tests/k8s-deployment-control/run-test.sh
      - name: Notify Vulcanize Slack on CI failure
        if: ${{ always() && github.ref_name == 'main' }}
        uses: ravsamhq/notify-slack-action@v2
--- a/.gitea/workflows/test-webapp.yml
+++ b/.gitea/workflows/test-webapp.yml
@ -2,7 +2,8 @@ name: Webapp Test
 on:
  pull_request:
-    branches: '*'
+    branches:
      - main
  push:
    branches:
      - main
@ -32,7 +33,7 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
--- a/.gitea/workflows/test.yml
+++ b/.gitea/workflows/test.yml
@ -33,7 +33,7 @@ jobs:
      - name: "Print Python version"
        run: python3 --version
      - name: "Install shiv"
-        run: pip install shiv
+        run: pip install shiv==1.0.6
      - name: "Generate build version file"
        run: ./scripts/create_build_tag_file.sh
      - name: "Build local shiv package"
--- a/.gitea/workflows/triggers/fixturenet-eth-plugeth-arm-test
+++ b/.gitea/workflows/triggers/fixturenet-eth-plugeth-arm-test
@ -1,2 +0,0 @@
 Change this file to trigger running the fixturenet-eth-plugeth-arm-test CI job
--- a/.gitea/workflows/triggers/fixturenet-eth-plugeth-test
+++ b/.gitea/workflows/triggers/fixturenet-eth-plugeth-test
@ -1,3 +0,0 @@
 Change this file to trigger running the fixturenet-eth-plugeth-test CI job
 trigger
 trigger
--- a/.gitea/workflows/triggers/fixturenet-eth-test
+++ b/.gitea/workflows/triggers/fixturenet-eth-test
@ -1,2 +0,0 @@
 Change this file to trigger running the fixturenet-eth-test CI job
--- a/.gitea/workflows/triggers/fixturenet-laconicd-test
+++ b/.gitea/workflows/triggers/fixturenet-laconicd-test
@ -7,3 +7,4 @@ Trigger
 Trigger
 Trigger
 Trigger
 Trigger
--- a/.gitea/workflows/triggers/test-container-registry
+++ b/.gitea/workflows/triggers/test-container-registry
@ -1 +1,3 @@
 Change this file to trigger running the test-container-registry CI job
 Triggered: 2026-01-21
 Triggered: 2026-01-21 19:28:29
--- a/.gitea/workflows/triggers/test-k8s-deployment-control
+++ b/.gitea/workflows/triggers/test-k8s-deployment-control
--- a/.github/workflows/triggers/fixturenet-eth-test
+++ b/.github/workflows/triggers/fixturenet-eth-test
@ -1,2 +1 @@
 Change this file to trigger running the fixturenet-eth-test CI job
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,34 @@
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      - id: trailing-whitespace
      - id: end-of-file-fixer
      - id: check-yaml
        args: ['--allow-multiple-documents']
      - id: check-json
      - id: check-merge-conflict
      - id: check-added-large-files
  - repo: https://github.com/psf/black
    rev: 23.12.1
    hooks:
      - id: black
        language_version: python3
  - repo: https://github.com/PyCQA/flake8
    rev: 7.1.1
    hooks:
      - id: flake8
        args: ['--max-line-length=88', '--extend-ignore=E203,W503,E402']
  - repo: https://github.com/RobertCraigie/pyright-python
    rev: v1.1.345
    hooks:
      - id: pyright
  - repo: https://github.com/adrienverge/yamllint
    rev: v1.35.1
    hooks:
      - id: yamllint
        args: [-d, relaxed]
--- a/AI-FRIENDLY-PLAN.md
+++ b/AI-FRIENDLY-PLAN.md
@ -0,0 +1,151 @@
 # Plan: Make Stack-Orchestrator AI-Friendly
 ## Goal
 Make the stack-orchestrator repository easier for AI tools (Claude Code, Cursor, Copilot) to understand and use for generating stacks, including adding a `create-stack` command.
 ---
 ## Part 1: Documentation & Context Files
 ### 1.1 Add CLAUDE.md
 Create a root-level context file for AI assistants.
 **File:** `CLAUDE.md`
 Contents:
 - Project overview (what stack-orchestrator does)
 - Stack creation workflow (step-by-step)
 - File naming conventions
 - Required vs optional fields in stack.yml
 - Common patterns and anti-patterns
 - Links to example stacks (simple, medium, complex)
 ### 1.2 Add JSON Schema for stack.yml
 Create formal validation schema.
 **File:** `schemas/stack-schema.json`
 Benefits:
 - AI tools can validate generated stacks
 - IDEs provide autocomplete
 - CI can catch errors early
 ### 1.3 Add Template Stack with Comments
 Create an annotated template for reference.
 **File:** `stack_orchestrator/data/stacks/_template/stack.yml`
 ```yaml
 # Stack definition template - copy this directory to create a new stack
 version: "1.2"  # Required: 1.0, 1.1, or 1.2
 name: my-stack  # Required: lowercase, hyphens only
 description: "Human-readable description"  # Optional
 repos:          # Git repositories to clone
  - github.com/org/repo
 containers:     # Container images to build (must have matching container-build/)
  - cerc/my-container
 pods:           # Deployment units (must have matching docker-compose-{pod}.yml)
  - my-pod
 ```
 ### 1.4 Document Validation Rules
 Create explicit documentation of constraints currently scattered in code.
 **File:** `docs/stack-format.md`
 Contents:
 - Container names must start with `cerc/`
 - Pod names must match compose file: `docker-compose-{pod}.yml`
 - Repository format: `host/org/repo[@ref]`
 - Stack directory name should match `name` field
 - Version field options and differences
 ---
 ## Part 2: Add `create-stack` Command
 ### 2.1 Command Overview
 ```bash
 laconic-so create-stack --repo github.com/org/my-app [--name my-app] [--type webapp]
 ```
 **Behavior:**
 1. Parse repo URL to extract app name (if --name not provided)
 2. Create `stacks/{name}/stack.yml`
 3. Create `container-build/cerc-{name}/Dockerfile` and `build.sh`
 4. Create `compose/docker-compose-{name}.yml`
 5. Update list files (repository-list.txt, container-image-list.txt, pod-list.txt)
 ### 2.2 Files to Create
 | File | Purpose |
 |------|---------|
 | `stack_orchestrator/create/__init__.py` | Package init |
 | `stack_orchestrator/create/create_stack.py` | Command implementation |
 ### 2.3 Files to Modify
 | File | Change |
 |------|--------|
 | `stack_orchestrator/main.py` | Add import and `cli.add_command()` |
 ### 2.4 Command Options
 | Option | Required | Description |
 |--------|----------|-------------|
 | `--repo` | Yes | Git repository URL (e.g., github.com/org/repo) |
 | `--name` | No | Stack name (defaults to repo name) |
 | `--type` | No | Template type: webapp, service, empty (default: webapp) |
 | `--force` | No | Overwrite existing files |
 ### 2.5 Template Types
 | Type | Base Image | Port | Use Case |
 |------|------------|------|----------|
 | webapp | node:20-bullseye-slim | 3000 | React/Vue/Next.js apps |
 | service | python:3.11-slim | 8080 | Python backend services |
 | empty | none | none | Custom from scratch |
 ---
 ## Part 3: Implementation Summary
 ### New Files (6)
 1. `CLAUDE.md` - AI assistant context
 2. `schemas/stack-schema.json` - Validation schema
 3. `stack_orchestrator/data/stacks/_template/stack.yml` - Annotated template
 4. `docs/stack-format.md` - Stack format documentation
 5. `stack_orchestrator/create/__init__.py` - Package init
 6. `stack_orchestrator/create/create_stack.py` - Command implementation
 ### Modified Files (1)
 1. `stack_orchestrator/main.py` - Register create-stack command
 ---
 ## Verification
 ```bash
 # 1. Command appears in help
 laconic-so --help | grep create-stack
 # 2. Dry run works
 laconic-so --dry-run create-stack --repo github.com/org/test-app
 # 3. Creates all expected files
 laconic-so create-stack --repo github.com/org/test-app
 ls stack_orchestrator/data/stacks/test-app/
 ls stack_orchestrator/data/container-build/cerc-test-app/
 ls stack_orchestrator/data/compose/docker-compose-test-app.yml
 # 4. Build works with generated stack
 laconic-so --stack test-app build-containers
 ```
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -0,0 +1,50 @@
 # CLAUDE.md
 This file provides guidance to Claude Code when working with the stack-orchestrator project.
 ## Some rules to follow
 NEVER speculate about the cause of something
 NEVER assume your hypotheses are true without evidence
 ALWAYS clearly state when something is a hypothesis
 ALWAYS use evidence from the systems your interacting with to support your claims and hypotheses
 ## Key Principles
 ### Development Guidelines
 - **Single responsibility** - Each component has one clear purpose
 - **Fail fast** - Let errors propagate, don't hide failures
 - **DRY/KISS** - Minimize duplication and complexity
 ## Development Philosophy: Conversational Literate Programming
 ### Approach
 This project follows principles inspired by literate programming, where development happens through explanatory conversation rather than code-first implementation.
 ### Core Principles
 - **Documentation-First**: All changes begin with discussion of intent and reasoning
 - **Narrative-Driven**: Complex systems are explained through conversational exploration
 - **Justification Required**: Every coding task must have a corresponding TODO.md item explaining the "why"
 - **Iterative Understanding**: Architecture and implementation evolve through dialogue
 ### Working Method
 1. **Explore and Understand**: Read existing code to understand current state
 2. **Discuss Architecture**: Workshop complex design decisions through conversation
 3. **Document Intent**: Update TODO.md with clear justification before coding
 4. **Explain Changes**: Each modification includes reasoning and context
 5. **Maintain Narrative**: Conversations serve as living documentation of design evolution
 ### Implementation Guidelines
 - Treat conversations as primary documentation
 - Explain architectural decisions before implementing
 - Use TODO.md as the "literate document" that justifies all work
 - Maintain clear narrative threads across sessions
 - Workshop complex ideas before coding
 This approach treats the human-AI collaboration as a form of **conversational literate programming** where understanding emerges through dialogue before code implementation.
 ## Insights and Observations
 ### Design Principles
 - **When something times out that doesn't mean it needs a longer timeout it means something that was expected never happened, not that we need to wait longer for it.**
 - **NEVER change a timeout because you believe something truncated, you don't understand timeouts, don't edit them unless told to explicitly by user.**
--- a/README.md
+++ b/README.md
@ -78,5 +78,3 @@ See the [CONTRIBUTING.md](/docs/CONTRIBUTING.md) for developer mode install.
 ## Platform Support
 Native aarm64 is _not_ currently supported. x64 emulation on ARM64 macos should work (not yet tested).
--- a/STACK-CREATION-GUIDE.md
+++ b/STACK-CREATION-GUIDE.md
@ -0,0 +1,413 @@
 # Implementing `laconic-so create-stack` Command
 A plan for adding a new CLI command to scaffold stack files automatically.
 ---
 ## Overview
 Add a `create-stack` command that generates all required files for a new stack:
 ```bash
 laconic-so create-stack --name my-stack --type webapp
 ```
 **Output:**
 ```
 stack_orchestrator/data/
 ├── stacks/my-stack/stack.yml
 ├── container-build/cerc-my-stack/
 │   ├── Dockerfile
 │   └── build.sh
 └── compose/docker-compose-my-stack.yml
 Updated: repository-list.txt, container-image-list.txt, pod-list.txt
 ```
 ---
 ## CLI Architecture Summary
 ### Command Registration Pattern
 Commands are Click functions registered in `main.py`:
 ```python
 # main.py (line ~70)
 from stack_orchestrator.create import create_stack
 cli.add_command(create_stack.command, "create-stack")
 ```
 ### Global Options Access
 ```python
 from stack_orchestrator.opts import opts
 if not opts.o.quiet:
    print("message")
 if opts.o.dry_run:
    print("(would create files)")
 ```
 ### Key Utilities
 | Function | Location | Purpose |
 |----------|----------|---------|
 | `get_yaml()` | `util.py` | YAML parser (ruamel.yaml) |
 | `get_stack_path(stack)` | `util.py` | Resolve stack directory path |
 | `error_exit(msg)` | `util.py` | Print error and exit(1) |
 ---
 ## Files to Create
 ### 1. Command Module
 **`stack_orchestrator/create/__init__.py`**
 ```python
 # Empty file to make this a package
 ```
 **`stack_orchestrator/create/create_stack.py`**
 ```python
 import click
 import os
 from pathlib import Path
 from shutil import copy
 from stack_orchestrator.opts import opts
 from stack_orchestrator.util import error_exit, get_yaml
 # Template types
 STACK_TEMPLATES = {
    "webapp": {
        "description": "Web application with Node.js",
        "base_image": "node:20-bullseye-slim",
        "port": 3000,
    },
    "service": {
        "description": "Backend service",
        "base_image": "python:3.11-slim",
        "port": 8080,
    },
    "empty": {
        "description": "Minimal stack with no defaults",
        "base_image": None,
        "port": None,
    },
 }
 def get_data_dir() -> Path:
    """Get path to stack_orchestrator/data directory"""
    return Path(__file__).absolute().parent.parent.joinpath("data")
 def validate_stack_name(name: str) -> None:
    """Validate stack name follows conventions"""
    import re
    if not re.match(r'^[a-z0-9][a-z0-9-]*[a-z0-9]$', name) and len(name) > 2:
        error_exit(f"Invalid stack name '{name}'. Use lowercase alphanumeric with hyphens.")
    if name.startswith("cerc-"):
        error_exit("Stack name should not start with 'cerc-' (container names will add this prefix)")
 def create_stack_yml(stack_dir: Path, name: str, template: dict, repo_url: str) -> None:
    """Create stack.yml file"""
    config = {
        "version": "1.2",
        "name": name,
        "description": template.get("description", f"Stack: {name}"),
        "repos": [repo_url] if repo_url else [],
        "containers": [f"cerc/{name}"],
        "pods": [name],
    }
    stack_dir.mkdir(parents=True, exist_ok=True)
    with open(stack_dir / "stack.yml", "w") as f:
        get_yaml().dump(config, f)
 def create_dockerfile(container_dir: Path, name: str, template: dict) -> None:
    """Create Dockerfile"""
    base_image = template.get("base_image", "node:20-bullseye-slim")
    port = template.get("port", 3000)
    dockerfile_content = f'''# Build stage
 FROM {base_image} AS builder
 WORKDIR /app
 COPY package*.json ./
 RUN npm ci
 COPY . .
 RUN npm run build
 # Production stage
 FROM {base_image}
 WORKDIR /app
 COPY package*.json ./
 RUN npm ci --only=production
 COPY --from=builder /app/dist ./dist
 EXPOSE {port}
 CMD ["npm", "run", "start"]
 '''
    container_dir.mkdir(parents=True, exist_ok=True)
    with open(container_dir / "Dockerfile", "w") as f:
        f.write(dockerfile_content)
 def create_build_script(container_dir: Path, name: str) -> None:
    """Create build.sh script"""
    build_script = f'''#!/usr/bin/env bash
 # Build cerc/{name}
 source ${{CERC_CONTAINER_BASE_DIR}}/build-base.sh
 SCRIPT_DIR=$( cd -- "$( dirname -- "${{BASH_SOURCE[0]}}" )" &> /dev/null && pwd )
 docker build -t cerc/{name}:local \\
    -f ${{SCRIPT_DIR}}/Dockerfile \\
    ${{build_command_args}} \\
    ${{CERC_REPO_BASE_DIR}}/{name}
 '''
    build_path = container_dir / "build.sh"
    with open(build_path, "w") as f:
        f.write(build_script)
    # Make executable
    os.chmod(build_path, 0o755)
 def create_compose_file(compose_dir: Path, name: str, template: dict) -> None:
    """Create docker-compose file"""
    port = template.get("port", 3000)
    compose_content = {
        "version": "3.8",
        "services": {
            name: {
                "image": f"cerc/{name}:local",
                "restart": "unless-stopped",
                "ports": [f"${{HOST_PORT:-{port}}}:{port}"],
                "environment": {
                    "NODE_ENV": "${NODE_ENV:-production}",
                },
            }
        }
    }
    with open(compose_dir / f"docker-compose-{name}.yml", "w") as f:
        get_yaml().dump(compose_content, f)
 def update_list_file(data_dir: Path, filename: str, entry: str) -> None:
    """Add entry to a list file if not already present"""
    list_path = data_dir / filename
    # Read existing entries
    existing = set()
    if list_path.exists():
        with open(list_path, "r") as f:
            existing = set(line.strip() for line in f if line.strip())
    # Add new entry
    if entry not in existing:
        with open(list_path, "a") as f:
            f.write(f"{entry}\n")
@click.command()
@click.option("--name", required=True, help="Name of the new stack (lowercase, hyphens)")
@click.option("--type", "stack_type", default="webapp",
              type=click.Choice(list(STACK_TEMPLATES.keys())),
              help="Stack template type")
@click.option("--repo", help="Git repository URL (e.g., github.com/org/repo)")
@click.option("--force", is_flag=True, help="Overwrite existing files")
@click.pass_context
 def command(ctx, name: str, stack_type: str, repo: str, force: bool):
    """Create a new stack with all required files.
    Examples:
        laconic-so create-stack --name my-app --type webapp
        laconic-so create-stack --name my-service --type service --repo github.com/org/repo
    """
    # Validate
    validate_stack_name(name)
    template = STACK_TEMPLATES[stack_type]
    data_dir = get_data_dir()
    # Define paths
    stack_dir = data_dir / "stacks" / name
    container_dir = data_dir / "container-build" / f"cerc-{name}"
    compose_dir = data_dir / "compose"
    # Check for existing files
    if not force:
        if stack_dir.exists():
            error_exit(f"Stack already exists: {stack_dir}\nUse --force to overwrite")
        if container_dir.exists():
            error_exit(f"Container build dir exists: {container_dir}\nUse --force to overwrite")
    # Dry run check
    if opts.o.dry_run:
        print(f"Would create stack '{name}' with template '{stack_type}':")
        print(f"  - {stack_dir}/stack.yml")
        print(f"  - {container_dir}/Dockerfile")
        print(f"  - {container_dir}/build.sh")
        print(f"  - {compose_dir}/docker-compose-{name}.yml")
        print(f"  - Update repository-list.txt")
        print(f"  - Update container-image-list.txt")
        print(f"  - Update pod-list.txt")
        return
    # Create files
    if not opts.o.quiet:
        print(f"Creating stack '{name}' with template '{stack_type}'...")
    create_stack_yml(stack_dir, name, template, repo)
    if opts.o.verbose:
        print(f"  Created {stack_dir}/stack.yml")
    create_dockerfile(container_dir, name, template)
    if opts.o.verbose:
        print(f"  Created {container_dir}/Dockerfile")
    create_build_script(container_dir, name)
    if opts.o.verbose:
        print(f"  Created {container_dir}/build.sh")
    create_compose_file(compose_dir, name, template)
    if opts.o.verbose:
        print(f"  Created {compose_dir}/docker-compose-{name}.yml")
    # Update list files
    if repo:
        update_list_file(data_dir, "repository-list.txt", repo)
        if opts.o.verbose:
            print(f"  Added {repo} to repository-list.txt")
    update_list_file(data_dir, "container-image-list.txt", f"cerc/{name}")
    if opts.o.verbose:
        print(f"  Added cerc/{name} to container-image-list.txt")
    update_list_file(data_dir, "pod-list.txt", name)
    if opts.o.verbose:
        print(f"  Added {name} to pod-list.txt")
    # Summary
    if not opts.o.quiet:
        print(f"\nStack '{name}' created successfully!")
        print(f"\nNext steps:")
        print(f"  1. Edit {stack_dir}/stack.yml")
        print(f"  2. Customize {container_dir}/Dockerfile")
        print(f"  3. Run: laconic-so --stack {name} build-containers")
        print(f"  4. Run: laconic-so --stack {name} deploy-system up")
 ```
 ### 2. Register Command in main.py
 **Edit `stack_orchestrator/main.py`**
 Add import:
 ```python
 from stack_orchestrator.create import create_stack
 ```
 Add command registration (after line ~78):
 ```python
 cli.add_command(create_stack.command, "create-stack")
 ```
 ---
 ## Implementation Steps
 ### Step 1: Create module structure
 ```bash
 mkdir -p stack_orchestrator/create
 touch stack_orchestrator/create/__init__.py
 ```
 ### Step 2: Create the command file
 Create `stack_orchestrator/create/create_stack.py` with the code above.
 ### Step 3: Register in main.py
 Add the import and `cli.add_command()` line.
 ### Step 4: Test the command
 ```bash
 # Show help
 laconic-so create-stack --help
 # Dry run
 laconic-so --dry-run create-stack --name test-app --type webapp
 # Create a stack
 laconic-so create-stack --name test-app --type webapp --repo github.com/org/test-app
 # Verify
 ls -la stack_orchestrator/data/stacks/test-app/
 cat stack_orchestrator/data/stacks/test-app/stack.yml
 ```
 ---
 ## Template Types
 | Type | Base Image | Port | Use Case |
 |------|------------|------|----------|
 | `webapp` | node:20-bullseye-slim | 3000 | React/Vue/Next.js apps |
 | `service` | python:3.11-slim | 8080 | Python backend services |
 | `empty` | none | none | Custom from scratch |
 ---
 ## Future Enhancements
 1. **Interactive mode** - Prompt for values if not provided
 2. **More templates** - Go, Rust, database stacks
 3. **Template from existing** - `--from-stack existing-stack`
 4. **External stack support** - Create in custom directory
 5. **Validation command** - `laconic-so validate-stack --name my-stack`
 ---
 ## Files Modified
 | File | Change |
 |------|--------|
 | `stack_orchestrator/create/__init__.py` | New (empty) |
 | `stack_orchestrator/create/create_stack.py` | New (command implementation) |
 | `stack_orchestrator/main.py` | Add import and `cli.add_command()` |
 ---
 ## Verification
 ```bash
 # 1. Command appears in help
 laconic-so --help | grep create-stack
 # 2. Dry run works
 laconic-so --dry-run create-stack --name verify-test --type webapp
 # 3. Full creation works
 laconic-so create-stack --name verify-test --type webapp
 ls stack_orchestrator/data/stacks/verify-test/
 ls stack_orchestrator/data/container-build/cerc-verify-test/
 ls stack_orchestrator/data/compose/docker-compose-verify-test.yml
 # 4. Build works
 laconic-so --stack verify-test build-containers
 # 5. Cleanup
 rm -rf stack_orchestrator/data/stacks/verify-test
 rm -rf stack_orchestrator/data/container-build/cerc-verify-test
 rm stack_orchestrator/data/compose/docker-compose-verify-test.yml
 ```
--- a/TODO.md
+++ b/TODO.md
@ -0,0 +1,16 @@
 # TODO
 ## Features Needed
 ### Update Stack Command
 We need an "update stack" command in stack orchestrator and cleaner documentation regarding how to do continuous deployment with and without payments.
 **Context**: Currently, `deploy init` generates a spec file and `deploy create` creates a deployment directory. The `deployment update` command (added by Thomas Lackey) only syncs env vars and restarts - it doesn't regenerate configurations. There's a gap in the workflow for updating stack configurations after initial deployment.
 ## Architecture Refactoring
 ### Separate Deployer from Stack Orchestrator CLI
 The deployer logic should be decoupled from the CLI tool to allow independent development and reuse.
 ### Separate Stacks from Stack Orchestrator Repo
 Stacks should live in their own repositories, not bundled with the orchestrator tool. This allows stacks to evolve independently and be maintained by different teams.
--- a/docs/docker-compose-deployment.md
+++ b/docs/docker-compose-deployment.md
@ -0,0 +1,550 @@
 # Docker Compose Deployment Guide
 ## Introduction
 ### What is a Deployer?
 In stack-orchestrator, a **deployer** provides a uniform interface for orchestrating containerized applications. This guide focuses on Docker Compose deployments, which is the default and recommended deployment mode.
 While stack-orchestrator also supports Kubernetes (`k8s`) and Kind (`k8s-kind`) deployments, those are out of scope for this guide. See the [Kubernetes Enhancements](./k8s-deployment-enhancements.md) documentation for advanced deployment options.
 ## Prerequisites
 To deploy stacks using Docker Compose, you need:
 - Docker Engine (20.10+)
 - Docker Compose plugin (v2.0+)
 - Python 3.8+
 - stack-orchestrator installed (`laconic-so`)
 **That's it!** No additional infrastructure is required. If you have Docker installed, you're ready to deploy.
 ## Deployment Workflow
 The typical deployment workflow consists of four main steps:
 1. **Setup repositories and build containers** (first time only)
 2. **Initialize deployment specification**
 3. **Create deployment directory**
 4. **Start and manage services**
 ## Quick Start Example
 Here's a complete example using the built-in `test` stack:
 ```bash
 # Step 1: Setup (first time only)
 laconic-so --stack test setup-repositories
 laconic-so --stack test build-containers
 # Step 2: Initialize deployment spec
 laconic-so --stack test deploy init --output test-spec.yml
 # Step 3: Create deployment directory
 laconic-so --stack test deploy create \
  --spec-file test-spec.yml \
  --deployment-dir test-deployment
 # Step 4: Start services
 laconic-so deployment --dir test-deployment start
 # View running services
 laconic-so deployment --dir test-deployment ps
 # View logs
 laconic-so deployment --dir test-deployment logs
 # Stop services (preserves data)
 laconic-so deployment --dir test-deployment stop
 ```
 ## Deployment Workflows
 Stack-orchestrator supports two deployment workflows:
 ### 1. Deployment Directory Workflow (Recommended)
 This workflow creates a persistent deployment directory that contains all configuration and data.
 **When to use:**
 - Production deployments
 - When you need to preserve configuration
 - When you want to manage multiple deployments
 - When you need persistent volume data
 **Example:**
 ```bash
 # Initialize deployment spec
 laconic-so --stack fixturenet-eth deploy init --output eth-spec.yml
 # Optionally edit eth-spec.yml to customize configuration
 # Create deployment directory
 laconic-so --stack fixturenet-eth deploy create \
  --spec-file eth-spec.yml \
  --deployment-dir my-eth-deployment
 # Start the deployment
 laconic-so deployment --dir my-eth-deployment start
 # Manage the deployment
 laconic-so deployment --dir my-eth-deployment ps
 laconic-so deployment --dir my-eth-deployment logs
 laconic-so deployment --dir my-eth-deployment stop
 ```
 ### 2. Quick Deploy Workflow
 This workflow deploys directly without creating a persistent deployment directory.
 **When to use:**
 - Quick testing
 - Temporary deployments
 - Simple stacks that don't require customization
 **Example:**
 ```bash
 # Start the stack directly
 laconic-so --stack test deploy up
 # Check service status
 laconic-so --stack test deploy port test 80
 # View logs
 laconic-so --stack test deploy logs
 # Stop (preserves volumes)
 laconic-so --stack test deploy down
 # Stop and remove volumes
 laconic-so --stack test deploy down --delete-volumes
 ```
 ## Real-World Example: Ethereum Fixturenet
 Deploy a local Ethereum testnet with Geth and Lighthouse:
 ```bash
 # Setup (first time only)
 laconic-so --stack fixturenet-eth setup-repositories
 laconic-so --stack fixturenet-eth build-containers
 # Initialize with default configuration
 laconic-so --stack fixturenet-eth deploy init --output eth-spec.yml
 # Create deployment
 laconic-so --stack fixturenet-eth deploy create \
  --spec-file eth-spec.yml \
  --deployment-dir fixturenet-eth-deployment
 # Start the network
 laconic-so deployment --dir fixturenet-eth-deployment start
 # Check status
 laconic-so deployment --dir fixturenet-eth-deployment ps
 # Access logs from specific service
 laconic-so deployment --dir fixturenet-eth-deployment logs fixturenet-eth-geth-1
 # Stop the network (preserves blockchain data)
 laconic-so deployment --dir fixturenet-eth-deployment stop
 # Start again - blockchain data is preserved
 laconic-so deployment --dir fixturenet-eth-deployment start
 # Clean up everything including data
 laconic-so deployment --dir fixturenet-eth-deployment stop --delete-volumes
 ```
 ## Configuration
 ### Passing Configuration Parameters
 Configuration can be passed in three ways:
 **1. At init time via `--config` flag:**
 ```bash
 laconic-so --stack test deploy init --output spec.yml \
  --config PARAM1=value1,PARAM2=value2
 ```
 **2. Edit the spec file after init:**
 ```bash
 # Initialize
 laconic-so --stack test deploy init --output spec.yml
 # Edit spec.yml
 vim spec.yml
 ```
 Example spec.yml:
 ```yaml
 stack: test
 config:
  PARAM1: value1
  PARAM2: value2
 ```
 **3. Docker Compose defaults:**
 Environment variables defined in the stack's `docker-compose-*.yml` files are used as defaults. Configuration from the spec file overrides these defaults.
 ### Port Mapping
 By default, services are accessible on randomly assigned host ports. To find the mapped port:
 ```bash
 # Find the host port for container port 80 on service 'webapp'
 laconic-so deployment --dir my-deployment port webapp 80
 # Output example: 0.0.0.0:32768
 ```
 To configure fixed ports, edit the spec file before creating the deployment:
 ```yaml
 network:
  ports:
    webapp:
      - '8080:80'  # Maps host port 8080 to container port 80
    api:
      - '3000:3000'
 ```
 Then create the deployment:
 ```bash
 laconic-so --stack my-stack deploy create \
  --spec-file spec.yml \
  --deployment-dir my-deployment
 ```
 ### Volume Persistence
 Volumes are preserved between stop/start cycles by default:
 ```bash
 # Stop but keep data
 laconic-so deployment --dir my-deployment stop
 # Start again - data is still there
 laconic-so deployment --dir my-deployment start
 ```
 To completely remove all data:
 ```bash
 # Stop and delete all volumes
 laconic-so deployment --dir my-deployment stop --delete-volumes
 ```
 Volume data is stored in `<deployment-dir>/data/`.
 ## Common Operations
 ### Viewing Logs
 ```bash
 # All services, continuous follow
 laconic-so deployment --dir my-deployment logs --follow
 # Last 100 lines from all services
 laconic-so deployment --dir my-deployment logs --tail 100
 # Specific service only
 laconic-so deployment --dir my-deployment logs webapp
 # Combine options
 laconic-so deployment --dir my-deployment logs --tail 50 --follow webapp
 ```
 ### Executing Commands in Containers
 ```bash
 # Execute a command in a running service
 laconic-so deployment --dir my-deployment exec webapp ls -la
 # Interactive shell
 laconic-so deployment --dir my-deployment exec webapp /bin/bash
 # Run command with specific environment variables
 laconic-so deployment --dir my-deployment exec webapp env VAR=value command
 ```
 ### Checking Service Status
 ```bash
 # List all running services
 laconic-so deployment --dir my-deployment ps
 # Check using Docker directly
 docker ps
 ```
 ### Updating a Running Deployment
 If you need to change configuration after deployment:
 ```bash
 # 1. Edit the spec file
 vim my-deployment/spec.yml
 # 2. Regenerate configuration
 laconic-so deployment --dir my-deployment update
 # 3. Restart services to apply changes
 laconic-so deployment --dir my-deployment stop
 laconic-so deployment --dir my-deployment start
 ```
 ## Multi-Service Deployments
 Many stacks deploy multiple services that work together:
 ```bash
 # Deploy a stack with multiple services
 laconic-so --stack laconicd-with-console deploy init --output spec.yml
 laconic-so --stack laconicd-with-console deploy create \
  --spec-file spec.yml \
  --deployment-dir laconicd-deployment
 laconic-so deployment --dir laconicd-deployment start
 # View all services
 laconic-so deployment --dir laconicd-deployment ps
 # View logs from specific services
 laconic-so deployment --dir laconicd-deployment logs laconicd
 laconic-so deployment --dir laconicd-deployment logs console
 ```
 ## ConfigMaps
 ConfigMaps allow you to mount configuration files into containers:
 ```bash
 # 1. Create the config directory in your deployment
 mkdir -p my-deployment/data/my-config
 echo "database_url=postgres://localhost" > my-deployment/data/my-config/app.conf
 # 2. Reference in spec file
 vim my-deployment/spec.yml
 ```
 Add to spec.yml:
 ```yaml
 configmaps:
  my-config: ./data/my-config
 ```
 ```bash
 # 3. Restart to apply
 laconic-so deployment --dir my-deployment stop
 laconic-so deployment --dir my-deployment start
 ```
 The files will be mounted in the container at `/config/` (or as specified by the stack).
 ## Deployment Directory Structure
 A typical deployment directory contains:
 ```
 my-deployment/
 ├── compose/
 │   └── docker-compose-*.yml    # Generated compose files
 ├── config.env                   # Environment variables
 ├── deployment.yml              # Deployment metadata
 ├── spec.yml                    # Deployment specification
 └── data/                       # Volume mounts and configs
    ├── service-data/           # Persistent service data
    └── config-maps/            # ConfigMap files
 ```
 ## Troubleshooting
 ### Common Issues
 **Problem: "Cannot connect to Docker daemon"**
 ```bash
 # Ensure Docker is running
 docker ps
 # Start Docker if needed (macOS)
 open -a Docker
 # Start Docker (Linux)
 sudo systemctl start docker
 ```
 **Problem: "Port already in use"**
 ```bash
 # Either stop the conflicting service or use different ports
 # Edit spec.yml before creating deployment:
 network:
  ports:
    webapp:
      - '8081:80'  # Use 8081 instead of 8080
 ```
 **Problem: "Image not found"**
 ```bash
 # Build containers first
 laconic-so --stack your-stack build-containers
 ```
 **Problem: Volumes not persisting**
 ```bash
 # Check if you used --delete-volumes when stopping
 # Volume data is in: <deployment-dir>/data/
 # Don't use --delete-volumes if you want to keep data:
 laconic-so deployment --dir my-deployment stop
 # Only use --delete-volumes when you want to reset completely:
 laconic-so deployment --dir my-deployment stop --delete-volumes
 ```
 **Problem: Services not starting**
 ```bash
 # Check logs for errors
 laconic-so deployment --dir my-deployment logs
 # Check Docker container status
 docker ps -a
 # Try stopping and starting again
 laconic-so deployment --dir my-deployment stop
 laconic-so deployment --dir my-deployment start
 ```
 ### Inspecting Deployment State
 ```bash
 # Check deployment directory structure
 ls -la my-deployment/
 # Check running containers
 docker ps
 # Check container details
 docker inspect <container-name>
 # Check networks
 docker network ls
 # Check volumes
 docker volume ls
 ```
 ## CLI Commands Reference
 ### Stack Operations
 ```bash
 # Clone required repositories
 laconic-so --stack <name> setup-repositories
 # Build container images
 laconic-so --stack <name> build-containers
 ```
 ### Deployment Initialization
 ```bash
 # Initialize deployment spec with defaults
 laconic-so --stack <name> deploy init --output <spec-file>
 # Initialize with configuration
 laconic-so --stack <name> deploy init --output <spec-file> \
  --config PARAM1=value1,PARAM2=value2
 ```
 ### Deployment Creation
 ```bash
 # Create deployment directory from spec
 laconic-so --stack <name> deploy create \
  --spec-file <spec-file> \
  --deployment-dir <dir>
 ```
 ### Deployment Management
 ```bash
 # Start all services
 laconic-so deployment --dir <dir> start
 # Stop services (preserves volumes)
 laconic-so deployment --dir <dir> stop
 # Stop and remove volumes
 laconic-so deployment --dir <dir> stop --delete-volumes
 # List running services
 laconic-so deployment --dir <dir> ps
 # View logs
 laconic-so deployment --dir <dir> logs [--tail N] [--follow] [service]
 # Show mapped port
 laconic-so deployment --dir <dir> port <service> <private-port>
 # Execute command in service
 laconic-so deployment --dir <dir> exec <service> <command>
 # Update configuration
 laconic-so deployment --dir <dir> update
 ```
 ### Quick Deploy Commands
 ```bash
 # Start stack directly
 laconic-so --stack <name> deploy up
 # Stop stack
 laconic-so --stack <name> deploy down [--delete-volumes]
 # View logs
 laconic-so --stack <name> deploy logs
 # Show port mapping
 laconic-so --stack <name> deploy port <service> <port>
 ```
 ## Related Documentation
 - [CLI Reference](./cli.md) - Complete CLI command documentation
 - [Adding a New Stack](./adding-a-new-stack.md) - Creating custom stacks
 - [Specification](./spec.md) - Internal structure and design
 - [Kubernetes Enhancements](./k8s-deployment-enhancements.md) - Advanced K8s deployment options
 - [Web App Deployment](./webapp.md) - Deploying web applications
 ## Examples
 For more examples, see the test scripts:
 - `scripts/quick-deploy-test.sh` - Quick deployment example
 - `tests/deploy/run-deploy-test.sh` - Comprehensive test showing all features
 ## Summary
 - Docker Compose is the default and recommended deployment mode
 - Two workflows: deployment directory (recommended) or quick deploy
 - The standard workflow is: setup → build → init → create → start
 - Configuration is flexible with multiple override layers
 - Volume persistence is automatic unless explicitly deleted
 - All deployment state is contained in the deployment directory
 - For Kubernetes deployments, see separate K8s documentation
 You're now ready to deploy stacks using stack-orchestrator with Docker Compose!
--- a/docs/helm-chart-generation.md
+++ b/docs/helm-chart-generation.md
@ -0,0 +1,113 @@
 # Helm Chart Generation
 Generate Kubernetes Helm charts from stack compose files using Kompose.
 ## Prerequisites
 Install Kompose:
 ```bash
 # Linux
 curl -L https://github.com/kubernetes/kompose/releases/download/v1.34.0/kompose-linux-amd64 -o kompose
 chmod +x kompose
 sudo mv kompose /usr/local/bin/
 # macOS
 brew install kompose
 # Verify
 kompose version
 ```
 ## Usage
 ### 1. Create spec file
 ```bash
 laconic-so --stack <stack-name> deploy --deploy-to k8s init \
  --kube-config ~/.kube/config \
  --output spec.yml
 ```
 ### 2. Generate Helm chart
 ```bash
 laconic-so --stack <stack-name> deploy create \
  --spec-file spec.yml \
  --deployment-dir my-deployment \
  --helm-chart
 ```
 ### 3. Deploy to Kubernetes
 ```bash
 helm install my-release my-deployment/chart
 kubectl get pods -n zenith
 ```
 ## Output Structure
 ```bash
 my-deployment/
 ├── spec.yml              # Reference
 ├── stack.yml             # Reference
 └── chart/                # Helm chart
  ├── Chart.yaml
  ├── README.md
  └── templates/
    └── *.yaml
 ```
 ## Example
 ```bash
 # Generate chart for stage1-zenithd
 laconic-so --stack stage1-zenithd deploy --deploy-to k8s init \
  --kube-config ~/.kube/config \
  --output stage1-spec.yml
 laconic-so --stack stage1-zenithd deploy create \
  --spec-file stage1-spec.yml \
  --deployment-dir stage1-deployment \
  --helm-chart
 # Deploy
 helm install stage1-zenithd stage1-deployment/chart
 ```
 ## Production Deployment (TODO)
 ### Local Development
 ```bash
 # Access services using port-forward
 kubectl port-forward service/zenithd 26657:26657
 kubectl port-forward service/nginx-api-proxy 1317:80
 kubectl port-forward service/cosmos-explorer 4173:4173
 ```
 ### Production Access Options
 - Option 1: Ingress + cert-manager (Recommended)
  - Install ingress-nginx + cert-manager
  - Point DNS to cluster LoadBalancer IP
  - Auto-provisions Let's Encrypt TLS certs
  - Access: `https://api.zenith.example.com`
 - Option 2: Cloud LoadBalancer
  - Use cloud provider's LoadBalancer service type
  - Point DNS to assigned external IP
  - Manual TLS cert management
 - Option 3: Bare Metal (MetalLB + Ingress)
  - MetalLB provides LoadBalancer IPs from local network
  - Same Ingress setup as cloud
 - Option 4: NodePort + External Proxy
  - Expose services on 30000-32767 range
  - External nginx/Caddy proxies 80/443 → NodePort
  - Manual cert management
 ### Changes Needed
 - Add Ingress template to charts
 - Add TLS configuration to values.yaml
 - Document cert-manager setup
 - Add production deployment guide
--- a/docs/k8s-deployment-enhancements.md
+++ b/docs/k8s-deployment-enhancements.md
@ -0,0 +1,26 @@
 # K8S Deployment Enhancements
 ## Controlling pod placement
 The placement of pods created as part of a stack deployment can be controlled to either avoid certain nodes, or require certain nodes.
 ### Pod/Node Affinity
 Node affinity rules applied to pods target node labels. The effect is that a pod can only be placed on a node having the specified label value. Note that other pods that do not have any node affinity rules can also be placed on those same nodes. Thus node affinity for a pod controls where that pod can be placed, but does not control where other pods are placed.
 Node affinity for stack pods is specified in the deployment's `spec.yml` file as follows:
 ```
 node-affinities:
  - label: nodetype
    value: typeb
 ```
 This example denotes that the stack's pods should only be placed on nodes that have the label `nodetype` with value `typeb`.
 ### Node Taint Toleration
 K8s nodes can be given one or more "taints". These are special fields (distinct from labels) with a name (key) and optional value.
 When placing pods, the k8s scheduler will only assign a pod to a tainted node if the pod posesses a corresponding "toleration".
 This is metadata associated with the pod that specifies that the pod "tolerates" a given taint.
 Therefore taint toleration provides a mechanism by which only certain pods can be placed on specific nodes, and provides a complementary mechanism to node affinity.
 Taint toleration for stack pods is specified in the deployment's `spec.yml` file as follows:
 ```
 node-tolerations:
  - key: nodetype
    value: typeb
 ```
 This example denotes that the stack's pods will tolerate a taint: `nodetype=typeb`
--- a/docs/release-process.md
+++ b/docs/release-process.md
@ -26,4 +26,3 @@ $ ./scripts/tag_new_release.sh 1 0 17
 $ ./scripts/build_shiv_package.sh
 $ ./scripts/publish_shiv_package_github.sh 1 0 17
 ```
--- a/laconic-network-deployment.md
+++ b/laconic-network-deployment.md
@ -0,0 +1,128 @@
 # Deploying to the Laconic Network
 ## Overview
 The Laconic network uses a **registry-based deployment model** where everything is published as blockchain records.
 ## Key Documentation in stack-orchestrator
 - `docs/laconicd-with-console.md` - Setting up a laconicd network
 - `docs/webapp.md` - Webapp building/running
 - `stack_orchestrator/deploy/webapp/` - Implementation (14 modules)
 ## Core Concepts
 ### LRN (Laconic Resource Name)
 Format: `lrn://laconic/[namespace]/[name]`
 Examples:
 - `lrn://laconic/deployers/my-deployer-name`
 - `lrn://laconic/dns/example.com`
 - `lrn://laconic/deployments/example.com`
 ### Registry Record Types
 | Record Type | Purpose |
 |-------------|---------|
 | `ApplicationRecord` | Published app metadata |
 | `WebappDeployer` | Deployment service offering |
 | `ApplicationDeploymentRequest` | User's request to deploy |
 | `ApplicationDeploymentAuction` | Optional bidding for deployers |
 | `ApplicationDeploymentRecord` | Completed deployment result |
 ## Deployment Workflows
 ### 1. Direct Deployment
 ```
 User publishes ApplicationDeploymentRequest
    → targets specific WebappDeployer (by LRN)
    → includes payment TX hash
    → Deployer picks up request, builds, deploys, publishes result
 ```
 ### 2. Auction-Based Deployment
 ```
 User publishes ApplicationDeploymentAuction
    → Deployers bid (commit/reveal phases)
    → Winner selected
    → User publishes request targeting winner
 ```
 ## Key CLI Commands
 ### Publish a Deployer Service
 ```bash
 laconic-so publish-webapp-deployer --laconic-config config.yml \
  --api-url https://deployer-api.example.com \
  --name my-deployer \
  --payment-address laconic1... \
  --minimum-payment 1000alnt
 ```
 ### Request Deployment (User Side)
 ```bash
 laconic-so request-webapp-deployment --laconic-config config.yml \
  --app lrn://laconic/apps/my-app \
  --deployer lrn://laconic/deployers/xyz \
  --make-payment auto
 ```
 ### Run Deployer Service (Deployer Side)
 ```bash
 laconic-so deploy-webapp-from-registry --laconic-config config.yml --discover
 ```
 ## Laconic Config File
 All tools require a laconic config file (`laconic.toml`):
 ```toml
 [cosmos]
 address_prefix = "laconic"
 chain_id = "laconic_9000-1"
 endpoint = "http://localhost:26657"
 key = "<account-name>"
 password = "<account-password>"
 ```
 ## Setting Up a Local Laconicd Network
 ```bash
 # Clone and build
 laconic-so --stack fixturenet-laconic-loaded setup-repositories
 laconic-so --stack fixturenet-laconic-loaded build-containers
 laconic-so --stack fixturenet-laconic-loaded deploy create
 laconic-so deployment --dir laconic-loaded-deployment start
 # Check status
 laconic-so deployment --dir laconic-loaded-deployment exec cli "laconic registry status"
 ```
 ## Key Implementation Files
 | File | Purpose |
 |------|---------|
 | `publish_webapp_deployer.py` | Register deployment service on network |
 | `publish_deployment_auction.py` | Create auction for deployers to bid on |
 | `handle_deployment_auction.py` | Monitor and bid on auctions (deployer-side) |
 | `request_webapp_deployment.py` | Create deployment request (user-side) |
 | `deploy_webapp_from_registry.py` | Process requests and deploy (deployer-side) |
 | `request_webapp_undeployment.py` | Request app removal |
 | `undeploy_webapp_from_registry.py` | Process removal requests |
 | `util.py` | LaconicRegistryClient - all registry interactions |
 ## Payment System
 - **Token Denom**: `alnt` (Laconic network tokens)
 - **Payment Options**:
  - `--make-payment`: Create new payment with amount (or "auto" for deployer's minimum)
  - `--use-payment`: Reference existing payment TX
 ## What's NOT Well-Documented
 1. No end-to-end tutorial for full deployment workflow
 2. Stack publishing (vs webapp) process unclear
 3. LRN naming conventions not formally specified
 4. Payment economics and token mechanics
--- a/pyproject.toml
+++ b/pyproject.toml
@ -0,0 +1,110 @@
 [build-system]
 requires = ["setuptools>=61.0", "wheel"]
 build-backend = "setuptools.build_meta"
 [project]
 name = "laconic-stack-orchestrator"
 version = "1.1.0"
 description = "Orchestrates deployment of the Laconic stack"
 readme = "README.md"
 license = {text = "GNU Affero General Public License"}
 authors = [
    {name = "Cerc", email = "info@cerc.io"}
 ]
 requires-python = ">=3.8"
 classifiers = [
    "Programming Language :: Python :: 3.8",
    "Operating System :: OS Independent",
 ]
 dependencies = [
    "python-decouple>=3.8",
    "python-dotenv==1.0.0",
    "GitPython>=3.1.32",
    "tqdm>=4.65.0",
    "python-on-whales>=0.64.0",
    "click>=8.1.6",
    "PyYAML>=6.0.1",
    "ruamel.yaml>=0.17.32",
    "pydantic==1.10.9",
    "tomli==2.0.1",
    "validators==0.22.0",
    "kubernetes>=28.1.0",
    "humanfriendly>=10.0",
    "python-gnupg>=0.5.2",
    "requests>=2.3.2",
 ]
 [project.optional-dependencies]
 dev = [
    "pytest>=7.0.0",
    "pytest-cov>=4.0.0",
    "black>=22.0.0",
    "flake8>=5.0.0",
    "pyright>=1.1.0",
    "yamllint>=1.28.0",
    "pre-commit>=3.0.0",
 ]
 [project.scripts]
 laconic-so = "stack_orchestrator.main:cli"
 [project.urls]
 Homepage = "https://git.vdb.to/cerc-io/stack-orchestrator"
 [tool.setuptools.packages.find]
 where = ["."]
 [tool.setuptools.package-data]
 "*" = ["data/**"]
 [tool.black]
 line-length = 88
 target-version = ['py38']
 [tool.flake8]
 max-line-length = 88
 extend-ignore = ["E203", "W503", "E402"]
 [tool.pyright]
 pythonVersion = "3.9"
 typeCheckingMode = "basic"
 reportMissingImports = "none"
 reportMissingModuleSource = "none"
 reportUnusedImport = "error"
 include = ["stack_orchestrator/**/*.py", "tests/**/*.py"]
 exclude = ["**/build/**", "**/__pycache__/**"]
 [tool.mypy]
 python_version = "3.8"
 warn_return_any = true
 warn_unused_configs = true
 disallow_untyped_defs = true
 [tool.pytest.ini_options]
 testpaths = ["tests"]
 python_files = ["test_*.py"]
 python_classes = ["Test*"]
 python_functions = ["test_*"]
 markers = [
    "slow: marks tests as slow (deselect with '-m \"not slow\"')",
    "e2e: marks tests as end-to-end (requires real infrastructure)",
 ]
 addopts = [
    "--cov",
    "--cov-report=term-missing",
    "--cov-report=html",
    "--strict-markers",
 ]
 asyncio_default_fixture_loop_scope = "function"
 [tool.coverage.run]
 source = ["stack_orchestrator"]
 disable_warnings = ["couldnt-parse"]
 [tool.coverage.report]
 exclude_lines = [
    "pragma: no cover",
    "def __repr__",
    "raise AssertionError",
    "raise NotImplementedError",
 ]
--- a/pyrightconfig.json
+++ b/pyrightconfig.json
@ -0,0 +1,9 @@
 {
  "pythonVersion": "3.9",
  "typeCheckingMode": "basic",
  "reportMissingImports": "none",
  "reportMissingModuleSource": "none",
  "reportUnusedImport": "error",
  "include": ["stack_orchestrator/**/*.py", "tests/**/*.py"],
  "exclude": ["**/build/**", "**/__pycache__/**"]
 }
--- a/requirements.txt
+++ b/requirements.txt
@ -11,3 +11,5 @@ tomli==2.0.1
 validators==0.22.0
 kubernetes>=28.1.0
 humanfriendly>=10.0
 python-gnupg>=0.5.2
 requests>=2.3.2
--- a/setup.py
+++ b/setup.py
@ -1,5 +1,7 @@
-# See https://medium.com/nerd-for-tech/how-to-build-and-distribute-a-cli-tool-with-python-537ae41d9d78
+# See
 # https://medium.com/nerd-for-tech/how-to-build-and-distribute-a-cli-tool-with-python-537ae41d9d78
 from setuptools import setup, find_packages
 with open("README.md", "r", encoding="utf-8") as fh:
    long_description = fh.read()
 with open("requirements.txt", "r", encoding="utf-8") as fh:
@ -7,26 +9,26 @@ with open("requirements.txt", "r", encoding="utf-8") as fh:
 with open("stack_orchestrator/data/version.txt", "r", encoding="utf-8") as fh:
    version = fh.readlines()[-1].strip(" \n")
 setup(
-    name='laconic-stack-orchestrator',
+    name="laconic-stack-orchestrator",
    version=version,
-    author='Cerc',
+    author="Cerc",
-    author_email='info@cerc.io',
+    author_email="info@cerc.io",
-    license='GNU Affero General Public License',
+    license="GNU Affero General Public License",
-    description='Orchestrates deployment of the Laconic stack',
+    description="Orchestrates deployment of the Laconic stack",
    long_description=long_description,
    long_description_content_type="text/markdown",
-    url='https://git.vdb.to/cerc-io/stack-orchestrator',
+    url="https://git.vdb.to/cerc-io/stack-orchestrator",
-    py_modules=['stack_orchestrator'],
+    py_modules=["stack_orchestrator"],
    packages=find_packages(),
    install_requires=[requirements],
-    python_requires='>=3.7',
+    python_requires=">=3.7",
    include_package_data=True,
-    package_data={'': ['data/**']},
+    package_data={"": ["data/**"]},
    classifiers=[
        "Programming Language :: Python :: 3.8",
        "Operating System :: OS Independent",
    ],
    entry_points={
-        'console_scripts': ['laconic-so=stack_orchestrator.main:cli'],
+        "console_scripts": ["laconic-so=stack_orchestrator.main:cli"],
-    }
+    },
 )
--- a/stack_orchestrator/base.py
+++ b/stack_orchestrator/base.py
@ -23,11 +23,10 @@ def get_stack(config, stack):
    if stack == "package-registry":
        return package_registry_stack(config, stack)
    else:
-        return base_stack(config, stack)
+        return default_stack(config, stack)
 class base_stack(ABC):
    def __init__(self, config, stack):
        self.config = config
        self.stack = stack
@ -41,15 +40,27 @@ class base_stack(ABC):
        pass
-class package_registry_stack(base_stack):
+class default_stack(base_stack):
    """Default stack implementation for stacks without specific handling."""
    def ensure_available(self):
        return True
    def get_url(self):
        return None
 class package_registry_stack(base_stack):
    def ensure_available(self):
        self.url = "<no registry url set>"
        # Check if we were given an external registry URL
        url_from_environment = os.environ.get("CERC_NPM_REGISTRY_URL")
        if url_from_environment:
            if self.config.verbose:
-                print(f"Using package registry url from CERC_NPM_REGISTRY_URL: {url_from_environment}")
+                print(
                    f"Using package registry url from CERC_NPM_REGISTRY_URL: "
                    f"{url_from_environment}"
                )
            self.url = url_from_environment
        else:
            # Otherwise we expect to use the local package-registry stack
@ -62,10 +73,16 @@ class package_registry_stack(base_stack):
                # TODO: get url from deploy-stack
                self.url = "http://gitea.local:3000/api/packages/cerc-io/npm/"
            else:
-                # If not, print a message about how to start it and return fail to the caller
+                # If not, print a message about how to start it and return fail to the
-                print("ERROR: The package-registry stack is not running, and no external registry "
+                # caller
-                      "specified with CERC_NPM_REGISTRY_URL")
+                print(
-                print("ERROR: Start the local package registry with: laconic-so --stack package-registry deploy-system up")
+                    "ERROR: The package-registry stack is not running, "
                    "and no external registry specified with CERC_NPM_REGISTRY_URL"
                )
                print(
                    "ERROR: Start the local package registry with: "
                    "laconic-so --stack package-registry deploy-system up"
                )
                return False
        return True
@ -76,7 +93,9 @@ class package_registry_stack(base_stack):
 def get_npm_registry_url():
    # If an auth token is not defined, we assume the default should be the cerc registry
    # If an auth token is defined, we assume the local gitea should be used.
-    default_npm_registry_url = "http://gitea.local:3000/api/packages/cerc-io/npm/" if config(
+    default_npm_registry_url = (
-        "CERC_NPM_AUTH_TOKEN", default=None
+        "http://gitea.local:3000/api/packages/cerc-io/npm/"
-        ) else "https://git.vdb.to/api/packages/cerc-io/npm/"
+        if config("CERC_NPM_AUTH_TOKEN", default=None)
        else "https://git.vdb.to/api/packages/cerc-io/npm/"
    )
    return config("CERC_NPM_REGISTRY_URL", default=default_npm_registry_url)
--- a/stack_orchestrator/build/build_containers.py
+++ b/stack_orchestrator/build/build_containers.py
@ -18,7 +18,8 @@
 # env vars:
 # CERC_REPO_BASE_DIR defaults to ~/cerc
-# TODO: display the available list of containers; allow re-build of either all or specific containers
+# TODO: display the available list of containers;
 # allow re-build of either all or specific containers
 import os
 import sys
@ -34,14 +35,17 @@ from stack_orchestrator.build.publish import publish_image
 from stack_orchestrator.build.build_util import get_containers_in_scope
 # TODO: find a place for this
-#    epilog="Config provided either in .env or settings.ini or env vars: CERC_REPO_BASE_DIR (defaults to ~/cerc)"
+#    epilog="Config provided either in .env or settings.ini or env vars:
 #    CERC_REPO_BASE_DIR (defaults to ~/cerc)"
-def make_container_build_env(dev_root_path: str,
+def make_container_build_env(
    dev_root_path: str,
    container_build_dir: str,
    debug: bool,
    force_rebuild: bool,
-                             extra_build_args: str):
+    extra_build_args: str,
 ):
    container_build_env = {
        "CERC_NPM_REGISTRY_URL": get_npm_registry_url(),
        "CERC_GO_AUTH_TOKEN": config("CERC_GO_AUTH_TOKEN", default=""),
@ -50,11 +54,15 @@ def make_container_build_env(dev_root_path: str,
        "CERC_CONTAINER_BASE_DIR": container_build_dir,
        "CERC_HOST_UID": f"{os.getuid()}",
        "CERC_HOST_GID": f"{os.getgid()}",
-        "DOCKER_BUILDKIT": config("DOCKER_BUILDKIT", default="0")
+        "DOCKER_BUILDKIT": config("DOCKER_BUILDKIT", default="0"),
    }
    container_build_env.update({"CERC_SCRIPT_DEBUG": "true"} if debug else {})
    container_build_env.update({"CERC_FORCE_REBUILD": "true"} if force_rebuild else {})
-    container_build_env.update({"CERC_CONTAINER_EXTRA_BUILD_ARGS": extra_build_args} if extra_build_args else {})
+    container_build_env.update(
        {"CERC_CONTAINER_EXTRA_BUILD_ARGS": extra_build_args}
        if extra_build_args
        else {}
    )
    docker_host_env = os.getenv("DOCKER_HOST")
    if docker_host_env:
        container_build_env.update({"DOCKER_HOST": docker_host_env})
@ -67,12 +75,18 @@ def process_container(build_context: BuildContext) -> bool:
        print(f"Building: {build_context.container}")
    default_container_tag = f"{build_context.container}:local"
-    build_context.container_build_env.update({"CERC_DEFAULT_CONTAINER_IMAGE_TAG": default_container_tag})
+    build_context.container_build_env.update(
        {"CERC_DEFAULT_CONTAINER_IMAGE_TAG": default_container_tag}
    )
    # Check if this is in an external stack
    if stack_is_external(build_context.stack):
-        container_parent_dir = Path(build_context.stack).parent.parent.joinpath("container-build")
+        container_parent_dir = Path(build_context.stack).parent.parent.joinpath(
-        temp_build_dir = container_parent_dir.joinpath(build_context.container.replace("/", "-"))
+            "container-build"
        )
        temp_build_dir = container_parent_dir.joinpath(
            build_context.container.replace("/", "-")
        )
        temp_build_script_filename = temp_build_dir.joinpath("build.sh")
        # Now check if the container exists in the external stack.
        if not temp_build_script_filename.exists():
@ -90,21 +104,34 @@ def process_container(build_context: BuildContext) -> bool:
        build_command = build_script_filename.as_posix()
    else:
        if opts.o.verbose:
-            print(f"No script file found: {build_script_filename}, using default build script")
+            print(
-        repo_dir = build_context.container.split('/')[1]
+                f"No script file found: {build_script_filename}, "
-        # TODO: make this less of a hack -- should be specified in some metadata somewhere
+                "using default build script"
-        # Check if we have a repo for this container. If not, set the context dir to the container-build subdir
+            )
        repo_dir = build_context.container.split("/")[1]
        # TODO: make this less of a hack -- should be specified in
        # some metadata somewhere. Check if we have a repo for this
        # container. If not, set the context dir to container-build subdir
        repo_full_path = os.path.join(build_context.dev_root_path, repo_dir)
-        repo_dir_or_build_dir = repo_full_path if os.path.exists(repo_full_path) else build_dir
+        repo_dir_or_build_dir = (
-        build_command = os.path.join(build_context.container_build_dir,
+            repo_full_path if os.path.exists(repo_full_path) else build_dir
-                                     "default-build.sh") + f" {default_container_tag} {repo_dir_or_build_dir}"
+        )
        build_command = (
            os.path.join(build_context.container_build_dir, "default-build.sh")
            + f" {default_container_tag} {repo_dir_or_build_dir}"
        )
    if not opts.o.dry_run:
        # No PATH at all causes failures with podman.
        if "PATH" not in build_context.container_build_env:
            build_context.container_build_env["PATH"] = os.environ["PATH"]
        if opts.o.verbose:
-            print(f"Executing: {build_command} with environment: {build_context.container_build_env}")
+            print(
-        build_result = subprocess.run(build_command, shell=True, env=build_context.container_build_env)
+                f"Executing: {build_command} with environment: "
                f"{build_context.container_build_env}"
            )
        build_result = subprocess.run(
            build_command, shell=True, env=build_context.container_build_env
        )
        if opts.o.verbose:
            print(f"Return code is: {build_result.returncode}")
        if build_result.returncode != 0:
@ -117,33 +144,61 @@ def process_container(build_context: BuildContext) -> bool:
@click.command()
-@click.option('--include', help="only build these containers")
+@click.option("--include", help="only build these containers")
-@click.option('--exclude', help="don\'t build these containers")
+@click.option("--exclude", help="don't build these containers")
-@click.option("--force-rebuild", is_flag=True, default=False, help="Override dependency checking -- always rebuild")
+@click.option(
    "--force-rebuild",
    is_flag=True,
    default=False,
    help="Override dependency checking -- always rebuild",
 )
@click.option("--extra-build-args", help="Supply extra arguments to build")
-@click.option("--publish-images", is_flag=True, default=False, help="Publish the built images in the specified image registry")
+@click.option(
-@click.option("--image-registry", help="Specify the image registry for --publish-images")
+    "--publish-images",
    is_flag=True,
    default=False,
    help="Publish the built images in the specified image registry",
 )
@click.option(
    "--image-registry", help="Specify the image registry for --publish-images"
 )
@click.pass_context
-def command(ctx, include, exclude, force_rebuild, extra_build_args, publish_images, image_registry):
+def command(
-    '''build the set of containers required for a complete stack'''
+    ctx,
    include,
    exclude,
    force_rebuild,
    extra_build_args,
    publish_images,
    image_registry,
 ):
    """build the set of containers required for a complete stack"""
    local_stack = ctx.obj.local_stack
    stack = ctx.obj.stack
-    # See: https://stackoverflow.com/questions/25389095/python-get-path-of-root-project-structure
+    # See: https://stackoverflow.com/questions/25389095/
-    container_build_dir = Path(__file__).absolute().parent.parent.joinpath("data", "container-build")
+    # python-get-path-of-root-project-structure
    container_build_dir = (
        Path(__file__).absolute().parent.parent.joinpath("data", "container-build")
    )
    if local_stack:
        dev_root_path = os.getcwd()[0 : os.getcwd().rindex("stack-orchestrator")]
-        print(f'Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: {dev_root_path}')
+        print(
            f"Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: "
            f"{dev_root_path}"
        )
    else:
-        dev_root_path = os.path.expanduser(config("CERC_REPO_BASE_DIR", default="~/cerc"))
+        dev_root_path = os.path.expanduser(
            config("CERC_REPO_BASE_DIR", default="~/cerc")
        )
    if not opts.o.quiet:
-        print(f'Dev Root is: {dev_root_path}')
+        print(f"Dev Root is: {dev_root_path}")
    if not os.path.isdir(dev_root_path):
-        print('Dev root directory doesn\'t exist, creating')
+        print("Dev root directory doesn't exist, creating")
    if publish_images:
        if not image_registry:
@ -151,21 +206,22 @@ def command(ctx, include, exclude, force_rebuild, extra_build_args, publish_imag
    containers_in_scope = get_containers_in_scope(stack)
-    container_build_env = make_container_build_env(dev_root_path,
+    container_build_env = make_container_build_env(
        dev_root_path,
        container_build_dir,
        opts.o.debug,
        force_rebuild,
-                                                   extra_build_args)
+        extra_build_args,
    )
    for container in containers_in_scope:
        if include_exclude_check(container, include, exclude):
            build_context = BuildContext(
                stack,
                container,
                container_build_dir,
                container_build_env,
-                dev_root_path
+                dev_root_path,
            )
            result = process_container(build_context)
            if result:
@ -174,10 +230,16 @@ def command(ctx, include, exclude, force_rebuild, extra_build_args, publish_imag
            else:
                print(f"Error running build for {build_context.container}")
                if not opts.o.continue_on_error:
-                    error_exit("container build failed and --continue-on-error not set, exiting")
+                    error_exit(
                        "container build failed and --continue-on-error "
                        "not set, exiting"
                    )
                    sys.exit(1)
                else:
-                    print("****** Container Build Error, continuing because --continue-on-error is set")
+                    print(
                        "****** Container Build Error, continuing because "
                        "--continue-on-error is set"
                    )
        else:
            if opts.o.verbose:
                print(f"Excluding: {container}")
--- a/stack_orchestrator/build/build_npms.py
+++ b/stack_orchestrator/build/build_npms.py
@ -32,14 +32,18 @@ builder_js_image_name = "cerc/builder-js:local"
@click.command()
-@click.option('--include', help="only build these packages")
+@click.option("--include", help="only build these packages")
-@click.option('--exclude', help="don\'t build these packages")
+@click.option("--exclude", help="don't build these packages")
-@click.option("--force-rebuild", is_flag=True, default=False,
+@click.option(
-              help="Override existing target package version check -- force rebuild")
+    "--force-rebuild",
    is_flag=True,
    default=False,
    help="Override existing target package version check -- force rebuild",
 )
@click.option("--extra-build-args", help="Supply extra arguments to build")
@click.pass_context
 def command(ctx, include, exclude, force_rebuild, extra_build_args):
-    '''build the set of npm packages required for a complete stack'''
+    """build the set of npm packages required for a complete stack"""
    quiet = ctx.obj.quiet
    verbose = ctx.obj.verbose
@ -66,44 +70,53 @@ def command(ctx, include, exclude, force_rebuild, extra_build_args):
    if local_stack:
        dev_root_path = os.getcwd()[0 : os.getcwd().rindex("stack-orchestrator")]
-        print(f'Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: {dev_root_path}')
+        print(
            f"Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: "
            f"{dev_root_path}"
        )
    else:
-        dev_root_path = os.path.expanduser(config("CERC_REPO_BASE_DIR", default="~/cerc"))
+        dev_root_path = os.path.expanduser(
            config("CERC_REPO_BASE_DIR", default="~/cerc")
        )
    build_root_path = os.path.join(dev_root_path, "build-trees")
    if verbose:
-        print(f'Dev Root is: {dev_root_path}')
+        print(f"Dev Root is: {dev_root_path}")
    if not os.path.isdir(dev_root_path):
-        print('Dev root directory doesn\'t exist, creating')
+        print("Dev root directory doesn't exist, creating")
        os.makedirs(dev_root_path)
    if not os.path.isdir(dev_root_path):
-        print('Build root directory doesn\'t exist, creating')
+        print("Build root directory doesn't exist, creating")
        os.makedirs(build_root_path)
    # See: https://stackoverflow.com/a/20885799/1701505
    from stack_orchestrator import data
-    with importlib.resources.open_text(data, "npm-package-list.txt") as package_list_file:
+
    with importlib.resources.open_text(
        data, "npm-package-list.txt"
    ) as package_list_file:
        all_packages = package_list_file.read().splitlines()
    packages_in_scope = []
    if stack:
        stack_config = get_parsed_stack_config(stack)
        # TODO: syntax check the input here
-        packages_in_scope = stack_config['npms']
+        packages_in_scope = stack_config["npms"]
    else:
        packages_in_scope = all_packages
    if verbose:
-        print(f'Packages: {packages_in_scope}')
+        print(f"Packages: {packages_in_scope}")
    def build_package(package):
        if not quiet:
            print(f"Building npm package: {package}")
        repo_dir = package
        repo_full_path = os.path.join(dev_root_path, repo_dir)
-        # Copy the repo and build that to avoid propagating JS tooling file changes back into the cloned repo
+        # Copy the repo and build that to avoid propagating
        # JS tooling file changes back into the cloned repo
        repo_copy_path = os.path.join(build_root_path, repo_dir)
        # First delete any old build tree
        if os.path.isdir(repo_copy_path):
@ -116,41 +129,63 @@ def command(ctx, include, exclude, force_rebuild, extra_build_args):
            print(f"Copying build tree from: {repo_full_path} to: {repo_copy_path}")
        if not dry_run:
            copytree(repo_full_path, repo_copy_path)
-        build_command = ["sh", "-c", f"cd /workspace && build-npm-package-local-dependencies.sh {npm_registry_url}"]
+        build_command = [
            "sh",
            "-c",
            "cd /workspace && "
            f"build-npm-package-local-dependencies.sh {npm_registry_url}",
        ]
        if not dry_run:
            if verbose:
                print(f"Executing: {build_command}")
            # Originally we used the PEP 584 merge operator:
-            # envs = {"CERC_NPM_AUTH_TOKEN": npm_registry_url_token} | ({"CERC_SCRIPT_DEBUG": "true"} if debug else {})
+            # envs = {"CERC_NPM_AUTH_TOKEN": npm_registry_url_token} |
-            # but that isn't available in Python 3.8 (default in Ubuntu 20) so for now we use dict.update:
+            #        ({"CERC_SCRIPT_DEBUG": "true"} if debug else {})
-            envs = {"CERC_NPM_AUTH_TOKEN": npm_registry_url_token,
+            # but that isn't available in Python 3.8 (default in Ubuntu 20)
-                    "LACONIC_HOSTED_CONFIG_FILE": "config-hosted.yml"  # Convention used by our web app packages
+            # so for now we use dict.update:
            envs = {
                "CERC_NPM_AUTH_TOKEN": npm_registry_url_token,
                # Convention used by our web app packages
                "LACONIC_HOSTED_CONFIG_FILE": "config-hosted.yml",
            }
            envs.update({"CERC_SCRIPT_DEBUG": "true"} if debug else {})
            envs.update({"CERC_FORCE_REBUILD": "true"} if force_rebuild else {})
-            envs.update({"CERC_CONTAINER_EXTRA_BUILD_ARGS": extra_build_args} if extra_build_args else {})
+            envs.update(
                {"CERC_CONTAINER_EXTRA_BUILD_ARGS": extra_build_args}
                if extra_build_args
                else {}
            )
            try:
-                docker.run(builder_js_image_name,
+                docker.run(
                    builder_js_image_name,
                    remove=True,
                    interactive=True,
                    tty=True,
                    user=f"{os.getuid()}:{os.getgid()}",
                    envs=envs,
-                           # TODO: detect this host name in npm_registry_url rather than hard-wiring it
+                    # TODO: detect this host name in npm_registry_url
                    # rather than hard-wiring it
                    add_hosts=[("gitea.local", "host-gateway")],
                    volumes=[(repo_copy_path, "/workspace")],
-                           command=build_command
+                    command=build_command,
                )
-                # Note that although the docs say that build_result should contain
+                # Note that although the docs say that build_result should
-                # the command output as a string, in reality it is always the empty string.
+                # contain the command output as a string, in reality it is
-                # Since we detect errors via catching exceptions below, we can safely ignore it here.
+                # always the empty string. Since we detect errors via catching
                # exceptions below, we can safely ignore it here.
            except DockerException as e:
                print(f"Error executing build for {package} in container:\n {e}")
                if not continue_on_error:
-                    print("FATAL Error: build failed and --continue-on-error not set, exiting")
+                    print(
                        "FATAL Error: build failed and --continue-on-error "
                        "not set, exiting"
                    )
                    sys.exit(1)
                else:
-                    print("****** Build Error, continuing because --continue-on-error is set")
+                    print(
                        "****** Build Error, continuing because "
                        "--continue-on-error is set"
                    )
        else:
            print("Skipped")
@ -168,6 +203,12 @@ def _ensure_prerequisites():
    # Tell the user how to build it if not
    images = docker.image.list(builder_js_image_name)
    if len(images) == 0:
-        print(f"FATAL: builder image: {builder_js_image_name} is required but was not found")
+        print(
-        print("Please run this command to create it: laconic-so --stack build-support build-containers")
+            f"FATAL: builder image: {builder_js_image_name} is required "
            "but was not found"
        )
        print(
            "Please run this command to create it: "
            "laconic-so --stack build-support build-containers"
        )
        sys.exit(1)
--- a/stack_orchestrator/build/build_types.py
+++ b/stack_orchestrator/build/build_types.py
@ -26,4 +26,3 @@ class BuildContext:
    container_build_dir: Path
    container_build_env: Mapping[str, str]
    dev_root_path: str
--- a/stack_orchestrator/build/build_util.py
+++ b/stack_orchestrator/build/build_util.py
@ -20,21 +20,23 @@ from stack_orchestrator.util import get_parsed_stack_config, warn_exit
 def get_containers_in_scope(stack: str):
    containers_in_scope = []
    if stack:
        stack_config = get_parsed_stack_config(stack)
        if "containers" not in stack_config or stack_config["containers"] is None:
            warn_exit(f"stack {stack} does not define any containers")
-        containers_in_scope = stack_config['containers']
+        containers_in_scope = stack_config["containers"]
    else:
        # See: https://stackoverflow.com/a/20885799/1701505
        from stack_orchestrator import data
-        with importlib.resources.open_text(data, "container-image-list.txt") as container_list_file:
+
        with importlib.resources.open_text(
            data, "container-image-list.txt"
        ) as container_list_file:
            containers_in_scope = container_list_file.read().splitlines()
    if opts.o.verbose:
-        print(f'Containers: {containers_in_scope}')
+        print(f"Containers: {containers_in_scope}")
        if stack:
            print(f"Stack: {stack}")
--- a/stack_orchestrator/build/build_webapp.py
+++ b/stack_orchestrator/build/build_webapp.py
@ -18,7 +18,8 @@
 # env vars:
 # CERC_REPO_BASE_DIR defaults to ~/cerc
-# TODO: display the available list of containers; allow re-build of either all or specific containers
+# TODO: display the available list of containers;
 # allow re-build of either all or specific containers
 import os
 import sys
@ -32,40 +33,55 @@ from stack_orchestrator.build.build_types import BuildContext
@click.command()
-@click.option('--base-container')
+@click.option("--base-container")
-@click.option('--source-repo', help="directory containing the webapp to build", required=True)
+@click.option(
-@click.option("--force-rebuild", is_flag=True, default=False, help="Override dependency checking -- always rebuild")
+    "--source-repo", help="directory containing the webapp to build", required=True
 )
@click.option(
    "--force-rebuild",
    is_flag=True,
    default=False,
    help="Override dependency checking -- always rebuild",
 )
@click.option("--extra-build-args", help="Supply extra arguments to build")
@click.option("--tag", help="Container tag (default: cerc/<app_name>:local)")
@click.pass_context
 def command(ctx, base_container, source_repo, force_rebuild, extra_build_args, tag):
-    '''build the specified webapp container'''
+    """build the specified webapp container"""
    logger = TimedLogger()
    quiet = ctx.obj.quiet
    debug = ctx.obj.debug
    verbose = ctx.obj.verbose
    local_stack = ctx.obj.local_stack
    stack = ctx.obj.stack
-    # See: https://stackoverflow.com/questions/25389095/python-get-path-of-root-project-structure
+    # See: https://stackoverflow.com/questions/25389095/
-    container_build_dir = Path(__file__).absolute().parent.parent.joinpath("data", "container-build")
+    # python-get-path-of-root-project-structure
    container_build_dir = (
        Path(__file__).absolute().parent.parent.joinpath("data", "container-build")
    )
    if local_stack:
        dev_root_path = os.getcwd()[0 : os.getcwd().rindex("stack-orchestrator")]
-        logger.log(f'Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: {dev_root_path}')
+        logger.log(
            f"Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: "
            f"{dev_root_path}"
        )
    else:
-        dev_root_path = os.path.expanduser(config("CERC_REPO_BASE_DIR", default="~/cerc"))
+        dev_root_path = os.path.expanduser(
            config("CERC_REPO_BASE_DIR", default="~/cerc")
        )
    if verbose:
-        logger.log(f'Dev Root is: {dev_root_path}')
+        logger.log(f"Dev Root is: {dev_root_path}")
    if not base_container:
        base_container = determine_base_container(source_repo)
    # First build the base container.
-    container_build_env = build_containers.make_container_build_env(dev_root_path, container_build_dir, debug,
+    container_build_env = build_containers.make_container_build_env(
-                                                                    force_rebuild, extra_build_args)
+        dev_root_path, container_build_dir, debug, force_rebuild, extra_build_args
    )
    if verbose:
        logger.log(f"Building base container: {base_container}")
@ -85,12 +101,13 @@ def command(ctx, base_container, source_repo, force_rebuild, extra_build_args, t
    if verbose:
        logger.log(f"Base container {base_container} build finished.")
-    # Now build the target webapp.  We use the same build script, but with a different Dockerfile and work dir.
+    # Now build the target webapp. We use the same build script,
    # but with a different Dockerfile and work dir.
    container_build_env["CERC_WEBAPP_BUILD_RUNNING"] = "true"
    container_build_env["CERC_CONTAINER_BUILD_WORK_DIR"] = os.path.abspath(source_repo)
-    container_build_env["CERC_CONTAINER_BUILD_DOCKERFILE"] = os.path.join(container_build_dir,
+    container_build_env["CERC_CONTAINER_BUILD_DOCKERFILE"] = os.path.join(
-                                                                          base_container.replace("/", "-"),
+        container_build_dir, base_container.replace("/", "-"), "Dockerfile.webapp"
-                                                                          "Dockerfile.webapp")
+    )
    if not tag:
        webapp_name = os.path.abspath(source_repo).split(os.path.sep)[-1]
        tag = f"cerc/{webapp_name}:local"
--- a/stack_orchestrator/build/fetch_containers.py
+++ b/stack_orchestrator/build/fetch_containers.py
@ -52,7 +52,8 @@ def _local_tag_for(container: str):
 # See: https://docker-docs.uclv.cu/registry/spec/api/
 # Emulate this:
-# $ curl -u "my-username:my-token" -X GET "https://<container-registry-hostname>/v2/cerc-io/cerc/test-container/tags/list"
+# $ curl -u "my-username:my-token" -X GET \
 #   "https://<container-registry-hostname>/v2/cerc-io/cerc/test-container/tags/list"
 # {"name":"cerc-io/cerc/test-container","tags":["202402232130","202402232208"]}
 def _get_tags_for_container(container: str, registry_info: RegistryInfo) -> List[str]:
    # registry looks like: git.vdb.to/cerc-io
@ -60,7 +61,9 @@ def _get_tags_for_container(container: str, registry_info: RegistryInfo) -> List
    url = f"https://{registry_parts[0]}/v2/{registry_parts[1]}/{container}/tags/list"
    if opts.o.debug:
        print(f"Fetching tags from: {url}")
-    response = requests.get(url, auth=(registry_info.registry_username, registry_info.registry_token))
+    response = requests.get(
        url, auth=(registry_info.registry_username, registry_info.registry_token)
    )
    if response.status_code == 200:
        tag_info = response.json()
        if opts.o.debug:
@ -68,7 +71,10 @@ def _get_tags_for_container(container: str, registry_info: RegistryInfo) -> List
        tags_array = tag_info["tags"]
        return tags_array
    else:
-        error_exit(f"failed to fetch tags from image registry, status code: {response.status_code}")
+        error_exit(
            f"failed to fetch tags from image registry, "
            f"status code: {response.status_code}"
        )
 def _find_latest(candidate_tags: List[str]):
@ -79,9 +85,9 @@ def _find_latest(candidate_tags: List[str]):
    return sorted_candidates[-1]
-def _filter_for_platform(container: str, 
+def _filter_for_platform(
-                         registry_info: RegistryInfo,
+    container: str, registry_info: RegistryInfo, tag_list: List[str]
-                         tag_list: List[str]) -> List[str] :
+) -> List[str]:
    filtered_tags = []
    this_machine = platform.machine()
    # Translate between Python and docker platform names
@ -137,21 +143,44 @@ def _add_local_tag(remote_tag: str, registry: str, local_tag: str):
@click.command()
-@click.option('--include', help="only fetch these containers")
+@click.option("--include", help="only fetch these containers")
-@click.option('--exclude', help="don\'t fetch these containers")
+@click.option("--exclude", help="don't fetch these containers")
-@click.option("--force-local-overwrite", is_flag=True, default=False, help="Overwrite a locally built image, if present")
+@click.option(
-@click.option("--image-registry", required=True, help="Specify the image registry to fetch from")
+    "--force-local-overwrite",
-@click.option("--registry-username", required=True, help="Specify the image registry username")
+    is_flag=True,
-@click.option("--registry-token", required=True, help="Specify the image registry access token")
+    default=False,
    help="Overwrite a locally built image, if present",
 )
@click.option(
    "--image-registry", required=True, help="Specify the image registry to fetch from"
 )
@click.option(
    "--registry-username", required=True, help="Specify the image registry username"
 )
@click.option(
    "--registry-token", required=True, help="Specify the image registry access token"
 )
@click.pass_context
-def command(ctx, include, exclude, force_local_overwrite, image_registry, registry_username, registry_token):
+def command(
-    '''EXPERIMENTAL: fetch the images for a stack from remote registry'''
+    ctx,
    include,
    exclude,
    force_local_overwrite,
    image_registry,
    registry_username,
    registry_token,
 ):
    """EXPERIMENTAL: fetch the images for a stack from remote registry"""
    registry_info = RegistryInfo(image_registry, registry_username, registry_token)
    docker = DockerClient()
    if not opts.o.quiet:
        print("Logging into container registry:")
-    docker.login(registry_info.registry, registry_info.registry_username, registry_info.registry_token)
+    docker.login(
        registry_info.registry,
        registry_info.registry_username,
        registry_info.registry_token,
    )
    # Generate list of target containers
    stack = ctx.obj.stack
    containers_in_scope = get_containers_in_scope(stack)
@ -172,19 +201,24 @@ def command(ctx, include, exclude, force_local_overwrite, image_registry, regist
                print(f"Fetching: {image_to_fetch}")
            _fetch_image(image_to_fetch, registry_info)
            # Now check if the target container already exists exists locally already
-            if (_exists_locally(container)):
+            if _exists_locally(container):
                if not opts.o.quiet:
                    print(f"Container image {container} already exists locally")
                # if so, fail unless the user specified force-local-overwrite
-                if (force_local_overwrite):
+                if force_local_overwrite:
                    # In that case remove the existing :local tag
                    if not opts.o.quiet:
-                        print(f"Warning: overwriting local tag from this image: {container} because "
+                        print(
-                              "--force-local-overwrite was specified")
+                            f"Warning: overwriting local tag from this image: "
                            f"{container} because --force-local-overwrite was specified"
                        )
                else:
                    if not opts.o.quiet:
-                        print(f"Skipping local tagging for this image: {container} because that would "
+                        print(
-                              "overwrite an existing :local tagged image, use --force-local-overwrite to do so.")
+                            f"Skipping local tagging for this image: {container} "
                            "because that would overwrite an existing :local tagged "
                            "image, use --force-local-overwrite to do so."
                        )
                    continue
            # Tag the fetched image with the :local tag
            _add_local_tag(image_to_fetch, image_registry, local_tag)
@ -192,4 +226,7 @@ def command(ctx, include, exclude, force_local_overwrite, image_registry, regist
            if opts.o.verbose:
                print(f"Excluding: {container}")
    if not all_containers_found:
-        print("Warning: couldn't find usable images for one or more containers, this stack will not deploy")
+        print(
            "Warning: couldn't find usable images for one or more containers, "
            "this stack will not deploy"
        )
--- a/stack_orchestrator/constants.py
+++ b/stack_orchestrator/constants.py
@ -34,5 +34,13 @@ volumes_key = "volumes"
 security_key = "security"
 annotations_key = "annotations"
 labels_key = "labels"
 replicas_key = "replicas"
 node_affinities_key = "node-affinities"
 node_tolerations_key = "node-tolerations"
 kind_config_filename = "kind-config.yml"
 kube_config_filename = "kubeconfig.yml"
 cri_base_filename = "cri-base.json"
 unlimited_memlock_key = "unlimited-memlock"
 runtime_class_key = "runtime-class"
 high_memlock_runtime = "high-memlock"
 high_memlock_spec_filename = "high-memlock-spec.json"
--- a/stack_orchestrator/data/compose/docker-compose-laconicd.yml
+++ b/stack_orchestrator/data/compose/docker-compose-laconicd.yml
@ -14,4 +14,3 @@ services:
      - "9090"
      - "9091"
      - "1317"
--- a/stack_orchestrator/data/compose/docker-compose-mars.yml
+++ b/stack_orchestrator/data/compose/docker-compose-mars.yml
@ -17,4 +17,3 @@ services:
      - URL_NEUTRON_TEST_REST=https://rest-palvus.pion-1.ntrn.tech
      - URL_NEUTRON_TEST_RPC=https://rpc-palvus.pion-1.ntrn.tech
      - WALLET_CONNECT_ID=0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x
--- a/stack_orchestrator/data/config/fixturenet-laconicd/create-fixturenet.sh
+++ b/stack_orchestrator/data/config/fixturenet-laconicd/create-fixturenet.sh
@ -10,6 +10,7 @@ MONIKER="localtestnet"
 KEYRING="test"
 KEYALGO="secp256k1"
 LOGLEVEL="${LOGLEVEL:-info}"
 DENOM="alnt"
 if [ "$1" == "clean" ] || [ ! -d "$HOME/.laconicd/data/blockstore.db" ]; then
@ -33,7 +34,7 @@ if [ "$1" == "clean" ] || [ ! -d "$HOME/.laconicd/data/blockstore.db" ]; then
  laconicd keys add $KEY --keyring-backend $KEYRING --algo $KEYALGO
  # Set moniker and chain-id for Ethermint (Moniker can be anything, chain-id must be an integer)
-  laconicd init $MONIKER --chain-id $CHAINID --default-denom photon
+  laconicd init $MONIKER --chain-id $CHAINID --default-denom $DENOM
  update_genesis() {
    jq "$1" $HOME/.laconicd/config/genesis.json > $HOME/.laconicd/config/tmp_genesis.json &&
@ -89,10 +90,12 @@ if [ "$1" == "clean" ] || [ ! -d "$HOME/.laconicd/data/blockstore.db" ]; then
  fi
  # Allocate genesis accounts (cosmos formatted addresses)
-  laconicd genesis add-genesis-account $KEY 100000000000000000000000000photon --keyring-backend $KEYRING
+  # 10^30 alnt | 10^12 lnt
  laconicd genesis add-genesis-account $KEY 1000000000000000000000000000000$DENOM --keyring-backend $KEYRING
  # Sign genesis transaction
-  laconicd genesis gentx $KEY 1000000000000000000000photon --keyring-backend $KEYRING --chain-id $CHAINID
+  # 10^24 alnt | 10^6 lnt
  laconicd genesis gentx $KEY 1000000000000000000000000$DENOM --keyring-backend $KEYRING --chain-id $CHAINID
  # Collect genesis tx
  laconicd genesis collect-gentxs
@ -107,7 +110,7 @@ fi
 laconicd start \
  --pruning=nothing \
  --log_level $LOGLEVEL \
-  --minimum-gas-prices=0.0001photon \
+  --minimum-gas-prices=1$DENOM \
  --api.enable \
  --rpc.laddr="tcp://0.0.0.0:26657" \
  --gql-server --gql-playground
--- a/stack_orchestrator/data/config/fixturenet-laconicd/registry-cli-config-template.yml
+++ b/stack_orchestrator/data/config/fixturenet-laconicd/registry-cli-config-template.yml
@ -6,4 +6,4 @@ services:
    bondId:
    chainId: laconic_9000-1
    gas: 350000
-    fees: 200000photon
+    fees: 2000000alnt
--- a/stack_orchestrator/data/config/mainnet-blast/rollup.json
+++ b/stack_orchestrator/data/config/mainnet-blast/rollup.json
@ -29,4 +29,3 @@
    "l1_system_config_address": "0x5531dcff39ec1ec727c4c5d2fc49835368f805a9",
    "protocol_versions_address": "0x0000000000000000000000000000000000000000"
  }
--- a/stack_orchestrator/data/config/mainnet-eth-keycloak/scripts/keycloak-mirror/keycloak-mirror.py
+++ b/stack_orchestrator/data/config/mainnet-eth-keycloak/scripts/keycloak-mirror/keycloak-mirror.py
@ -12,7 +12,10 @@ from fabric import Connection
 def dump_src_db_to_file(db_host, db_port, db_user, db_password, db_name, file_name):
-    command = f"pg_dump -h {db_host} -p {db_port} -U {db_user} -d {db_name} -c --inserts -f {file_name}"
+    command = (
        f"pg_dump -h {db_host} -p {db_port} -U {db_user} "
        f"-d {db_name} -c --inserts -f {file_name}"
    )
    my_env = os.environ.copy()
    my_env["PGPASSWORD"] = db_password
    print(f"Exporting from {db_host}:{db_port}/{db_name} to {file_name}... ", end="")
--- a/stack_orchestrator/data/config/mainnet-go-opera/go-opera.env
+++ b/stack_orchestrator/data/config/mainnet-go-opera/go-opera.env
@ -1 +0,0 @@
--- a/stack_orchestrator/data/config/mainnet-laconicd/registry-cli-config-template.yml
+++ b/stack_orchestrator/data/config/mainnet-laconicd/registry-cli-config-template.yml
@ -6,4 +6,4 @@ services:
    bondId:
    chainId: laconic_9000-1
    gas: 250000
-    fees: 200000photon
+    fees: 2000000alnt
--- a/stack_orchestrator/data/config/mainnet-laconicd/scripts/run-laconicd.sh
+++ b/stack_orchestrator/data/config/mainnet-laconicd/scripts/run-laconicd.sh
@ -1,5 +1,5 @@
 #!/bin/sh
-if [[ -n "$CERC_SCRIPT_DEBUG" ]]; then
+if [ -n "$CERC_SCRIPT_DEBUG" ]; then
    set -x
 fi
@ -9,7 +9,7 @@ LOGLEVEL="info"
 laconicd start \
    --pruning=nothing \
    --log_level $LOGLEVEL \
-    --minimum-gas-prices=0.0001photon \
+    --minimum-gas-prices=1alnt \
    --api.enable \
    --gql-server \
    --gql-playground
--- a/stack_orchestrator/data/config/watcher-mobymask/mobymask-watcher-db.sql
+++ b/stack_orchestrator/data/config/watcher-mobymask/mobymask-watcher-db.sql
@ -940,4 +940,3 @@ ALTER TABLE ONLY public.state
 --
 -- PostgreSQL database dump complete
 --
--- a/stack_orchestrator/data/container-build/cerc-builder-gerbil/README.md
+++ b/stack_orchestrator/data/container-build/cerc-builder-gerbil/README.md
@ -18,4 +18,3 @@ root@7c4124bb09e3:/src#
 ```
 Now gerbil commands can be run.
--- a/stack_orchestrator/data/container-build/cerc-fixturenet-eth-genesis/genesis/accounts/mnemonic_to_csv.py
+++ b/stack_orchestrator/data/container-build/cerc-fixturenet-eth-genesis/genesis/accounts/mnemonic_to_csv.py
@ -11,6 +11,8 @@ if len(sys.argv) > 1:
 with open(testnet_config_path) as stream:
    data = yaml.safe_load(stream)
-for key, value in data['el_premine'].items():
+for key, value in data["el_premine"].items():
-    acct = w3.eth.account.from_mnemonic(data['mnemonic'], account_path=key, passphrase='')
+    acct = w3.eth.account.from_mnemonic(
        data["mnemonic"], account_path=key, passphrase=""
    )
    print("%s,%s,%s" % (key, acct.address, acct.key.hex()))
--- a/stack_orchestrator/data/container-build/cerc-laconic-registry-cli/create-demo-records.sh
+++ b/stack_orchestrator/data/container-build/cerc-laconic-registry-cli/create-demo-records.sh
@ -14,7 +14,7 @@ funds_balance=$(echo ${funds_response} | jq -r ".[0].balance[0].quantity")
 echo "Balance is: ${funds_balance}"
 # Create a bond
-bond_create_result=$(${registry_command} bond create --type photon --quantity 1000000000)
+bond_create_result=$(${registry_command} bond create --type alnt --quantity 1000000000)
 bond_id=$(echo ${bond_create_result} | jq -r .bondId)
 echo "Created bond with id: ${bond_id}"
--- a/stack_orchestrator/data/container-build/cerc-nextjs-base/scripts/build-app.sh
+++ b/stack_orchestrator/data/container-build/cerc-nextjs-base/scripts/build-app.sh
@ -26,8 +26,14 @@ fi
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 WORK_DIR="${1:-/app}"
 if [ -f "${WORK_DIR}/build-webapp.sh" ]; then
  echo "Building webapp with ${WORK_DIR}/build-webapp.sh ..."
 cd "${WORK_DIR}" || exit 1
  ./build-webapp.sh || exit 1
  exit 0
 fi
 if [ -f "next.config.mjs" ]; then
  NEXT_CONFIG_JS="next.config.mjs"
  IMPORT_OR_REQUIRE="import"
--- a/stack_orchestrator/data/container-build/cerc-nextjs-base/scripts/start-serving-app.sh
+++ b/stack_orchestrator/data/container-build/cerc-nextjs-base/scripts/start-serving-app.sh
@ -30,6 +30,13 @@ fi
 CERC_WEBAPP_FILES_DIR="${CERC_WEBAPP_FILES_DIR:-/app}"
 cd "$CERC_WEBAPP_FILES_DIR"
 if [ -f "./run-webapp.sh" ]; then
  echo "Running webapp with run-webapp.sh ..."
  cd "${WORK_DIR}" || exit 1
  ./run-webapp.sh &
  tpid=$!
  wait $tpid
 else
  "$SCRIPT_DIR/apply-runtime-env.sh" "`pwd`" .next .next-r
  mv .next .next.old
  mv .next-r/.next .
@ -63,3 +70,4 @@ if [ "$CERC_NEXTJS_SKIP_GENERATE" != "true" ]; then
  fi
  $CERC_BUILD_TOOL start . -- -p ${CERC_LISTEN_PORT:-80}
 fi
--- a/stack_orchestrator/data/container-build/cerc-ping-pub/Dockerfile.base
+++ b/stack_orchestrator/data/container-build/cerc-ping-pub/Dockerfile.base
@ -5,4 +5,3 @@ WORKDIR /app
 COPY . .
 RUN yarn
--- a/stack_orchestrator/data/container-build/cerc-ping-pub/build.sh
+++ b/stack_orchestrator/data/container-build/cerc-ping-pub/build.sh
@ -4,5 +4,9 @@ source ${CERC_CONTAINER_BASE_DIR}/build-base.sh
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 # Two-stage build is to allow us to pick up both the upstream repo's files, and local files here for config
-docker build -t cerc/ping-pub-base:local ${build_command_args} -f $SCRIPT_DIR/Dockerfile.base $CERC_REPO_BASE_DIR/explorer
+docker build -t cerc/ping-pub-base:local ${build_command_args} -f $SCRIPT_DIR/Dockerfile.base $CERC_REPO_BASE_DIR/cosmos-explorer
 if [[ $? -ne 0 ]]; then
    echo "FATAL: Base container build failed, exiting"
    exit 1
 fi
 docker build -t cerc/ping-pub:local ${build_command_args} -f $SCRIPT_DIR/Dockerfile $SCRIPT_DIR
--- a/stack_orchestrator/data/container-build/cerc-ping-pub/config/laconic-chaindata-template.json
+++ b/stack_orchestrator/data/container-build/cerc-ping-pub/config/laconic-chaindata-template.json
@ -7,15 +7,15 @@
    "rpc": [
        {"provider": "LX-tendermint-rpc", "address": "LACONIC_LACONICD_RPC_URL"}
    ],
-    "sdk_version": "0.45.1",
+    "sdk_version": "0.50.3",
    "coin_type": "118",
    "min_tx_fee": "800",
-    "addr_prefix": "ethm",
+    "addr_prefix": "laconic",
    "logo": "/logos/cosmos.svg",
    "assets": [{
-        "base": "photon",
+        "base": "alnt",
        "symbol": "LNT",
-        "exponent": "6",
+        "exponent": "18",
        "coingecko_id": "cosmos",
        "logo": "/logos/cosmos.svg"
    }]
--- a/stack_orchestrator/data/k8s/components/ingress/ingress-caddy-kind-deploy.yaml
+++ b/stack_orchestrator/data/k8s/components/ingress/ingress-caddy-kind-deploy.yaml
@ -0,0 +1,260 @@
 # Caddy Ingress Controller for kind
 # Based on: https://github.com/caddyserver/ingress
 # Provides automatic HTTPS with Let's Encrypt
 apiVersion: v1
 kind: Namespace
 metadata:
  name: caddy-system
  labels:
    app.kubernetes.io/name: caddy-ingress-controller
    app.kubernetes.io/instance: caddy-ingress
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: caddy-ingress-controller
  namespace: caddy-system
  labels:
    app.kubernetes.io/name: caddy-ingress-controller
    app.kubernetes.io/instance: caddy-ingress
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: caddy-ingress-controller
  labels:
    app.kubernetes.io/name: caddy-ingress-controller
    app.kubernetes.io/instance: caddy-ingress
 rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - namespaces
      - services
    verbs:
      - list
      - watch
      - get
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - list
      - watch
      - get
      - create
      - update
      - delete
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - get
      - create
      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: caddy-ingress-controller
  labels:
    app.kubernetes.io/name: caddy-ingress-controller
    app.kubernetes.io/instance: caddy-ingress
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: caddy-ingress-controller
 subjects:
  - kind: ServiceAccount
    name: caddy-ingress-controller
    namespace: caddy-system
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: caddy-ingress-controller-configmap
  namespace: caddy-system
  labels:
    app.kubernetes.io/name: caddy-ingress-controller
    app.kubernetes.io/instance: caddy-ingress
 data:
  # Caddy global options
  acmeCA: "https://acme-v02.api.letsencrypt.org/directory"
  email: ""
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: caddy-ingress-controller
  namespace: caddy-system
  labels:
    app.kubernetes.io/name: caddy-ingress-controller
    app.kubernetes.io/instance: caddy-ingress
    app.kubernetes.io/component: controller
 spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: http
      protocol: TCP
    - name: https
      port: 443
      targetPort: https
      protocol: TCP
  selector:
    app.kubernetes.io/name: caddy-ingress-controller
    app.kubernetes.io/instance: caddy-ingress
    app.kubernetes.io/component: controller
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: caddy-ingress-controller
  namespace: caddy-system
  labels:
    app.kubernetes.io/name: caddy-ingress-controller
    app.kubernetes.io/instance: caddy-ingress
    app.kubernetes.io/component: controller
 spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: caddy-ingress-controller
      app.kubernetes.io/instance: caddy-ingress
      app.kubernetes.io/component: controller
  template:
    metadata:
      labels:
        app.kubernetes.io/name: caddy-ingress-controller
        app.kubernetes.io/instance: caddy-ingress
        app.kubernetes.io/component: controller
    spec:
      serviceAccountName: caddy-ingress-controller
      terminationGracePeriodSeconds: 60
      nodeSelector:
        ingress-ready: "true"
        kubernetes.io/os: linux
      tolerations:
        - effect: NoSchedule
          key: node-role.kubernetes.io/master
          operator: Equal
        - effect: NoSchedule
          key: node-role.kubernetes.io/control-plane
          operator: Equal
      containers:
        - name: caddy-ingress-controller
          image: caddy/ingress:latest
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
              containerPort: 80
              hostPort: 80
              protocol: TCP
            - name: https
              containerPort: 443
              hostPort: 443
              protocol: TCP
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          args:
            - -config-map=caddy-system/caddy-ingress-controller-configmap
            - -class-name=caddy
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 1000m
              memory: 512Mi
          readinessProbe:
            httpGet:
              path: /healthz
              port: 9765
            initialDelaySeconds: 3
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /healthz
              port: 9765
            initialDelaySeconds: 3
            periodSeconds: 10
          securityContext:
            allowPrivilegeEscalation: true
            capabilities:
              add:
                - NET_BIND_SERVICE
              drop:
                - ALL
            runAsUser: 0
            runAsGroup: 0
          volumeMounts:
            - name: caddy-data
              mountPath: /data
            - name: caddy-config
              mountPath: /config
      volumes:
        - name: caddy-data
          emptyDir: {}
        - name: caddy-config
          emptyDir: {}
 ---
 apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata:
  name: caddy
  labels:
    app.kubernetes.io/name: caddy-ingress-controller
    app.kubernetes.io/instance: caddy-ingress
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
 spec:
  controller: caddy.io/ingress-controller
--- a/stack_orchestrator/data/stacks/fixturenet-blast/stack.yml
+++ b/stack_orchestrator/data/stacks/fixturenet-blast/stack.yml
@ -14,4 +14,3 @@ containers:
 pods:
  - fixturenet-blast
  - foundry
--- a/stack_orchestrator/data/stacks/fixturenet-eth-loaded/README.md
+++ b/stack_orchestrator/data/stacks/fixturenet-eth-loaded/README.md
@ -3,4 +3,3 @@
 A "loaded" version of fixturenet-eth, with all the bells and whistles enabled.
 TODO: write me
--- a/stack_orchestrator/data/stacks/fixturenet-laconic-loaded/README.md
+++ b/stack_orchestrator/data/stacks/fixturenet-laconic-loaded/README.md
@ -64,5 +64,6 @@ $ laconic-so --stack fixturenet-laconic-loaded deploy exec cli ./scripts/create-
 Balance is: 99998999999999998999600000
 Created bond with id: dd88e8d6f9567b32b28e70552aea4419c5dd3307ebae85a284d1fe38904e301a
 Published demo-record-1.yml with id: bafyreierh3xnfivexlscdwubvczmddsnf46uytyfvrbdhkjzztvsz6ruly
 ...
 ```
-The published record should be visible in the console.
+The published records should be visible in the console.
--- a/stack_orchestrator/data/stacks/fixturenet-laconic-loaded/stack.yml
+++ b/stack_orchestrator/data/stacks/fixturenet-laconic-loaded/stack.yml
@ -30,4 +30,3 @@ config:
  cli:
    key: laconicd.mykey
    address: laconicd.myaddress
--- a/stack_orchestrator/data/stacks/fixturenet-optimism/deploy/commands.py
+++ b/stack_orchestrator/data/stacks/fixturenet-optimism/deploy/commands.py
@ -14,26 +14,25 @@
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 from stack_orchestrator.deploy.deployment_context import DeploymentContext
 from ruamel.yaml import YAML
 def create(context: DeploymentContext, extra_args):
-    # Slightly modify the base fixturenet-eth compose file to replace the startup script for fixturenet-eth-geth-1
+    # Slightly modify the base fixturenet-eth compose file to replace the
-    # We need to start geth with the flag to allow non eip-155 compliant transactions in order to publish the
+    # startup script for fixturenet-eth-geth-1
-    # deterministic-deployment-proxy contract, which itself is a prereq for Optimism contract deployment
+    # We need to start geth with the flag to allow non eip-155 compliant
-    fixturenet_eth_compose_file = context.deployment_dir.joinpath('compose', 'docker-compose-fixturenet-eth.yml')
+    # transactions in order to publish the
    # deterministic-deployment-proxy contract, which itself is a prereq for
    # Optimism contract deployment
    fixturenet_eth_compose_file = context.deployment_dir.joinpath(
        "compose", "docker-compose-fixturenet-eth.yml"
    )
-    with open(fixturenet_eth_compose_file, 'r') as yaml_file:
+    new_script = "../config/fixturenet-optimism/run-geth.sh:/opt/testnet/run.sh"
        yaml = YAML()
        yaml_data = yaml.load(yaml_file)
-    new_script = '../config/fixturenet-optimism/run-geth.sh:/opt/testnet/run.sh'
+    def add_geth_volume(yaml_data):
        if new_script not in yaml_data["services"]["fixturenet-eth-geth-1"]["volumes"]:
            yaml_data["services"]["fixturenet-eth-geth-1"]["volumes"].append(new_script)
-    if new_script not in yaml_data['services']['fixturenet-eth-geth-1']['volumes']:
+    context.modify_yaml(fixturenet_eth_compose_file, add_geth_volume)
        yaml_data['services']['fixturenet-eth-geth-1']['volumes'].append(new_script)
    with open(fixturenet_eth_compose_file, 'w') as yaml_file:
        yaml = YAML()
        yaml.dump(yaml_data, yaml_file)
    return None
--- a/stack_orchestrator/data/stacks/mainnet-blast/deploy/commands.py
+++ b/stack_orchestrator/data/stacks/mainnet-blast/deploy/commands.py
@ -22,18 +22,24 @@ import yaml
 def create(context, extra_args):
    # Our goal here is just to copy the json files for blast
    yml_path = context.deployment_dir.joinpath("spec.yml")
-    with open(yml_path, 'r') as file:
+    with open(yml_path, "r") as file:
        data = yaml.safe_load(file)
-    mount_point = data['volumes']['blast-data']
+    mount_point = data["volumes"]["blast-data"]
    if mount_point[0] == "/":
        deploy_dir = Path(mount_point)
    else:
        deploy_dir = context.deployment_dir.joinpath(mount_point)
    command_context = extra_args[2]
-    compose_file = [f for f in command_context.cluster_context.compose_files if "mainnet-blast" in f][0]
+    compose_file = [
-    source_config_file = Path(compose_file).parent.parent.joinpath("config", "mainnet-blast", "genesis.json")
+        f for f in command_context.cluster_context.compose_files if "mainnet-blast" in f
    ][0]
    source_config_file = Path(compose_file).parent.parent.joinpath(
        "config", "mainnet-blast", "genesis.json"
    )
    copy(source_config_file, deploy_dir)
-    source_config_file = Path(compose_file).parent.parent.joinpath("config", "mainnet-blast", "rollup.json")
+    source_config_file = Path(compose_file).parent.parent.joinpath(
        "config", "mainnet-blast", "rollup.json"
    )
    copy(source_config_file, deploy_dir)
--- a/stack_orchestrator/data/stacks/mainnet-eth-plugeth/deploy/commands.py
+++ b/stack_orchestrator/data/stacks/mainnet-eth-plugeth/deploy/commands.py
@ -27,6 +27,8 @@ def setup(ctx):
 def create(ctx, extra_args):
    # Generate the JWT secret and save to its config file
    secret = token_hex(32)
-    jwt_file_path = ctx.deployment_dir.joinpath("data", "mainnet_eth_plugeth_config_data", "jwtsecret")
+    jwt_file_path = ctx.deployment_dir.joinpath(
-    with open(jwt_file_path, 'w+') as jwt_file:
+        "data", "mainnet_eth_plugeth_config_data", "jwtsecret"
    )
    with open(jwt_file_path, "w+") as jwt_file:
        jwt_file.write(secret)
--- a/stack_orchestrator/data/stacks/mainnet-eth/deploy/commands.py
+++ b/stack_orchestrator/data/stacks/mainnet-eth/deploy/commands.py
@ -27,6 +27,8 @@ def setup(ctx):
 def create(ctx, extra_args):
    # Generate the JWT secret and save to its config file
    secret = token_hex(32)
-    jwt_file_path = ctx.deployment_dir.joinpath("data", "mainnet_eth_config_data", "jwtsecret")
+    jwt_file_path = ctx.deployment_dir.joinpath(
-    with open(jwt_file_path, 'w+') as jwt_file:
+        "data", "mainnet_eth_config_data", "jwtsecret"
    )
    with open(jwt_file_path, "w+") as jwt_file:
        jwt_file.write(secret)
--- a/stack_orchestrator/data/stacks/mainnet-laconic/README.md
+++ b/stack_orchestrator/data/stacks/mainnet-laconic/README.md
@ -1,2 +1 @@
 # Laconic Mainnet Deployment (experimental)
--- a/stack_orchestrator/data/stacks/mainnet-laconic/deploy/commands.py
+++ b/stack_orchestrator/data/stacks/mainnet-laconic/deploy/commands.py
@ -14,7 +14,10 @@
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 from stack_orchestrator.util import get_yaml
-from stack_orchestrator.deploy.deploy_types import DeployCommandContext, LaconicStackSetupCommand
+from stack_orchestrator.deploy.deploy_types import (
    DeployCommandContext,
    LaconicStackSetupCommand,
 )
 from stack_orchestrator.deploy.deployment_context import DeploymentContext
 from stack_orchestrator.deploy.stack_state import State
 from stack_orchestrator.deploy.deploy_util import VolumeMapping, run_container_command
@ -22,7 +25,6 @@ from stack_orchestrator.opts import opts
 from enum import Enum
 from pathlib import Path
 from shutil import copyfile, copytree
 import json
 import os
 import sys
 import tomli
@ -34,8 +36,9 @@ default_spec_file_content = ""
 class SetupPhase(Enum):
    INITIALIZE = 1
    JOIN = 2
-    CREATE = 3
+    CONNECT = 3
-    ILLEGAL = 3
+    CREATE = 4
    ILLEGAL = 5
 def _client_toml_path(network_dir: Path):
@ -62,36 +65,25 @@ def _get_node_moniker_from_config(network_dir: Path):
    return moniker
 def _get_node_key_from_gentx(gentx_file_name: str):
    gentx_file_path = Path(gentx_file_name)
    if gentx_file_path.exists():
        with open(Path(gentx_file_name), "rb") as f:
            parsed_json = json.load(f)
            return parsed_json['body']['messages'][0]['delegator_address']
    else:
        print(f"Error: gentx file: {gentx_file_name} does not exist")
        sys.exit(1)
 def _comma_delimited_to_list(list_str: str):
    return list_str.split(",") if list_str else []
-def _get_node_keys_from_gentx_files(gentx_file_list: str):
+def _get_node_keys_from_gentx_files(gentx_address_list: str):
-    node_keys = []
+    gentx_addresses = _comma_delimited_to_list(gentx_address_list)
-    gentx_files = _comma_delimited_to_list(gentx_file_list)
+    return gentx_addresses
    for gentx_file in gentx_files:
        node_key = _get_node_key_from_gentx(gentx_file)
        if node_key:
            node_keys.append(node_key)
    return node_keys
 def _copy_gentx_files(network_dir: Path, gentx_file_list: str):
    gentx_files = _comma_delimited_to_list(gentx_file_list)
    for gentx_file in gentx_files:
        gentx_file_path = Path(gentx_file)
-        copyfile(gentx_file_path, os.path.join(network_dir, "config", "gentx", os.path.basename(gentx_file_path)))
+        copyfile(
            gentx_file_path,
            os.path.join(
                network_dir, "config", "gentx", os.path.basename(gentx_file_path)
            ),
        )
 def _remove_persistent_peers(network_dir: Path):
@ -102,8 +94,13 @@ def _remove_persistent_peers(network_dir: Path):
    with open(config_file_path, "r") as input_file:
        config_file_content = input_file.read()
        persistent_peers_pattern = '^persistent_peers = "(.+?)"'
-        replace_with = "persistent_peers = \"\""
+        replace_with = 'persistent_peers = ""'
-        config_file_content = re.sub(persistent_peers_pattern, replace_with, config_file_content, flags=re.MULTILINE)
+        config_file_content = re.sub(
            persistent_peers_pattern,
            replace_with,
            config_file_content,
            flags=re.MULTILINE,
        )
    with open(config_file_path, "w") as output_file:
        output_file.write(config_file_content)
@ -116,8 +113,13 @@ def _insert_persistent_peers(config_dir: Path, new_persistent_peers: str):
    with open(config_file_path, "r") as input_file:
        config_file_content = input_file.read()
        persistent_peers_pattern = r'^persistent_peers = ""'
-        replace_with = f"persistent_peers = \"{new_persistent_peers}\""
+        replace_with = f'persistent_peers = "{new_persistent_peers}"'
-        config_file_content = re.sub(persistent_peers_pattern, replace_with, config_file_content, flags=re.MULTILINE)
+        config_file_content = re.sub(
            persistent_peers_pattern,
            replace_with,
            config_file_content,
            flags=re.MULTILINE,
        )
    with open(config_file_path, "w") as output_file:
        output_file.write(config_file_content)
@ -129,9 +131,11 @@ def _enable_cors(config_dir: Path):
        sys.exit(1)
    with open(config_file_path, "r") as input_file:
        config_file_content = input_file.read()
-        cors_pattern = r'^cors_allowed_origins = \[]'
+        cors_pattern = r"^cors_allowed_origins = \[]"
        replace_with = 'cors_allowed_origins = ["*"]'
-        config_file_content = re.sub(cors_pattern, replace_with, config_file_content, flags=re.MULTILINE)
+        config_file_content = re.sub(
            cors_pattern, replace_with, config_file_content, flags=re.MULTILINE
        )
    with open(config_file_path, "w") as output_file:
        output_file.write(config_file_content)
    app_file_path = config_dir.joinpath("app.toml")
@ -140,9 +144,46 @@ def _enable_cors(config_dir: Path):
        sys.exit(1)
    with open(app_file_path, "r") as input_file:
        app_file_content = input_file.read()
-        cors_pattern = r'^enabled-unsafe-cors = false'
+        cors_pattern = r"^enabled-unsafe-cors = false"
        replace_with = "enabled-unsafe-cors = true"
-        app_file_content = re.sub(cors_pattern, replace_with, app_file_content, flags=re.MULTILINE)
+        app_file_content = re.sub(
            cors_pattern, replace_with, app_file_content, flags=re.MULTILINE
        )
    with open(app_file_path, "w") as output_file:
        output_file.write(app_file_content)
 def _set_listen_address(config_dir: Path):
    config_file_path = config_dir.joinpath("config.toml")
    if not config_file_path.exists():
        print("Error: config.toml not found")
        sys.exit(1)
    with open(config_file_path, "r") as input_file:
        config_file_content = input_file.read()
        existing_pattern = r'^laddr = "tcp://127.0.0.1:26657"'
        replace_with = 'laddr = "tcp://0.0.0.0:26657"'
        print(f"Replacing in: {config_file_path}")
        config_file_content = re.sub(
            existing_pattern, replace_with, config_file_content, flags=re.MULTILINE
        )
    with open(config_file_path, "w") as output_file:
        output_file.write(config_file_content)
    app_file_path = config_dir.joinpath("app.toml")
    if not app_file_path.exists():
        print("Error: app.toml not found")
        sys.exit(1)
    with open(app_file_path, "r") as input_file:
        app_file_content = input_file.read()
        existing_pattern1 = r'^address = "tcp://localhost:1317"'
        replace_with1 = 'address = "tcp://0.0.0.0:1317"'
        app_file_content = re.sub(
            existing_pattern1, replace_with1, app_file_content, flags=re.MULTILINE
        )
        existing_pattern2 = r'^address = "localhost:9090"'
        replace_with2 = 'address = "0.0.0.0:9090"'
        app_file_content = re.sub(
            existing_pattern2, replace_with2, app_file_content, flags=re.MULTILINE
        )
    with open(app_file_path, "w") as output_file:
        output_file.write(app_file_content)
@ -151,7 +192,10 @@ def _phase_from_params(parameters):
    phase = SetupPhase.ILLEGAL
    if parameters.initialize_network:
        if parameters.join_network or parameters.create_network:
-            print("Can't supply --join-network or --create-network with --initialize-network")
+            print(
                "Can't supply --join-network or --create-network "
                "with --initialize-network"
            )
            sys.exit(1)
        if not parameters.chain_id:
            print("--chain-id is required")
@ -163,22 +207,39 @@ def _phase_from_params(parameters):
        phase = SetupPhase.INITIALIZE
    elif parameters.join_network:
        if parameters.initialize_network or parameters.create_network:
-            print("Can't supply --initialize-network or --create-network with --join-network")
+            print(
                "Can't supply --initialize-network or --create-network "
                "with --join-network"
            )
            sys.exit(1)
        phase = SetupPhase.JOIN
    elif parameters.create_network:
        if parameters.initialize_network or parameters.join_network:
-            print("Can't supply --initialize-network or --join-network with --create-network")
+            print(
                "Can't supply --initialize-network or --join-network "
                "with --create-network"
            )
            sys.exit(1)
        phase = SetupPhase.CREATE
    elif parameters.connect_network:
        if parameters.initialize_network or parameters.join_network:
            print(
                "Can't supply --initialize-network or --join-network "
                "with --connect-network"
            )
            sys.exit(1)
        phase = SetupPhase.CONNECT
    return phase
-def setup(command_context: DeployCommandContext, parameters: LaconicStackSetupCommand, extra_args):
+def setup(
-
+    command_context: DeployCommandContext,
    parameters: LaconicStackSetupCommand,
    extra_args,
 ):
    options = opts.o
-    currency = "stake"  # Does this need to be a parameter?
+    currency = "alnt"  # Does this need to be a parameter?
    if options.debug:
        print(f"parameters: {parameters}")
@ -187,12 +248,9 @@ def setup(command_context: DeployCommandContext, parameters: LaconicStackSetupCo
    network_dir = Path(parameters.network_dir).absolute()
    laconicd_home_path_in_container = "/laconicd-home"
-    mounts = [
+    mounts = [VolumeMapping(str(network_dir), laconicd_home_path_in_container)]
        VolumeMapping(network_dir, laconicd_home_path_in_container)
    ]
    if phase == SetupPhase.INITIALIZE:
        # We want to create the directory so if it exists that's an error
        if os.path.exists(network_dir):
            print(f"Error: network directory {network_dir} already exists")
@ -202,12 +260,18 @@ def setup(command_context: DeployCommandContext, parameters: LaconicStackSetupCo
        output, status = run_container_command(
            command_context,
-            "laconicd", f"laconicd init {parameters.node_moniker} --home {laconicd_home_path_in_container}\
+            "laconicd",
-                --chain-id {parameters.chain_id}", mounts)
+            f"laconicd init {parameters.node_moniker} "
            f"--home {laconicd_home_path_in_container} "
            f"--chain-id {parameters.chain_id} --default-denom {currency}",
            mounts,
        )
        if options.debug:
            print(f"Command output: {output}")
    elif phase == SetupPhase.JOIN:
        # In the join phase (alternative to connect) we are participating in a
        # genesis ceremony for the chain
        if not os.path.exists(network_dir):
            print(f"Error: network directory {network_dir} doesn't exist")
            sys.exit(1)
@ -215,76 +279,147 @@ def setup(command_context: DeployCommandContext, parameters: LaconicStackSetupCo
        chain_id = _get_chain_id_from_config(network_dir)
        output1, status1 = run_container_command(
-            command_context, "laconicd", f"laconicd keys add {parameters.key_name} --home {laconicd_home_path_in_container}\
+            command_context,
-                --keyring-backend test", mounts)
+            "laconicd",
            f"laconicd keys add {parameters.key_name} "
            f"--home {laconicd_home_path_in_container} --keyring-backend test",
            mounts,
        )
        if options.debug:
            print(f"Command output: {output1}")
        output2, status2 = run_container_command(
            command_context,
            "laconicd",
-            f"laconicd add-genesis-account {parameters.key_name} 12900000000000000000000{currency}\
+            f"laconicd genesis add-genesis-account {parameters.key_name} "
-                --home {laconicd_home_path_in_container} --keyring-backend test",
+            f"12900000000000000000000{currency} "
-            mounts)
+            f"--home {laconicd_home_path_in_container} --keyring-backend test",
            mounts,
        )
        if options.debug:
            print(f"Command output: {output2}")
        output3, status3 = run_container_command(
            command_context,
            "laconicd",
-            f"laconicd gentx  {parameters.key_name} 90000000000{currency} --home {laconicd_home_path_in_container}\
+            f"laconicd genesis gentx {parameters.key_name} "
-                --chain-id {chain_id} --keyring-backend test",
+            f"90000000000{currency} --home {laconicd_home_path_in_container} "
-            mounts)
+            f"--chain-id {chain_id} --keyring-backend test",
            mounts,
        )
        if options.debug:
            print(f"Command output: {output3}")
        output4, status4 = run_container_command(
            command_context,
            "laconicd",
-            f"laconicd keys show  {parameters.key_name} -a --home {laconicd_home_path_in_container} --keyring-backend test",
+            f"laconicd keys show {parameters.key_name} -a "
-            mounts)
+            f"--home {laconicd_home_path_in_container} --keyring-backend test",
-        print(f"Node validator address: {output4}")
+            mounts,
        )
        print(f"Node account address: {output4}")
    elif phase == SetupPhase.CONNECT:
        # In the connect phase (named to not conflict with join) we are
        # making a node that syncs a chain with existing genesis.json
        # but not with validator role. We need this kind of node in order to
        # bootstrap it into a validator after it syncs
        output1, status1 = run_container_command(
            command_context,
            "laconicd",
            f"laconicd keys add {parameters.key_name} "
            f"--home {laconicd_home_path_in_container} --keyring-backend test",
            mounts,
        )
        if options.debug:
            print(f"Command output: {output1}")
        output2, status2 = run_container_command(
            command_context,
            "laconicd",
            f"laconicd keys show {parameters.key_name} -a "
            f"--home {laconicd_home_path_in_container} --keyring-backend test",
            mounts,
        )
        print(f"Node account address: {output2}")
        output3, status3 = run_container_command(
            command_context,
            "laconicd",
            f"laconicd cometbft show-validator "
            f"--home {laconicd_home_path_in_container}",
            mounts,
        )
        print(f"Node validator address: {output3}")
    elif phase == SetupPhase.CREATE:
        if not os.path.exists(network_dir):
            print(f"Error: network directory {network_dir} doesn't exist")
            sys.exit(1)
-        # In the CREATE phase, we are either a "coordinator" node, generating the genesis.json file ourselves
+        # In the CREATE phase, we are either a "coordinator" node,
-        # OR we are a "not-coordinator" node, consuming a genesis file we got from the coordinator node.
+        # generating the genesis.json file ourselves
        # OR we are a "not-coordinator" node, consuming a genesis file from
        # the coordinator node.
        if parameters.genesis_file:
            # We got the genesis file from elsewhere
            # Copy it into our network dir
            genesis_file_path = Path(parameters.genesis_file)
            if not os.path.exists(genesis_file_path):
-                print(f"Error: supplied genesis file: {parameters.genesis_file} does not exist.")
+                print(
                    f"Error: supplied genesis file: {parameters.genesis_file} "
                    "does not exist."
                )
                sys.exit(1)
-            copyfile(genesis_file_path, os.path.join(network_dir, "config", os.path.basename(genesis_file_path)))
+            copyfile(
                genesis_file_path,
                os.path.join(
                    network_dir, "config", os.path.basename(genesis_file_path)
                ),
            )
        else:
            # We're generating the genesis file
            if not parameters.gentx_file_list:
                print("Error: --gentx-files must be supplied")
                sys.exit(1)
            # First look in the supplied gentx files for the other nodes' keys
-            other_node_keys = _get_node_keys_from_gentx_files(parameters.gentx_file_list)
+            other_node_keys = _get_node_keys_from_gentx_files(
                parameters.gentx_address_list
            )
            # Add those keys to our genesis, with balances we determine here (why?)
            outputk = None
            for other_node_key in other_node_keys:
                outputk, statusk = run_container_command(
-                    command_context, "laconicd", f"laconicd add-genesis-account {other_node_key} 12900000000000000000000{currency}\
+                    command_context,
-                        --home {laconicd_home_path_in_container} --keyring-backend test", mounts)
+                    "laconicd",
-            if options.debug:
+                    f"laconicd genesis add-genesis-account {other_node_key} "
                    f"12900000000000000000000{currency} "
                    f"--home {laconicd_home_path_in_container} "
                    "--keyring-backend test",
                    mounts,
                )
            if options.debug and outputk is not None:
                print(f"Command output: {outputk}")
            # Copy the gentx json files into our network dir
            _copy_gentx_files(network_dir, parameters.gentx_file_list)
            # Now we can run collect-gentxs
            output1, status1 = run_container_command(
-                command_context, "laconicd", f"laconicd collect-gentxs --home {laconicd_home_path_in_container}", mounts)
+                command_context,
                "laconicd",
                f"laconicd genesis collect-gentxs "
                f"--home {laconicd_home_path_in_container}",
                mounts,
            )
            if options.debug:
                print(f"Command output: {output1}")
-            print(f"Generated genesis file, please copy to other nodes as required: \
+            genesis_path = os.path.join(network_dir, "config", "genesis.json")
-                {os.path.join(network_dir, 'config', 'genesis.json')}")
+            print(
-            # Last thing, collect-gentxs puts a likely bogus set of persistent_peers in config.toml so we remove that now
+                f"Generated genesis file, please copy to other nodes "
                f"as required: {genesis_path}"
            )
            # Last thing, collect-gentxs puts a likely bogus set of persistent_peers
            # in config.toml so we remove that now
            _remove_persistent_peers(network_dir)
        # In both cases we validate the genesis file now
        output2, status1 = run_container_command(
-            command_context, "laconicd", f"laconicd validate-genesis --home {laconicd_home_path_in_container}", mounts)
+            command_context,
            "laconicd",
            f"laconicd genesis validate-genesis "
            f"--home {laconicd_home_path_in_container}",
            mounts,
        )
        print(f"validate-genesis result: {output2}")
    else:
@ -303,15 +438,23 @@ def create(deployment_context: DeploymentContext, extra_args):
        sys.exit(1)
    config_dir_path = network_dir_path.joinpath("config")
    if not (config_dir_path.exists() and config_dir_path.is_dir()):
-        print(f"Error: supplied network directory does not contain a config directory: {config_dir_path}")
+        print(
            f"Error: supplied network directory does not contain "
            f"a config directory: {config_dir_path}"
        )
        sys.exit(1)
    data_dir_path = network_dir_path.joinpath("data")
    if not (data_dir_path.exists() and data_dir_path.is_dir()):
-        print(f"Error: supplied network directory does not contain a data directory: {data_dir_path}")
+        print(
            f"Error: supplied network directory does not contain "
            f"a data directory: {data_dir_path}"
        )
        sys.exit(1)
    # Copy the network directory contents into our deployment
    # TODO: change this to work with non local paths
-    deployment_config_dir = deployment_context.deployment_dir.joinpath("data", "laconicd-config")
+    deployment_config_dir = deployment_context.deployment_dir.joinpath(
        "data", "laconicd-config"
    )
    copytree(config_dir_path, deployment_config_dir, dirs_exist_ok=True)
    # If supplied, add the initial persistent peers to the config file
    if extra_args[1]:
@ -319,9 +462,12 @@ def create(deployment_context: DeploymentContext, extra_args):
        _insert_persistent_peers(deployment_config_dir, initial_persistent_peers)
    # Enable CORS headers so explorers and so on can talk to the node
    _enable_cors(deployment_config_dir)
    _set_listen_address(deployment_config_dir)
    # Copy the data directory contents into our deployment
    # TODO: change this to work with non local paths
-    deployment_data_dir = deployment_context.deployment_dir.joinpath("data", "laconicd-data")
+    deployment_data_dir = deployment_context.deployment_dir.joinpath(
        "data", "laconicd-data"
    )
    copytree(data_dir_path, deployment_data_dir, dirs_exist_ok=True)
@ -331,7 +477,6 @@ def init(command_context: DeployCommandContext):
 def get_state(command_context: DeployCommandContext):
    print("Here we get state")
    return State.CONFIGURED
--- a/stack_orchestrator/data/stacks/mainnet-laconic/stack.yml
+++ b/stack_orchestrator/data/stacks/mainnet-laconic/stack.yml
@ -10,7 +10,7 @@ repos:
  - git.vdb.to/cerc-io/registry-sdk
  - git.vdb.to/cerc-io/laconic-registry-cli
  - git.vdb.to/cerc-io/laconic-console
-  - github.com/ping-pub/explorer
+  - git.vdb.to/cerc-io/cosmos-explorer
 npms:
  - registry-sdk
  - laconic-registry-cli
--- a/stack_orchestrator/data/stacks/mainnet-laconic/test/run-mainnet-laconic-test.sh
+++ b/stack_orchestrator/data/stacks/mainnet-laconic/test/run-mainnet-laconic-test.sh
@ -8,8 +8,11 @@ echo "Environment variables:"
 env
 # Test laconic stack
 echo "Running laconic stack test"
-# Bit of a hack, test the most recent package
+if [ "$1" == "from-path" ]; then
    TEST_TARGET_SO="laconic-so"
 else
    TEST_TARGET_SO=$( ls -t1 ./package/laconic-so* | head -1 )
 fi
 # Set a non-default repo dir
 export CERC_REPO_BASE_DIR=~/stack-orchestrator-test/repo-base-dir
 echo "Testing this package: $TEST_TARGET_SO"
--- a/stack_orchestrator/data/stacks/package-registry/README.md
+++ b/stack_orchestrator/data/stacks/package-registry/README.md
@ -2,4 +2,50 @@
 The Package Registry Stack supports a build environment that requires a package registry (initially for NPM packages only).
-Setup instructions can be found [here](../build-support/README.md).
+## Setup
 * Setup required repos and build containers:
  ```bash
  laconic-so --stack package-registry setup-repositories
  laconic-so --stack package-registry build-containers
  ```
 * Create a deployment:
  ```bash
  laconic-so --stack package-registry deploy init --output package-registry-spec.yml
  # Update port mapping in the laconic-loaded.spec file to resolve port conflicts on host if any
  laconic-so --stack package-registry deploy create --deployment-dir package-registry-deployment --spec-file package-registry-spec.yml
  ```
 * Start the deployment:
  ```bash
  laconic-so deployment --dir package-registry-deployment start
  ```
 * The local gitea registry can now be accessed at <http://localhost:3000> (the username and password can be taken from the deployment logs)
 * Configure the hostname `gitea.local`:
  Update `/etc/hosts`:
  ```bash
  sudo nano /etc/hosts
  # Add the following line
  127.0.0.1       gitea.local
  ```
  Check resolution:
  ```bash
  ping gitea.local
  PING gitea.local (127.0.0.1) 56(84) bytes of data.
  64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.147 ms
  64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.033 ms
  ...
  ```
--- a/stack_orchestrator/data/stacks/test/deploy/commands.py
+++ b/stack_orchestrator/data/stacks/test/deploy/commands.py
@ -15,6 +15,7 @@
 from stack_orchestrator.util import get_yaml
 from stack_orchestrator.deploy.deploy_types import DeployCommandContext
 from stack_orchestrator.deploy.deployment_context import DeploymentContext
 from stack_orchestrator.deploy.stack_state import State
 from stack_orchestrator.deploy.deploy_util import VolumeMapping, run_container_command
 from pathlib import Path
@ -24,16 +25,20 @@ default_spec_file_content = """config:
 """
-# Output a known string to a know file in the bind mounted directory ./container-output-dir
+# Output a known string to a know file in the bind mounted directory
 # ./container-output-dir
 # for test purposes -- test checks that the file was written.
 def setup(command_context: DeployCommandContext, parameters, extra_args):
    host_directory = "./container-output-dir"
    host_directory_absolute = Path(extra_args[0]).absolute().joinpath(host_directory)
    host_directory_absolute.mkdir(parents=True, exist_ok=True)
-    mounts = [
+    mounts = [VolumeMapping(str(host_directory_absolute), "/data")]
-        VolumeMapping(host_directory_absolute, "/data")
+    output, status = run_container_command(
-    ]
+        command_context,
-    output, status = run_container_command(command_context, "test", "echo output-data > /data/output-file && echo success", mounts)
+        "test",
        "echo output-data > /data/output-file && echo success",
        mounts,
    )
 def init(command_context: DeployCommandContext):
@ -41,10 +46,10 @@ def init(command_context: DeployCommandContext):
    return yaml.load(default_spec_file_content)
-def create(command_context: DeployCommandContext, extra_args):
+def create(deployment_context: DeploymentContext, extra_args):
    data = "create-command-output-data"
-    output_file_path = command_context.deployment_dir.joinpath("create-file")
+    output_file_path = deployment_context.deployment_dir.joinpath("create-file")
-    with open(output_file_path, 'w+') as output_file:
+    with open(output_file_path, "w+") as output_file:
        output_file.write(data)
--- a/stack_orchestrator/data/stacks/test/stack.yml
+++ b/stack_orchestrator/data/stacks/test/stack.yml
@ -2,7 +2,6 @@ version: "1.0"
 name: test
 description: "A test stack"
 repos:
  - git.vdb.to/cerc-io/laconicd
  - git.vdb.to/cerc-io/test-project@test-branch
 containers:
  - cerc/test-container
--- a/stack_orchestrator/deploy/compose/deploy_docker.py
+++ b/stack_orchestrator/deploy/compose/deploy_docker.py
@ -14,8 +14,13 @@
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 from pathlib import Path
 from typing import Optional
 from python_on_whales import DockerClient, DockerException
-from stack_orchestrator.deploy.deployer import Deployer, DeployerException, DeployerConfigGenerator
+from stack_orchestrator.deploy.deployer import (
    Deployer,
    DeployerException,
    DeployerConfigGenerator,
 )
 from stack_orchestrator.deploy.deployment_context import DeploymentContext
 from stack_orchestrator.opts import opts
@ -24,19 +29,33 @@ class DockerDeployer(Deployer):
    name: str = "compose"
    type: str
-    def __init__(self, type, deployment_context: DeploymentContext, compose_files, compose_project_name, compose_env_file) -> None:
+    def __init__(
-        self.docker = DockerClient(compose_files=compose_files, compose_project_name=compose_project_name,
+        self,
-                                   compose_env_file=compose_env_file)
+        type: str,
        deployment_context: Optional[DeploymentContext],
        compose_files: list,
        compose_project_name: Optional[str],
        compose_env_file: Optional[str],
    ) -> None:
        self.docker = DockerClient(
            compose_files=compose_files,
            compose_project_name=compose_project_name,
            compose_env_file=compose_env_file,
        )
        self.type = type
        # Store these for later use in run_job
        self.compose_files = compose_files
        self.compose_project_name = compose_project_name
        self.compose_env_file = compose_env_file
-    def up(self, detach, services):
+    def up(self, detach, skip_cluster_management, services):
        if not opts.o.dry_run:
            try:
                return self.docker.compose.up(detach=detach, services=services)
            except DockerException as e:
                raise DeployerException(e)
-    def down(self, timeout, volumes):
+    def down(self, timeout, volumes, skip_cluster_management):
        if not opts.o.dry_run:
            try:
                return self.docker.compose.down(timeout=timeout, volumes=volumes)
@ -68,35 +87,98 @@ class DockerDeployer(Deployer):
    def port(self, service, private_port):
        if not opts.o.dry_run:
            try:
-                return self.docker.compose.port(service=service, private_port=private_port)
+                return self.docker.compose.port(
                    service=service, private_port=private_port
                )
            except DockerException as e:
                raise DeployerException(e)
    def execute(self, service, command, tty, envs):
        if not opts.o.dry_run:
            try:
-                return self.docker.compose.execute(service=service, command=command, tty=tty, envs=envs)
+                return self.docker.compose.execute(
                    service=service, command=command, tty=tty, envs=envs
                )
            except DockerException as e:
                raise DeployerException(e)
    def logs(self, services, tail, follow, stream):
        if not opts.o.dry_run:
            try:
-                return self.docker.compose.logs(services=services, tail=tail, follow=follow, stream=stream)
+                return self.docker.compose.logs(
                    services=services, tail=tail, follow=follow, stream=stream
                )
            except DockerException as e:
                raise DeployerException(e)
-    def run(self, image: str, command=None, user=None, volumes=None, entrypoint=None, env={}, ports=[], detach=False):
+    def run(
        self,
        image: str,
        command=None,
        user=None,
        volumes=None,
        entrypoint=None,
        env={},
        ports=[],
        detach=False,
    ):
        if not opts.o.dry_run:
            try:
-                return self.docker.run(image=image, command=command, user=user, volumes=volumes,
+                return self.docker.run(
-                                       entrypoint=entrypoint, envs=env, detach=detach, publish=ports, publish_all=len(ports) == 0)
+                    image=image,
                    command=command if command else [],
                    user=user,
                    volumes=volumes,
                    entrypoint=entrypoint,
                    envs=env,
                    detach=detach,
                    publish=ports,
                    publish_all=len(ports) == 0,
                )
            except DockerException as e:
                raise DeployerException(e)
    def run_job(self, job_name: str, release_name: Optional[str] = None):
        # release_name is ignored for Docker deployments (only used for K8s/Helm)
        if not opts.o.dry_run:
            try:
                # Find job compose file in compose-jobs directory
                # The deployment should have compose-jobs/docker-compose-<job_name>.yml
                if not self.compose_files:
                    raise DeployerException("No compose files configured")
                # Deployment directory is parent of compose directory
                compose_dir = Path(self.compose_files[0]).parent
                deployment_dir = compose_dir.parent
                job_compose_file = (
                    deployment_dir / "compose-jobs" / f"docker-compose-{job_name}.yml"
                )
                if not job_compose_file.exists():
                    raise DeployerException(
                        f"Job compose file not found: {job_compose_file}"
                    )
                if opts.o.verbose:
                    print(f"Running job from: {job_compose_file}")
                # Create a DockerClient for the job compose file with same
                # project name and env file
                # This allows the job to access volumes from the main deployment
                job_docker = DockerClient(
                    compose_files=[job_compose_file],
                    compose_project_name=self.compose_project_name,
                    compose_env_file=self.compose_env_file,
                )
                # Run the job with --rm flag to remove container after completion
                return job_docker.compose.run(service=job_name, remove=True, tty=True)
            except DockerException as e:
                raise DeployerException(e)
 class DockerDeployerConfigGenerator(DeployerConfigGenerator):
    def __init__(self, type: str) -> None:
        super().__init__()
--- a/stack_orchestrator/deploy/deploy.py
+++ b/stack_orchestrator/deploy/deploy.py
@ -21,6 +21,7 @@ import os
 import sys
 from dataclasses import dataclass
 from importlib import resources
 from typing import Optional
 import subprocess
 import click
 from pathlib import Path
@ -35,27 +36,36 @@ from stack_orchestrator.util import (
    stack_is_in_deployment,
    resolve_compose_file,
 )
-from stack_orchestrator.deploy.deployer import Deployer, DeployerException
+from stack_orchestrator.deploy.deployer import DeployerException
 from stack_orchestrator.deploy.deployer_factory import getDeployer
 from stack_orchestrator.deploy.compose.deploy_docker import DockerDeployer
 from stack_orchestrator.deploy.deploy_types import ClusterContext, DeployCommandContext
 from stack_orchestrator.deploy.deployment_context import DeploymentContext
 from stack_orchestrator.deploy.deployment_create import create as deployment_create
 from stack_orchestrator.deploy.deployment_create import init as deployment_init
 from stack_orchestrator.deploy.deployment_create import setup as deployment_setup
 from stack_orchestrator.deploy.k8s import k8s_command
@click.group()
@click.option("--include", help="only start these components")
-@click.option("--exclude", help="don\'t start these components")
+@click.option("--exclude", help="don't start these components")
@click.option("--env-file", help="env file to be used")
@click.option("--cluster", help="specify a non-default cluster name")
-@click.option("--deploy-to", help="cluster system to deploy to (compose or k8s or k8s-kind)")
+@click.option(
    "--deploy-to", help="cluster system to deploy to (compose or k8s or k8s-kind)"
 )
@click.pass_context
 def command(ctx, include, exclude, env_file, cluster, deploy_to):
-    '''deploy a stack'''
+    """deploy a stack"""
-    # Although in theory for some subcommands (e.g. deploy create) the stack can be inferred,
+    # k8s subcommand doesn't require a stack
-    # Click doesn't allow us to know that here, so we make providing the stack mandatory
+    if ctx.invoked_subcommand == "k8s":
        return
    # Although in theory for some subcommands (e.g. deploy create) the stack
    # can be inferred, Click doesn't allow us to know that here, so we make
    # providing the stack mandatory
    stack = global_options2(ctx).stack
    if not stack:
        print("Error: --stack option is required")
@ -68,30 +78,65 @@ def command(ctx, include, exclude, env_file, cluster, deploy_to):
        deploy_to = "compose"
    stack = get_stack_path(stack)
-    ctx.obj = create_deploy_context(global_options2(ctx), None, stack, include, exclude, cluster, env_file, deploy_to)
+    ctx.obj = create_deploy_context(
-    # Subcommand is executed now, by the magic of click
+        global_options2(ctx),
-
+        None,
 def create_deploy_context(
        global_context,
        deployment_context: DeploymentContext,
        stack,
        include,
        exclude,
        cluster,
        env_file,
-        deploy_to) -> DeployCommandContext:
+        deploy_to,
    )
    # Subcommand is executed now, by the magic of click
 def create_deploy_context(
    global_context,
    deployment_context: Optional[DeploymentContext],
    stack,
    include,
    exclude,
    cluster,
    env_file,
    deploy_to,
 ) -> DeployCommandContext:
    # Extract the cluster name from the deployment, if we have one
    if deployment_context and cluster is None:
        cluster = deployment_context.get_cluster_id()
-    cluster_context = _make_cluster_context(global_context, stack, include, exclude, cluster, env_file)
+
-    deployer = getDeployer(deploy_to, deployment_context, compose_files=cluster_context.compose_files,
+    # Check if this is a helm chart deployment (has chart/ but no compose/)
    # TODO: Add a new deployment type for helm chart deployments
    # To avoid relying on chart existence in such cases
    is_helm_chart_deployment = False
    if deployment_context:
        chart_dir = deployment_context.deployment_dir / "chart"
        compose_dir = deployment_context.deployment_dir / "compose"
        is_helm_chart_deployment = chart_dir.exists() and not compose_dir.exists()
    # For helm chart deployments, skip compose file loading
    if is_helm_chart_deployment:
        cluster_context = ClusterContext(
            global_context, cluster, [], [], [], None, env_file
        )
    else:
        cluster_context = _make_cluster_context(
            global_context, stack, include, exclude, cluster, env_file
        )
    deployer = getDeployer(
        deploy_to,
        deployment_context,
        compose_files=cluster_context.compose_files,
        compose_project_name=cluster_context.cluster,
-                           compose_env_file=cluster_context.env_file)
+        compose_env_file=cluster_context.env_file,
    )
    return DeployCommandContext(stack, cluster_context, deployer)
-def up_operation(ctx, services_list, stay_attached=False):
+def up_operation(
    ctx, services_list, stay_attached=False, skip_cluster_management=False
 ):
    global_context = ctx.parent.parent.obj
    deploy_context = ctx.obj
    cluster_context = deploy_context.cluster_context
@ -99,21 +144,38 @@ def up_operation(ctx, services_list, stay_attached=False):
    for attr, value in container_exec_env.items():
        os.environ[attr] = value
    if global_context.verbose:
-        print(f"Running compose up with container_exec_env: {container_exec_env}, extra_args: {services_list}")
+        print(
            f"Running compose up with container_exec_env: {container_exec_env}, "
            f"extra_args: {services_list}"
        )
    for pre_start_command in cluster_context.pre_start_commands:
        _run_command(global_context, cluster_context.cluster, pre_start_command)
-    deploy_context.deployer.up(detach=not stay_attached, services=services_list)
+    deploy_context.deployer.up(
        detach=not stay_attached,
        skip_cluster_management=skip_cluster_management,
        services=services_list,
    )
    for post_start_command in cluster_context.post_start_commands:
        _run_command(global_context, cluster_context.cluster, post_start_command)
-    _orchestrate_cluster_config(global_context, cluster_context.config, deploy_context.deployer, container_exec_env)
+    _orchestrate_cluster_config(
        global_context,
        cluster_context.config,
        deploy_context.deployer,
        container_exec_env,
    )
-def down_operation(ctx, delete_volumes, extra_args_list):
+def down_operation(ctx, delete_volumes, extra_args_list, skip_cluster_management=False):
    timeout_arg = None
    if extra_args_list:
        timeout_arg = extra_args_list[0]
-    # Specify shutdown timeout (default 10s) to give services enough time to shutdown gracefully
+    # Specify shutdown timeout (default 10s) to give services enough time to
-    ctx.obj.deployer.down(timeout=timeout_arg, volumes=delete_volumes)
+    # shutdown gracefully
    ctx.obj.deployer.down(
        timeout=timeout_arg,
        volumes=delete_volumes,
        skip_cluster_management=skip_cluster_management,
    )
 def status_operation(ctx):
@ -140,7 +202,11 @@ def ps_operation(ctx):
                    if mapping is None:
                        print(f"{port_mapping}", end="")
                    else:
-                        print(f"{mapping[0]['HostIp']}:{mapping[0]['HostPort']}->{port_mapping}", end="")
+                        print(
                            f"{mapping[0]['HostIp']}:{mapping[0]['HostPort']}"
                            f"->{port_mapping}",
                            end="",
                        )
                    comma = ", "
                print()
        else:
@ -175,7 +241,9 @@ def exec_operation(ctx, extra_args):
        if global_context.verbose:
            print(f"Running compose exec {service_name} {command_to_exec}")
        try:
-            ctx.obj.deployer.execute(service_name, command_to_exec, envs=container_exec_env, tty=True)
+            ctx.obj.deployer.execute(
                service_name, command_to_exec, envs=container_exec_env, tty=True
            )
        except DeployerException:
            print("container command returned error exit status")
@ -183,13 +251,26 @@ def exec_operation(ctx, extra_args):
 def logs_operation(ctx, tail: int, follow: bool, extra_args: str):
    extra_args_list = list(extra_args) or None
    services_list = extra_args_list if extra_args_list is not None else []
-    logs_stream = ctx.obj.deployer.logs(services=services_list, tail=tail, follow=follow, stream=True)
+    logs_stream = ctx.obj.deployer.logs(
        services=services_list, tail=tail, follow=follow, stream=True
    )
    for stream_type, stream_content in logs_stream:
        print(stream_content.decode("utf-8"), end="")
 def run_job_operation(ctx, job_name: str, helm_release: Optional[str] = None):
    global_context = ctx.parent.parent.obj
    if not global_context.dry_run:
        print(f"Running job: {job_name}")
        try:
            ctx.obj.deployer.run_job(job_name, helm_release)
        except Exception as e:
            print(f"Error running job {job_name}: {e}")
            sys.exit(1)
@command.command()
-@click.argument('extra_args', nargs=-1)  # help: command: up <service1> <service2>
+@click.argument("extra_args", nargs=-1)  # help: command: up <service1> <service2>
@click.pass_context
 def up(ctx, extra_args):
    extra_args_list = list(extra_args) or None
@ -197,8 +278,10 @@ def up(ctx, extra_args):
@command.command()
-@click.option("--delete-volumes/--preserve-volumes", default=False, help="delete data volumes")
+@click.option(
-@click.argument('extra_args', nargs=-1)  # help: command: down<service1> <service2>
+    "--delete-volumes/--preserve-volumes", default=False, help="delete data volumes"
 )
@click.argument("extra_args", nargs=-1)  # help: command: down<service1> <service2>
@click.pass_context
 def down(ctx, delete_volumes, extra_args):
    extra_args_list = list(extra_args) or None
@ -212,14 +295,14 @@ def ps(ctx):
@command.command()
-@click.argument('extra_args', nargs=-1)  # help: command: port <service1> <service2>
+@click.argument("extra_args", nargs=-1)  # help: command: port <service1> <service2>
@click.pass_context
 def port(ctx, extra_args):
    port_operation(ctx, extra_args)
@command.command()
-@click.argument('extra_args', nargs=-1)  # help: command: exec <service> <command>
+@click.argument("extra_args", nargs=-1)  # help: command: exec <service> <command>
@click.pass_context
 def exec(ctx, extra_args):
    exec_operation(ctx, extra_args)
@ -228,44 +311,49 @@ def exec(ctx, extra_args):
@command.command()
@click.option("--tail", "-n", default=None, help="number of lines to display")
@click.option("--follow", "-f", is_flag=True, default=False, help="follow log output")
-@click.argument('extra_args', nargs=-1)  # help: command: logs <service1> <service2>
+@click.argument("extra_args", nargs=-1)  # help: command: logs <service1> <service2>
@click.pass_context
 def logs(ctx, tail, follow, extra_args):
    logs_operation(ctx, tail, follow, extra_args)
 def get_stack_status(ctx, stack):
    ctx_copy = copy.copy(ctx)
    ctx_copy.stack = stack
    cluster_context = _make_cluster_context(ctx_copy, stack, None, None, None, None)
-    deployer = Deployer(compose_files=cluster_context.compose_files, compose_project_name=cluster_context.cluster)
+    deployer = DockerDeployer(
        type="compose",
        deployment_context=None,
        compose_files=cluster_context.compose_files,
        compose_project_name=cluster_context.cluster,
        compose_env_file=cluster_context.env_file,
    )
    # TODO: refactor to avoid duplicating this code above
    if ctx.verbose:
        print("Running compose ps")
    container_list = deployer.ps()
-    if len(container_list) > 0:
+    if container_list is None or len(container_list) == 0:
        if ctx.debug:
            print("No containers found from compose ps")
        return False
    if ctx.debug:
        print(f"Container list from compose ps: {container_list}")
    return True
    else:
        if ctx.debug:
            print("No containers found from compose ps")
        False
 def _make_runtime_env(ctx):
    container_exec_env = {
        "CERC_HOST_UID": f"{os.getuid()}",
-        "CERC_HOST_GID": f"{os.getgid()}"
+        "CERC_HOST_GID": f"{os.getgid()}",
    }
    container_exec_env.update({"CERC_SCRIPT_DEBUG": "true"} if ctx.debug else {})
    return container_exec_env
 def _make_default_cluster_name(deployment, compose_dir, stack, include, exclude):
-    # Create default unique, stable cluster name from confile file path and stack name if provided
+    # Create default unique, stable cluster name from confile file path and
    # stack name if provided
    if deployment:
        path = os.path.realpath(os.path.abspath(compose_dir))
    else:
@ -280,7 +368,8 @@ def _make_default_cluster_name(deployment, compose_dir, stack, include, exclude)
    return cluster
-# stack has to be either PathLike pointing to a stack yml file, or a string with the name of a known stack
+# stack has to be either PathLike pointing to a stack yml file, or a
 # string with the name of a known stack
 def _make_cluster_context(ctx, stack, include, exclude, cluster, env_file):
    dev_root_path = get_dev_root_path(ctx)
@ -289,28 +378,37 @@ def _make_cluster_context(ctx, stack, include, exclude, cluster, env_file):
    if deployment:
        compose_dir = stack.joinpath("compose")
    else:
-        # See: https://stackoverflow.com/questions/25389095/python-get-path-of-root-project-structure
+        # See:
-        compose_dir = Path(__file__).absolute().parent.parent.joinpath("data", "compose")
+        # https://stackoverflow.com/questions/25389095/python-get-path-of-root-project-structure
        compose_dir = (
            Path(__file__).absolute().parent.parent.joinpath("data", "compose")
        )
    if cluster is None:
-        cluster = _make_default_cluster_name(deployment, compose_dir, stack, include, exclude)
+        cluster = _make_default_cluster_name(
            deployment, compose_dir, stack, include, exclude
        )
    else:
        _make_default_cluster_name(deployment, compose_dir, stack, include, exclude)
    # See: https://stackoverflow.com/a/20885799/1701505
    from stack_orchestrator import data
    with resources.open_text(data, "pod-list.txt") as pod_list_file:
        all_pods = pod_list_file.read().splitlines()
    pods_in_scope = []
    cluster_config = None
    if stack:
        stack_config = get_parsed_stack_config(stack)
        if stack_config is not None:
            # TODO: syntax check the input here
-        pods_in_scope = stack_config['pods']
+            pods_in_scope = stack_config["pods"]
-        cluster_config = stack_config['config'] if 'config' in stack_config else None
+            cluster_config = (
                stack_config["config"] if "config" in stack_config else None
            )
    else:
        pods_in_scope = all_pods
        cluster_config = None
    # Convert all pod definitions to v1.1 format
    pods_in_scope = _convert_to_new_format(pods_in_scope)
@ -330,29 +428,47 @@ def _make_cluster_context(ctx, stack, include, exclude, cluster, env_file):
        if include_exclude_check(pod_name, include, exclude):
            if pod_repository is None or pod_repository == "internal":
                if deployment:
-                    compose_file_name = os.path.join(compose_dir, f"docker-compose-{pod_path}.yml")
+                    compose_file_name = os.path.join(
                        compose_dir, f"docker-compose-{pod_path}.yml"
                    )
                else:
                    compose_file_name = resolve_compose_file(stack, pod_name)
            else:
                if deployment:
-                    compose_file_name = os.path.join(compose_dir, f"docker-compose-{pod_name}.yml")
+                    compose_file_name = os.path.join(
                        compose_dir, f"docker-compose-{pod_name}.yml"
                    )
                    pod_pre_start_command = pod.get("pre_start_command")
                    pod_post_start_command = pod.get("post_start_command")
-                    script_dir = compose_dir.parent.joinpath("pods", pod_name, "scripts")
+                    script_dir = compose_dir.parent.joinpath(
                        "pods", pod_name, "scripts"
                    )
                    if pod_pre_start_command is not None:
-                        pre_start_commands.append(os.path.join(script_dir, pod_pre_start_command))
+                        pre_start_commands.append(
                            os.path.join(script_dir, pod_pre_start_command)
                        )
                    if pod_post_start_command is not None:
-                        post_start_commands.append(os.path.join(script_dir, pod_post_start_command))
+                        post_start_commands.append(
                            os.path.join(script_dir, pod_post_start_command)
                        )
                else:
                    # TODO: fix this code for external stack with scripts
-                    pod_root_dir = os.path.join(dev_root_path, pod_repository.split("/")[-1], pod["path"])
+                    pod_root_dir = os.path.join(
-                    compose_file_name = os.path.join(pod_root_dir, f"docker-compose-{pod_name}.yml")
+                        dev_root_path, pod_repository.split("/")[-1], pod["path"]
                    )
                    compose_file_name = os.path.join(
                        pod_root_dir, f"docker-compose-{pod_name}.yml"
                    )
                    pod_pre_start_command = pod.get("pre_start_command")
                    pod_post_start_command = pod.get("post_start_command")
                    if pod_pre_start_command is not None:
-                        pre_start_commands.append(os.path.join(pod_root_dir, pod_pre_start_command))
+                        pre_start_commands.append(
                            os.path.join(pod_root_dir, pod_pre_start_command)
                        )
                    if pod_post_start_command is not None:
-                        post_start_commands.append(os.path.join(pod_root_dir, pod_post_start_command))
+                        post_start_commands.append(
                            os.path.join(pod_root_dir, pod_post_start_command)
                        )
            compose_files.append(compose_file_name)
        else:
            if ctx.verbose:
@ -361,7 +477,15 @@ def _make_cluster_context(ctx, stack, include, exclude, cluster, env_file):
    if ctx.verbose:
        print(f"files: {compose_files}")
-    return ClusterContext(ctx, cluster, compose_files, pre_start_commands, post_start_commands, cluster_config, env_file)
+    return ClusterContext(
        ctx,
        cluster,
        compose_files,
        pre_start_commands,
        post_start_commands,
        cluster_config,
        env_file,
    )
 def _convert_to_new_format(old_pod_array):
@ -370,11 +494,7 @@ def _convert_to_new_format(old_pod_array):
        if isinstance(old_pod, dict):
            new_pod_array.append(old_pod)
        else:
-            new_pod = {
+            new_pod = {"name": old_pod, "repository": "internal", "path": old_pod}
                "name": old_pod,
                "repository": "internal",
                "path": old_pod
            }
            new_pod_array.append(new_pod)
    return new_pod_array
@ -388,14 +508,15 @@ def _run_command(ctx, cluster_name, command):
    command_env["CERC_SO_COMPOSE_PROJECT"] = cluster_name
    if ctx.debug:
        command_env["CERC_SCRIPT_DEBUG"] = "true"
-    command_result = subprocess.run(command_file, shell=True, env=command_env, cwd=command_dir)
+    command_result = subprocess.run(
        command_file, shell=True, env=command_env, cwd=command_dir
    )
    if command_result.returncode != 0:
        print(f"FATAL Error running command: {command}")
        sys.exit(1)
 def _orchestrate_cluster_config(ctx, cluster_config, deployer, container_exec_env):
    @dataclass
    class ConfigDirective:
        source_container: str
@ -413,24 +534,32 @@ def _orchestrate_cluster_config(ctx, cluster_config, deployer, container_exec_en
                    container_config[directive].split(".")[0],
                    container_config[directive].split(".")[1],
                    container,
-                    directive
+                    directive,
                )
                if ctx.verbose:
-                    print(f"Setting {pd.destination_container}.{pd.destination_variable}"
+                    print(
-                          f" = {pd.source_container}.{pd.source_variable}")
+                        f"Setting {pd.destination_container}.{pd.destination_variable}"
                        f" = {pd.source_container}.{pd.source_variable}"
                    )
                # TODO: add a timeout
                waiting_for_data = True
                destination_output = "*** no output received yet ***"
                while waiting_for_data:
-                    # TODO: fix the script paths so they're consistent between containers
+                    # TODO: fix the script paths so they're consistent between
                    # containers
                    source_value = None
                    try:
-                        source_value = deployer.execute(pd.source_container,
+                        source_value = deployer.execute(
-                                                        ["sh", "-c",
+                            pd.source_container,
                            [
                                "sh",
                                "-c",
                                "sh /docker-entrypoint-scripts.d/export-"
-                                                         f"{pd.source_variable}.sh"],
+                                f"{pd.source_variable}.sh",
                            ],
                            tty=False,
-                                                        envs=container_exec_env)
+                            envs=container_exec_env,
                        )
                    except DeployerException as error:
                        if ctx.debug:
                            print(f"Docker exception reading config source: {error}")
@ -438,20 +567,28 @@ def _orchestrate_cluster_config(ctx, cluster_config, deployer, container_exec_en
                        # "It returned with code 1"
                        if "It returned with code 1" in str(error):
                            if ctx.verbose:
-                                print("Config export script returned an error, re-trying")
+                                print(
-                        # If the script failed to execute (e.g. the file is not there) then we get:
+                                    "Config export script returned an error, re-trying"
                                )
                        # If the script failed to execute
                        # (e.g. the file is not there) then we get:
                        # "It returned with code 2"
                        if "It returned with code 2" in str(error):
                            print(f"Fatal error reading config source: {error}")
                    if source_value:
                        if ctx.debug:
                            print(f"fetched source value: {source_value}")
-                        destination_output = deployer.execute(pd.destination_container,
+                        destination_output = deployer.execute(
-                                                              ["sh", "-c",
+                            pd.destination_container,
                            [
                                "sh",
                                "-c",
                                f"sh /scripts/import-{pd.destination_variable}.sh"
-                                                               f" {source_value}"],
+                                f" {source_value}",
                            ],
                            tty=False,
-                                                              envs=container_exec_env)
+                            envs=container_exec_env,
                        )
                        waiting_for_data = False
                    if ctx.debug and not waiting_for_data:
                        print(f"destination output: {destination_output}")
@ -460,3 +597,4 @@ def _orchestrate_cluster_config(ctx, cluster_config, deployer, container_exec_en
 command.add_command(deployment_init)
 command.add_command(deployment_create)
 command.add_command(deployment_setup)
 command.add_command(k8s_command.command, "k8s")
--- a/stack_orchestrator/deploy/deploy_types.py
+++ b/stack_orchestrator/deploy/deploy_types.py
@ -13,7 +13,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
-from typing import List, Mapping
+from typing import List, Mapping, Optional
 from dataclasses import dataclass
 from stack_orchestrator.command_types import CommandOptions
 from stack_orchestrator.deploy.deployer import Deployer
@ -21,20 +21,21 @@ from stack_orchestrator.deploy.deployer import Deployer
@dataclass
 class ClusterContext:
-    options: CommandOptions  # TODO: this should be in its own object not stuffed in here
+    # TODO: this should be in its own object not stuffed in here
-    cluster: str
+    options: CommandOptions
    cluster: Optional[str]
    compose_files: List[str]
    pre_start_commands: List[str]
    post_start_commands: List[str]
-    config: str
+    config: Optional[str]
-    env_file: str
+    env_file: Optional[str]
@dataclass
 class DeployCommandContext:
    stack: str
    cluster_context: ClusterContext
-    deployer: Deployer
+    deployer: Optional[Deployer]
@dataclass
@ -50,8 +51,10 @@ class LaconicStackSetupCommand:
    key_name: str
    initialize_network: bool
    join_network: bool
    connect_network: bool
    create_network: bool
    gentx_file_list: str
    gentx_address_list: str
    genesis_file: str
    network_dir: str
--- a/stack_orchestrator/deploy/deploy_util.py
+++ b/stack_orchestrator/deploy/deploy_util.py
@ -13,10 +13,14 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 import os
 from typing import List, Any
 from stack_orchestrator.deploy.deploy_types import DeployCommandContext, VolumeMapping
-from stack_orchestrator.util import get_parsed_stack_config, get_yaml, get_pod_list, resolve_compose_file
+from stack_orchestrator.util import (
    get_parsed_stack_config,
    get_yaml,
    get_pod_list,
    resolve_compose_file,
 )
 from stack_orchestrator.opts import opts
@ -74,17 +78,28 @@ def _volumes_to_docker(mounts: List[VolumeMapping]):
    return result
-def run_container_command(ctx: DeployCommandContext, service: str, command: str, mounts: List[VolumeMapping]):
+def run_container_command(
    ctx: DeployCommandContext, service: str, command: str, mounts: List[VolumeMapping]
 ):
    deployer = ctx.deployer
    if deployer is None:
        raise ValueError("Deployer is not configured")
    container_image = _container_image_from_service(ctx.stack, service)
    if container_image is None:
        raise ValueError(f"Container image not found for service: {service}")
    docker_volumes = _volumes_to_docker(mounts)
    if ctx.cluster_context.options.debug:
        print(f"Running this command in {service} container: {command}")
    docker_output = deployer.run(
        container_image,
-        ["-c", command], entrypoint="sh",
+        ["-c", command],
-        user=f"{os.getuid()}:{os.getgid()}",
+        entrypoint="sh",
-        volumes=docker_volumes
+        # Current laconicd container has a bug where it crashes when run not
        # as root
        # Commented out line below is a workaround. Created files end up
        # owned by root on the host
        # user=f"{os.getuid()}:{os.getgid()}",
        volumes=docker_volumes,
    )
    # There doesn't seem to be a way to get an exit code from docker.run()
    return (docker_output, 0)
--- a/stack_orchestrator/deploy/deployer.py
+++ b/stack_orchestrator/deploy/deployer.py
@ -15,16 +15,16 @@
 from abc import ABC, abstractmethod
 from pathlib import Path
 from typing import Optional
 class Deployer(ABC):
    @abstractmethod
-    def up(self, detach, services):
+    def up(self, detach, skip_cluster_management, services):
        pass
    @abstractmethod
-    def down(self, timeout, volumes):
+    def down(self, timeout, volumes, skip_cluster_management):
        pass
    @abstractmethod
@ -52,7 +52,21 @@ class Deployer(ABC):
        pass
    @abstractmethod
-    def run(self, image: str, command=None, user=None, volumes=None, entrypoint=None, env={}, ports=[], detach=False):
+    def run(
        self,
        image: str,
        command=None,
        user=None,
        volumes=None,
        entrypoint=None,
        env={},
        ports=[],
        detach=False,
    ):
        pass
    @abstractmethod
    def run_job(self, job_name: str, release_name: Optional[str] = None):
        pass
@ -62,7 +76,6 @@ class DeployerException(Exception):
 class DeployerConfigGenerator(ABC):
    @abstractmethod
    def generate(self, deployment_dir: Path):
        pass
--- a/stack_orchestrator/deploy/deployer_factory.py
+++ b/stack_orchestrator/deploy/deployer_factory.py
@ -14,8 +14,14 @@
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 from stack_orchestrator import constants
-from stack_orchestrator.deploy.k8s.deploy_k8s import K8sDeployer, K8sDeployerConfigGenerator
+from stack_orchestrator.deploy.k8s.deploy_k8s import (
-from stack_orchestrator.deploy.compose.deploy_docker import DockerDeployer, DockerDeployerConfigGenerator
+    K8sDeployer,
    K8sDeployerConfigGenerator,
 )
 from stack_orchestrator.deploy.compose.deploy_docker import (
    DockerDeployer,
    DockerDeployerConfigGenerator,
 )
 def getDeployerConfigGenerator(type: str, deployment_context):
@ -27,10 +33,27 @@ def getDeployerConfigGenerator(type: str, deployment_context):
        print(f"ERROR: deploy-to {type} is not valid")
-def getDeployer(type: str, deployment_context, compose_files, compose_project_name, compose_env_file):
+def getDeployer(
    type: str, deployment_context, compose_files, compose_project_name, compose_env_file
 ):
    if type == "compose" or type is None:
-        return DockerDeployer(type, deployment_context, compose_files, compose_project_name, compose_env_file)
+        return DockerDeployer(
-    elif type == type == constants.k8s_deploy_type or type == constants.k8s_kind_deploy_type:
+            type,
-        return K8sDeployer(type, deployment_context, compose_files, compose_project_name, compose_env_file)
+            deployment_context,
            compose_files,
            compose_project_name,
            compose_env_file,
        )
    elif (
        type == type == constants.k8s_deploy_type
        or type == constants.k8s_kind_deploy_type
    ):
        return K8sDeployer(
            type,
            deployment_context,
            compose_files,
            compose_project_name,
            compose_env_file,
        )
    else:
        print(f"ERROR: deploy-to {type} is not valid")
--- a/stack_orchestrator/deploy/deployment.py
+++ b/stack_orchestrator/deploy/deployment.py
@ -18,8 +18,19 @@ from pathlib import Path
 import sys
 from stack_orchestrator import constants
 from stack_orchestrator.deploy.images import push_images_operation
-from stack_orchestrator.deploy.deploy import up_operation, down_operation, ps_operation, port_operation, status_operation
+from stack_orchestrator.deploy.deploy import (
-from stack_orchestrator.deploy.deploy import exec_operation, logs_operation, create_deploy_context, update_operation
+    up_operation,
    down_operation,
    ps_operation,
    port_operation,
    status_operation,
 )
 from stack_orchestrator.deploy.deploy import (
    exec_operation,
    logs_operation,
    create_deploy_context,
    update_operation,
 )
 from stack_orchestrator.deploy.deploy_types import DeployCommandContext
 from stack_orchestrator.deploy.deployment_context import DeploymentContext
@ -28,7 +39,7 @@ from stack_orchestrator.deploy.deployment_context import DeploymentContext
@click.option("--dir", required=True, help="path to deployment directory")
@click.pass_context
 def command(ctx, dir):
-    '''manage a deployment'''
+    """manage a deployment"""
    # Check that --stack wasn't supplied
    if ctx.parent.obj.stack:
@ -40,7 +51,10 @@ def command(ctx, dir):
        print(f"Error: deployment directory {dir} does not exist")
        sys.exit(1)
    if not dir_path.is_dir():
-        print(f"Error: supplied deployment directory path {dir} exists but is a file not a directory")
+        print(
            f"Error: supplied deployment directory path {dir} exists but is a "
            "file not a directory"
        )
        sys.exit(1)
    # Store the deployment context for subcommands
    deployment_context = DeploymentContext()
@ -57,51 +71,93 @@ def make_deploy_context(ctx) -> DeployCommandContext:
    else:
        deployment_type = constants.compose_deploy_type
    stack = context.deployment_dir
-    return create_deploy_context(ctx.parent.parent.obj, context, stack, None, None,
+    return create_deploy_context(
-                                 cluster_name, env_file, deployment_type)
+        ctx.parent.parent.obj,
        context,
        stack,
        None,
        None,
        cluster_name,
        env_file,
        deployment_type,
    )
 # TODO: remove legacy up command since it's an alias for start
@command.command()
-@click.option("--stay-attached/--detatch-terminal", default=False, help="detatch or not to see container stdout")
+@click.option(
-@click.argument('extra_args', nargs=-1)  # help: command: up <service1> <service2>
+    "--stay-attached/--detatch-terminal",
    default=False,
    help="detatch or not to see container stdout",
 )
@click.option(
    "--skip-cluster-management/--perform-cluster-management",
    default=False,
    help="Skip cluster initialization/tear-down (only for kind-k8s deployments)",
 )
@click.argument("extra_args", nargs=-1)  # help: command: up <service1> <service2>
@click.pass_context
-def up(ctx, stay_attached, extra_args):
+def up(ctx, stay_attached, skip_cluster_management, extra_args):
    ctx.obj = make_deploy_context(ctx)
    services_list = list(extra_args) or None
-    up_operation(ctx, services_list, stay_attached)
+    up_operation(ctx, services_list, stay_attached, skip_cluster_management)
 # start is the preferred alias for up
@command.command()
-@click.option("--stay-attached/--detatch-terminal", default=False, help="detatch or not to see container stdout")
+@click.option(
-@click.argument('extra_args', nargs=-1)  # help: command: up <service1> <service2>
+    "--stay-attached/--detatch-terminal",
    default=False,
    help="detatch or not to see container stdout",
 )
@click.option(
    "--skip-cluster-management/--perform-cluster-management",
    default=False,
    help="Skip cluster initialization/tear-down (only for kind-k8s deployments)",
 )
@click.argument("extra_args", nargs=-1)  # help: command: up <service1> <service2>
@click.pass_context
-def start(ctx, stay_attached, extra_args):
+def start(ctx, stay_attached, skip_cluster_management, extra_args):
    ctx.obj = make_deploy_context(ctx)
    services_list = list(extra_args) or None
-    up_operation(ctx, services_list, stay_attached)
+    up_operation(ctx, services_list, stay_attached, skip_cluster_management)
 # TODO: remove legacy up command since it's an alias for stop
@command.command()
-@click.option("--delete-volumes/--preserve-volumes", default=False, help="delete data volumes")
+@click.option(
-@click.argument('extra_args', nargs=-1)  # help: command: down <service1> <service2>
+    "--delete-volumes/--preserve-volumes", default=False, help="delete data volumes"
 )
@click.option(
    "--skip-cluster-management/--perform-cluster-management",
    default=False,
    help="Skip cluster initialization/tear-down (only for kind-k8s deployments)",
 )
@click.argument("extra_args", nargs=-1)  # help: command: down <service1> <service2>
@click.pass_context
-def down(ctx, delete_volumes, extra_args):
+def down(ctx, delete_volumes, skip_cluster_management, extra_args):
    # Get the stack config file name
    # TODO: add cluster name and env file here
    ctx.obj = make_deploy_context(ctx)
-    down_operation(ctx, delete_volumes, extra_args)
+    down_operation(ctx, delete_volumes, extra_args, skip_cluster_management)
 # stop is the preferred alias for down
@command.command()
-@click.option("--delete-volumes/--preserve-volumes", default=False, help="delete data volumes")
+@click.option(
-@click.argument('extra_args', nargs=-1)  # help: command: down <service1> <service2>
+    "--delete-volumes/--preserve-volumes", default=False, help="delete data volumes"
 )
@click.option(
    "--skip-cluster-management/--perform-cluster-management",
    default=False,
    help="Skip cluster initialization/tear-down (only for kind-k8s deployments)",
 )
@click.argument("extra_args", nargs=-1)  # help: command: down <service1> <service2>
@click.pass_context
-def stop(ctx, delete_volumes, extra_args):
+def stop(ctx, delete_volumes, skip_cluster_management, extra_args):
    # TODO: add cluster name and env file here
    ctx.obj = make_deploy_context(ctx)
-    down_operation(ctx, delete_volumes, extra_args)
+    down_operation(ctx, delete_volumes, extra_args, skip_cluster_management)
@command.command()
@ -120,7 +176,7 @@ def push_images(ctx):
@command.command()
-@click.argument('extra_args', nargs=-1)  # help: command: port <service1> <service2>
+@click.argument("extra_args", nargs=-1)  # help: command: port <service1> <service2>
@click.pass_context
 def port(ctx, extra_args):
    ctx.obj = make_deploy_context(ctx)
@ -128,7 +184,7 @@ def port(ctx, extra_args):
@command.command()
-@click.argument('extra_args', nargs=-1)  # help: command: exec <service> <command>
+@click.argument("extra_args", nargs=-1)  # help: command: exec <service> <command>
@click.pass_context
 def exec(ctx, extra_args):
    ctx.obj = make_deploy_context(ctx)
@ -138,7 +194,7 @@ def exec(ctx, extra_args):
@command.command()
@click.option("--tail", "-n", default=None, help="number of lines to display")
@click.option("--follow", "-f", is_flag=True, default=False, help="follow log output")
-@click.argument('extra_args', nargs=-1)  # help: command: logs <service1> <service2>
+@click.argument("extra_args", nargs=-1)  # help: command: logs <service1> <service2>
@click.pass_context
 def logs(ctx, tail, follow, extra_args):
    ctx.obj = make_deploy_context(ctx)
@ -157,3 +213,18 @@ def status(ctx):
 def update(ctx):
    ctx.obj = make_deploy_context(ctx)
    update_operation(ctx)
@command.command()
@click.argument("job_name")
@click.option(
    "--helm-release",
    help="Helm release name (for k8s helm chart deployments, defaults to chart name)",
 )
@click.pass_context
 def run_job(ctx, job_name, helm_release):
    """run a one-time job from the stack"""
    from stack_orchestrator.deploy.deploy import run_job_operation
    ctx.obj = make_deploy_context(ctx)
    run_job_operation(ctx, job_name, helm_release)
--- a/stack_orchestrator/deploy/deployment_context.py
+++ b/stack_orchestrator/deploy/deployment_context.py
@ -1,4 +1,3 @@
 # Copyright © 2022, 2023 Vulcanize
 # This program is free software: you can redistribute it and/or modify
@ -45,18 +44,20 @@ class DeploymentContext:
    def get_compose_dir(self):
        return self.deployment_dir.joinpath(constants.compose_dir_name)
    def get_compose_file(self, name: str):
        return self.get_compose_dir() / f"docker-compose-{name}.yml"
    def get_cluster_id(self):
        return self.id
-    def init(self, dir):
+    def init(self, dir: Path):
-        self.deployment_dir = dir
+        self.deployment_dir = dir.absolute()
        self.spec = Spec()
        self.spec.init_from_file(self.get_spec_file())
        self.stack = Stack(self.spec.obj["stack"])
        self.stack.init_from_file(self.get_stack_file())
        deployment_file_path = self.get_deployment_file()
        if deployment_file_path.exists():
            with deployment_file_path:
            obj = get_yaml().load(open(deployment_file_path, "r"))
            self.id = obj[constants.cluster_id_key]
        # Handle the case of a legacy deployment with no file
@ -67,3 +68,17 @@ class DeploymentContext:
            unique_cluster_descriptor = f"{path},{self.get_stack_file()},None,None"
            hash = hashlib.md5(unique_cluster_descriptor.encode()).hexdigest()[:16]
            self.id = f"{constants.cluster_name_prefix}{hash}"
    def modify_yaml(self, file_path: Path, modifier_func):
        """Load a YAML, apply a modification function, and write it back."""
        if not file_path.absolute().is_relative_to(self.deployment_dir):
            raise ValueError(f"File is not inside deployment directory: {file_path}")
        yaml = get_yaml()
        with open(file_path, "r") as f:
            yaml_data = yaml.load(f)
        modifier_func(yaml_data)
        with open(file_path, "w") as f:
            yaml.dump(yaml_data, f)
--- a/stack_orchestrator/deploy/deployment_create.py
+++ b/stack_orchestrator/deploy/deployment_create.py
@ -24,10 +24,23 @@ from secrets import token_hex
 import sys
 from stack_orchestrator import constants
 from stack_orchestrator.opts import opts
-from stack_orchestrator.util import (get_stack_path, get_parsed_deployment_spec, get_parsed_stack_config,
+from stack_orchestrator.util import (
-                                     global_options, get_yaml, get_pod_list, get_pod_file_path, pod_has_scripts,
+    get_stack_path,
-                                     get_pod_script_paths, get_plugin_code_paths, error_exit, env_var_map_from_file,
+    get_parsed_deployment_spec,
-                                     resolve_config_dir)
+    get_parsed_stack_config,
    global_options,
    get_yaml,
    get_pod_list,
    get_pod_file_path,
    pod_has_scripts,
    get_pod_script_paths,
    get_plugin_code_paths,
    error_exit,
    env_var_map_from_file,
    resolve_config_dir,
    get_job_list,
    get_job_file_path,
 )
 from stack_orchestrator.deploy.spec import Spec
 from stack_orchestrator.deploy.deploy_types import LaconicStackSetupCommand
 from stack_orchestrator.deploy.deployer_factory import getDeployerConfigGenerator
@ -45,21 +58,21 @@ def _get_ports(stack):
    yaml = get_yaml()
    for pod in pods:
        pod_file_path = get_pod_file_path(stack, parsed_stack, pod)
        if pod_file_path is None:
            continue
        parsed_pod_file = yaml.load(open(pod_file_path, "r"))
        if "services" in parsed_pod_file:
            for svc_name, svc in parsed_pod_file["services"].items():
                if "ports" in svc:
-                    # Ports can appear as strings or numbers.  We normalize them as strings.
+                    # Ports can appear as strings or numbers.  We normalize them as
                    # strings.
                    ports[svc_name] = [str(x) for x in svc["ports"]]
    return ports
 def _get_named_volumes(stack):
    # Parse the compose files looking for named volumes
-    named_volumes = {
+    named_volumes = {"rw": [], "ro": []}
        "rw": [],
        "ro": []
    }
    parsed_stack = get_parsed_stack_config(stack)
    pods = get_pod_list(parsed_stack)
    yaml = get_yaml()
@ -75,12 +88,14 @@ def _get_named_volumes(stack):
                            ret[svc_name] = {
                                "volume": parts[0],
                                "mount": parts[1],
-                                "options": parts[2] if len(parts) == 3 else None
+                                "options": parts[2] if len(parts) == 3 else None,
                            }
        return ret
    for pod in pods:
        pod_file_path = get_pod_file_path(stack, parsed_stack, pod)
        if pod_file_path is None:
            continue
        parsed_pod_file = yaml.load(open(pod_file_path, "r"))
        if "volumes" in parsed_pod_file:
            volumes = parsed_pod_file["volumes"]
@ -88,7 +103,10 @@ def _get_named_volumes(stack):
                for vu in find_vol_usage(parsed_pod_file, volume).values():
                    read_only = vu["options"] == "ro"
                    if read_only:
-                        if vu["volume"] not in named_volumes["rw"] and vu["volume"] not in named_volumes["ro"]:
+                        if (
                            vu["volume"] not in named_volumes["rw"]
                            and vu["volume"] not in named_volumes["ro"]
                        ):
                            named_volumes["ro"].append(vu["volume"])
                    else:
                        if vu["volume"] not in named_volumes["rw"]:
@ -108,10 +126,13 @@ def _create_bind_dir_if_relative(volume, path_string, compose_dir):
        absolute_path.mkdir(parents=True, exist_ok=True)
    else:
        if not path.exists():
-            print(f"WARNING: mount path for volume {volume} does not exist: {path_string}")
+            print(
                f"WARNING: mount path for volume {volume} does not exist: {path_string}"
            )
-# See: https://stackoverflow.com/questions/45699189/editing-docker-compose-yml-with-pyyaml
+# See:
 # https://stackoverflow.com/questions/45699189/editing-docker-compose-yml-with-pyyaml
 def _fixup_pod_file(pod, spec, compose_dir):
    deployment_type = spec[constants.deploy_to_key]
    # Fix up volumes
@ -123,7 +144,11 @@ def _fixup_pod_file(pod, spec, compose_dir):
                if volume in spec_volumes:
                    volume_spec = spec_volumes[volume]
                    if volume_spec:
-                        volume_spec_fixedup = volume_spec if Path(volume_spec).is_absolute() else f".{volume_spec}"
+                        volume_spec_fixedup = (
                            volume_spec
                            if Path(volume_spec).is_absolute()
                            else f".{volume_spec}"
                        )
                        _create_bind_dir_if_relative(volume, volume_spec, compose_dir)
                        # this is Docker specific
                        if spec.is_docker_deployment():
@ -132,8 +157,8 @@ def _fixup_pod_file(pod, spec, compose_dir):
                                "driver_opts": {
                                    "type": "none",
                                    "device": volume_spec_fixedup,
-                                    "o": "bind"
+                                    "o": "bind",
-                                }
+                                },
                            }
                            pod["volumes"][volume] = new_volume_spec
@ -181,6 +206,8 @@ def call_stack_deploy_init(deploy_command_context):
    for python_file_path in python_file_paths:
        if python_file_path.exists():
            spec = util.spec_from_file_location("commands", python_file_path)
            if spec is None or spec.loader is None:
                continue
            imported_stack = util.module_from_spec(spec)
            spec.loader.exec_module(imported_stack)
            if _has_method(imported_stack, "init"):
@ -189,12 +216,17 @@ def call_stack_deploy_init(deploy_command_context):
                    init_done = True
                else:
                    # TODO: remove this restriction
-                    print(f"Skipping init() from plugin {python_file_path}. Only one init() is allowed.")
+                    print(
                        f"Skipping init() from plugin {python_file_path}. "
                        "Only one init() is allowed."
                    )
    return ret
 # TODO: fold this with function above
-def call_stack_deploy_setup(deploy_command_context, parameters: LaconicStackSetupCommand, extra_args):
+def call_stack_deploy_setup(
    deploy_command_context, parameters: LaconicStackSetupCommand, extra_args
 ):
    # Link with the python file in the stack
    # Call a function in it
    # If no function found, return None
@ -202,6 +234,8 @@ def call_stack_deploy_setup(deploy_command_context, parameters: LaconicStackSetu
    for python_file_path in python_file_paths:
        if python_file_path.exists():
            spec = util.spec_from_file_location("commands", python_file_path)
            if spec is None or spec.loader is None:
                continue
            imported_stack = util.module_from_spec(spec)
            spec.loader.exec_module(imported_stack)
            if _has_method(imported_stack, "setup"):
@ -217,6 +251,8 @@ def call_stack_deploy_create(deployment_context, extra_args):
    for python_file_path in python_file_paths:
        if python_file_path.exists():
            spec = util.spec_from_file_location("commands", python_file_path)
            if spec is None or spec.loader is None:
                continue
            imported_stack = util.module_from_spec(spec)
            spec.loader.exec_module(imported_stack)
            if _has_method(imported_stack, "create"):
@ -247,7 +283,13 @@ def _find_extra_config_dirs(parsed_pod_file, pod):
 def _get_mapped_ports(stack: str, map_recipe: str):
-    port_map_recipes = ["any-variable-random", "localhost-same", "any-same", "localhost-fixed-random", "any-fixed-random"]
+    port_map_recipes = [
        "any-variable-random",
        "localhost-same",
        "any-same",
        "localhost-fixed-random",
        "any-fixed-random",
    ]
    ports = _get_ports(stack)
    if ports:
        # Implement any requested mapping recipe
@ -259,7 +301,9 @@ def _get_mapped_ports(stack: str, map_recipe: str):
                        orig_port = ports_array[x]
                        # Strip /udp suffix if present
                        bare_orig_port = orig_port.replace("/udp", "")
-                        random_port = random.randint(20000, 50000)  # Beware: we're relying on luck to not collide
+                        random_port = random.randint(
                            20000, 50000
                        )  # Beware: we're relying on luck to not collide
                        if map_recipe == "any-variable-random":
                            # This is the default so take no action
                            pass
@ -278,7 +322,10 @@ def _get_mapped_ports(stack: str, map_recipe: str):
                        else:
                            print("Error: bad map_recipe")
            else:
-                print(f"Error: --map-ports-to-host must specify one of: {port_map_recipes}")
+                print(
                    f"Error: --map-ports-to-host must specify one of: "
                    f"{port_map_recipes}"
                )
                sys.exit(1)
    return ports
@ -303,33 +350,54 @@ def _parse_config_variables(variable_values: str):
@click.command()
@click.option("--config", help="Provide config variables for the deployment")
-@click.option("--config-file", help="Provide config variables in a file for the deployment")
+@click.option(
    "--config-file", help="Provide config variables in a file for the deployment"
 )
@click.option("--kube-config", help="Provide a config file for a k8s deployment")
-@click.option("--image-registry", help="Provide a container image registry url for this k8s cluster")
+@click.option(
    "--image-registry",
    help="Provide a container image registry url for this k8s cluster",
 )
@click.option("--output", required=True, help="Write yaml spec file here")
-@click.option("--map-ports-to-host", required=False,
+@click.option(
    "--map-ports-to-host",
    required=False,
    help="Map ports to the host as one of: any-variable-random (default), "
-              "localhost-same, any-same, localhost-fixed-random, any-fixed-random")
+    "localhost-same, any-same, localhost-fixed-random, any-fixed-random",
 )
@click.pass_context
-def init(ctx, config, config_file, kube_config, image_registry, output, map_ports_to_host):
+def init(
    ctx, config, config_file, kube_config, image_registry, output, map_ports_to_host
 ):
    stack = global_options(ctx).stack
    deployer_type = ctx.obj.deployer.type
    deploy_command_context = ctx.obj
    return init_operation(
        deploy_command_context,
-        stack, deployer_type,
+        stack,
-        config, config_file,
+        deployer_type,
        config,
        config_file,
        kube_config,
        image_registry,
        output,
-        map_ports_to_host)
+        map_ports_to_host,
    )
 # The init command's implementation is in a separate function so that we can
 # call it from other commands, bypassing the click decoration stuff
-def init_operation(deploy_command_context, stack, deployer_type, config,
+def init_operation(
-                   config_file, kube_config, image_registry, output, map_ports_to_host):
+    deploy_command_context,
-
+    stack,
    deployer_type,
    config,
    config_file,
    kube_config,
    image_registry,
    output,
    map_ports_to_host,
 ):
    default_spec_file_content = call_stack_deploy_init(deploy_command_context)
    spec_file_content = {"stack": stack, constants.deploy_to_key: deployer_type}
    if deployer_type == "k8s":
@ -340,13 +408,20 @@ def init_operation(deploy_command_context, stack, deployer_type, config,
        if image_registry:
            spec_file_content.update({constants.image_registry_key: image_registry})
        else:
-            print("WARNING: --image-registry not specified, only default container registries (eg, Docker Hub) will be available")
+            print(
                "WARNING: --image-registry not specified, only default container "
                "registries (eg, Docker Hub) will be available"
            )
    else:
        # Check for --kube-config supplied for non-relevant deployer types
        if kube_config is not None:
-            error_exit(f"--kube-config is not allowed with a {deployer_type} deployment")
+            error_exit(
                f"--kube-config is not allowed with a {deployer_type} deployment"
            )
        if image_registry is not None:
-            error_exit(f"--image-registry is not allowed with a {deployer_type} deployment")
+            error_exit(
                f"--image-registry is not allowed with a {deployer_type} deployment"
            )
    if default_spec_file_content:
        spec_file_content.update(default_spec_file_content)
    config_variables = _parse_config_variables(config)
@ -368,7 +443,9 @@ def init_operation(deploy_command_context, stack, deployer_type, config,
            spec_file_content.update({"config": merged_config})
    ports = _get_mapped_ports(stack, map_ports_to_host)
-    spec_file_content.update({"network": {"ports": ports}})
+    orig_network = spec_file_content.get("network", {})
    orig_network["ports"] = ports
    spec_file_content["network"] = orig_network
    named_volumes = _get_named_volumes(stack)
    if named_volumes:
@ -393,7 +470,9 @@ def init_operation(deploy_command_context, stack, deployer_type, config,
            spec_file_content["configmaps"] = configmap_descriptors
    if opts.o.debug:
-        print(f"Creating spec file for stack: {stack} with content: {spec_file_content}")
+        print(
            f"Creating spec file for stack: {stack} with content: {spec_file_content}"
        )
    with open(output, "w") as output_file:
        get_yaml().dump(spec_file_content, output_file)
@ -441,24 +520,54 @@ def _check_volume_definitions(spec):
@click.command()
-@click.option("--spec-file", required=True, help="Spec file to use to create this deployment")
+@click.option(
    "--spec-file", required=True, help="Spec file to use to create this deployment"
 )
@click.option("--deployment-dir", help="Create deployment files in this directory")
@click.option(
    "--helm-chart",
    is_flag=True,
    default=False,
    help="Generate Helm chart instead of deploying (k8s only)",
 )
 # TODO: Hack
@click.option("--network-dir", help="Network configuration supplied in this directory")
@click.option("--initial-peers", help="Initial set of persistent peers")
@click.argument("extra_args", nargs=-1, type=click.UNPROCESSED)
@click.pass_context
-def create(ctx, spec_file, deployment_dir, network_dir, initial_peers):
+def create(
    ctx, spec_file, deployment_dir, helm_chart, network_dir, initial_peers, extra_args
 ):
    deployment_command_context = ctx.obj
-    return create_operation(deployment_command_context, spec_file, deployment_dir, network_dir, initial_peers)
+    return create_operation(
        deployment_command_context,
        spec_file,
        deployment_dir,
        helm_chart,
        network_dir,
        initial_peers,
        extra_args,
    )
 # The init command's implementation is in a separate function so that we can
 # call it from other commands, bypassing the click decoration stuff
-def create_operation(deployment_command_context, spec_file, deployment_dir, network_dir, initial_peers):
+def create_operation(
-    parsed_spec = Spec(os.path.abspath(spec_file), get_parsed_deployment_spec(spec_file))
+    deployment_command_context,
    spec_file,
    deployment_dir,
    helm_chart=False,
    network_dir=None,
    initial_peers=None,
    extra_args=(),
 ):
    parsed_spec = Spec(
        os.path.abspath(spec_file), get_parsed_deployment_spec(spec_file)
    )
    _check_volume_definitions(parsed_spec)
    stack_name = parsed_spec["stack"]
    deployment_type = parsed_spec[constants.deploy_to_key]
    stack_file = get_stack_path(stack_name).joinpath(constants.stack_file_name)
    parsed_stack = get_parsed_stack_config(stack_name)
    if opts.o.debug:
@ -473,13 +582,30 @@ def create_operation(deployment_command_context, spec_file, deployment_dir, netw
    # Copy spec file and the stack file into the deployment dir
    copyfile(spec_file, deployment_dir_path.joinpath(constants.spec_file_name))
    copyfile(stack_file, deployment_dir_path.joinpath(constants.stack_file_name))
    # Create deployment.yml with cluster-id
    _create_deployment_file(deployment_dir_path)
    # Branch to Helm chart generation flow if --helm-chart flag is set
    if deployment_type == "k8s" and helm_chart:
        from stack_orchestrator.deploy.k8s.helm.chart_generator import (
            generate_helm_chart,
        )
        generate_helm_chart(stack_name, spec_file, deployment_dir_path)
        return  # Exit early for helm chart generation
    # Existing deployment flow continues unchanged
    # Copy any config varibles from the spec file into an env file suitable for compose
-    _write_config_file(spec_file, deployment_dir_path.joinpath(constants.config_file_name))
+    _write_config_file(
        spec_file, deployment_dir_path.joinpath(constants.config_file_name)
    )
    # Copy any k8s config file into the deployment dir
    if deployment_type == "k8s":
-        _write_kube_config_file(Path(parsed_spec[constants.kube_config_key]),
+        _write_kube_config_file(
-                                deployment_dir_path.joinpath(constants.kube_config_filename))
+            Path(parsed_spec[constants.kube_config_key]),
            deployment_dir_path.joinpath(constants.kube_config_filename),
        )
    # Copy the pod files into the deployment dir, fixing up content
    pods = get_pod_list(parsed_stack)
    destination_compose_dir = deployment_dir_path.joinpath("compose")
@ -489,6 +615,8 @@ def create_operation(deployment_command_context, spec_file, deployment_dir, netw
    yaml = get_yaml()
    for pod in pods:
        pod_file_path = get_pod_file_path(stack_name, parsed_stack, pod)
        if pod_file_path is None:
            continue
        parsed_pod_file = yaml.load(open(pod_file_path, "r"))
        extra_config_dirs = _find_extra_config_dirs(parsed_pod_file, pod)
        destination_pod_dir = destination_pods_dir.joinpath(pod)
@ -496,7 +624,9 @@ def create_operation(deployment_command_context, spec_file, deployment_dir, netw
        if opts.o.debug:
            print(f"extra config dirs: {extra_config_dirs}")
        _fixup_pod_file(parsed_pod_file, parsed_spec, destination_compose_dir)
-        with open(destination_compose_dir.joinpath("docker-compose-%s.yml" % pod), "w") as output_file:
+        with open(
            destination_compose_dir.joinpath("docker-compose-%s.yml" % pod), "w"
        ) as output_file:
            yaml.dump(parsed_pod_file, output_file)
        # Copy the config files for the pod, if any
        config_dirs = {pod}
@ -504,8 +634,11 @@ def create_operation(deployment_command_context, spec_file, deployment_dir, netw
        for config_dir in config_dirs:
            source_config_dir = resolve_config_dir(stack_name, config_dir)
            if os.path.exists(source_config_dir):
-                destination_config_dir = deployment_dir_path.joinpath("config", config_dir)
+                destination_config_dir = deployment_dir_path.joinpath(
-                # If the same config dir appears in multiple pods, it may already have been copied
+                    "config", config_dir
                )
                # If the same config dir appears in multiple pods, it may already have
                # been copied
                if not os.path.exists(destination_config_dir):
                    copytree(source_config_dir, destination_config_dir)
        # Copy the script files for the pod, if any
@ -514,17 +647,69 @@ def create_operation(deployment_command_context, spec_file, deployment_dir, netw
            os.mkdir(destination_script_dir)
            script_paths = get_pod_script_paths(parsed_stack, pod)
            _copy_files_to_directory(script_paths, destination_script_dir)
        if parsed_spec.is_kubernetes_deployment():
            for configmap in parsed_spec.get_configmaps():
                source_config_dir = resolve_config_dir(stack_name, configmap)
                if os.path.exists(source_config_dir):
                    destination_config_dir = deployment_dir_path.joinpath(
                        "configmaps", configmap
                    )
                    copytree(
                        source_config_dir, destination_config_dir, dirs_exist_ok=True
                    )
        else:
            # TODO: We should probably only do this if the volume is marked :ro.
            for volume_name, volume_path in parsed_spec.get_volumes().items():
                source_config_dir = resolve_config_dir(stack_name, volume_name)
                # Only copy if the source exists and is _not_ empty.
                if os.path.exists(source_config_dir) and os.listdir(source_config_dir):
                    destination_config_dir = deployment_dir_path.joinpath(volume_path)
                    # Only copy if the destination exists and _is_ empty.
                    if os.path.exists(destination_config_dir) and not os.listdir(
                        destination_config_dir
                    ):
                        copytree(
                            source_config_dir,
                            destination_config_dir,
                            dirs_exist_ok=True,
                        )
    # Copy the job files into the deployment dir (for Docker deployments)
    jobs = get_job_list(parsed_stack)
    if jobs and not parsed_spec.is_kubernetes_deployment():
        destination_compose_jobs_dir = deployment_dir_path.joinpath("compose-jobs")
        os.mkdir(destination_compose_jobs_dir)
        for job in jobs:
            job_file_path = get_job_file_path(stack_name, parsed_stack, job)
            if job_file_path and job_file_path.exists():
                parsed_job_file = yaml.load(open(job_file_path, "r"))
                _fixup_pod_file(parsed_job_file, parsed_spec, destination_compose_dir)
                with open(
                    destination_compose_jobs_dir.joinpath(
                        "docker-compose-%s.yml" % job
                    ),
                    "w",
                ) as output_file:
                    yaml.dump(parsed_job_file, output_file)
                if opts.o.debug:
                    print(f"Copied job compose file: {job}")
    # Delegate to the stack's Python code
-    # The deploy create command doesn't require a --stack argument so we need to insert the
+    # The deploy create command doesn't require a --stack argument so we need
-    # stack member here.
+    # to insert the stack member here.
    deployment_command_context.stack = stack_name
    deployment_context = DeploymentContext()
    deployment_context.init(deployment_dir_path)
    # Call the deployer to generate any deployer-specific files (e.g. for kind)
-    deployer_config_generator = getDeployerConfigGenerator(deployment_type, deployment_context)
+    deployer_config_generator = getDeployerConfigGenerator(
        deployment_type, deployment_context
    )
    # TODO: make deployment_dir_path a Path above
    if deployer_config_generator is not None:
        deployer_config_generator.generate(deployment_dir_path)
-    call_stack_deploy_create(deployment_context, [network_dir, initial_peers, deployment_command_context])
+    call_stack_deploy_create(
        deployment_context, [network_dir, initial_peers, *extra_args]
    )
 # TODO: this code should be in the stack .py files but
@ -534,16 +719,50 @@ def create_operation(deployment_command_context, spec_file, deployment_dir, netw
@click.option("--node-moniker", help="Moniker for this node")
@click.option("--chain-id", help="The new chain id")
@click.option("--key-name", help="Name for new node key")
-@click.option("--gentx-files", help="List of comma-delimited gentx filenames from other nodes")
+@click.option(
    "--gentx-files", help="List of comma-delimited gentx filenames from other nodes"
 )
@click.option(
    "--gentx-addresses",
    type=str,
    help="List of comma-delimited validator addresses for other nodes",
 )
@click.option("--genesis-file", help="Genesis file for the network")
-@click.option("--initialize-network", is_flag=True, default=False, help="Initialize phase")
+@click.option(
    "--initialize-network", is_flag=True, default=False, help="Initialize phase"
 )
@click.option("--join-network", is_flag=True, default=False, help="Join phase")
@click.option("--connect-network", is_flag=True, default=False, help="Connect phase")
@click.option("--create-network", is_flag=True, default=False, help="Create phase")
@click.option("--network-dir", help="Directory for network files")
-@click.argument('extra_args', nargs=-1)
+@click.argument("extra_args", nargs=-1)
@click.pass_context
-def setup(ctx, node_moniker, chain_id, key_name, gentx_files, genesis_file, initialize_network, join_network, create_network,
+def setup(
-          network_dir, extra_args):
+    ctx,
-    parmeters = LaconicStackSetupCommand(chain_id, node_moniker, key_name, initialize_network, join_network, create_network,
+    node_moniker,
-                                         gentx_files, genesis_file, network_dir)
+    chain_id,
    key_name,
    gentx_files,
    gentx_addresses,
    genesis_file,
    initialize_network,
    join_network,
    connect_network,
    create_network,
    network_dir,
    extra_args,
 ):
    parmeters = LaconicStackSetupCommand(
        chain_id,
        node_moniker,
        key_name,
        initialize_network,
        join_network,
        connect_network,
        create_network,
        gentx_files,
        gentx_addresses,
        genesis_file,
        network_dir,
    )
    call_stack_deploy_setup(ctx.obj, parmeters, extra_args)
--- a/stack_orchestrator/deploy/images.py
+++ b/stack_orchestrator/deploy/images.py
@ -32,7 +32,9 @@ def _image_needs_pushed(image: str):
 def _remote_tag_for_image(image: str, remote_repo_url: str):
    # Turns image tags of the form: foo/bar:local into remote.repo/org/bar:deploy
    major_parts = image.split("/", 2)
-    image_name_with_version = major_parts[1] if 2 == len(major_parts) else major_parts[0]
+    image_name_with_version = (
        major_parts[1] if 2 == len(major_parts) else major_parts[0]
    )
    (image_name, image_version) = image_name_with_version.split(":")
    if image_version == "local":
        return f"{remote_repo_url}/{image_name}:deploy"
@ -61,17 +63,22 @@ def add_tags_to_image(remote_repo_url: str, local_tag: str, *additional_tags):
    docker = DockerClient()
    remote_tag = _remote_tag_for_image(local_tag, remote_repo_url)
-    new_remote_tags = [_remote_tag_for_image(tag, remote_repo_url) for tag in additional_tags]
+    new_remote_tags = [
        _remote_tag_for_image(tag, remote_repo_url) for tag in additional_tags
    ]
    docker.buildx.imagetools.create(sources=[remote_tag], tags=new_remote_tags)
 def remote_tag_for_image_unique(image: str, remote_repo_url: str, deployment_id: str):
    # Turns image tags of the form: foo/bar:local into remote.repo/org/bar:deploy
    major_parts = image.split("/", 2)
-    image_name_with_version = major_parts[1] if 2 == len(major_parts) else major_parts[0]
+    image_name_with_version = (
        major_parts[1] if 2 == len(major_parts) else major_parts[0]
    )
    (image_name, image_version) = image_name_with_version.split(":")
    if image_version == "local":
-        # Salt the tag with part of the deployment id to make it unique to this deployment
+        # Salt the tag with part of the deployment id to make it unique to this
        # deployment
        deployment_tag = deployment_id[-8:]
        return f"{remote_repo_url}/{image_name}:deploy-{deployment_tag}"
    else:
@ -79,7 +86,9 @@ def remote_tag_for_image_unique(image: str, remote_repo_url: str, deployment_id:
 # TODO: needs lots of error handling
-def push_images_operation(command_context: DeployCommandContext, deployment_context: DeploymentContext):
+def push_images_operation(
    command_context: DeployCommandContext, deployment_context: DeploymentContext
 ):
    # Get the list of images for the stack
    cluster_context = command_context.cluster_context
    images: Set[str] = images_for_deployment(cluster_context.compose_files)
@ -88,14 +97,18 @@ def push_images_operation(command_context: DeployCommandContext, deployment_cont
    docker = DockerClient()
    for image in images:
        if _image_needs_pushed(image):
-            remote_tag = remote_tag_for_image_unique(image, remote_repo_url, deployment_context.id)
+            remote_tag = remote_tag_for_image_unique(
                image, remote_repo_url, deployment_context.id
            )
            if opts.o.verbose:
                print(f"Tagging {image} to {remote_tag}")
            docker.image.tag(image, remote_tag)
    # Run docker push commands to upload
    for image in images:
        if _image_needs_pushed(image):
-            remote_tag = remote_tag_for_image_unique(image, remote_repo_url, deployment_context.id)
+            remote_tag = remote_tag_for_image_unique(
                image, remote_repo_url, deployment_context.id
            )
            if opts.o.verbose:
                print(f"Pushing image {remote_tag}")
            docker.image.push(remote_tag)
--- a/stack_orchestrator/deploy/k8s/cluster_info.py
+++ b/stack_orchestrator/deploy/k8s/cluster_info.py
@ -14,32 +14,44 @@
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 import os
 import base64
 from kubernetes import client
-from typing import Any, List, Set
+from typing import Any, List, Optional, Set
 from stack_orchestrator.opts import opts
 from stack_orchestrator.util import env_var_map_from_file
-from stack_orchestrator.deploy.k8s.helpers import named_volumes_from_pod_files, volume_mounts_for_service, volumes_for_pod_files
+from stack_orchestrator.deploy.k8s.helpers import (
    named_volumes_from_pod_files,
    volume_mounts_for_service,
    volumes_for_pod_files,
 )
 from stack_orchestrator.deploy.k8s.helpers import get_kind_pv_bind_mount_path
-from stack_orchestrator.deploy.k8s.helpers import envs_from_environment_variables_map, envs_from_compose_file, merge_envs
+from stack_orchestrator.deploy.k8s.helpers import (
-from stack_orchestrator.deploy.deploy_util import parsed_pod_files_map_from_file_names, images_for_deployment
+    envs_from_environment_variables_map,
    envs_from_compose_file,
    merge_envs,
 )
 from stack_orchestrator.deploy.deploy_util import (
    parsed_pod_files_map_from_file_names,
    images_for_deployment,
 )
 from stack_orchestrator.deploy.deploy_types import DeployEnvVars
 from stack_orchestrator.deploy.spec import Spec, Resources, ResourceLimits
 from stack_orchestrator.deploy.images import remote_tag_for_image_unique
-DEFAULT_VOLUME_RESOURCES = Resources({
+DEFAULT_VOLUME_RESOURCES = Resources({"reservations": {"storage": "2Gi"}})
    "reservations": {"storage": "2Gi"}
 })
-DEFAULT_CONTAINER_RESOURCES = Resources({
+DEFAULT_CONTAINER_RESOURCES = Resources(
-    "reservations": {"cpus": "0.1", "memory": "200M"},
+    {
-    "limits": {"cpus": "1.0", "memory": "2000M"},
+        "reservations": {"cpus": "1.0", "memory": "2000M"},
-})
+        "limits": {"cpus": "4.0", "memory": "8000M"},
    }
 )
 def to_k8s_resource_requirements(resources: Resources) -> client.V1ResourceRequirements:
-    def to_dict(limits: ResourceLimits):
+    def to_dict(limits: Optional[ResourceLimits]):
        if not limits:
            return None
@ -53,8 +65,7 @@ def to_k8s_resource_requirements(resources: Resources) -> client.V1ResourceRequi
        return ret
    return client.V1ResourceRequirements(
-        requests=to_dict(resources.reservations),
+        requests=to_dict(resources.reservations), limits=to_dict(resources.limits)
        limits=to_dict(resources.limits)
    )
@ -72,36 +83,69 @@ class ClusterInfo:
        self.parsed_pod_yaml_map = parsed_pod_files_map_from_file_names(pod_files)
        # Find the set of images in the pods
        self.image_set = images_for_deployment(pod_files)
-        self.environment_variables = DeployEnvVars(env_var_map_from_file(compose_env_file))
+        # Filter out None values from env file
        env_vars = {
            k: v for k, v in env_var_map_from_file(compose_env_file).items() if v
        }
        self.environment_variables = DeployEnvVars(env_vars)
        self.app_name = deployment_name
        self.spec = spec
-        if (opts.o.debug):
+        if opts.o.debug:
            print(f"Env vars: {self.environment_variables.map}")
-    def get_nodeport(self):
+    def get_nodeports(self):
        nodeports = []
        for pod_name in self.parsed_pod_yaml_map:
            pod = self.parsed_pod_yaml_map[pod_name]
            services = pod["services"]
            for service_name in services:
                service_info = services[service_name]
                if "ports" in service_info:
-                    port = int(service_info["ports"][0])
+                    for raw_port in [str(p) for p in service_info["ports"]]:
                        if opts.o.debug:
-                        print(f"service port: {port}")
+                            print(f"service port: {raw_port}")
                        # Parse protocol suffix (e.g., "8001/udp" -> port=8001,
                        # protocol=UDP)
                        protocol = "TCP"
                        port_str = raw_port
                        if "/" in raw_port:
                            port_str, proto = raw_port.rsplit("/", 1)
                            protocol = proto.upper()
                        if ":" in port_str:
                            parts = port_str.split(":")
                            if len(parts) != 2:
                                raise Exception(f"Invalid port definition: {raw_port}")
                            node_port = int(parts[0])
                            pod_port = int(parts[1])
                        else:
                            node_port = None
                            pod_port = int(port_str)
                        service = client.V1Service(
-            metadata=client.V1ObjectMeta(name=f"{self.app_name}-nodeport"),
+                            metadata=client.V1ObjectMeta(
                                name=(
                                    f"{self.app_name}-nodeport-"
                                    f"{pod_port}-{protocol.lower()}"
                                )
                            ),
                            spec=client.V1ServiceSpec(
                                type="NodePort",
-                ports=[client.V1ServicePort(
+                                ports=[
-                    port=port,
+                                    client.V1ServicePort(
-                    target_port=port
+                                        port=pod_port,
-                )],
+                                        target_port=pod_port,
-                selector={"app": self.app_name}
+                                        node_port=node_port,
                                        protocol=protocol,
                                    )
                                ],
                                selector={"app": self.app_name},
                            ),
                        )
-        return service
+                        nodeports.append(service)
        return nodeports
-    def get_ingress(self, use_tls=False, certificate=None, cluster_issuer="letsencrypt-prod"):
+    def get_ingress(
        self, use_tls=False, certificate=None, cluster_issuer="letsencrypt-prod"
    ):
        # No ingress for a deployment that has no http-proxy defined, for now
        http_proxy_info_list = self.spec.get_http_proxy()
        ingress = None
@ -113,10 +157,20 @@ class ClusterInfo:
            # TODO: good enough parsing for webapp deployment for now
            host_name = http_proxy_info["host-name"]
            rules = []
-            tls = [client.V1IngressTLS(
+            tls = (
-                hosts=certificate["spec"]["dnsNames"] if certificate else [host_name],
+                [
-                secret_name=certificate["spec"]["secretName"] if certificate else f"{self.app_name}-tls"
+                    client.V1IngressTLS(
-            )] if use_tls else None
+                        hosts=certificate["spec"]["dnsNames"]
                        if certificate
                        else [host_name],
                        secret_name=certificate["spec"]["secretName"]
                        if certificate
                        else f"{self.app_name}-tls",
                    )
                ]
                if use_tls
                else None
            )
            paths = []
            for route in http_proxy_info["routes"]:
                path = route["path"]
@ -125,7 +179,8 @@ class ClusterInfo:
                    print(f"proxy config: {path} -> {proxy_to}")
                # proxy_to has the form <service>:<port>
                proxy_to_port = int(proxy_to.split(":")[1])
-                paths.append(client.V1HTTPIngressPath(
+                paths.append(
                    client.V1HTTPIngressPath(
                        path_type="Prefix",
                        path=path,
                        backend=client.V1IngressBackend(
@ -133,57 +188,62 @@ class ClusterInfo:
                                # TODO: this looks wrong
                                name=f"{self.app_name}-service",
                                # TODO: pull port number from the service
-                            port=client.V1ServiceBackendPort(number=proxy_to_port)
+                                port=client.V1ServiceBackendPort(number=proxy_to_port),
                            )
                        ),
                    )
                )
-                ))
+            rules.append(
-            rules.append(client.V1IngressRule(
+                client.V1IngressRule(
-                host=host_name,
+                    host=host_name, http=client.V1HTTPIngressRuleValue(paths=paths)
                http=client.V1HTTPIngressRuleValue(
                    paths=paths
                )
            ))
            spec = client.V1IngressSpec(
                tls=tls,
                rules=rules
            )
            spec = client.V1IngressSpec(tls=tls, rules=rules)
            ingress_annotations = {
-                "kubernetes.io/ingress.class": "nginx",
+                "kubernetes.io/ingress.class": "caddy",
            }
            if not certificate:
                ingress_annotations["cert-manager.io/cluster-issuer"] = cluster_issuer
            ingress = client.V1Ingress(
                metadata=client.V1ObjectMeta(
-                    name=f"{self.app_name}-ingress",
+                    name=f"{self.app_name}-ingress", annotations=ingress_annotations
                    annotations=ingress_annotations
                ),
-                spec=spec
+                spec=spec,
            )
        return ingress
    # TODO: suppoprt multiple services
    def get_service(self):
-        for pod_name in self.parsed_pod_yaml_map:
+        # Collect all ports from http-proxy routes
-            pod = self.parsed_pod_yaml_map[pod_name]
+        ports_set = set()
-            services = pod["services"]
+        http_proxy_list = self.spec.get_http_proxy()
-            for service_name in services:
+        if http_proxy_list:
-                service_info = services[service_name]
+            for http_proxy in http_proxy_list:
-                if "ports" in service_info:
+                for route in http_proxy.get("routes", []):
-                    port = int(service_info["ports"][0])
+                    proxy_to = route.get("proxy-to", "")
                    if ":" in proxy_to:
                        port = int(proxy_to.split(":")[1])
                        ports_set.add(port)
                        if opts.o.debug:
-                        print(f"service port: {port}")
+                            print(f"http-proxy route port: {port}")
        if not ports_set:
            return None
        service_ports = [
            client.V1ServicePort(port=p, target_port=p, name=f"port-{p}")
            for p in sorted(ports_set)
        ]
        service = client.V1Service(
            metadata=client.V1ObjectMeta(name=f"{self.app_name}-service"),
            spec=client.V1ServiceSpec(
                type="ClusterIP",
-                ports=[client.V1ServicePort(
+                ports=service_ports,
-                    port=port,
+                selector={"app": self.app_name},
-                    target_port=port
+            ),
                )],
                selector={"app": self.app_name}
            )
        )
        return service
@ -206,7 +266,7 @@ class ClusterInfo:
            labels = {
                "app": self.app_name,
-                "volume-label": f"{self.app_name}-{volume_name}"
+                "volume-label": f"{self.app_name}-{volume_name}",
            }
            if volume_path:
                storage_class_name = "manual"
@ -220,11 +280,13 @@ class ClusterInfo:
                access_modes=["ReadWriteOnce"],
                storage_class_name=storage_class_name,
                resources=to_k8s_resource_requirements(resources),
-                volume_name=k8s_volume_name
+                volume_name=k8s_volume_name,
            )
            pvc = client.V1PersistentVolumeClaim(
-                metadata=client.V1ObjectMeta(name=f"{self.app_name}-{volume_name}", labels=labels),
+                metadata=client.V1ObjectMeta(
-                spec=spec
+                    name=f"{self.app_name}-{volume_name}", labels=labels
                ),
                spec=spec,
            )
            result.append(pvc)
        return result
@ -239,21 +301,28 @@ class ClusterInfo:
                    print(f"{cfg_map_name} not in pod files")
                continue
-            if not cfg_map_path.startswith("/"):
+            if not cfg_map_path.startswith("/") and self.spec.file_path is not None:
-                cfg_map_path = os.path.join(os.path.dirname(self.spec.file_path), cfg_map_path)
+                cfg_map_path = os.path.join(
                    os.path.dirname(str(self.spec.file_path)), cfg_map_path
                )
-            # Read in all the files at a single-level of the directory.  This mimics the behavior
+            # Read in all the files at a single-level of the directory.
-            # of `kubectl create configmap foo --from-file=/path/to/dir`
+            # This mimics the behavior of
            # `kubectl create configmap foo --from-file=/path/to/dir`
            data = {}
            for f in os.listdir(cfg_map_path):
                full_path = os.path.join(cfg_map_path, f)
                if os.path.isfile(full_path):
-                    data[f] = open(full_path, 'rt').read()
+                    data[f] = base64.b64encode(open(full_path, "rb").read()).decode(
                        "ASCII"
                    )
            spec = client.V1ConfigMap(
-                metadata=client.V1ObjectMeta(name=f"{self.app_name}-{cfg_map_name}",
+                metadata=client.V1ObjectMeta(
-                                             labels={"configmap-label": cfg_map_name}),
+                    name=f"{self.app_name}-{cfg_map_name}",
-                data=data
+                    labels={"configmap-label": cfg_map_name},
                ),
                binary_data=data,
            )
            result.append(spec)
        return result
@ -267,10 +336,14 @@ class ClusterInfo:
            resources = DEFAULT_VOLUME_RESOURCES
        for volume_name, volume_path in spec_volumes.items():
            # We only need to create a volume if it is fully qualified HostPath.
-            # Otherwise, we create the PVC and expect the node to allocate the volume for us.
+            # Otherwise, we create the PVC and expect the node to allocate the volume
            # for us.
            if not volume_path:
                if opts.o.debug:
-                    print(f"{volume_name} does not require an explicit PersistentVolume, since it is not a bind-mount.")
+                    print(
                        f"{volume_name} does not require an explicit "
                        "PersistentVolume, since it is not a bind-mount."
                    )
                continue
            if volume_name not in named_volumes:
@ -279,30 +352,38 @@ class ClusterInfo:
                continue
            if not os.path.isabs(volume_path):
-                print(f"WARNING: {volume_name}:{volume_path} is not absolute, cannot bind volume.")
+                print(
                    f"WARNING: {volume_name}:{volume_path} is not absolute, "
                    "cannot bind volume."
                )
                continue
            if self.spec.is_kind_deployment():
-                host_path = client.V1HostPathVolumeSource(path=get_kind_pv_bind_mount_path(volume_name))
+                host_path = client.V1HostPathVolumeSource(
                    path=get_kind_pv_bind_mount_path(volume_name)
                )
            else:
                host_path = client.V1HostPathVolumeSource(path=volume_path)
            spec = client.V1PersistentVolumeSpec(
                storage_class_name="manual",
                access_modes=["ReadWriteOnce"],
                capacity=to_k8s_resource_requirements(resources).requests,
-                host_path=host_path
+                host_path=host_path,
            )
            pv = client.V1PersistentVolume(
-                metadata=client.V1ObjectMeta(name=f"{self.app_name}-{volume_name}",
+                metadata=client.V1ObjectMeta(
-                                             labels={"volume-label": f"{self.app_name}-{volume_name}"}),
+                    name=f"{self.app_name}-{volume_name}",
                    labels={"volume-label": f"{self.app_name}-{volume_name}"},
                ),
                spec=spec,
            )
            result.append(pv)
        return result
    # TODO: put things like image pull policy into an object-scope struct
-    def get_deployment(self, image_pull_policy: str = None):
+    def get_deployment(self, image_pull_policy: Optional[str] = None):
        containers = []
        services = {}
        resources = self.spec.get_container_resources()
        if not resources:
            resources = DEFAULT_CONTAINER_RESOURCES
@ -313,46 +394,94 @@ class ClusterInfo:
                container_name = service_name
                service_info = services[service_name]
                image = service_info["image"]
                container_ports = []
                if "ports" in service_info:
-                    port = int(service_info["ports"][0])
+                    for raw_port in [str(p) for p in service_info["ports"]]:
                        # Parse protocol suffix (e.g., "8001/udp" -> port=8001,
                        # protocol=UDP)
                        protocol = "TCP"
                        port_str = raw_port
                        if "/" in raw_port:
                            port_str, proto = raw_port.rsplit("/", 1)
                            protocol = proto.upper()
                        # Handle host:container port mapping - use container port
                        if ":" in port_str:
                            port_str = port_str.split(":")[-1]
                        port = int(port_str)
                        container_ports.append(
                            client.V1ContainerPort(
                                container_port=port, protocol=protocol
                            )
                        )
                    if opts.o.debug:
                        print(f"image: {image}")
-                        print(f"service port: {port}")
+                        print(f"service ports: {container_ports}")
-                merged_envs = merge_envs(
+                merged_envs = (
                    merge_envs(
                        envs_from_compose_file(
-                        service_info["environment"]), self.environment_variables.map
+                            service_info["environment"], self.environment_variables.map
-                ) if "environment" in service_info else self.environment_variables.map
+                        ),
                        self.environment_variables.map,
                    )
                    if "environment" in service_info
                    else self.environment_variables.map
                )
                envs = envs_from_environment_variables_map(merged_envs)
                if opts.o.debug:
                    print(f"Merged envs: {envs}")
                # Re-write the image tag for remote deployment
                # Note self.app_name has the same value as deployment_id
-                image_to_use = remote_tag_for_image_unique(
+                image_to_use = (
-                    image,
+                    remote_tag_for_image_unique(
-                    self.spec.get_image_registry(),
+                        image, self.spec.get_image_registry(), self.app_name
-                    self.app_name) if self.spec.get_image_registry() is not None else image
+                    )
-                volume_mounts = volume_mounts_for_service(self.parsed_pod_yaml_map, service_name)
+                    if self.spec.get_image_registry() is not None
                    else image
                )
                volume_mounts = volume_mounts_for_service(
                    self.parsed_pod_yaml_map, service_name
                )
                # Handle command/entrypoint from compose file
                # In docker-compose: entrypoint -> k8s command, command -> k8s args
                container_command = None
                container_args = None
                if "entrypoint" in service_info:
                    entrypoint = service_info["entrypoint"]
                    container_command = (
                        entrypoint if isinstance(entrypoint, list) else [entrypoint]
                    )
                if "command" in service_info:
                    cmd = service_info["command"]
                    container_args = cmd if isinstance(cmd, list) else cmd.split()
                container = client.V1Container(
                    name=container_name,
                    image=image_to_use,
                    image_pull_policy=image_pull_policy,
                    command=container_command,
                    args=container_args,
                    env=envs,
-                    ports=[client.V1ContainerPort(container_port=port)],
+                    ports=container_ports if container_ports else None,
                    volume_mounts=volume_mounts,
                    security_context=client.V1SecurityContext(
                        privileged=self.spec.get_privileged(),
                        capabilities=client.V1Capabilities(
                            add=self.spec.get_capabilities()
-                        ) if self.spec.get_capabilities() else None
+                        )
                        if self.spec.get_capabilities()
                        else None,
                    ),
                    resources=to_k8s_resource_requirements(resources),
                )
                containers.append(container)
-        volumes = volumes_for_pod_files(self.parsed_pod_yaml_map, self.spec, self.app_name)
+        volumes = volumes_for_pod_files(
            self.parsed_pod_yaml_map, self.spec, self.app_name
        )
        image_pull_secrets = [client.V1LocalObjectReference(name="laconic-registry")]
        annotations = None
        labels = {"app": self.app_name}
        affinity = None
        tolerations = None
        if self.spec.get_annotations():
            annotations = {}
@ -365,17 +494,60 @@ class ClusterInfo:
                for service_name in services:
                    labels[key.replace("{name}", service_name)] = value
        if self.spec.get_node_affinities():
            affinities = []
            for rule in self.spec.get_node_affinities():
                # TODO add some input validation here
                label_name = rule["label"]
                label_value = rule["value"]
                affinities.append(
                    client.V1NodeSelectorTerm(
                        match_expressions=[
                            client.V1NodeSelectorRequirement(
                                key=label_name, operator="In", values=[label_value]
                            )
                        ]
                    )
                )
            affinity = client.V1Affinity(
                node_affinity=client.V1NodeAffinity(
                    required_during_scheduling_ignored_during_execution=(
                        client.V1NodeSelector(node_selector_terms=affinities)
                    )
                )
            )
        if self.spec.get_node_tolerations():
            tolerations = []
            for toleration in self.spec.get_node_tolerations():
                # TODO add some input validation here
                toleration_key = toleration["key"]
                toleration_value = toleration["value"]
                tolerations.append(
                    client.V1Toleration(
                        effect="NoSchedule",
                        key=toleration_key,
                        operator="Equal",
                        value=toleration_value,
                    )
                )
        template = client.V1PodTemplateSpec(
-            metadata=client.V1ObjectMeta(
+            metadata=client.V1ObjectMeta(annotations=annotations, labels=labels),
-                annotations=annotations,
+            spec=client.V1PodSpec(
-                labels=labels
+                containers=containers,
                image_pull_secrets=image_pull_secrets,
                volumes=volumes,
                affinity=affinity,
                tolerations=tolerations,
                runtime_class_name=self.spec.get_runtime_class(),
            ),
            spec=client.V1PodSpec(containers=containers, image_pull_secrets=image_pull_secrets, volumes=volumes),
        )
        spec = client.V1DeploymentSpec(
-            replicas=1, template=template, selector={
+            replicas=self.spec.get_replicas(),
-                "matchLabels":
+            template=template,
-                {"app": self.app_name}})
+            selector={"matchLabels": {"app": self.app_name}},
        )
        deployment = client.V1Deployment(
            api_version="apps/v1",
--- a/stack_orchestrator/deploy/k8s/deploy_k8s.py
+++ b/stack_orchestrator/deploy/k8s/deploy_k8s.py
@ -16,13 +16,29 @@ from datetime import datetime, timezone
 from pathlib import Path
 from kubernetes import client, config
 from kubernetes.client.exceptions import ApiException
 from typing import Any, Dict, List, Optional, cast
 from stack_orchestrator import constants
 from stack_orchestrator.deploy.deployer import Deployer, DeployerConfigGenerator
-from stack_orchestrator.deploy.k8s.helpers import create_cluster, destroy_cluster, load_images_into_kind
+from stack_orchestrator.deploy.k8s.helpers import (
-from stack_orchestrator.deploy.k8s.helpers import install_ingress_for_kind, wait_for_ingress_in_kind
+    create_cluster,
-from stack_orchestrator.deploy.k8s.helpers import pods_in_deployment, containers_in_pod, log_stream_from_string
+    destroy_cluster,
-from stack_orchestrator.deploy.k8s.helpers import generate_kind_config
+    load_images_into_kind,
 )
 from stack_orchestrator.deploy.k8s.helpers import (
    install_ingress_for_kind,
    wait_for_ingress_in_kind,
 )
 from stack_orchestrator.deploy.k8s.helpers import (
    pods_in_deployment,
    containers_in_pod,
    log_stream_from_string,
 )
 from stack_orchestrator.deploy.k8s.helpers import (
    generate_kind_config,
    generate_high_memlock_spec_json,
 )
 from stack_orchestrator.deploy.k8s.cluster_info import ClusterInfo
 from stack_orchestrator.opts import opts
 from stack_orchestrator.deploy.deployment_context import DeploymentContext
@ -35,7 +51,7 @@ class AttrDict(dict):
        self.__dict__ = self
-def _check_delete_exception(e: client.exceptions.ApiException):
+def _check_delete_exception(e: ApiException) -> None:
    if e.status == 404:
        if opts.o.debug:
            print("Failed to delete object, continuing")
@ -43,6 +59,36 @@ def _check_delete_exception(e: client.exceptions.ApiException):
        error_exit(f"k8s api error: {e}")
 def _create_runtime_class(name: str, handler: str):
    """Create a RuntimeClass resource for custom containerd runtime handlers.
    RuntimeClass allows pods to specify which runtime handler to use, enabling
    different pods to have different rlimit profiles (e.g., high-memlock).
    Args:
        name: The name of the RuntimeClass resource
        handler: The containerd runtime handler name
            (must match containerdConfigPatches)
    """
    api = client.NodeV1Api()
    runtime_class = client.V1RuntimeClass(
        api_version="node.k8s.io/v1",
        kind="RuntimeClass",
        metadata=client.V1ObjectMeta(name=name),
        handler=handler,
    )
    try:
        api.create_runtime_class(runtime_class)
        if opts.o.debug:
            print(f"Created RuntimeClass: {name}")
    except ApiException as e:
        if e.status == 409:  # Already exists
            if opts.o.debug:
                print(f"RuntimeClass {name} already exists")
        else:
            raise
 class K8sDeployer(Deployer):
    name: str = "k8s"
    type: str
@ -51,21 +97,36 @@ class K8sDeployer(Deployer):
    networking_api: client.NetworkingV1Api
    k8s_namespace: str = "default"
    kind_cluster_name: str
    skip_cluster_management: bool
    cluster_info: ClusterInfo
    deployment_dir: Path
    deployment_context: DeploymentContext
-    def __init__(self, type, deployment_context: DeploymentContext, compose_files, compose_project_name, compose_env_file) -> None:
+    def __init__(
        self,
        type,
        deployment_context: DeploymentContext,
        compose_files,
        compose_project_name,
        compose_env_file,
    ) -> None:
        self.type = type
-        # TODO: workaround pending refactoring above to cope with being created with a null deployment_context
+        self.skip_cluster_management = False
        # TODO: workaround pending refactoring above to cope with being
        # created with a null deployment_context
        if deployment_context is None:
            return
        self.deployment_dir = deployment_context.deployment_dir
        self.deployment_context = deployment_context
        self.kind_cluster_name = compose_project_name
        self.cluster_info = ClusterInfo()
-        self.cluster_info.int(compose_files, compose_env_file, compose_project_name, deployment_context.spec)
+        self.cluster_info.int(
-        if (opts.o.debug):
+            compose_files,
            compose_env_file,
            compose_project_name,
            deployment_context.spec,
        )
        if opts.o.debug:
            print(f"Deployment dir: {deployment_context.deployment_dir}")
            print(f"Compose files: {compose_files}")
            print(f"Project name: {compose_project_name}")
@ -77,7 +138,11 @@ class K8sDeployer(Deployer):
            config.load_kube_config(context=f"kind-{self.kind_cluster_name}")
        else:
            # Get the config file and pass to load_kube_config()
-            config.load_kube_config(config_file=self.deployment_dir.joinpath(constants.kube_config_filename).as_posix())
+            config.load_kube_config(
                config_file=self.deployment_dir.joinpath(
                    constants.kube_config_filename
                ).as_posix()
            )
        self.core_api = client.CoreV1Api()
        self.networking_api = client.NetworkingV1Api()
        self.apps_api = client.AppsV1Api()
@ -91,7 +156,9 @@ class K8sDeployer(Deployer):
                print(f"Sending this pv: {pv}")
            if not opts.o.dry_run:
                try:
-                    pv_resp = self.core_api.read_persistent_volume(name=pv.metadata.name)
+                    pv_resp = self.core_api.read_persistent_volume(
                        name=pv.metadata.name
                    )
                    if pv_resp:
                        if opts.o.debug:
                            print("PVs already present:")
@ -114,7 +181,8 @@ class K8sDeployer(Deployer):
            if not opts.o.dry_run:
                try:
                    pvc_resp = self.core_api.read_namespaced_persistent_volume_claim(
-                        name=pvc.metadata.name, namespace=self.k8s_namespace)
+                        name=pvc.metadata.name, namespace=self.k8s_namespace
                    )
                    if pvc_resp:
                        if opts.o.debug:
                            print("PVCs already present:")
@ -123,7 +191,9 @@ class K8sDeployer(Deployer):
                except:  # noqa: E722
                    pass
-                pvc_resp = self.core_api.create_namespaced_persistent_volume_claim(body=pvc, namespace=self.k8s_namespace)
+                pvc_resp = self.core_api.create_namespaced_persistent_volume_claim(
                    body=pvc, namespace=self.k8s_namespace
                )
                if opts.o.debug:
                    print("PVCs created:")
                    print(f"{pvc_resp}")
@ -135,8 +205,7 @@ class K8sDeployer(Deployer):
                print(f"Sending this ConfigMap: {cfg_map}")
            if not opts.o.dry_run:
                cfg_rsp = self.core_api.create_namespaced_config_map(
-                    body=cfg_map,
+                    body=cfg_map, namespace=self.k8s_namespace
                    namespace=self.k8s_namespace
                )
                if opts.o.debug:
                    print("ConfigMap created:")
@ -144,26 +213,37 @@ class K8sDeployer(Deployer):
    def _create_deployment(self):
        # Process compose files into a Deployment
-        deployment = self.cluster_info.get_deployment(image_pull_policy=None if self.is_kind() else "Always")
+        deployment = self.cluster_info.get_deployment(
            image_pull_policy=None if self.is_kind() else "Always"
        )
        # Create the k8s objects
        if opts.o.debug:
            print(f"Sending this deployment: {deployment}")
        if not opts.o.dry_run:
-            deployment_resp = self.apps_api.create_namespaced_deployment(
+            deployment_resp = cast(
                client.V1Deployment,
                self.apps_api.create_namespaced_deployment(
                    body=deployment, namespace=self.k8s_namespace
                ),
            )
            if opts.o.debug:
                print("Deployment created:")
-                print(f"{deployment_resp.metadata.namespace} {deployment_resp.metadata.name} \
+                meta = deployment_resp.metadata
-                    {deployment_resp.metadata.generation} {deployment_resp.spec.template.spec.containers[0].image}")
+                spec = deployment_resp.spec
                if meta and spec and spec.template.spec:
                    ns = meta.namespace
                    name = meta.name
                    gen = meta.generation
                    containers = spec.template.spec.containers
                    img = containers[0].image if containers else None
                    print(f"{ns} {name} {gen} {img}")
-        service: client.V1Service = self.cluster_info.get_service()
+        service = self.cluster_info.get_service()
        if opts.o.debug:
            print(f"Sending this service: {service}")
-        if not opts.o.dry_run:
+        if service and not opts.o.dry_run:
            service_resp = self.core_api.create_namespaced_service(
-                namespace=self.k8s_namespace,
+                namespace=self.k8s_namespace, body=service
                body=service
            )
            if opts.o.debug:
                print("Service created:")
@ -174,7 +254,7 @@ class K8sDeployer(Deployer):
            group="cert-manager.io",
            version="v1",
            namespace=self.k8s_namespace,
-            plural="certificates"
+            plural="certificates",
        )
        host_parts = host_name.split(".", 1)
@ -182,6 +262,7 @@ class K8sDeployer(Deployer):
        if len(host_parts) == 2:
            host_as_wild = f"*.{host_parts[1]}"
        # TODO: resolve method deprecation below
        now = datetime.utcnow().replace(tzinfo=timezone.utc)
        fmt = "%Y-%m-%dT%H:%M:%S%z"
@ -198,23 +279,38 @@ class K8sDeployer(Deployer):
                    if before < now < after:
                        # Check the status is Ready
                        for condition in status.get("conditions", []):
-                            if "True" == condition.get("status") and "Ready" == condition.get("type"):
+                            if "True" == condition.get(
                                "status"
                            ) and "Ready" == condition.get("type"):
                                return cert
        return None
-    def up(self, detach, services):
+    def up(self, detach, skip_cluster_management, services):
        self.skip_cluster_management = skip_cluster_management
        if not opts.o.dry_run:
-            if self.is_kind():
+            if self.is_kind() and not self.skip_cluster_management:
                # Create the kind cluster
-                create_cluster(self.kind_cluster_name, self.deployment_dir.joinpath(constants.kind_config_filename))
+                create_cluster(
                    self.kind_cluster_name,
                    str(self.deployment_dir.joinpath(constants.kind_config_filename)),
                )
                # Ensure the referenced containers are copied into kind
-                load_images_into_kind(self.kind_cluster_name, self.cluster_info.image_set)
+                load_images_into_kind(
                    self.kind_cluster_name, self.cluster_info.image_set
                )
            self.connect_api()
-            if self.is_kind():
+            if self.is_kind() and not self.skip_cluster_management:
-                # Now configure an ingress controller (not installed by default in kind)
+                # Configure ingress controller (not installed by default in kind)
                install_ingress_for_kind()
-                # Wait for ingress to start (deployment provisioning will fail unless this is done)
+                # Wait for ingress to start
                # (deployment provisioning will fail unless this is done)
                wait_for_ingress_in_kind()
                # Create RuntimeClass if unlimited_memlock is enabled
                if self.cluster_info.spec.get_unlimited_memlock():
                    _create_runtime_class(
                        constants.high_memlock_runtime,
                        constants.high_memlock_runtime,
                    )
        else:
            print("Dry run mode enabled, skipping k8s API connect")
@ -223,21 +319,26 @@ class K8sDeployer(Deployer):
        self._create_deployment()
        http_proxy_info = self.cluster_info.spec.get_http_proxy()
-        # Note: at present we don't support tls for kind (and enabling tls causes errors)
+        # Note: we don't support tls for kind (enabling tls causes errors)
        use_tls = http_proxy_info and not self.is_kind()
-        certificate = self._find_certificate_for_host_name(http_proxy_info[0]["host-name"]) if use_tls else None
+        certificate = (
            self._find_certificate_for_host_name(http_proxy_info[0]["host-name"])
            if use_tls
            else None
        )
        if opts.o.debug:
            if certificate:
                print(f"Using existing certificate: {certificate}")
-        ingress: client.V1Ingress = self.cluster_info.get_ingress(use_tls=use_tls, certificate=certificate)
+        ingress = self.cluster_info.get_ingress(
            use_tls=use_tls, certificate=certificate
        )
        if ingress:
            if opts.o.debug:
                print(f"Sending this ingress: {ingress}")
            if not opts.o.dry_run:
                ingress_resp = self.networking_api.create_namespaced_ingress(
-                    namespace=self.k8s_namespace,
+                    namespace=self.k8s_namespace, body=ingress
                    body=ingress
                )
                if opts.o.debug:
                    print("Ingress created:")
@ -246,20 +347,20 @@ class K8sDeployer(Deployer):
            if opts.o.debug:
                print("No ingress configured")
-        nodeport: client.V1Service = self.cluster_info.get_nodeport()
+        nodeports: List[client.V1Service] = self.cluster_info.get_nodeports()
-        if nodeport:
+        for nodeport in nodeports:
            if opts.o.debug:
                print(f"Sending this nodeport: {nodeport}")
            if not opts.o.dry_run:
                nodeport_resp = self.core_api.create_namespaced_service(
-                    namespace=self.k8s_namespace,
+                    namespace=self.k8s_namespace, body=nodeport
                    body=nodeport
                )
                if opts.o.debug:
                    print("NodePort created:")
                    print(f"{nodeport_resp}")
-    def down(self, timeout, volumes):  # noqa: C901
+    def down(self, timeout, volumes, skip_cluster_management):  # noqa: C901
        self.skip_cluster_management = skip_cluster_management
        self.connect_api()
        # Delete the k8s objects
@ -270,11 +371,13 @@ class K8sDeployer(Deployer):
                if opts.o.debug:
                    print(f"Deleting this pv: {pv}")
                try:
-                    pv_resp = self.core_api.delete_persistent_volume(name=pv.metadata.name)
+                    pv_resp = self.core_api.delete_persistent_volume(
                        name=pv.metadata.name
                    )
                    if opts.o.debug:
                        print("PV deleted:")
                        print(f"{pv_resp}")
-                except client.exceptions.ApiException as e:
+                except ApiException as e:
                    _check_delete_exception(e)
            # Figure out the PVCs for this deployment
@ -289,7 +392,7 @@ class K8sDeployer(Deployer):
                    if opts.o.debug:
                        print("PVCs deleted:")
                        print(f"{pvc_resp}")
-                except client.exceptions.ApiException as e:
+                except ApiException as e:
                    _check_delete_exception(e)
        # Figure out the ConfigMaps for this deployment
@ -304,60 +407,61 @@ class K8sDeployer(Deployer):
                if opts.o.debug:
                    print("ConfigMap deleted:")
                    print(f"{cfg_map_resp}")
-            except client.exceptions.ApiException as e:
+            except ApiException as e:
                _check_delete_exception(e)
        deployment = self.cluster_info.get_deployment()
        if opts.o.debug:
            print(f"Deleting this deployment: {deployment}")
        if deployment and deployment.metadata and deployment.metadata.name:
            try:
                self.apps_api.delete_namespaced_deployment(
                    name=deployment.metadata.name, namespace=self.k8s_namespace
                )
-        except client.exceptions.ApiException as e:
+            except ApiException as e:
                _check_delete_exception(e)
-        service: client.V1Service = self.cluster_info.get_service()
+        service = self.cluster_info.get_service()
        if opts.o.debug:
            print(f"Deleting service: {service}")
        if service and service.metadata and service.metadata.name:
            try:
                self.core_api.delete_namespaced_service(
-                namespace=self.k8s_namespace,
+                    namespace=self.k8s_namespace, name=service.metadata.name
                name=service.metadata.name
                )
-        except client.exceptions.ApiException as e:
+            except ApiException as e:
                _check_delete_exception(e)
-        ingress: client.V1Ingress = self.cluster_info.get_ingress(use_tls=not self.is_kind())
+        ingress = self.cluster_info.get_ingress(use_tls=not self.is_kind())
-        if ingress:
+        if ingress and ingress.metadata and ingress.metadata.name:
            if opts.o.debug:
                print(f"Deleting this ingress: {ingress}")
            try:
                self.networking_api.delete_namespaced_ingress(
                    name=ingress.metadata.name, namespace=self.k8s_namespace
                )
-            except client.exceptions.ApiException as e:
+            except ApiException as e:
                _check_delete_exception(e)
        else:
            if opts.o.debug:
                print("No ingress to delete")
-        nodeport: client.V1Service = self.cluster_info.get_nodeport()
+        nodeports: List[client.V1Service] = self.cluster_info.get_nodeports()
-        if nodeport:
+        for nodeport in nodeports:
            if opts.o.debug:
-                print(f"Deleting this nodeport: {ingress}")
+                print(f"Deleting this nodeport: {nodeport}")
            if nodeport.metadata and nodeport.metadata.name:
                try:
                    self.core_api.delete_namespaced_service(
-                    namespace=self.k8s_namespace,
+                        namespace=self.k8s_namespace, name=nodeport.metadata.name
                    name=nodeport.metadata.name
                    )
-            except client.exceptions.ApiException as e:
+                except ApiException as e:
                    _check_delete_exception(e)
        else:
            if opts.o.debug:
                print("No nodeport to delete")
-        if self.is_kind():
+        if self.is_kind() and not self.skip_cluster_management:
            # Destroy the kind cluster
            destroy_cluster(self.kind_cluster_name)
@ -369,6 +473,7 @@ class K8sDeployer(Deployer):
        if all_pods.items:
            for p in all_pods.items:
                if p.metadata and p.metadata.name:
                    if f"{self.cluster_info.app_name}-deployment" in p.metadata.name:
                        pods.append(p)
@ -379,21 +484,40 @@ class K8sDeployer(Deployer):
        ip = "?"
        tls = "?"
        try:
-            ingress = self.networking_api.read_namespaced_ingress(namespace=self.k8s_namespace,
+            cluster_ingress = self.cluster_info.get_ingress()
-                                                                  name=self.cluster_info.get_ingress().metadata.name)
+            if cluster_ingress is None or cluster_ingress.metadata is None:
                return
            ingress = cast(
                client.V1Ingress,
                self.networking_api.read_namespaced_ingress(
                    namespace=self.k8s_namespace,
                    name=cluster_ingress.metadata.name,
                ),
            )
            if not ingress.spec or not ingress.spec.tls or not ingress.spec.rules:
                return
-            cert = self.custom_obj_api.get_namespaced_custom_object(
+            cert = cast(
                Dict[str, Any],
                self.custom_obj_api.get_namespaced_custom_object(
                    group="cert-manager.io",
                    version="v1",
                    namespace=self.k8s_namespace,
                    plural="certificates",
-                name=ingress.spec.tls[0].secret_name
+                    name=ingress.spec.tls[0].secret_name,
                ),
            )
            hostname = ingress.spec.rules[0].host
-            ip = ingress.status.load_balancer.ingress[0].ip
+            if ingress.status and ingress.status.load_balancer:
                lb_ingress = ingress.status.load_balancer.ingress
                if lb_ingress:
                    ip = lb_ingress[0].ip or "?"
            cert_status = cert.get("status", {})
            tls = "notBefore: %s; notAfter: %s; names: %s" % (
-                cert["status"]["notBefore"], cert["status"]["notAfter"], ingress.spec.tls[0].hosts
+                cert_status.get("notBefore", "?"),
                cert_status.get("notAfter", "?"),
                ingress.spec.tls[0].hosts,
            )
        except:  # noqa: E722
            pass
@ -406,10 +530,16 @@ class K8sDeployer(Deployer):
        print("Pods:")
        for p in pods:
            if not p.metadata:
                continue
            ns = p.metadata.namespace
            name = p.metadata.name
            if p.metadata.deletion_timestamp:
-                print(f"\t{p.metadata.namespace}/{p.metadata.name}: Terminating ({p.metadata.deletion_timestamp})")
+                ts = p.metadata.deletion_timestamp
                print(f"\t{ns}/{name}: Terminating ({ts})")
            else:
-                print(f"\t{p.metadata.namespace}/{p.metadata.name}: Running ({p.metadata.creation_timestamp})")
+                ts = p.metadata.creation_timestamp
                print(f"\t{ns}/{name}: Running ({ts})")
    def ps(self):
        self.connect_api()
@ -424,19 +554,22 @@ class K8sDeployer(Deployer):
                for c in p.spec.containers:
                    if c.ports:
                        for prt in c.ports:
-                            ports[str(prt.container_port)] = [AttrDict({
+                            ports[str(prt.container_port)] = [
-                                "HostIp": pod_ip,
+                                AttrDict(
-                                "HostPort": prt.container_port
+                                    {"HostIp": pod_ip, "HostPort": prt.container_port}
-                            })]
+                                )
                            ]
-                ret.append(AttrDict({
+                ret.append(
                    AttrDict(
                        {
                            "id": f"{p.metadata.namespace}/{p.metadata.name}",
                            "name": p.metadata.name,
                            "namespace": p.metadata.namespace,
-                    "network_settings": AttrDict({
+                            "network_settings": AttrDict({"ports": ports}),
-                        "ports": ports
+                        }
-                    })
+                    )
-                }))
+                )
        return ret
@ -459,15 +592,17 @@ class K8sDeployer(Deployer):
        else:
            k8s_pod_name = pods[0]
            containers = containers_in_pod(self.core_api, k8s_pod_name)
-            # If the pod is not yet started, the logs request below will throw an exception
+            # If pod not started, logs request below will throw an exception
            try:
                log_data = ""
                for container in containers:
-                    container_log = self.core_api.read_namespaced_pod_log(k8s_pod_name, namespace="default", container=container)
+                    container_log = self.core_api.read_namespaced_pod_log(
                        k8s_pod_name, namespace="default", container=container
                    )
                    container_log_lines = container_log.splitlines()
                    for line in container_log_lines:
                        log_data += f"{container}: {line}\n"
-            except client.exceptions.ApiException as e:
+            except ApiException as e:
                if opts.o.debug:
                    print(f"Error from read_namespaced_pod_log: {e}")
                log_data = "******* No logs available ********\n"
@ -476,34 +611,85 @@ class K8sDeployer(Deployer):
    def update(self):
        self.connect_api()
        ref_deployment = self.cluster_info.get_deployment()
        if not ref_deployment or not ref_deployment.metadata:
            return
        ref_name = ref_deployment.metadata.name
        if not ref_name:
            return
-        deployment = self.apps_api.read_namespaced_deployment(
+        deployment = cast(
-            name=ref_deployment.metadata.name,
+            client.V1Deployment,
-            namespace=self.k8s_namespace
+            self.apps_api.read_namespaced_deployment(
                name=ref_name, namespace=self.k8s_namespace
            ),
        )
        if not deployment.spec or not deployment.spec.template:
            return
        template_spec = deployment.spec.template.spec
        if not template_spec or not template_spec.containers:
            return
-        new_env = ref_deployment.spec.template.spec.containers[0].env
+        ref_spec = ref_deployment.spec
-        for container in deployment.spec.template.spec.containers:
+        if ref_spec and ref_spec.template and ref_spec.template.spec:
            ref_containers = ref_spec.template.spec.containers
            if ref_containers:
                new_env = ref_containers[0].env
                for container in template_spec.containers:
                    old_env = container.env
                    if old_env != new_env:
                        container.env = new_env
-        deployment.spec.template.metadata.annotations = {
+        template_meta = deployment.spec.template.metadata
        if template_meta:
            template_meta.annotations = {
                "kubectl.kubernetes.io/restartedAt": datetime.utcnow()
                .replace(tzinfo=timezone.utc)
                .isoformat()
            }
        self.apps_api.patch_namespaced_deployment(
-            name=ref_deployment.metadata.name,
+            name=ref_name,
            namespace=self.k8s_namespace,
-            body=deployment
+            body=deployment,
        )
-    def run(self, image: str, command=None, user=None, volumes=None, entrypoint=None, env={}, ports=[], detach=False):
+    def run(
        self,
        image: str,
        command=None,
        user=None,
        volumes=None,
        entrypoint=None,
        env={},
        ports=[],
        detach=False,
    ):
        # We need to figure out how to do this -- check why we're being called first
        pass
    def run_job(self, job_name: str, helm_release: Optional[str] = None):
        if not opts.o.dry_run:
            from stack_orchestrator.deploy.k8s.helm.job_runner import run_helm_job
            # Check if this is a helm-based deployment
            chart_dir = self.deployment_dir / "chart"
            if not chart_dir.exists():
                # TODO: Implement job support for compose-based K8s deployments
                raise Exception(
                    f"Job support is only available for helm-based "
                    f"deployments. Chart directory not found: {chart_dir}"
                )
            # Run the job using the helm job runner
            run_helm_job(
                chart_dir=chart_dir,
                job_name=job_name,
                release=helm_release,
                namespace=self.k8s_namespace,
                timeout=600,
                verbose=opts.o.verbose,
            )
    def is_kind(self):
        return self.type == "k8s-kind"
@ -519,6 +705,20 @@ class K8sDeployerConfigGenerator(DeployerConfigGenerator):
    def generate(self, deployment_dir: Path):
        # No need to do this for the remote k8s case
        if self.type == "k8s-kind":
            # Generate high-memlock-spec.json if unlimited_memlock is enabled.
            # Must be done before generate_kind_config() which references it.
            if self.deployment_context.spec.get_unlimited_memlock():
                spec_content = generate_high_memlock_spec_json()
                spec_file = deployment_dir.joinpath(
                    constants.high_memlock_spec_filename
                )
                if opts.o.debug:
                    print(
                        f"Creating high-memlock spec for unlimited memlock: {spec_file}"
                    )
                with open(spec_file, "w") as output_file:
                    output_file.write(spec_content)
            # Check the file isn't already there
            # Get the config file contents
            content = generate_kind_config(deployment_dir, self.deployment_context)
--- a/stack_orchestrator/deploy/k8s/helm/init.py
+++ b/stack_orchestrator/deploy/k8s/helm/init.py
@ -0,0 +1,14 @@
 # Copyright © 2025 Vulcanize
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
--- a/stack_orchestrator/deploy/k8s/helm/chart_generator.py
+++ b/stack_orchestrator/deploy/k8s/helm/chart_generator.py
@ -0,0 +1,336 @@
 # Copyright © 2025 Vulcanize
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 from pathlib import Path
 from stack_orchestrator import constants
 from stack_orchestrator.opts import opts
 from stack_orchestrator.util import (
    get_parsed_stack_config,
    get_pod_list,
    get_pod_file_path,
    get_job_list,
    get_job_file_path,
    error_exit,
 )
 from stack_orchestrator.deploy.k8s.helm.kompose_wrapper import (
    check_kompose_available,
    get_kompose_version,
    convert_to_helm_chart,
 )
 from stack_orchestrator.util import get_yaml
 def _wrap_job_templates_with_conditionals(chart_dir: Path, jobs: list) -> None:
    """
    Wrap job templates with conditional checks so they are not created by default.
    Jobs will only be created when explicitly enabled via --set jobs.<name>.enabled=true
    """
    templates_dir = chart_dir / "templates"
    if not templates_dir.exists():
        return
    for job_name in jobs:
        # Find job template file (kompose generates <service-name>-job.yaml)
        job_template_file = templates_dir / f"{job_name}-job.yaml"
        if not job_template_file.exists():
            if opts.o.debug:
                print(f"Warning: Job template not found: {job_template_file}")
            continue
        # Read the template content
        content = job_template_file.read_text()
        # Wrap with conditional (default false)
        # Use 'index' function to handle job names with dashes
        # Provide default dict for .Values.jobs to handle case where it doesn't exist
        condition = (
            f"{{{{- if (index (.Values.jobs | default dict) "
            f'"{job_name}" | default dict).enabled | default false }}}}'
        )
        wrapped_content = f"""{condition}
 {content}{{{{- end }}}}
 """
        # Write back
        job_template_file.write_text(wrapped_content)
        if opts.o.debug:
            print(f"Wrapped job template with conditional: {job_template_file.name}")
 def _post_process_chart(chart_dir: Path, chart_name: str, jobs: list) -> None:
    """
    Post-process Kompose-generated chart to fix common issues.
    Fixes:
    1. Chart.yaml name, description and keywords
    2. Add conditional wrappers to job templates (default: disabled)
    TODO:
    - Add defaultMode: 0755 to ConfigMap volumes containing scripts (.sh files)
    """
    yaml = get_yaml()
    # Fix Chart.yaml
    chart_yaml_path = chart_dir / "Chart.yaml"
    if chart_yaml_path.exists():
        chart_yaml = yaml.load(open(chart_yaml_path, "r"))
        # Fix name
        chart_yaml["name"] = chart_name
        # Fix description
        chart_yaml["description"] = f"Generated Helm chart for {chart_name} stack"
        # Fix keywords
        if "keywords" in chart_yaml and isinstance(chart_yaml["keywords"], list):
            chart_yaml["keywords"] = [chart_name]
        with open(chart_yaml_path, "w") as f:
            yaml.dump(chart_yaml, f)
    # Process job templates: wrap with conditionals (default disabled)
    if jobs:
        _wrap_job_templates_with_conditionals(chart_dir, jobs)
 def generate_helm_chart(
    stack_path: str, spec_file: str, deployment_dir_path: Path
 ) -> None:
    """
    Generate a self-sufficient Helm chart from stack compose files using Kompose.
    Args:
        stack_path: Path to the stack directory
        spec_file: Path to the deployment spec file
        deployment_dir_path: Deployment directory path
            (already created with deployment.yml)
    Output structure:
        deployment-dir/
        ├── deployment.yml  # Contains cluster-id
        ├── spec.yml        # Reference
        ├── stack.yml       # Reference
        └── chart/          # Self-sufficient Helm chart
            ├── Chart.yaml
            ├── README.md
            └── templates/
                └── *.yaml
    TODO: Enhancements:
    - Convert Deployments to StatefulSets for stateful services (zenithd, postgres)
    - Add _helpers.tpl with common label/selector functions
    - Enhance Chart.yaml with proper metadata (version, description, etc.)
    """
    parsed_stack = get_parsed_stack_config(stack_path)
    if parsed_stack is None:
        error_exit(f"Failed to parse stack config: {stack_path}")
    stack_name = parsed_stack.get("name", stack_path)
    # 1. Check Kompose availability
    if not check_kompose_available():
        error_exit("kompose not found in PATH.\n")
    # 2. Read cluster-id from deployment.yml
    deployment_file = deployment_dir_path / constants.deployment_file_name
    if not deployment_file.exists():
        error_exit(f"Deployment file not found: {deployment_file}")
    yaml = get_yaml()
    deployment_config = yaml.load(open(deployment_file, "r"))
    cluster_id = deployment_config.get(constants.cluster_id_key)
    if not cluster_id:
        error_exit(f"cluster-id not found in {deployment_file}")
    # 3. Derive chart name from stack name + cluster-id suffix
    # Sanitize stack name for use in chart name
    sanitized_stack_name = stack_name.replace("_", "-").replace(" ", "-")
    # Extract hex suffix from cluster-id (after the prefix)
    # cluster-id format: "laconic-<hex>" -> extract the hex part
    cluster_id_suffix = cluster_id.split("-", 1)[1] if "-" in cluster_id else cluster_id
    # Combine to create human-readable + unique chart name
    chart_name = f"{sanitized_stack_name}-{cluster_id_suffix}"
    if opts.o.debug:
        print(f"Cluster ID: {cluster_id}")
        print(f"Chart name: {chart_name}")
    # 4. Get compose files from stack (pods + jobs)
    pods = get_pod_list(parsed_stack)
    if not pods:
        error_exit(f"No pods found in stack: {stack_path}")
    jobs = get_job_list(parsed_stack)
    if opts.o.debug:
        print(f"Found {len(pods)} pod(s) in stack: {pods}")
        if jobs:
            print(f"Found {len(jobs)} job(s) in stack: {jobs}")
    compose_files = []
    for pod in pods:
        pod_file = get_pod_file_path(stack_path, parsed_stack, pod)
        if pod_file is None:
            error_exit(f"Pod file path not found for pod: {pod}")
        pod_file_path = Path(pod_file) if isinstance(pod_file, str) else pod_file
        if not pod_file_path.exists():
            error_exit(f"Pod file not found: {pod_file_path}")
        compose_files.append(pod_file_path)
        if opts.o.debug:
            print(f"Found compose file: {pod_file_path.name}")
    # Add job compose files
    job_files = []
    for job in jobs:
        job_file = get_job_file_path(stack_path, parsed_stack, job)
        if job_file is None:
            error_exit(f"Job file path not found for job: {job}")
        job_file_path = Path(job_file) if isinstance(job_file, str) else job_file
        if not job_file_path.exists():
            error_exit(f"Job file not found: {job_file_path}")
        compose_files.append(job_file_path)
        job_files.append(job_file_path)
        if opts.o.debug:
            print(f"Found job compose file: {job_file_path.name}")
    try:
        version = get_kompose_version()
        print(f"Using kompose version: {version}")
    except Exception as e:
        error_exit(f"Failed to get kompose version: {e}")
    # 5. Create chart directory and invoke Kompose
    chart_dir = deployment_dir_path / "chart"
    print(
        f"Converting {len(compose_files)} compose file(s) to Helm chart "
        "using Kompose..."
    )
    try:
        output = convert_to_helm_chart(
            compose_files=compose_files, output_dir=chart_dir, chart_name=chart_name
        )
        if opts.o.debug:
            print(f"Kompose output:\n{output}")
    except Exception as e:
        error_exit(f"Helm chart generation failed: {e}")
    # 6. Post-process generated chart
    _post_process_chart(chart_dir, chart_name, jobs)
    # 7. Generate README.md with basic installation instructions
    readme_content = f"""# {chart_name} Helm Chart
 Generated by laconic-so from stack: `{stack_path}`
 ## Prerequisites
 - Kubernetes cluster (v1.27+)
 - Helm (v3.12+)
 - kubectl configured to access your cluster
 ## Installation
 ```bash
 # Install the chart
 helm install {chart_name} {chart_dir}
 # Alternatively, install with your own release name
 # helm install <your-release-name> {chart_dir}
 # Check deployment status
 kubectl get pods
 ```
 ## Upgrade
 To apply changes made to chart, perform upgrade:
 ```bash
 helm upgrade {chart_name} {chart_dir}
 ```
 ## Uninstallation
 ```bash
 helm uninstall {chart_name}
 ```
 ## Configuration
 The chart was generated from Docker Compose files using Kompose.
 ### Customization
 Edit the generated template files in `templates/` to customize:
 - Image repositories and tags
 - Resource limits (CPU, memory)
 - Persistent volume sizes
 - Replica counts
 """
    readme_path = chart_dir / "README.md"
    readme_path.write_text(readme_content)
    if opts.o.debug:
        print(f"Generated README: {readme_path}")
    # 7. Success message
    print(f"\n{'=' * 60}")
    print("✓ Helm chart generated successfully!")
    print(f"{'=' * 60}")
    print("\nChart details:")
    print(f"  Name:     {chart_name}")
    print(f"  Location: {chart_dir.absolute()}")
    print(f"  Stack:    {stack_path}")
    # Count generated files
    template_files = (
        list((chart_dir / "templates").glob("*.yaml"))
        if (chart_dir / "templates").exists()
        else []
    )
    print(f"  Files:    {len(template_files)} template(s) generated")
    print("\nDeployment directory structure:")
    print(f"  {deployment_dir_path}/")
    print("  ├── deployment.yml  (cluster-id)")
    print("  ├── spec.yml        (reference)")
    print("  ├── stack.yml       (reference)")
    print("  └── chart/          (self-sufficient Helm chart)")
    print("\nNext steps:")
    print("  1. Review the chart:")
    print(f"     cd {chart_dir}")
    print("     cat Chart.yaml")
    print("")
    print("  2. Review generated templates:")
    print("     ls templates/")
    print("")
    print("  3. Install to Kubernetes:")
    print(f"     helm install {chart_name} {chart_dir}")
    print("")
    print("     # Or use your own release name")
    print(f"     helm install <your-release-name> {chart_dir}")
    print("")
    print("  4. Check deployment:")
    print("     kubectl get pods")
    print("")
--- a/stack_orchestrator/deploy/k8s/helm/job_runner.py
+++ b/stack_orchestrator/deploy/k8s/helm/job_runner.py
@ -0,0 +1,171 @@
 # Copyright © 2025 Vulcanize
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 import subprocess
 import tempfile
 import os
 import json
 from pathlib import Path
 from typing import Optional
 from stack_orchestrator.util import get_yaml
 def get_release_name_from_chart(chart_dir: Path) -> str:
    """
    Read the chart name from Chart.yaml to use as the release name.
    Args:
        chart_dir: Path to the Helm chart directory
    Returns:
        Chart name from Chart.yaml
    Raises:
        Exception if Chart.yaml not found or name is missing
    """
    chart_yaml_path = chart_dir / "Chart.yaml"
    if not chart_yaml_path.exists():
        raise Exception(f"Chart.yaml not found: {chart_yaml_path}")
    yaml = get_yaml()
    chart_yaml = yaml.load(open(chart_yaml_path, "r"))
    if "name" not in chart_yaml:
        raise Exception(f"Chart name not found in {chart_yaml_path}")
    return chart_yaml["name"]
 def run_helm_job(
    chart_dir: Path,
    job_name: str,
    release: Optional[str] = None,
    namespace: str = "default",
    timeout: int = 600,
    verbose: bool = False,
 ) -> None:
    """
    Run a one-time job from a Helm chart.
    This function:
    1. Uses provided release name, or reads it from Chart.yaml if not provided
    2. Uses helm template to render the job manifest with the job enabled
    3. Applies the job manifest to the cluster
    4. Waits for the job to complete
    Args:
        chart_dir: Path to the Helm chart directory
        job_name: Name of the job to run (without -job suffix)
        release: Optional Helm release name (defaults to chart name from Chart.yaml)
        namespace: Kubernetes namespace
        timeout: Timeout in seconds for job completion (default: 600)
        verbose: Enable verbose output
    Raises:
        Exception if the job fails or times out
    """
    if not chart_dir.exists():
        raise Exception(f"Chart directory not found: {chart_dir}")
    # Use provided release name, or get it from Chart.yaml
    if release is None:
        release = get_release_name_from_chart(chart_dir)
        if verbose:
            print(f"Using release name from Chart.yaml: {release}")
    else:
        if verbose:
            print(f"Using provided release name: {release}")
    job_template_file = f"templates/{job_name}-job.yaml"
    if verbose:
        print(f"Running job '{job_name}' from helm chart: {chart_dir}")
    # Use helm template to render the job manifest
    with tempfile.NamedTemporaryFile(
        mode="w", suffix=".yaml", delete=False
    ) as tmp_file:
        try:
            # Render job template with job enabled
            # Use --set-json to properly handle job names with dashes
            jobs_dict = {job_name: {"enabled": True}}
            values_json = json.dumps(jobs_dict)
            helm_cmd = [
                "helm",
                "template",
                release,
                str(chart_dir),
                "--show-only",
                job_template_file,
                "--set-json",
                f"jobs={values_json}",
            ]
            if verbose:
                print(f"Running: {' '.join(helm_cmd)}")
            result = subprocess.run(
                helm_cmd, check=True, capture_output=True, text=True
            )
            tmp_file.write(result.stdout)
            tmp_file.flush()
            if verbose:
                print(f"Generated job manifest:\n{result.stdout}")
            # Parse the manifest to get the actual job name
            yaml = get_yaml()
            manifest = yaml.load(result.stdout)
            actual_job_name = manifest.get("metadata", {}).get("name", job_name)
            # Apply the job manifest
            kubectl_apply_cmd = [
                "kubectl",
                "apply",
                "-f",
                tmp_file.name,
                "-n",
                namespace,
            ]
            subprocess.run(
                kubectl_apply_cmd, check=True, capture_output=True, text=True
            )
            if verbose:
                print(f"Job {actual_job_name} created, waiting for completion...")
            # Wait for job completion
            wait_cmd = [
                "kubectl",
                "wait",
                "--for=condition=complete",
                f"job/{actual_job_name}",
                f"--timeout={timeout}s",
                "-n",
                namespace,
            ]
            subprocess.run(wait_cmd, check=True, capture_output=True, text=True)
            if verbose:
                print(f"Job {job_name} completed successfully")
        except subprocess.CalledProcessError as e:
            error_msg = e.stderr if e.stderr else str(e)
            raise Exception(f"Job failed: {error_msg}")
        finally:
            # Clean up temp file
            if os.path.exists(tmp_file.name):
                os.unlink(tmp_file.name)
--- a/stack_orchestrator/deploy/k8s/helm/kompose_wrapper.py
+++ b/stack_orchestrator/deploy/k8s/helm/kompose_wrapper.py
@ -0,0 +1,103 @@
 # Copyright © 2025 Vulcanize
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 import subprocess
 import shutil
 from pathlib import Path
 from typing import List, Optional
 def check_kompose_available() -> bool:
    """Check if kompose binary is available in PATH."""
    return shutil.which("kompose") is not None
 def get_kompose_version() -> str:
    """
    Get the installed kompose version.
    Returns:
        Version string (e.g., "1.34.0")
    Raises:
        Exception if kompose is not available
    """
    if not check_kompose_available():
        raise Exception("kompose not found in PATH")
    result = subprocess.run(
        ["kompose", "version"], capture_output=True, text=True, timeout=10
    )
    if result.returncode != 0:
        raise Exception(f"Failed to get kompose version: {result.stderr}")
    # Parse version from output like "1.34.0 (HEAD)"
    # Output format: "1.34.0 (HEAD)" or just "1.34.0"
    version_line = result.stdout.strip()
    version = version_line.split()[0] if version_line else "unknown"
    return version
 def convert_to_helm_chart(
    compose_files: List[Path], output_dir: Path, chart_name: Optional[str] = None
 ) -> str:
    """
    Invoke kompose to convert Docker Compose files to a Helm chart.
    Args:
        compose_files: List of paths to docker-compose.yml files
        output_dir: Directory where the Helm chart will be generated
        chart_name: Optional name for the chart (defaults to directory name)
    Returns:
        stdout from kompose command
    Raises:
        Exception if kompose conversion fails
    """
    if not check_kompose_available():
        raise Exception(
            "kompose not found in PATH. "
            "Install from: https://kompose.io/installation/"
        )
    # Ensure output directory exists
    output_dir.mkdir(parents=True, exist_ok=True)
    # Build kompose command
    cmd = ["kompose", "convert"]
    # Add all compose files
    for compose_file in compose_files:
        if not compose_file.exists():
            raise Exception(f"Compose file not found: {compose_file}")
        cmd.extend(["-f", str(compose_file)])
    # Add chart flag and output directory
    cmd.extend(["--chart", "-o", str(output_dir)])
    # Execute kompose
    result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
    if result.returncode != 0:
        raise Exception(
            f"Kompose conversion failed:\n"
            f"Command: {' '.join(cmd)}\n"
            f"Error: {result.stderr}"
        )
    return result.stdout
--- a/stack_orchestrator/deploy/k8s/helpers.py
+++ b/stack_orchestrator/deploy/k8s/helpers.py
@ -18,12 +18,31 @@ import os
 from pathlib import Path
 import subprocess
 import re
-from typing import Set, Mapping, List
+from typing import Set, Mapping, List, Optional, cast
 from stack_orchestrator.util import get_k8s_dir, error_exit
 from stack_orchestrator.opts import opts
 from stack_orchestrator.deploy.deploy_util import parsed_pod_files_map_from_file_names
 from stack_orchestrator.deploy.deployer import DeployerException
 from stack_orchestrator import constants
 def get_kind_cluster():
    """Get an existing kind cluster, if any.
    Uses `kind get clusters` to find existing clusters.
    Returns the cluster name or None if no cluster exists.
    """
    result = subprocess.run(
        "kind get clusters", shell=True, capture_output=True, text=True
    )
    if result.returncode != 0:
        return None
    clusters = result.stdout.strip().splitlines()
    if clusters:
        return clusters[0]  # Return the first cluster found
    return None
 def _run_command(command: str):
@ -50,38 +69,53 @@ def wait_for_ingress_in_kind():
    for i in range(20):
        warned_waiting = False
        w = watch.Watch()
-        for event in w.stream(func=core_v1.list_namespaced_pod,
+        for event in w.stream(
-                              namespace="ingress-nginx",
+            func=core_v1.list_namespaced_pod,
-                              label_selector="app.kubernetes.io/component=controller",
+            namespace="caddy-system",
-                              timeout_seconds=30):
+            label_selector=(
-            if event['object'].status.container_statuses:
+                "app.kubernetes.io/name=caddy-ingress-controller,"
-                if event['object'].status.container_statuses[0].ready is True:
+                "app.kubernetes.io/component=controller"
            ),
            timeout_seconds=30,
        ):
            event_dict = cast(dict, event)
            pod = cast(client.V1Pod, event_dict.get("object"))
            if pod and pod.status and pod.status.container_statuses:
                if pod.status.container_statuses[0].ready is True:
                    if warned_waiting:
-                        print("Ingress controller is ready")
+                        print("Caddy ingress controller is ready")
                    return
-            print("Waiting for ingress controller to become ready...")
+            print("Waiting for Caddy ingress controller to become ready...")
            warned_waiting = True
-    error_exit("ERROR: Timed out waiting for ingress to become ready")
+    error_exit("ERROR: Timed out waiting for Caddy ingress to become ready")
 def install_ingress_for_kind():
    api_client = client.ApiClient()
-    ingress_install = os.path.abspath(get_k8s_dir().joinpath("components", "ingress", "ingress-nginx-kind-deploy.yaml"))
+    ingress_install = os.path.abspath(
        get_k8s_dir().joinpath(
            "components", "ingress", "ingress-caddy-kind-deploy.yaml"
        )
    )
    if opts.o.debug:
-        print("Installing nginx ingress controller in kind cluster")
+        print("Installing Caddy ingress controller in kind cluster")
    utils.create_from_yaml(api_client, yaml_file=ingress_install)
 def load_images_into_kind(kind_cluster_name: str, image_set: Set[str]):
    for image in image_set:
-        result = _run_command(f"kind load docker-image {image} --name {kind_cluster_name}")
+        result = _run_command(
            f"kind load docker-image {image} --name {kind_cluster_name}"
        )
        if result.returncode != 0:
-            raise DeployerException(f"kind create cluster failed: {result}")
+            raise DeployerException(f"kind load docker-image failed: {result}")
 def pods_in_deployment(core_api: client.CoreV1Api, deployment_name: str):
    pods = []
-    pod_response = core_api.list_namespaced_pod(namespace="default", label_selector=f"app={deployment_name}")
+    pod_response = core_api.list_namespaced_pod(
        namespace="default", label_selector=f"app={deployment_name}"
    )
    if opts.o.debug:
        print(f"pod_response: {pod_response}")
    for pod_info in pod_response.items:
@ -90,13 +124,17 @@ def pods_in_deployment(core_api: client.CoreV1Api, deployment_name: str):
    return pods
-def containers_in_pod(core_api: client.CoreV1Api, pod_name: str):
+def containers_in_pod(core_api: client.CoreV1Api, pod_name: str) -> List[str]:
-    containers = []
+    containers: List[str] = []
-    pod_response = core_api.read_namespaced_pod(pod_name, namespace="default")
+    pod_response = cast(
        client.V1Pod, core_api.read_namespaced_pod(pod_name, namespace="default")
    )
    if opts.o.debug:
        print(f"pod_response: {pod_response}")
-    pod_containers = pod_response.spec.containers
+    if not pod_response.spec or not pod_response.spec.containers:
-    for pod_container in pod_containers:
+        return containers
    for pod_container in pod_response.spec.containers:
        if pod_container.name:
            containers.append(pod_container.name)
    return containers
@ -137,13 +175,16 @@ def volume_mounts_for_service(parsed_pod_files, service):
                    if "volumes" in service_obj:
                        volumes = service_obj["volumes"]
                        for mount_string in volumes:
-                            # Looks like: test-data:/data or test-data:/data:ro or test-data:/data:rw
+                            # Looks like: test-data:/data
                            # or test-data:/data:ro or test-data:/data:rw
                            if opts.o.debug:
                                print(f"mount_string: {mount_string}")
                            mount_split = mount_string.split(":")
                            volume_name = mount_split[0]
                            mount_path = mount_split[1]
-                            mount_options = mount_split[2] if len(mount_split) == 3 else None
+                            mount_options = (
                                mount_split[2] if len(mount_split) == 3 else None
                            )
                            if opts.o.debug:
                                print(f"volume_name: {volume_name}")
                                print(f"mount path: {mount_path}")
@ -151,7 +192,7 @@ def volume_mounts_for_service(parsed_pod_files, service):
                            volume_device = client.V1VolumeMount(
                                mount_path=mount_path,
                                name=volume_name,
-                                read_only="ro" == mount_options
+                                read_only="ro" == mount_options,
                            )
                            result.append(volume_device)
    return result
@ -165,12 +206,19 @@ def volumes_for_pod_files(parsed_pod_files, spec, app_name):
            volumes = parsed_pod_file["volumes"]
            for volume_name in volumes.keys():
                if volume_name in spec.get_configmaps():
-                    config_map = client.V1ConfigMapVolumeSource(name=f"{app_name}-{volume_name}")
+                    # Set defaultMode=0o755 to make scripts executable
                    config_map = client.V1ConfigMapVolumeSource(
                        name=f"{app_name}-{volume_name}", default_mode=0o755
                    )
                    volume = client.V1Volume(name=volume_name, config_map=config_map)
                    result.append(volume)
                else:
-                    claim = client.V1PersistentVolumeClaimVolumeSource(claim_name=f"{app_name}-{volume_name}")
+                    claim = client.V1PersistentVolumeClaimVolumeSource(
-                    volume = client.V1Volume(name=volume_name, persistent_volume_claim=claim)
+                        claim_name=f"{app_name}-{volume_name}"
                    )
                    volume = client.V1Volume(
                        name=volume_name, persistent_volume_claim=claim
                    )
                    result.append(volume)
    return result
@ -202,7 +250,8 @@ def _generate_kind_mounts(parsed_pod_files, deployment_dir, deployment_context):
                if "volumes" in service_obj:
                    volumes = service_obj["volumes"]
                    for mount_string in volumes:
-                        # Looks like: test-data:/data or test-data:/data:ro or test-data:/data:rw
+                        # Looks like: test-data:/data
                        # or test-data:/data:ro or test-data:/data:rw
                        if opts.o.debug:
                            print(f"mount_string: {mount_string}")
                        mount_split = mount_string.split(":")
@ -214,15 +263,21 @@ def _generate_kind_mounts(parsed_pod_files, deployment_dir, deployment_context):
                            print(f"mount path: {mount_path}")
                        if volume_name not in deployment_context.spec.get_configmaps():
                            if volume_host_path_map[volume_name]:
                                host_path = _make_absolute_host_path(
                                    volume_host_path_map[volume_name],
                                    deployment_dir,
                                )
                                container_path = get_kind_pv_bind_mount_path(
                                    volume_name
                                )
                                volume_definitions.append(
-                                    f"  - hostPath: {_make_absolute_host_path(volume_host_path_map[volume_name], deployment_dir)}\n"
+                                    f"  - hostPath: {host_path}\n"
-                                    f"    containerPath: {get_kind_pv_bind_mount_path(volume_name)}\n"
+                                    f"    containerPath: {container_path}\n"
                                )
    return (
-        "" if len(volume_definitions) == 0 else (
+        ""
-            "  extraMounts:\n"
+        if len(volume_definitions) == 0
-            f"{''.join(volume_definitions)}"
+        else ("  extraMounts:\n" f"{''.join(volume_definitions)}")
        )
    )
@ -240,25 +295,233 @@ def _generate_kind_port_mappings_from_services(parsed_pod_files):
                    for port_string in ports:
                        # TODO handle the complex cases
                        # Looks like: 80 or something more complicated
-                        port_definitions.append(f"  - containerPort: {port_string}\n    hostPort: {port_string}\n")
+                        port_definitions.append(
-    return (
+                            f"  - containerPort: {port_string}\n"
-        "" if len(port_definitions) == 0 else (
+                            f"    hostPort: {port_string}\n"
            "  extraPortMappings:\n"
            f"{''.join(port_definitions)}"
                        )
    return (
        ""
        if len(port_definitions) == 0
        else ("  extraPortMappings:\n" f"{''.join(port_definitions)}")
    )
 def _generate_kind_port_mappings(parsed_pod_files):
    port_definitions = []
-    # For now we just map port 80 for the nginx ingress controller we install in kind
+    # Map port 80 and 443 for the Caddy ingress controller (HTTPS support)
-    port_string = "80"
+    for port_string in ["80", "443"]:
-    port_definitions.append(f"  - containerPort: {port_string}\n    hostPort: {port_string}\n")
+        port_definitions.append(
-    return (
+            f"  - containerPort: {port_string}\n    hostPort: {port_string}\n"
        "" if len(port_definitions) == 0 else (
            "  extraPortMappings:\n"
            f"{''.join(port_definitions)}"
        )
    return (
        ""
        if len(port_definitions) == 0
        else ("  extraPortMappings:\n" f"{''.join(port_definitions)}")
    )
 def _generate_high_memlock_spec_mount(deployment_dir: Path):
    """Generate the extraMount entry for high-memlock-spec.json.
    The spec file must be mounted at the same path inside the kind node
    as it appears on the host, because containerd's base_runtime_spec
    references an absolute path.
    """
    spec_path = deployment_dir.joinpath(constants.high_memlock_spec_filename).resolve()
    return f"  - hostPath: {spec_path}\n" f"    containerPath: {spec_path}\n"
 def generate_high_memlock_spec_json():
    """Generate OCI spec JSON with unlimited RLIMIT_MEMLOCK.
    This is needed for workloads like Solana validators that require large
    amounts of locked memory for memory-mapped files during snapshot decompression.
    The IPC_LOCK capability alone doesn't raise the RLIMIT_MEMLOCK limit - it only
    allows mlock() calls. We need to set the rlimit in the OCI runtime spec.
    IMPORTANT: This must be a complete OCI runtime spec, not just the rlimits
    section. The spec is based on kind's default cri-base.json with rlimits added.
    """
    import json
    # Use maximum 64-bit signed integer value for unlimited
    max_rlimit = 9223372036854775807
    # Based on kind's /etc/containerd/cri-base.json with rlimits added
    spec = {
        "ociVersion": "1.1.0-rc.1",
        "process": {
            "user": {"uid": 0, "gid": 0},
            "cwd": "/",
            "capabilities": {
                "bounding": [
                    "CAP_CHOWN",
                    "CAP_DAC_OVERRIDE",
                    "CAP_FSETID",
                    "CAP_FOWNER",
                    "CAP_MKNOD",
                    "CAP_NET_RAW",
                    "CAP_SETGID",
                    "CAP_SETUID",
                    "CAP_SETFCAP",
                    "CAP_SETPCAP",
                    "CAP_NET_BIND_SERVICE",
                    "CAP_SYS_CHROOT",
                    "CAP_KILL",
                    "CAP_AUDIT_WRITE",
                ],
                "effective": [
                    "CAP_CHOWN",
                    "CAP_DAC_OVERRIDE",
                    "CAP_FSETID",
                    "CAP_FOWNER",
                    "CAP_MKNOD",
                    "CAP_NET_RAW",
                    "CAP_SETGID",
                    "CAP_SETUID",
                    "CAP_SETFCAP",
                    "CAP_SETPCAP",
                    "CAP_NET_BIND_SERVICE",
                    "CAP_SYS_CHROOT",
                    "CAP_KILL",
                    "CAP_AUDIT_WRITE",
                ],
                "permitted": [
                    "CAP_CHOWN",
                    "CAP_DAC_OVERRIDE",
                    "CAP_FSETID",
                    "CAP_FOWNER",
                    "CAP_MKNOD",
                    "CAP_NET_RAW",
                    "CAP_SETGID",
                    "CAP_SETUID",
                    "CAP_SETFCAP",
                    "CAP_SETPCAP",
                    "CAP_NET_BIND_SERVICE",
                    "CAP_SYS_CHROOT",
                    "CAP_KILL",
                    "CAP_AUDIT_WRITE",
                ],
            },
            "rlimits": [
                {"type": "RLIMIT_MEMLOCK", "hard": max_rlimit, "soft": max_rlimit},
                {"type": "RLIMIT_NOFILE", "hard": 1048576, "soft": 1048576},
            ],
            "noNewPrivileges": True,
        },
        "root": {"path": "rootfs"},
        "mounts": [
            {
                "destination": "/proc",
                "type": "proc",
                "source": "proc",
                "options": ["nosuid", "noexec", "nodev"],
            },
            {
                "destination": "/dev",
                "type": "tmpfs",
                "source": "tmpfs",
                "options": ["nosuid", "strictatime", "mode=755", "size=65536k"],
            },
            {
                "destination": "/dev/pts",
                "type": "devpts",
                "source": "devpts",
                "options": [
                    "nosuid",
                    "noexec",
                    "newinstance",
                    "ptmxmode=0666",
                    "mode=0620",
                    "gid=5",
                ],
            },
            {
                "destination": "/dev/shm",
                "type": "tmpfs",
                "source": "shm",
                "options": ["nosuid", "noexec", "nodev", "mode=1777", "size=65536k"],
            },
            {
                "destination": "/dev/mqueue",
                "type": "mqueue",
                "source": "mqueue",
                "options": ["nosuid", "noexec", "nodev"],
            },
            {
                "destination": "/sys",
                "type": "sysfs",
                "source": "sysfs",
                "options": ["nosuid", "noexec", "nodev", "ro"],
            },
            {
                "destination": "/run",
                "type": "tmpfs",
                "source": "tmpfs",
                "options": ["nosuid", "strictatime", "mode=755", "size=65536k"],
            },
        ],
        "linux": {
            "resources": {"devices": [{"allow": False, "access": "rwm"}]},
            "cgroupsPath": "/default",
            "namespaces": [
                {"type": "pid"},
                {"type": "ipc"},
                {"type": "uts"},
                {"type": "mount"},
                {"type": "network"},
            ],
            "maskedPaths": [
                "/proc/acpi",
                "/proc/asound",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/sys/firmware",
                "/proc/scsi",
            ],
            "readonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger",
            ],
        },
        "hooks": {"createContainer": [{"path": "/kind/bin/mount-product-files.sh"}]},
    }
    return json.dumps(spec, indent=2)
 # Keep old name as alias for backward compatibility
 def generate_cri_base_json():
    """Deprecated: Use generate_high_memlock_spec_json() instead."""
    return generate_high_memlock_spec_json()
 def _generate_containerd_config_patches(
    deployment_dir: Path, has_high_memlock: bool
 ) -> str:
    """Generate containerdConfigPatches YAML for custom runtime handlers.
    This configures containerd to have a runtime handler named 'high-memlock'
    that uses a custom OCI base spec with unlimited RLIMIT_MEMLOCK.
    """
    if not has_high_memlock:
        return ""
    spec_path = deployment_dir.joinpath(constants.high_memlock_spec_filename).resolve()
    runtime_name = constants.high_memlock_runtime
    plugin_path = 'plugins."io.containerd.grpc.v1.cri".containerd.runtimes'
    return (
        "containerdConfigPatches:\n"
        "  - |-\n"
        f"    [{plugin_path}.{runtime_name}]\n"
        '      runtime_type = "io.containerd.runc.v2"\n'
        f'      base_runtime_spec = "{spec_path}"\n'
    )
@ -268,28 +531,45 @@ def merge_envs(a: Mapping[str, str], b: Mapping[str, str]) -> Mapping[str, str]:
    return result
-def _expand_shell_vars(raw_val: str) -> str:
+def _expand_shell_vars(
-    # could be: <string> or ${<env-var-name>} or ${<env-var-name>:-<default-value>}
+    raw_val: str, env_map: Optional[Mapping[str, str]] = None
-    # TODO: implement support for variable substitution and default values
+) -> str:
-    # if raw_val is like ${<something>} print a warning and substitute an empty string
+    # Expand docker-compose style variable substitution:
-    # otherwise return raw_val
+    # ${VAR} - use VAR value or empty string
-    match = re.search(r"^\$\{(.*)\}$", raw_val)
+    # ${VAR:-default} - use VAR value or default if unset/empty
    # ${VAR-default} - use VAR value or default if unset
    if env_map is None:
        env_map = {}
    if raw_val is None:
        return ""
    match = re.search(r"^\$\{([^}]+)\}$", raw_val)
    if match:
-        print(f"WARNING: found unimplemented environment variable substitution: {raw_val}")
+        inner = match.group(1)
        # Check for default value syntax
        if ":-" in inner:
            var_name, default_val = inner.split(":-", 1)
            return env_map.get(var_name, "") or default_val
        elif "-" in inner:
            var_name, default_val = inner.split("-", 1)
            return env_map.get(var_name, default_val)
        else:
            return env_map.get(inner, "")
    return raw_val
-# TODO: handle the case where the same env var is defined in multiple places
+def envs_from_compose_file(
-def envs_from_compose_file(compose_file_envs: Mapping[str, str]) -> Mapping[str, str]:
+    compose_file_envs: Mapping[str, str], env_map: Optional[Mapping[str, str]] = None
 ) -> Mapping[str, str]:
    result = {}
    for env_var, env_val in compose_file_envs.items():
-        expanded_env_val = _expand_shell_vars(env_val)
+        expanded_env_val = _expand_shell_vars(env_val, env_map)
        result.update({env_var: expanded_env_val})
    return result
-def envs_from_environment_variables_map(map: Mapping[str, str]) -> List[client.V1EnvVar]:
+def envs_from_environment_variables_map(
    map: Mapping[str, str]
 ) -> List[client.V1EnvVar]:
    result = []
    for env_var, env_val in map.items():
        result.append(client.V1EnvVar(env_var, env_val))
@ -320,10 +600,34 @@ def generate_kind_config(deployment_dir: Path, deployment_context):
    pod_files = [p for p in compose_file_dir.iterdir() if p.is_file()]
    parsed_pod_files_map = parsed_pod_files_map_from_file_names(pod_files)
    port_mappings_yml = _generate_kind_port_mappings(parsed_pod_files_map)
-    mounts_yml = _generate_kind_mounts(parsed_pod_files_map, deployment_dir, deployment_context)
+    mounts_yml = _generate_kind_mounts(
-    return (
+        parsed_pod_files_map, deployment_dir, deployment_context
-        "kind: Cluster\n"
+    )
-        "apiVersion: kind.x-k8s.io/v1alpha4\n"
+
    # Check if unlimited_memlock is enabled
    unlimited_memlock = deployment_context.spec.get_unlimited_memlock()
    # Generate containerdConfigPatches for RuntimeClass support
    containerd_patches_yml = _generate_containerd_config_patches(
        deployment_dir, unlimited_memlock
    )
    # Add high-memlock spec file mount if needed
    if unlimited_memlock:
        spec_mount = _generate_high_memlock_spec_mount(deployment_dir)
        if mounts_yml:
            # Append to existing mounts
            mounts_yml = mounts_yml.rstrip() + "\n" + spec_mount
        else:
            mounts_yml = f"  extraMounts:\n{spec_mount}"
    # Build the config - containerdConfigPatches must be at cluster level (before nodes)
    config = "kind: Cluster\n" "apiVersion: kind.x-k8s.io/v1alpha4\n"
    if containerd_patches_yml:
        config += containerd_patches_yml
    config += (
        "nodes:\n"
        "- role: control-plane\n"
        "  kubeadmConfigPatches:\n"
@ -331,7 +635,9 @@ def generate_kind_config(deployment_dir: Path, deployment_context):
        "      kind: InitConfiguration\n"
        "      nodeRegistration:\n"
        "        kubeletExtraArgs:\n"
-        "          node-labels: \"ingress-ready=true\"\n"
+        '          node-labels: "ingress-ready=true"\n'
        f"{port_mappings_yml}\n"
        f"{mounts_yml}\n"
    )
    return config
--- a/stack_orchestrator/deploy/k8s/k8s_command.py
+++ b/stack_orchestrator/deploy/k8s/k8s_command.py
@ -0,0 +1,43 @@
 # Copyright © 2024 Vulcanize
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 import click
 from stack_orchestrator.deploy.k8s.helpers import get_kind_cluster
@click.group()
@click.pass_context
 def command(ctx):
    """k8s cluster management commands"""
    pass
@command.group()
@click.pass_context
 def list(ctx):
    """list k8s resources"""
    pass
@list.command()
@click.pass_context
 def cluster(ctx):
    """Show the existing kind cluster"""
    existing_cluster = get_kind_cluster()
    if existing_cluster:
        print(existing_cluster)
    else:
        print("No cluster found")
--- a/stack_orchestrator/deploy/spec.py
+++ b/stack_orchestrator/deploy/spec.py
@ -14,6 +14,7 @@
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 import typing
 from typing import Optional
 import humanfriendly
 from pathlib import Path
@ -23,9 +24,9 @@ from stack_orchestrator import constants
 class ResourceLimits:
-    cpus: float = None
+    cpus: Optional[float] = None
-    memory: int = None
+    memory: Optional[int] = None
-    storage: int = None
+    storage: Optional[int] = None
    def __init__(self, obj=None):
        if obj is None:
@ -49,8 +50,8 @@ class ResourceLimits:
 class Resources:
-    limits: ResourceLimits = None
+    limits: Optional[ResourceLimits] = None
-    reservations: ResourceLimits = None
+    reservations: Optional[ResourceLimits] = None
    def __init__(self, obj=None):
        if obj is None:
@ -72,11 +73,10 @@ class Resources:
 class Spec:
    obj: typing.Any
-    file_path: Path
+    file_path: Optional[Path]
-    def __init__(self, file_path: Path = None, obj=None) -> None:
+    def __init__(self, file_path: Optional[Path] = None, obj=None) -> None:
        if obj is None:
            obj = {}
        self.file_path = file_path
@ -92,7 +92,6 @@ class Spec:
        return self.obj.get(item, default)
    def init_from_file(self, file_path: Path):
        with file_path:
        self.obj = get_yaml().load(open(file_path, "r"))
        self.file_path = file_path
@ -106,10 +105,14 @@ class Spec:
        return self.obj.get(constants.configmaps_key, {})
    def get_container_resources(self):
-        return Resources(self.obj.get(constants.resources_key, {}).get("containers", {}))
+        return Resources(
            self.obj.get(constants.resources_key, {}).get("containers", {})
        )
    def get_volume_resources(self):
-        return Resources(self.obj.get(constants.resources_key, {}).get(constants.volumes_key, {}))
+        return Resources(
            self.obj.get(constants.resources_key, {}).get(constants.volumes_key, {})
        )
    def get_http_proxy(self):
        return self.obj.get(constants.network_key, {}).get(constants.http_proxy_key, [])
@ -117,21 +120,70 @@ class Spec:
    def get_annotations(self):
        return self.obj.get(constants.annotations_key, {})
    def get_replicas(self):
        return self.obj.get(constants.replicas_key, 1)
    def get_node_affinities(self):
        return self.obj.get(constants.node_affinities_key, [])
    def get_node_tolerations(self):
        return self.obj.get(constants.node_tolerations_key, [])
    def get_labels(self):
        return self.obj.get(constants.labels_key, {})
    def get_privileged(self):
-        return "true" == str(self.obj.get(constants.security_key, {}).get("privileged", "false")).lower()
+        return (
            "true"
            == str(
                self.obj.get(constants.security_key, {}).get("privileged", "false")
            ).lower()
        )
    def get_capabilities(self):
        return self.obj.get(constants.security_key, {}).get("capabilities", [])
    def get_unlimited_memlock(self):
        return (
            "true"
            == str(
                self.obj.get(constants.security_key, {}).get(
                    constants.unlimited_memlock_key, "false"
                )
            ).lower()
        )
    def get_runtime_class(self):
        """Get runtime class name from spec, or derive from security settings.
        The runtime class determines which containerd runtime handler to use,
        allowing different pods to have different rlimit profiles (e.g., for
        unlimited RLIMIT_MEMLOCK).
        Returns:
            Runtime class name string, or None to use default runtime.
        """
        # Explicit runtime class takes precedence
        explicit = self.obj.get(constants.security_key, {}).get(
            constants.runtime_class_key, None
        )
        if explicit:
            return explicit
        # Auto-derive from unlimited-memlock setting
        if self.get_unlimited_memlock():
            return constants.high_memlock_runtime
        return None  # Use default runtime
    def get_deployment_type(self):
        return self.obj.get(constants.deploy_to_key)
    def is_kubernetes_deployment(self):
-        return self.get_deployment_type() in [constants.k8s_kind_deploy_type,
+        return self.get_deployment_type() in [
-                                              constants.k8s_deploy_type]
+            constants.k8s_kind_deploy_type,
            constants.k8s_deploy_type,
        ]
    def is_kind_deployment(self):
        return self.get_deployment_type() in [constants.k8s_kind_deploy_type]
--- a/stack_orchestrator/deploy/stack.py
+++ b/stack_orchestrator/deploy/stack.py
@ -19,7 +19,6 @@ from stack_orchestrator.util import get_yaml
 class Stack:
    name: str
    obj: typing.Any
@ -27,5 +26,4 @@ class Stack:
        self.name = name
    def init_from_file(self, file_path: Path):
        with file_path:
        self.obj = get_yaml().load(open(file_path, "r"))
--- a/stack_orchestrator/deploy/webapp/deploy_webapp.py
+++ b/stack_orchestrator/deploy/webapp/deploy_webapp.py
@ -27,7 +27,9 @@ from stack_orchestrator.deploy.deploy_types import DeployCommandContext
 def _fixup_container_tag(deployment_dir: str, image: str):
    deployment_dir_path = Path(deployment_dir)
-    compose_file = deployment_dir_path.joinpath("compose", "docker-compose-webapp-template.yml")
+    compose_file = deployment_dir_path.joinpath(
        "compose", "docker-compose-webapp-template.yml"
    )
    # replace "cerc/webapp-container:local" in the file with our image tag
    with open(compose_file) as rfile:
        contents = rfile.read()
@ -39,13 +41,13 @@ def _fixup_container_tag(deployment_dir: str, image: str):
 def _fixup_url_spec(spec_file_name: str, url: str):
    # url is like: https://example.com/path
    parsed_url = urlparse(url)
-    http_proxy_spec = f'''
+    http_proxy_spec = f"""
  http-proxy:
    - host-name: {parsed_url.hostname}
      routes:
        - path: '{parsed_url.path if parsed_url.path else "/"}'
          proxy-to: webapp:80
-    '''
+    """
    spec_file_path = Path(spec_file_name)
    with open(spec_file_path) as rfile:
        contents = rfile.read()
@ -54,11 +56,15 @@ def _fixup_url_spec(spec_file_name: str, url: str):
        wfile.write(contents)
-def create_deployment(ctx, deployment_dir, image, url, kube_config, image_registry, env_file):
+def create_deployment(
    ctx, deployment_dir, image, url, kube_config, image_registry, env_file
 ):
    # Do the equivalent of:
-    # 1. laconic-so --stack webapp-template deploy --deploy-to k8s init --output webapp-spec.yml
+    # 1. laconic-so --stack webapp-template deploy --deploy-to k8s init \
    #    --output webapp-spec.yml
    #   --config (eqivalent of the contents of my-config.env)
-    # 2. laconic-so  --stack webapp-template deploy --deploy-to k8s create --deployment-dir test-deployment
+    # 2. laconic-so --stack webapp-template deploy --deploy-to k8s create \
    #    --deployment-dir test-deployment
    #   --spec-file webapp-spec.yml
    # 3. Replace the container image tag with the specified image
    deployment_dir_path = Path(deployment_dir)
@ -83,16 +89,12 @@ def create_deployment(ctx, deployment_dir, image, url, kube_config, image_regist
        kube_config,
        image_registry,
        spec_file_name,
-        None
+        None,
    )
    # Add the TLS and DNS spec
    _fixup_url_spec(spec_file_name, url)
    create_operation(
-        deploy_command_context,
+        deploy_command_context, spec_file_name, deployment_dir, False, None, None
        spec_file_name,
        deployment_dir,
        None,
        None
    )
    # Fix up the container tag inside the deployment compose file
    _fixup_container_tag(deployment_dir, image)
@ -102,7 +104,7 @@ def create_deployment(ctx, deployment_dir, image, url, kube_config, image_regist
@click.group()
@click.pass_context
 def command(ctx):
-    '''manage a webapp deployment'''
+    """manage a webapp deployment"""
    # Check that --stack wasn't supplied
    if ctx.parent.obj.stack:
@ -111,13 +113,20 @@ def command(ctx):
@command.command()
@click.option("--kube-config", help="Provide a config file for a k8s deployment")
-@click.option("--image-registry", help="Provide a container image registry url for this k8s cluster")
+@click.option(
-@click.option("--deployment-dir", help="Create deployment files in this directory", required=True)
+    "--image-registry",
    help="Provide a container image registry url for this k8s cluster",
 )
@click.option(
    "--deployment-dir", help="Create deployment files in this directory", required=True
 )
@click.option("--image", help="image to deploy", required=True)
@click.option("--url", help="url to serve", required=True)
@click.option("--env-file", help="environment file for webapp")
@click.pass_context
 def create(ctx, deployment_dir, image, url, kube_config, image_registry, env_file):
-    '''create a deployment for the specified webapp container'''
+    """create a deployment for the specified webapp container"""
-    return create_deployment(ctx, deployment_dir, image, url, kube_config, image_registry, env_file)
+    return create_deployment(
        ctx, deployment_dir, image, url, kube_config, image_registry, env_file
    )
--- a/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py
+++ b/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py
@ -21,16 +21,30 @@ import sys
 import tempfile
 import time
 import uuid
 import yaml
 import click
 import gnupg
 from stack_orchestrator.deploy.images import remote_image_exists
 from stack_orchestrator.deploy.webapp import deploy_webapp
-from stack_orchestrator.deploy.webapp.util import (LaconicRegistryClient, TimedLogger,
+from stack_orchestrator.deploy.webapp.util import (
-                                                   build_container_image, push_container_image,
+    AttrDict,
-                                                   file_hash, deploy_to_k8s, publish_deployment,
+    LaconicRegistryClient,
-                                                   hostname_for_deployment_request, generate_hostname_for_app,
+    TimedLogger,
-                                                   match_owner, skip_by_tag)
+    build_container_image,
    confirm_auction,
    push_container_image,
    file_hash,
    deploy_to_k8s,
    publish_deployment,
    hostname_for_deployment_request,
    generate_hostname_for_app,
    match_owner,
    skip_by_tag,
    confirm_payment,
    load_known_requests,
 )
 def process_app_deployment_request(
@ -40,17 +54,26 @@ def process_app_deployment_request(
    deployment_record_namespace,
    dns_record_namespace,
    default_dns_suffix,
    dns_value,
    deployment_parent_dir,
    kube_config,
    image_registry,
    force_rebuild,
    fqdn_policy,
-    logger
+    recreate_on_deploy,
    webapp_deployer_record,
    gpg,
    private_key_passphrase,
    config_upload_dir,
    logger,
 ):
    logger.log("BEGIN - process_app_deployment_request")
    # 1. look up application
-    app = laconic.get_record(app_deployment_request.attributes.application, require=True)
+    app = laconic.get_record(
        app_deployment_request.attributes.application, require=True
    )
    assert app is not None  # require=True ensures this
    logger.log(f"Retrieved app record {app_deployment_request.attributes.application}")
    # 2. determine dns
@ -61,32 +84,66 @@ def process_app_deployment_request(
        if "allow" == fqdn_policy or "preexisting" == fqdn_policy:
            fqdn = requested_name
        else:
-            raise Exception(f"{requested_name} is invalid: only unqualified hostnames are allowed.")
+            raise Exception(
                f"{requested_name} is invalid: only unqualified hostnames are allowed."
            )
    else:
        fqdn = f"{requested_name}.{default_dns_suffix}"
    # Normalize case (just in case)
    fqdn = fqdn.lower()
    # 3. check ownership of existing dnsrecord vs this request
    dns_lrn = f"{dns_record_namespace}/{fqdn}"
    dns_record = laconic.get_record(dns_lrn)
    if dns_record:
        matched_owner = match_owner(app_deployment_request, dns_record)
        if not matched_owner and dns_record.attributes.request:
-            matched_owner = match_owner(app_deployment_request, laconic.get_record(dns_record.attributes.request, require=True))
+            matched_owner = match_owner(
                app_deployment_request,
                laconic.get_record(dns_record.attributes.request, require=True),
            )
        if matched_owner:
            logger.log(f"Matched DnsRecord ownership: {matched_owner}")
        else:
-            raise Exception("Unable to confirm ownership of DnsRecord %s for request %s" %
+            raise Exception(
-                            (dns_lrn, app_deployment_request.id))
+                "Unable to confirm ownership of DnsRecord %s for request %s"
                % (dns_lrn, app_deployment_request.id)
            )
    elif "preexisting" == fqdn_policy:
-        raise Exception(f"No pre-existing DnsRecord {dns_lrn} could be found for request {app_deployment_request.id}.")
+        raise Exception(
            f"No pre-existing DnsRecord {dns_lrn} could be found for "
            f"request {app_deployment_request.id}."
        )
    # 4. get build and runtime config from request
    env = {}
    if app_deployment_request.attributes.config:
        if "ref" in app_deployment_request.attributes.config:
            with open(
                f"{config_upload_dir}/{app_deployment_request.attributes.config.ref}",
                "rb",
            ) as file:
                record_owner = laconic.get_owner(app_deployment_request)
                decrypted = gpg.decrypt_file(file, passphrase=private_key_passphrase)
                parsed = AttrDict(yaml.safe_load(decrypted.data))
                if record_owner not in parsed.authorized:
                    raise Exception(
                        f"{record_owner} not authorized to access config "
                        f"{app_deployment_request.attributes.config.ref}"
                    )
                if "env" in parsed.config:
                    env.update(parsed.config.env)
        if "env" in app_deployment_request.attributes.config:
            env.update(app_deployment_request.attributes.config.env)
    env_filename = None
-    if app_deployment_request.attributes.config and "env" in app_deployment_request.attributes.config:
+    if env:
        env_filename = tempfile.mktemp()
-        with open(env_filename, 'w') as file:
+        with open(env_filename, "w") as file:
-            for k, v in app_deployment_request.attributes.config["env"].items():
+            for k, v in env.items():
                file.write("%s=%s\n" % (k, shlex.quote(str(v))))
    # 5. determine new or existing deployment
@ -95,12 +152,17 @@ def process_app_deployment_request(
    if app_deployment_request.attributes.deployment:
        app_deployment_lrn = app_deployment_request.attributes.deployment
    if not app_deployment_lrn.startswith(deployment_record_namespace):
-        raise Exception("Deployment CRN %s is not in a supported namespace" % app_deployment_request.attributes.deployment)
+        raise Exception(
            "Deployment LRN %s is not in a supported namespace"
            % app_deployment_request.attributes.deployment
        )
    deployment_record = laconic.get_record(app_deployment_lrn)
    deployment_dir = os.path.join(deployment_parent_dir, fqdn)
-    # At present we use this to generate a unique but stable ID for the app's host container
+    # At present we use this to generate a unique but stable ID for the
-    # TODO: implement support to derive this transparently from the already-unique deployment id
+    # app's host container
    # TODO: implement support to derive this transparently from the
    # already-unique deployment id
    unique_deployment_id = hashlib.md5(fqdn.encode()).hexdigest()[:16]
    deployment_config_file = os.path.join(deployment_dir, "config.env")
    deployment_container_tag = "laconic-webapp/%s:local" % unique_deployment_id
@ -108,28 +170,48 @@ def process_app_deployment_request(
    #   b. check for deployment directory (create if necessary)
    if not os.path.exists(deployment_dir):
        if deployment_record:
-            raise Exception("Deployment record %s exists, but not deployment dir %s. Please remove name." %
+            raise Exception(
-                            (app_deployment_lrn, deployment_dir))
+                "Deployment record %s exists, but not deployment dir %s. "
-        logger.log(f"Creating webapp deployment in: {deployment_dir} with container id: {deployment_container_tag}")
+                "Please remove name." % (app_deployment_lrn, deployment_dir)
-        deploy_webapp.create_deployment(ctx, deployment_dir, deployment_container_tag,
+            )
-                                        f"https://{fqdn}", kube_config, image_registry, env_filename)
+        logger.log(
            f"Creating webapp deployment in: {deployment_dir} "
            f"with container id: {deployment_container_tag}"
        )
        deploy_webapp.create_deployment(
            ctx,
            deployment_dir,
            deployment_container_tag,
            f"https://{fqdn}",
            kube_config,
            image_registry,
            env_filename,
        )
    elif env_filename:
        shutil.copyfile(env_filename, deployment_config_file)
    needs_k8s_deploy = False
    if force_rebuild:
-        logger.log("--force-rebuild is enabled so the container will always be built now, even if nothing has changed in the app")
+        logger.log(
            "--force-rebuild is enabled so the container will always be "
            "built now, even if nothing has changed in the app"
        )
    # 6. build container (if needed)
    # TODO: add a comment that explains what this code is doing (not clear to me)
-    if not deployment_record or deployment_record.attributes.application != app.id or force_rebuild:
+    if (
        not deployment_record
        or deployment_record.attributes.application != app.id
        or force_rebuild
    ):
        needs_k8s_deploy = True
        # check if the image already exists
        shared_tag_exists = remote_image_exists(image_registry, app_image_shared_tag)
-        # Note: in the code below, calls to add_tags_to_image() won't work at present.
+        # Note: in the code below, calls to add_tags_to_image() won't
-        # This is because SO deployment code in general re-names the container image
+        # work at present. This is because SO deployment code in general
-        # to be unique to the deployment. This is done transparently
+        # re-names the container image to be unique to the deployment.
-        # and so when we call add_tags_to_image() here and try to add tags to the remote image,
+        # This is done transparently and so when we call add_tags_to_image()
-        # we get the image name wrong. Accordingly I've disabled the relevant code for now.
+        # here and try to add tags to the remote image, we get the image
        # name wrong. Accordingly I've disabled the relevant code for now.
        # This is safe because we are running with --force-rebuild at present
        if shared_tag_exists and not force_rebuild:
            # simply add our unique tag to the existing image and we are done
@ -137,36 +219,43 @@ def process_app_deployment_request(
                f"(SKIPPED) Existing image found for this app: {app_image_shared_tag} "
                "tagging it with: {deployment_container_tag} to use in this deployment"
            )
-            # add_tags_to_image(image_registry, app_image_shared_tag, deployment_container_tag)
+            # add_tags_to_image(
            #     image_registry, app_image_shared_tag, deployment_container_tag
            # )
            logger.log("Tag complete")
        else:
            extra_build_args = []  # TODO: pull from request
            logger.log(f"Building container image: {deployment_container_tag}")
-            build_container_image(app, deployment_container_tag, extra_build_args, logger)
+            build_container_image(
                app, deployment_container_tag, extra_build_args, logger
            )
            logger.log("Build complete")
            logger.log(f"Pushing container image: {deployment_container_tag}")
            push_container_image(deployment_dir, logger)
            logger.log("Push complete")
-            # The build/push commands above will use the unique deployment tag, so now we need to add the shared tag.
+            # The build/push commands above will use the unique deployment
            # tag, so now we need to add the shared tag.
            logger.log(
-                f"(SKIPPED) Adding global app image tag: {app_image_shared_tag} to newly built image: {deployment_container_tag}"
+                f"(SKIPPED) Adding global app image tag: {app_image_shared_tag} "
                f"to newly built image: {deployment_container_tag}"
            )
-            # add_tags_to_image(image_registry, deployment_container_tag, app_image_shared_tag)
+            # add_tags_to_image(
            #     image_registry, deployment_container_tag, app_image_shared_tag
            # )
            logger.log("Tag complete")
    else:
        logger.log("Requested app is already deployed, skipping build and image push")
    # 7. update config (if needed)
-    if not deployment_record or file_hash(deployment_config_file) != deployment_record.attributes.meta.config:
+    if (
        not deployment_record
        or file_hash(deployment_config_file) != deployment_record.attributes.meta.config
    ):
        needs_k8s_deploy = True
    # 8. update k8s deployment
    if needs_k8s_deploy:
-        deploy_to_k8s(
+        deploy_to_k8s(deployment_record, deployment_dir, recreate_on_deploy, logger)
            deployment_record,
            deployment_dir,
            logger
        )
    logger.log("Publishing deployment to registry.")
    publish_deployment(
@ -177,55 +266,162 @@ def process_app_deployment_request(
        dns_record,
        dns_lrn,
        deployment_dir,
        dns_value,
        app_deployment_request,
-        logger
+        webapp_deployer_record,
        logger,
    )
    logger.log("Publication complete.")
    logger.log("END - process_app_deployment_request")
 def load_known_requests(filename):
    if filename and os.path.exists(filename):
        return json.load(open(filename, "r"))
    return {}
 def dump_known_requests(filename, requests, status="SEEN"):
    if not filename:
        return
    known_requests = load_known_requests(filename)
    for r in requests:
-        known_requests[r.id] = {
+        known_requests[r.id] = {"createTime": r.createTime, "status": status}
            "createTime": r.createTime,
            "status": status
        }
    with open(filename, "w") as f:
        json.dump(known_requests, f)
@click.command()
@click.option("--kube-config", help="Provide a config file for a k8s deployment")
-@click.option("--laconic-config", help="Provide a config file for laconicd", required=True)
+@click.option(
-@click.option("--image-registry", help="Provide a container image registry url for this k8s cluster")
+    "--laconic-config", help="Provide a config file for laconicd", required=True
-@click.option("--deployment-parent-dir", help="Create deployment directories beneath this directory", required=True)
+)
@click.option(
    "--image-registry",
    help="Provide a container image registry url for this k8s cluster",
 )
@click.option(
    "--deployment-parent-dir",
    help="Create deployment directories beneath this directory",
    required=True,
 )
@click.option("--request-id", help="The ApplicationDeploymentRequest to process")
-@click.option("--discover", help="Discover and process all pending ApplicationDeploymentRequests", is_flag=True, default=False)
+@click.option(
-@click.option("--state-file", help="File to store state about previously seen requests.")
+    "--discover",
-@click.option("--only-update-state", help="Only update the state file, don't process any requests anything.", is_flag=True)
+    help="Discover and process all pending ApplicationDeploymentRequests",
    is_flag=True,
    default=False,
 )
@click.option(
    "--state-file", help="File to store state about previously seen requests."
 )
@click.option(
    "--only-update-state",
    help="Only update the state file, don't process any requests anything.",
    is_flag=True,
 )
@click.option("--dns-suffix", help="DNS domain to use eg, laconic.servesthe.world")
-@click.option("--fqdn-policy", help="How to handle requests with an FQDN: prohibit, allow, preexisting", default="prohibit")
+@click.option(
-@click.option("--record-namespace-dns", help="eg, lrn://laconic/dns")
+    "--fqdn-policy",
-@click.option("--record-namespace-deployments", help="eg, lrn://laconic/deployments")
+    help="How to handle requests with an FQDN: prohibit, allow, preexisting",
-@click.option("--dry-run", help="Don't do anything, just report what would be done.", is_flag=True)
+    default="prohibit",
-@click.option("--include-tags", help="Only include requests with matching tags (comma-separated).", default="")
+)
-@click.option("--exclude-tags", help="Exclude requests with matching tags (comma-separated).", default="")
+@click.option(
-@click.option("--force-rebuild", help="Rebuild even if the image already exists.", is_flag=True)
+    "--ip",
-@click.option("--log-dir", help="Output build/deployment logs to directory.", default=None)
+    help="IP address of the k8s deployment (to be set in DNS record)",
    default=None,
 )
@click.option("--record-namespace-dns", help="eg, lrn://laconic/dns", required=True)
@click.option(
    "--record-namespace-deployments",
    help="eg, lrn://laconic/deployments",
    required=True,
 )
@click.option(
    "--dry-run", help="Don't do anything, just report what would be done.", is_flag=True
 )
@click.option(
    "--include-tags",
    help="Only include requests with matching tags (comma-separated).",
    default="",
 )
@click.option(
    "--exclude-tags",
    help="Exclude requests with matching tags (comma-separated).",
    default="",
 )
@click.option(
    "--force-rebuild", help="Rebuild even if the image already exists.", is_flag=True
 )
@click.option(
    "--recreate-on-deploy",
    help="Remove and recreate deployments instead of updating them.",
    is_flag=True,
 )
@click.option(
    "--log-dir", help="Output build/deployment logs to directory.", default=None
 )
@click.option(
    "--min-required-payment",
    help="Requests must have a minimum payment to be processed (in alnt)",
    default=0,
 )
@click.option("--lrn", help="The LRN of this deployer.", required=True)
@click.option(
    "--all-requests",
    help="Handle requests addressed to anyone (by default only requests to"
    "my payment address are examined).",
    is_flag=True,
 )
@click.option(
    "--auction-requests",
    help="Handle requests with auction id set (skips payment confirmation).",
    is_flag=True,
    default=False,
 )
@click.option(
    "--config-upload-dir",
    help="The directory containing uploaded config.",
    required=True,
 )
@click.option(
    "--private-key-file", help="The private key for decrypting config.", required=True
 )
@click.option(
    "--registry-lock-file",
    help="File path to use for registry mutex lock",
    default=None,
 )
@click.option(
    "--private-key-passphrase",
    help="The passphrase for the private key.",
    required=True,
 )
@click.pass_context
-def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_dir,  # noqa: C901
+def command(  # noqa: C901
-            request_id, discover, state_file, only_update_state,
+    ctx,
-            dns_suffix, fqdn_policy, record_namespace_dns, record_namespace_deployments, dry_run,
+    kube_config,
-            include_tags, exclude_tags, force_rebuild, log_dir):
+    laconic_config,
    image_registry,
    deployment_parent_dir,
    request_id,
    discover,
    state_file,
    only_update_state,
    dns_suffix,
    fqdn_policy,
    ip,
    record_namespace_dns,
    record_namespace_deployments,
    dry_run,
    include_tags,
    exclude_tags,
    force_rebuild,
    recreate_on_deploy,
    log_dir,
    min_required_payment,
    lrn,
    config_upload_dir,
    private_key_file,
    private_key_passphrase,
    all_requests,
    auction_requests,
    registry_lock_file,
 ):
    if request_id and discover:
        print("Cannot specify both --request-id and --discover", file=sys.stderr)
        sys.exit(2)
@ -239,120 +435,283 @@ def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_
        sys.exit(2)
    if not only_update_state:
-        if not record_namespace_dns or not record_namespace_deployments or not dns_suffix:
+        if (
-            print("--dns-suffix, --record-namespace-dns, and --record-namespace-deployments are all required", file=sys.stderr)
+            not record_namespace_dns
            or not record_namespace_deployments
            or not dns_suffix
        ):
            print(
                "--dns-suffix, --record-namespace-dns, and "
                "--record-namespace-deployments are all required",
                file=sys.stderr,
            )
            sys.exit(2)
    if fqdn_policy not in ["prohibit", "allow", "preexisting"]:
-        print("--fqdn-policy must be one of 'prohibit', 'allow', or 'preexisting'", file=sys.stderr)
+        print(
            "--fqdn-policy must be one of 'prohibit', 'allow', or 'preexisting'",
            file=sys.stderr,
        )
        sys.exit(2)
    if fqdn_policy == "allow" and not ip:
        print(
            "--ip is required with 'allow' fqdn-policy",
            file=sys.stderr,
        )
        sys.exit(2)
    tempdir = tempfile.mkdtemp()
    gpg = gnupg.GPG(gnupghome=tempdir)
    # Import the deployer's public key
    result = gpg.import_keys(open(private_key_file, "rb").read())
    if 1 != result.imported:
        print(
            f"Failed to load private key file: {private_key_file}.",
            file=sys.stderr,
        )
        sys.exit(2)
    main_logger = TimedLogger(file=sys.stderr)
    try:
        # Split CSV and clean up values.
        include_tags = [tag.strip() for tag in include_tags.split(",") if tag]
        exclude_tags = [tag.strip() for tag in exclude_tags.split(",") if tag]
-    laconic = LaconicRegistryClient(laconic_config)
+        laconic = LaconicRegistryClient(
            laconic_config, log_file=sys.stderr, mutex_lock_file=registry_lock_file
        )
        webapp_deployer_record = laconic.get_record(lrn, require=True)
        assert webapp_deployer_record is not None  # require=True ensures this
        assert webapp_deployer_record.attributes is not None
        payment_address = webapp_deployer_record.attributes.paymentAddress
        main_logger.log(f"Payment address: {payment_address}")
        if min_required_payment and not payment_address:
            print(
                f"Minimum payment required, but no payment address listed "
                f"for deployer: {lrn}.",
                file=sys.stderr,
            )
            sys.exit(2)
        # Find deployment requests.
        requests = []
        # single request
        if request_id:
            main_logger.log(f"Retrieving request {request_id}...")
            requests = [laconic.get_record(request_id, require=True)]
        # all requests
        elif discover:
            main_logger.log("Discovering deployment requests...")
            if all_requests:
                requests = laconic.app_deployment_requests()
            else:
                requests = laconic.app_deployment_requests({"deployer": lrn})
        if only_update_state:
            if not dry_run:
                dump_known_requests(state_file, requests)
            return
        previous_requests = {}
        if state_file:
            main_logger.log(f"Loading known requests from {state_file}...")
            previous_requests = load_known_requests(state_file)
        # Collapse related requests.
-    requests.sort(key=lambda r: r.createTime)
+        # Filter out None values and sort
-    requests.reverse()
+        valid_requests = [r for r in requests if r is not None]
        valid_requests.sort(key=lambda r: r.createTime if r else "")
        valid_requests.reverse()
        requests_by_name = {}
        skipped_by_name = {}
-    for r in requests:
+        for r in valid_requests:
-        if r.id in previous_requests and previous_requests[r.id].get("status", "") != "RETRY":
+            if not r:
-            print(f"Skipping request {r.id}, we've already seen it.")
+                continue
            r_id = r.id if r else "unknown"
            main_logger.log(f"BEGIN: Examining request {r_id}")
            result = "PENDING"
            try:
                if (
                    r_id in previous_requests
                    and previous_requests[r_id].get("status", "") != "RETRY"
                ):
                    main_logger.log(f"Skipping request {r_id}, we've already seen it.")
                    result = "SKIP"
                    continue
                if not r.attributes:
                    main_logger.log(f"Skipping request {r_id}, no attributes.")
                    result = "ERROR"
                    continue
                app = laconic.get_record(r.attributes.application)
                if not app:
-            print("Skipping request %s, cannot locate app." % r.id)
+                    main_logger.log(f"Skipping request {r_id}, cannot locate app.")
                    result = "ERROR"
                    continue
                requested_name = r.attributes.dns
                if not requested_name:
                    requested_name = generate_hostname_for_app(app)
-            print("Generating name %s for request %s." % (requested_name, r.id))
+                    main_logger.log(
                        "Generating name %s for request %s." % (requested_name, r_id)
                    )
-        if requested_name in skipped_by_name or requested_name in requests_by_name:
+                if (
-            print("Ignoring request %s, it has been superseded." % r.id)
+                    requested_name in skipped_by_name
                    or requested_name in requests_by_name
                ):
                    main_logger.log(
                        "Ignoring request %s, it has been superseded." % r_id
                    )
                    result = "SKIP"
                    continue
                if skip_by_tag(r, include_tags, exclude_tags):
-            print("Skipping request %s, filtered by tag (include %s, exclude %s, present %s)" % (r.id,
+                    r_tags = r.attributes.tags if r.attributes else None
-                                                                                                 include_tags,
+                    main_logger.log(
-                                                                                                 exclude_tags,
+                        "Skipping request %s, filtered by tag "
-                                                                                                 r.attributes.tags))
+                        "(include %s, exclude %s, present %s)"
                        % (r_id, include_tags, exclude_tags, r_tags)
                    )
                    skipped_by_name[requested_name] = r
                    result = "SKIP"
                    continue
-        print("Found request %s to run application %s on %s." % (r.id, r.attributes.application, requested_name))
+                r_app = r.attributes.application if r.attributes else "unknown"
                main_logger.log(
                    "Found pending request %s to run application %s on %s."
                    % (r_id, r_app, requested_name)
                )
                requests_by_name[requested_name] = r
            except Exception as e:
                result = "ERROR"
                main_logger.log(f"ERROR examining request {r_id}: " + str(e))
            finally:
                main_logger.log(f"DONE Examining request {r_id} with result {result}.")
                if result in ["ERROR"]:
                    dump_known_requests(state_file, [r], status=result)
        # Find deployments.
        main_logger.log("Discovering existing app deployments...")
        if all_requests:
            deployments = laconic.app_deployments()
        else:
            deployments = laconic.app_deployments({"deployer": lrn})
        deployments_by_request = {}
        for d in deployments:
            if d.attributes.request:
                deployments_by_request[d.attributes.request] = d
        # Find removal requests.
        main_logger.log("Discovering deployment removal and cancellation requests...")
        cancellation_requests = {}
        removal_requests = laconic.app_deployment_removal_requests()
        for r in removal_requests:
            if r.attributes.request:
                cancellation_requests[r.attributes.request] = r
-    requests_to_execute = []
+        requests_to_check_for_payment = []
        for r in requests_by_name.values():
-        if r.id in cancellation_requests and match_owner(cancellation_requests[r.id], r):
+            if r.id in cancellation_requests and match_owner(
-            print(f"Found deployment cancellation request for {r.id} at {cancellation_requests[r.id].id}")
+                cancellation_requests[r.id], r
            ):
                main_logger.log(
                    f"Found deployment cancellation request for {r.id} "
                    f"at {cancellation_requests[r.id].id}"
                )
            elif r.id in deployments_by_request:
-            print(f"Found satisfied request for {r.id} at {deployments_by_request[r.id].id}")
+                main_logger.log(
                    f"Found satisfied request for {r.id} "
                    f"at {deployments_by_request[r.id].id}"
                )
            else:
-            if r.id not in previous_requests:
+                if (
-                print(f"Request {r.id} needs to processed.")
+                    r.id in previous_requests
                    and previous_requests[r.id].get("status", "") != "RETRY"
                ):
                    main_logger.log(
                        f"Skipping unsatisfied request {r.id} "
                        "because we have seen it before."
                    )
                else:
                    main_logger.log(f"Request {r.id} needs to processed.")
                    requests_to_check_for_payment.append(r)
        requests_to_execute = []
        for r in requests_to_check_for_payment:
            if r.attributes.auction:
                if auction_requests:
                    if confirm_auction(laconic, r, lrn, payment_address, main_logger):
                        main_logger.log(f"{r.id}: Auction confirmed.")
                        requests_to_execute.append(r)
                    else:
-                print(
+                        main_logger.log(
-                    f"Skipping unsatisfied request {r.id} because we have seen it before."
+                            f"Skipping request {r.id}: unable to verify auction."
                        )
                        dump_known_requests(state_file, [r], status="SKIP")
                else:
                    main_logger.log(
                        f"Skipping request {r.id}: not handling requests with auction."
                    )
                    dump_known_requests(state_file, [r], status="SKIP")
            elif min_required_payment:
                main_logger.log(f"{r.id}: Confirming payment...")
                if confirm_payment(
                    laconic,
                    r,
                    payment_address,
                    min_required_payment,
                    main_logger,
                ):
                    main_logger.log(f"{r.id}: Payment confirmed.")
                    requests_to_execute.append(r)
                else:
                    main_logger.log(
                        f"Skipping request {r.id}: unable to verify payment."
                    )
                    dump_known_requests(state_file, [r], status="UNPAID")
            else:
                requests_to_execute.append(r)
-    print("Found %d unsatisfied request(s) to process." % len(requests_to_execute))
+        main_logger.log(
            "Found %d unsatisfied request(s) to process." % len(requests_to_execute)
        )
        if not dry_run:
            for r in requests_to_execute:
                main_logger.log(f"DEPLOYING {r.id}: BEGIN")
                dump_known_requests(state_file, [r], "DEPLOYING")
                status = "ERROR"
                run_log_file = None
                run_reg_client = laconic
                build_logger = None
                try:
-                run_id = f"{r.id}-{str(time.time()).split('.')[0]}-{str(uuid.uuid4()).split('-')[0]}"
+                    run_id = (
                        f"{r.id}-{str(time.time()).split('.')[0]}-"
                        f"{str(uuid.uuid4()).split('-')[0]}"
                    )
                    if log_dir:
                        run_log_dir = os.path.join(log_dir, r.id)
                        if not os.path.exists(run_log_dir):
                            os.mkdir(run_log_dir)
                        run_log_file_path = os.path.join(run_log_dir, f"{run_id}.log")
-                    print(f"Directing deployment logs to: {run_log_file_path}")
+                        main_logger.log(
                            f"Directing deployment logs to: {run_log_file_path}"
                        )
                        run_log_file = open(run_log_file_path, "wt")
-                    run_reg_client = LaconicRegistryClient(laconic_config, log_file=run_log_file)
+                        run_reg_client = LaconicRegistryClient(
                            laconic_config,
                            log_file=run_log_file,
                            mutex_lock_file=registry_lock_file,
                        )
-                logger = TimedLogger(run_id, run_log_file)
+                    build_logger = TimedLogger(run_id, run_log_file)
-                logger.log("Processing ...")
+                    build_logger.log("Processing ...")
                    process_app_deployment_request(
                        ctx,
                        run_reg_client,
@ -360,19 +719,37 @@ def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_
                        record_namespace_deployments,
                        record_namespace_dns,
                        dns_suffix,
                        ip,
                        os.path.abspath(deployment_parent_dir),
                        kube_config,
                        image_registry,
                        force_rebuild,
                        fqdn_policy,
-                    logger
+                        recreate_on_deploy,
                        webapp_deployer_record,
                        gpg,
                        private_key_passphrase,
                        config_upload_dir,
                        build_logger,
                    )
                    status = "DEPLOYED"
                except Exception as e:
-                logger.log("ERROR: " + str(e))
+                    main_logger.log(f"ERROR {r.id}:" + str(e))
                    if build_logger:
                        build_logger.log("ERROR: " + str(e))
                finally:
-                if logger:
+                    main_logger.log(f"DEPLOYING {r.id}: END - {status}")
-                    logger.log(f"DONE with status {status}", show_step_time=False, show_total_time=True)
+                    if build_logger:
                        build_logger.log(
                            f"DONE with status {status}",
                            show_step_time=False,
                            show_total_time=True,
                        )
                    dump_known_requests(state_file, [r], status)
                    if run_log_file:
                        run_log_file.close()
    except Exception as e:
        main_logger.log("UNCAUGHT ERROR:" + str(e))
        raise e
    finally:
        shutil.rmtree(tempdir, ignore_errors=True)
--- a/stack_orchestrator/deploy/webapp/handle_deployment_auction.py
+++ b/stack_orchestrator/deploy/webapp/handle_deployment_auction.py
@ -0,0 +1,249 @@
 # Copyright ©2023 Vulcanize
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 import sys
 import json
 import click
 from stack_orchestrator.deploy.webapp.util import (
    AttrDict,
    LaconicRegistryClient,
    TimedLogger,
    load_known_requests,
    AUCTION_KIND_PROVIDER,
    AuctionStatus,
 )
 def process_app_deployment_auction(
    ctx,
    laconic: LaconicRegistryClient,
    request,
    current_status,
    reveal_file_path,
    bid_amount,
    logger,
 ):
    # Fetch auction details
    auction_id = request.attributes.auction
    auction = laconic.get_auction(auction_id)
    if not auction:
        raise Exception(f"Unable to locate auction: {auction_id}")
    # Check auction kind
    if auction.kind != AUCTION_KIND_PROVIDER:
        raise Exception(
            f"Auction kind needs to be ${AUCTION_KIND_PROVIDER}, got {auction.kind}"
        )
    if current_status == "PENDING":
        # Skip if pending auction not in commit state
        if auction.status != AuctionStatus.COMMIT:
            logger.log(
                f"Skipping pending request, auction {auction_id} "
                f"status: {auction.status}"
            )
            return "SKIP", ""
        # Check max_price
        bid_amount_int = int(bid_amount)
        max_price_int = int(auction.maxPrice.quantity)
        if max_price_int < bid_amount_int:
            logger.log(
                f"Skipping auction {auction_id} with max_price ({max_price_int}) "
                f"less than bid_amount ({bid_amount_int})"
            )
            return "SKIP", ""
        # Bid on the auction
        reveal_file_path = laconic.commit_bid(auction_id, bid_amount_int)
        logger.log(f"Commited bid on auction {auction_id} with amount {bid_amount_int}")
        return "COMMIT", reveal_file_path
    if current_status == "COMMIT":
        # Return if auction still in commit state
        if auction.status == AuctionStatus.COMMIT:
            logger.log(f"Auction {auction_id} status: {auction.status}")
            return current_status, reveal_file_path
        # Reveal bid
        if auction.status == AuctionStatus.REVEAL:
            laconic.reveal_bid(auction_id, reveal_file_path)
            logger.log(f"Revealed bid on auction {auction_id}")
            return "REVEAL", reveal_file_path
        raise Exception(f"Unexpected auction {auction_id} status: {auction.status}")
    if current_status == "REVEAL":
        # Return if auction still in reveal state
        if auction.status == AuctionStatus.REVEAL:
            logger.log(f"Auction {auction_id} status: {auction.status}")
            return current_status, reveal_file_path
        # Return if auction is completed
        if auction.status == AuctionStatus.COMPLETED:
            logger.log(f"Auction {auction_id} completed")
            return "COMPLETED", ""
        raise Exception(f"Unexpected auction {auction_id} status: {auction.status}")
    raise Exception(f"Got request with unexpected status: {current_status}")
 def dump_known_auction_requests(filename, requests, status="SEEN"):
    if not filename:
        return
    known_requests = load_known_requests(filename)
    for r in requests:
        known_requests[r.id] = {"revealFile": r.revealFile, "status": status}
    with open(filename, "w") as f:
        json.dump(known_requests, f)
@click.command()
@click.option(
    "--laconic-config", help="Provide a config file for laconicd", required=True
 )
@click.option(
    "--state-file",
    help="File to store state about previously seen auction requests.",
    required=True,
 )
@click.option(
    "--bid-amount",
    help="Bid to place on application deployment auctions (in alnt)",
    required=True,
 )
@click.option(
    "--registry-lock-file",
    help="File path to use for registry mutex lock",
    default=None,
 )
@click.option(
    "--dry-run", help="Don't do anything, just report what would be done.", is_flag=True
 )
@click.pass_context
 def command(
    ctx,
    laconic_config,
    state_file,
    bid_amount,
    registry_lock_file,
    dry_run,
 ):
    if int(bid_amount) < 0:
        print("--bid-amount cannot be less than 0", file=sys.stderr)
        sys.exit(2)
    logger = TimedLogger(file=sys.stderr)
    try:
        laconic = LaconicRegistryClient(
            laconic_config, log_file=sys.stderr, mutex_lock_file=registry_lock_file
        )
        auctions_requests = laconic.app_deployment_auctions()
        previous_requests = {}
        logger.log(f"Loading known auctions from {state_file}...")
        previous_requests = load_known_requests(state_file)
        # Process new requests first
        auctions_requests.sort(key=lambda r: r.createTime)
        auctions_requests.reverse()
        requests_to_execute = []
        for r in auctions_requests:
            logger.log(f"BEGIN: Examining request {r.id}")
            result_status = "PENDING"
            reveal_file_path = ""
            try:
                application = r.attributes.application
                # Handle already seen requests
                if r.id in previous_requests:
                    # If it's not in commit or reveal status, skip the request as we've
                    # already seen it
                    current_status = previous_requests[r.id].get("status", "")
                    result_status = current_status
                    if current_status not in ["COMMIT", "REVEAL"]:
                        logger.log(f"Skipping request {r.id}, we've already seen it.")
                        continue
                    reveal_file_path = previous_requests[r.id].get("revealFile", "")
                    logger.log(
                        f"Found existing auction request {r.id} for application "
                        f"{application}, status {current_status}."
                    )
                else:
                    # It's a fresh request, check application record
                    app = laconic.get_record(application)
                    if not app:
                        logger.log(f"Skipping request {r.id}, cannot locate app.")
                        result_status = "ERROR"
                        continue
                    logger.log(
                        f"Found pending auction request {r.id} for application "
                        f"{application}."
                    )
                # Add requests to be processed
                requests_to_execute.append((r, result_status, reveal_file_path))
            except Exception as e:
                result_status = "ERROR"
                logger.log(f"ERROR: examining request {r.id}: " + str(e))
            finally:
                logger.log(
                    f"DONE: Examining request {r.id} with result {result_status}."
                )
                if result_status in ["ERROR"]:
                    dump_known_auction_requests(
                        state_file,
                        [AttrDict({"id": r.id, "revealFile": reveal_file_path})],
                        result_status,
                    )
        logger.log(f"Found {len(requests_to_execute)} request(s) to process.")
        if not dry_run:
            for r, current_status, reveal_file_path in requests_to_execute:
                logger.log(f"Processing {r.id}: BEGIN")
                result_status = "ERROR"
                try:
                    result_status, reveal_file_path = process_app_deployment_auction(
                        ctx,
                        laconic,
                        r,
                        current_status,
                        reveal_file_path,
                        bid_amount,
                        logger,
                    )
                except Exception as e:
                    logger.log(f"ERROR {r.id}:" + str(e))
                finally:
                    logger.log(f"Processing {r.id}: END - {result_status}")
                    dump_known_auction_requests(
                        state_file,
                        [AttrDict({"id": r.id, "revealFile": reveal_file_path})],
                        result_status,
                    )
    except Exception as e:
        logger.log("UNCAUGHT ERROR:" + str(e))
        raise e
--- a/stack_orchestrator/deploy/webapp/publish_deployment_auction.py
+++ b/stack_orchestrator/deploy/webapp/publish_deployment_auction.py
@ -0,0 +1,124 @@
 # Copyright ©2023 Vulcanize
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 import sys
 import click
 import yaml
 from stack_orchestrator.deploy.webapp.util import (
    AUCTION_KIND_PROVIDER,
    TOKEN_DENOM,
    LaconicRegistryClient,
 )
 def fatal(msg: str):
    print(msg, file=sys.stderr)
    sys.exit(1)
@click.command()
@click.option(
    "--laconic-config", help="Provide a config file for laconicd", required=True
 )
@click.option(
    "--app",
    help="The LRN of the application to deploy.",
    required=True,
 )
@click.option(
    "--commits-duration",
    help="Auction commits duration (in seconds) (default: 600).",
    default=600,
 )
@click.option(
    "--reveals-duration",
    help="Auction reveals duration (in seconds) (default: 600).",
    default=600,
 )
@click.option(
    "--commit-fee",
    help="Auction bid commit fee (in alnt) (default: 100000).",
    default=100000,
 )
@click.option(
    "--reveal-fee",
    help="Auction bid reveal fee (in alnt) (default: 100000).",
    default=100000,
 )
@click.option(
    "--max-price",
    help="Max acceptable bid price (in alnt).",
    required=True,
 )
@click.option(
    "--num-providers",
    help="Max acceptable bid price (in alnt).",
    required=True,
 )
@click.option(
    "--dry-run",
    help="Don't publish anything, just report what would be done.",
    is_flag=True,
 )
@click.pass_context
 def command(
    ctx,
    laconic_config,
    app,
    commits_duration,
    reveals_duration,
    commit_fee,
    reveal_fee,
    max_price,
    num_providers,
    dry_run,
 ):
    laconic = LaconicRegistryClient(laconic_config)
    app_record = laconic.get_record(app)
    if not app_record:
        fatal(f"Unable to locate app: {app}")
    provider_auction_params = {
        "kind": AUCTION_KIND_PROVIDER,
        "commits_duration": commits_duration,
        "reveals_duration": reveals_duration,
        "denom": TOKEN_DENOM,
        "commit_fee": commit_fee,
        "reveal_fee": reveal_fee,
        "max_price": max_price,
        "num_providers": num_providers,
    }
    auction_id = laconic.create_deployment_auction(provider_auction_params)
    print("Deployment auction created:", auction_id)
    if not auction_id:
        fatal("Unable to create a provider auction")
    deployment_auction = {
        "record": {
            "type": "ApplicationDeploymentAuction",
            "application": app,
            "auction": auction_id,
        }
    }
    if dry_run:
        print(yaml.dump(deployment_auction))
        return
    # Publish the deployment auction record
    laconic.publish(deployment_auction)
--- a/Show More
+++ b/Show More
		`@ -1,2 +0,0 @@`
			`Change this file to trigger running the fixturenet-eth-plugeth-arm-test CI job`
`@ -1,2 +1 @@`
	`Change this file to trigger running the fixturenet-eth-test CI job`	`Change this file to trigger running the fixturenet-eth-test CI job`
`@ -78,5 +78,3 @@ See the [CONTRIBUTING.md](/docs/CONTRIBUTING.md) for developer mode install.`
	`## Platform Support`	`## Platform Support`

	`Native aarm64 is _not_ currently supported. x64 emulation on ARM64 macos should work (not yet tested).`	`Native aarm64 is _not_ currently supported. x64 emulation on ARM64 macos should work (not yet tested).`
`@ -18,4 +18,3 @@ root@7c4124bb09e3:/src#`
	```	```

	`Now gerbil commands can be run.`	`Now gerbil commands can be run.`
`@ -5,4 +5,3 @@ WORKDIR /app`
	`COPY . .`	`COPY . .`

	`RUN yarn`	`RUN yarn`
`@ -3,4 +3,3 @@`
	`A "loaded" version of fixturenet-eth, with all the bells and whistles enabled.`	`A "loaded" version of fixturenet-eth, with all the bells and whistles enabled.`

	`TODO: write me`	`TODO: write me`
`@ -1,2 +1 @@`
	`# Laconic Mainnet Deployment (experimental)`	`# Laconic Mainnet Deployment (experimental)`