# host_kit v0.1.0-beta.1 - Table of Contents

> Elixir-native host management with inspectable plans, package locks, systemd isolation, and remote bootstrap.

## Pages

- [HostKit](readme.md)
- [Changelog](changelog.md)
- [Deploy a Caddy static site with HostKit](deploy_caddy_site.md)
- [Deploy a Phoenix app with HostKit](deploy_phoenix_app.md)

- Introduction
  - [Getting started](getting-started.md)
  - [Conventions and paths](conventions-and-paths.md)

- Deployment
  - [Remote bootstrap and plan artifacts](remote-bootstrap.md)
  - [Systemd isolation](systemd-isolation.md)
  - [Firewall and networking](firewall-and-networking.md)
  - [Gatehouse edge proxy](gatehouse.md)

- Workspaces
  - [Workspaces and tenants](workspaces-and-tenants.md)

- Operations
  - [Observability and monitors](observability-and-monitors.md)
  - [Timers and jobs](timers-and-jobs.md)

- Reference
  - [CLI reference](cli.md)
  - [HostKit](full-reference.md)
  - [Internal architecture](internal-architecture.md)

## Modules

- [HostKit](HostKit.md): Elixir-native host infrastructure declarations, planning, and runtime control.
- [HostKit.Account](HostKit.Account.md): Account references and normalization helpers.
- [HostKit.Account.Ref](HostKit.Account.Ref.md): Reference to a declared HostKit account.
- [HostKit.Addr.AbsResource](HostKit.Addr.AbsResource.md): Resource address with module/service path context.
- [HostKit.Addr.Resource](HostKit.Addr.Resource.md): Stable address for a resource declaration.
- [HostKit.Agent](HostKit.Agent.md): Runtime API for the optional HostKit host agent.
- [HostKit.Agent.DriftWorker](HostKit.Agent.DriftWorker.md): Supervised worker for scheduled drift planning.
- [HostKit.Agent.MonitorWorker](HostKit.Agent.MonitorWorker.md): Supervised worker for scheduled monitoring checks.
- [HostKit.Agent.Systemd](HostKit.Agent.Systemd.md): Helpers for declaring HostKit agent systemd units.
- [HostKit.Application](HostKit.Application.md): HostKit OTP application entry point.
- [HostKit.Apply](HostKit.Apply.md): Applies supported HostKit plan changes.
- [HostKit.Apply.Event](HostKit.Apply.Event.md): Lifecycle message emitted by HostKit apply when a reporter process is configured.
- [HostKit.BackupRef](HostKit.BackupRef.md): Reference to a backup payload captured in a tracked HostKit run.
- [HostKit.Caddy.Directive.Encode](HostKit.Caddy.Directive.Encode.md): Inspectable Caddy encode directive.
- [HostKit.Caddy.Directive.FileServer](HostKit.Caddy.Directive.FileServer.md): Inspectable Caddy file_server directive.
- [HostKit.Caddy.Directive.ReverseProxy](HostKit.Caddy.Directive.ReverseProxy.md): Inspectable Caddy reverse_proxy directive.
- [HostKit.Caddy.Directive.Root](HostKit.Caddy.Directive.Root.md): Inspectable Caddy root directive.
- [HostKit.Caddy.JSON](HostKit.Caddy.JSON.md): Builds Caddy JSON config structs from HostKit Caddy resources.
- [HostKit.Caddy.JSON.Apps](HostKit.Caddy.JSON.Apps.md): Caddy JSON apps object.
- [HostKit.Caddy.JSON.Config](HostKit.Caddy.JSON.Config.md): Caddy JSON config root.
- [HostKit.Caddy.JSON.HTTP](HostKit.Caddy.JSON.HTTP.md): Caddy HTTP app config.
- [HostKit.Caddy.JSON.Handler.Encode](HostKit.Caddy.JSON.Handler.Encode.md): Caddy encode handler.
- [HostKit.Caddy.JSON.Handler.FileServer](HostKit.Caddy.JSON.Handler.FileServer.md): Caddy file_server handler.
- [HostKit.Caddy.JSON.Handler.ReverseProxy](HostKit.Caddy.JSON.Handler.ReverseProxy.md): Caddy reverse_proxy handler.
- [HostKit.Caddy.JSON.Handler.Subroute](HostKit.Caddy.JSON.Handler.Subroute.md): Caddy subroute handler.
- [HostKit.Caddy.JSON.Handler.Vars](HostKit.Caddy.JSON.Handler.Vars.md): Caddy vars handler, used for HTTP roots.
- [HostKit.Caddy.JSON.Match.Host](HostKit.Caddy.JSON.Match.Host.md): Caddy host matcher.
- [HostKit.Caddy.JSON.Route](HostKit.Caddy.JSON.Route.md): Caddy HTTP route.
- [HostKit.Caddy.JSON.Server](HostKit.Caddy.JSON.Server.md): Caddy HTTP server config.
- [HostKit.Caddy.JSON.Upstream](HostKit.Caddy.JSON.Upstream.md): Caddy upstream dial target.
- [HostKit.Caddy.Site](HostKit.Caddy.Site.md): Inspectable Caddy site resource.
- [HostKit.Change](HostKit.Change.md): A planned change for one HostKit resource.
- [HostKit.CommandAnalysis](HostKit.CommandAnalysis.md): Static command dependency analysis for HostKit resources.
- [HostKit.CommandLine](HostKit.CommandLine.md): A parsed, shell-like simple command line stored as argv.
- [HostKit.Conventions](HostKit.Conventions.md): Project-level naming and path conventions.
- [HostKit.DSL](HostKit.DSL.md): Core HostKit DSL.
- [HostKit.DSL.Systemd](HostKit.DSL.Systemd.md): DSL helpers for core systemd resources.
- [HostKit.Diagnostic](HostKit.Diagnostic.md): Structured HostKit diagnostic, suitable for pattern matching and compiler-style rendering.
- [HostKit.Diagnostics](HostKit.Diagnostics.md): Collection of HostKit diagnostics.
- [HostKit.Diagnostics.Format](HostKit.Diagnostics.Format.md): Compiler-style rendering for HostKit diagnostics.
- [HostKit.Endpoint](HostKit.Endpoint.md): Reference to a named listener/endpoint exposed by a HostKit service.
- [HostKit.Endpoint.Resolver](HostKit.Endpoint.Resolver.md): Resolves endpoint references against service endpoint/listener declarations.
- [HostKit.Env](HostKit.Env.md): Rendering for HostKit env files.
- [HostKit.Error](HostKit.Error.md): Concise formatting for common HostKit runtime error terms.
- [HostKit.Firewall](HostKit.Firewall.md): Declarative host firewall policy.
- [HostKit.Firewall.Nftables](HostKit.Firewall.Nftables.md): Render HostKit firewall policy to nftables syntax.
- [HostKit.Firewall.Rule](HostKit.Firewall.Rule.md): Declarative firewall rule.
- [HostKit.Host](HostKit.Host.md): Host declaration.
- [HostKit.Ingress](HostKit.Ingress.md): Inspectable ingress/application-router declaration.
- [HostKit.Ingress.Caddy](HostKit.Ingress.Caddy.md): Renders semantic ingress declarations as Caddy site resources.
- [HostKit.Ingress.Gatehouse](HostKit.Ingress.Gatehouse.md): Renders semantic ingress declarations as Gatehouse proxy config resources.
- [HostKit.Ingress.Proxy](HostKit.Ingress.Proxy.md): Inspectable ingress proxy action.
- [HostKit.Ingress.Route](HostKit.Ingress.Route.md): Inspectable ingress route declaration.
- [HostKit.Ingress.Server](HostKit.Ingress.Server.md): Inspectable ingress server/listener declaration.
- [HostKit.Ingress.TLS](HostKit.Ingress.TLS.md): Inspectable ingress TLS termination declaration.
- [HostKit.Listener](HostKit.Listener.md): Named service listener metadata.
- [HostKit.Loader](HostKit.Loader.md): Loads HostKit `.exs` project declarations.
- [HostKit.Local](HostKit.Local.md): Read-only inspection of resources on the local host.
- [HostKit.Logs](HostKit.Logs.md): Helpers for extracting log management declarations from HostKit projects.
- [HostKit.Logs.Config](HostKit.Logs.Config.md): Declarative log management intent.
- [HostKit.Mise](HostKit.Mise.md): Runtime boundary for managing mise and mise-installed tools.
- [HostKit.Mise.CLI](HostKit.Mise.CLI.md): mise runtime implementation backed by the mise CLI.
- [HostKit.Mode](HostKit.Mode.md): Unix mode normalization helpers.
- [HostKit.Monitor](HostKit.Monitor.md): Helpers for extracting monitoring declarations from HostKit projects.
- [HostKit.Monitor.Check](HostKit.Monitor.Check.md): Declarative monitoring check metadata.
- [HostKit.Monitor.Result](HostKit.Monitor.Result.md): Monitoring check execution result.
- [HostKit.Net.Addr](HostKit.Net.Addr.md): Network address normalization helpers.
- [HostKit.OtelCollector](HostKit.OtelCollector.md): Builds OpenTelemetry Collector config maps from HostKit telemetry declarations.
- [HostKit.Package](HostKit.Package.md): Runtime boundary for reading and installing OS packages.
- [HostKit.Package.CLI](HostKit.Package.CLI.md): Package runtime implementation backed by common OS package managers.
- [HostKit.Package.Lock](HostKit.Package.Lock.md): JSON lock file for resolved target package names.
- [HostKit.Package.Manager](HostKit.Package.Manager.md): Detects the target host package manager.
- [HostKit.Package.Repology.Cache](HostKit.Package.Repology.Cache.md): Filesystem cache for Repology API responses.
- [HostKit.Package.Repology.CachedClient](HostKit.Package.Repology.CachedClient.md): Repology client wrapper with filesystem caching.
- [HostKit.Package.Repology.Client](HostKit.Package.Repology.Client.md): HTTP client for the Repology API.
- [HostKit.Package.Repology.RateLimit](HostKit.Package.Repology.RateLimit.md): Repology API rate limiter backed by Hammer.
- [HostKit.Package.Repology.Record](HostKit.Package.Repology.Record.md): Package record returned by the Repology API.
- [HostKit.Package.Resolution](HostKit.Package.Resolution.md): Resolved package capability metadata.
- [HostKit.Package.Resolver](HostKit.Package.Resolver.md): Resolves semantic package capabilities to concrete OS package names.
- [HostKit.Package.TargetRepo](HostKit.Package.TargetRepo.md): Detects Repology repository names for package resolution targets.
- [HostKit.Plan](HostKit.Plan.md): Structural plan generated from a HostKit project.
- [HostKit.Plan.Artifact](HostKit.Plan.Artifact.md): Portable JSON artifact for a resolved HostKit plan.
- [HostKit.Plan.Format](HostKit.Plan.Format.md): Human-readable plan formatting.
- [HostKit.Plugin](HostKit.Plugin.md): Deprecated compatibility alias for `HostKit.Provider`.
- [HostKit.Project](HostKit.Project.md): Project-level declaration loaded from HostKit DSL files.
- [HostKit.ProjectDSL](HostKit.ProjectDSL.md): Helpers for building project-local HostKit DSLs.
- [HostKit.Provider](HostKit.Provider.md): Provider behaviour for HostKit integrations.
- [HostKit.ProviderConfig](HostKit.ProviderConfig.md): Configuration for a HostKit provider instance.
- [HostKit.Providers.Caddy](HostKit.Providers.Caddy.md): Caddy provider for HostKit.
- [HostKit.Providers.Caddy.DSL](HostKit.Providers.Caddy.DSL.md): DSL macros for Caddy resources.
- [HostKit.Providers.Elixir](HostKit.Providers.Elixir.md): Elixir application provider exposing Mix and Elixir app recipes.
- [HostKit.Providers.Gatehouse](HostKit.Providers.Gatehouse.md): Gatehouse provider exposing Gatehouse deployment recipes.
- [HostKit.Proxy](HostKit.Proxy.md): Generic proxy desired-state resource.
- [HostKit.Readiness](HostKit.Readiness.md): Readiness check execution for HostKit resources.
- [HostKit.Readiness.HTTP](HostKit.Readiness.HTTP.md): HTTP readiness check.
- [HostKit.Readiness.Systemd](HostKit.Readiness.Systemd.md): Systemd readiness check.
- [HostKit.Recipe](HostKit.Recipe.md): Reusable HostKit DSL recipes.
- [HostKit.Recipes.ElixirApp](HostKit.Recipes.ElixirApp.md): Recipe for building and running a Phoenix/Elixir release on the target host.
- [HostKit.Recipes.Gatehouse](HostKit.Recipes.Gatehouse.md): Recipe for running an already-built Gatehouse release under systemd.
- [HostKit.Remote](HostKit.Remote.md): Read-only inspection of resources through a HostKit runner.
- [HostKit.Render](HostKit.Render.md): Renders resources through core renderers and optional plugin renderers.
- [HostKit.Resource](HostKit.Resource.md): Helpers for resource identity, dependency metadata, and JSON-safe terms.
- [HostKit.Resources.Account](HostKit.Resources.Account.md): Desired Linux account.
- [HostKit.Resources.Capability](HostKit.Resources.Capability.md): Desired host capability resolved to installable resources for a target system.
- [HostKit.Resources.Command](HostKit.Resources.Command.md): Declarative command step used for build/bootstrap workflows.
- [HostKit.Resources.Directory](HostKit.Resources.Directory.md): Desired directory with ownership and mode.
- [HostKit.Resources.EnvFile](HostKit.Resources.EnvFile.md): Desired dotenv-compatible env file with redacted secret entries.
- [HostKit.Resources.File](HostKit.Resources.File.md): Desired file content with ownership and mode.
- [HostKit.Resources.Mise](HostKit.Resources.Mise.md): Desired mise installation and system-wide tool versions.
- [HostKit.Resources.Package](HostKit.Resources.Package.md): Desired OS package installed through the target package manager.
- [HostKit.Resources.Readiness](HostKit.Resources.Readiness.md): Waits until a set of readiness checks pass.
- [HostKit.Resources.Shell](HostKit.Resources.Shell.md): Validated Bash script resource for explicit shell execution.
- [HostKit.Resources.Source](HostKit.Resources.Source.md): Desired source checkout. Git is the first supported backend.
- [HostKit.RunRecord](HostKit.RunRecord.md): Minimal host-side record of an applied HostKit plan.
- [HostKit.RunRecord.Change](HostKit.RunRecord.Change.md): One compact change entry in a HostKit run record.
- [HostKit.RunStamp](HostKit.RunStamp.md): Reproducibility stamps for command-like resources.
- [HostKit.Runner](HostKit.Runner.md): Command execution boundary for HostKit apply/deploy operations.
- [HostKit.Runner.Command](HostKit.Runner.Command.md): Formatting helpers for commands executed through HostKit runners.
- [HostKit.Runner.Files](HostKit.Runner.Files.md): Filesystem helpers over HostKit runners.
- [HostKit.Runner.Local](HostKit.Runner.Local.md): Local command runner for HostKit operations.
- [HostKit.Runner.Ops](HostKit.Runner.Ops.md): Small filesystem and command helpers around HostKit runners.
- [HostKit.Runner.SSH](HostKit.Runner.SSH.md): Stateless SSH runner backed by OTP `:ssh`.
- [HostKit.Runner.SSH.Connection](HostKit.Runner.SSH.Connection.md): Reusable OTP SSH connection runner.
- [HostKit.Runner.SSH.IdentityKey](HostKit.Runner.SSH.IdentityKey.md): SSH key callback for a single OpenSSH identity file.
- [HostKit.Runtime](HostKit.Runtime.md): Runtime controls for systemd-backed units and transient jobs.
- [HostKit.Runtime.Resources](HostKit.Runtime.Resources.md): Reusable cgroup resource controls for systemd-backed runtimes.
- [HostKit.Runtime.Sandbox](HostKit.Runtime.Sandbox.md): Reusable process sandbox options for systemd-backed runtimes.
- [HostKit.Runtime.Spec](HostKit.Runtime.Spec.md): HostKit alias for Unitctl transient service specs.
- [HostKit.Secret](HostKit.Secret.md): References to secrets resolved at HostKit control-plane boundaries.
- [HostKit.Service](HostKit.Service.md): A named group of resources that make up an application or host capability.
- [HostKit.Shell](HostKit.Shell.md): POSIX shell rendering for the few HostKit paths that must cross `sh -c` or SSH exec.
- [HostKit.ShellScript](HostKit.ShellScript.md): A parsed Bash script with static command analysis metadata.
- [HostKit.Sigils](HostKit.Sigils.md): HostKit command and shell sigils.
- [HostKit.Source.Identity](HostKit.Source.Identity.md): Semantic identity/provenance for a declared source.
- [HostKit.Source.Ref](HostKit.Source.Ref.md): Reference to a declared HostKit source for command/run inputs.
- [HostKit.SourceLocation](HostKit.SourceLocation.md): Source location metadata for HostKit DSL resources.
- [HostKit.State](HostKit.State.md): State snapshot persistence for HostKit plans and agent status.
- [HostKit.Storage](HostKit.Storage.md): Helpers for named storage volumes.
- [HostKit.Storage.Volume](HostKit.Storage.Volume.md): Named storage volume metadata.
- [HostKit.Supervisor](HostKit.Supervisor.md): Top-level HostKit supervision tree.
- [HostKit.Systemd.Calendar](HostKit.Systemd.Calendar.md): Systemd calendar expression helpers.
- [HostKit.Systemd.Directives](HostKit.Systemd.Directives.md): Shared systemd directive coercion for DSL and runtime builders.
- [HostKit.Systemd.Service](HostKit.Systemd.Service.md): Persistent systemd service unit declaration backed by systemdkit rendering.
- [HostKit.Systemd.ServiceOptions](HostKit.Systemd.ServiceOptions.md): Converts values into systemd [Service] options.
- [HostKit.Systemd.Target](HostKit.Systemd.Target.md): Systemd target reference helpers.
- [HostKit.Systemd.Timer](HostKit.Systemd.Timer.md): Persistent systemd timer unit declaration backed by systemdkit rendering.
- [HostKit.Target](HostKit.Target.md): Execution target for HostKit read/apply operations.
- [HostKit.Telemetry](HostKit.Telemetry.md): Helpers for extracting OpenTelemetry collection intent from HostKit projects.
- [HostKit.Telemetry.Signal](HostKit.Telemetry.Signal.md): Declarative OpenTelemetry collection intent.
- [HostKit.Tenant](HostKit.Tenant.md): Platform tenant metadata.
- [HostKit.Validate](HostKit.Validate.md): Validates resources through core validators and optional plugin validators.
- [HostKit.Workspace](HostKit.Workspace.md): Helpers for workspace-scoped metadata.
- [HostKit.Workspace.Agent.Client](HostKit.Workspace.Agent.Client.md): Client boundary for communicating with workspace agents.
- [HostKit.Workspace.Agent.LocalClient](HostKit.Workspace.Agent.LocalClient.md): Local placeholder workspace-agent client used before the Unix socket transport exists.
- [HostKit.Workspace.Agent.Server](HostKit.Workspace.Agent.Server.md): Workspace agent server speaking Erlang external terms over a Unix socket.
- [HostKit.Workspace.Agent.UnixClient](HostKit.Workspace.Agent.UnixClient.md): Erlang external term format client for workspace agents over Unix sockets.
- [HostKit.Workspace.Egress](HostKit.Workspace.Egress.md): Workspace egress policy metadata.

- Exceptions
  - [HostKit.ProjectDSL.UnknownDefinitionError](HostKit.ProjectDSL.UnknownDefinitionError.md): Raised when a ProjectDSL defservice block contains an unsupported form.
  - [HostKit.ProjectDSL.UnknownPrefixError](HostKit.ProjectDSL.UnknownPrefixError.md): Raised when a ProjectDSL prefix lookup references an undefined prefix.
  - [HostKit.ProjectDSL.UnknownRootError](HostKit.ProjectDSL.UnknownRootError.md): Raised when a ProjectDSL root lookup references an undefined root.

## Mix Tasks

- [mix host_kit.apply](Mix.Tasks.HostKit.Apply.md): Applies supported HostKit plan changes. Requires `--dry-run` or `--confirm`.
- [mix host_kit.down](Mix.Tasks.HostKit.Down.md): Builds a down/rollback plan from an existing HostKit plan artifact.
- [mix host_kit.dump](Mix.Tasks.HostKit.Dump.md): Dumps a HostKit project as inspectable Elixir structs.
- [mix host_kit.plan](Mix.Tasks.HostKit.Plan.md): Builds and prints a HostKit plan.
- [mix host_kit.render](Mix.Tasks.HostKit.Render.md): Renders a HostKit resource by kind and name.
- [mix host_kit.runs](Mix.Tasks.HostKit.Runs.md): Lists minimal HostKit run records.

