Tow
Deploy to bare-metal servers and VMs — without the complexity of Kubernetes.
What is Tow?
Tow is a lightweight, agentless deployment orchestrator written in Go. It deploys your applications to bare-metal servers or cloud VMs via SSH — no agents, no containers, no Kubernetes required.
# Detect your project and generate config
tow init
# Deploy to production
tow deploy -e prod -m api-server
# Instant rollback
tow rollback -e prod -m api-server
Zero Dependencies
Single binary. Only requires SSH access to your servers. No agents, no runtime, no Docker.
Auto-Detection
tow init scans your project and generates config for 10 languages, 40+ frameworks. Plus 35 infrastructure plugins (Kafka, Redis, MySQL, etc.).
Instant Rollback
Symlink-based atomic deployments. Switch to any previous version in milliseconds.
Secure by Default
Secrets never touch git. Environment variables, local overrides, SSH agent, and known_hosts verification built-in.
Multi-Environment
Dev, staging, production — each with its own servers, SSH keys, and branch policies.
Parallel & Safe
Deploy to multiple servers simultaneously. Built-in deploy locks prevent concurrent deploys.
How It Works
Local Machine Remote Server
───────────── ─────────────
1. build → compile/jar
2. package → tar.gz artifact
3. upload → ─── SCP ───→ ~/upload/module.tar.gz
4. install → ─── SSH ───→ deploy/20240626-101530/ (extract)
current → deploy/20240626-101530 (symlink)
5. stop/start → ─── SSH ───→ script/server stop → start
Rollback is instant — just switch the current symlink to any previous deployment directory.
Quick Start
# Install (pick one)
brew install neurosamAI/tap/tow # Homebrew
curl -fsSL https://raw.githubusercontent.com/neurosamAI/tow-cli/main/install.sh | bash # Script
npm install -g @neurosamai/tow # npm
go install github.com/neurosamAI/tow-cli/cmd/tow@latest # Go
# Initialize in your project directory
cd my-project
tow init # Or: tow init --with-ai (for Claude/MCP integration)
# Edit tow.yaml — set server IPs and SSH key paths
# Then deploy
tow auto -e dev -m my-project
Why Not…?
| Tow | Ansible | Capistrano | Kamal | |
|---|---|---|---|---|
| Single binary, zero deps | Yes | Python + pip | Ruby + Bundler | Ruby + Docker |
| Auto-detection | Yes | No | No | No |
| No Docker required | Yes | Yes | Yes | No |
| Multi-language native | 12 types | Manual | Ruby-first | Docker-only |
| Built-in health checks | 4 types | Manual | Plugin | HTTP only |
| Instant rollback | Symlink | Re-run playbook | Symlink | Container swap |
| AI agent support (MCP) | Yes | No | No | No |
Real-World Scenarios
“We have 3 Spring Boot services, Kafka, and Redis on 5 EC2 instances”
# One config file. That's it.
modules:
api-server:
type: springboot
port: 8080
batch-server:
type: springboot
port: 8081
kafka:
type: kafka
port: 9092
redis:
type: redis
port: 6379
tow auto -e prod # Deploy everything
tow status -e prod # Check everything
tow rollback -e prod -m api-server # Roll back just the API
With Ansible, this would require playbooks, roles, inventory files, and Jinja templates. With Tow, it’s one YAML file and one command.
“Someone deployed a feature branch to production last Friday”
environments:
prod:
branch_policy:
allowed: [main, hotfix/*]
Tow blocks the deploy before it starts. No post-mortem needed.
“Our new developer spent 2 days writing deployment scripts”
tow init # 5 seconds. Done.
Tow auto-detects everything — language, framework, build tool, monorepo modules — and generates a complete, working config.
Who Is This For?
- Teams deploying to EC2, DigitalOcean, Hetzner, or any Linux VMs
- Projects that don’t need (or aren’t ready for) Kubernetes
- Developers who want reliable deployments without learning Ansible/Terraform
- Startups that need something between manual SSH and full orchestration
- Polyglot teams running Java, Node.js, Python, Go, and Rust services together
Born from Real Experience
Tow is the Go rewrite of bash-based deployment systems used across multiple companies and projects — managing Spring Boot microservices, Kafka clusters, Redis, and monitoring stacks. The patterns are proven; the Go implementation is new (v0.1.0).
Every feature exists because a real production incident demanded it:
| Feature | The incident that demanded it |
|---|---|
| Deploy locking | Two developers deployed at the same time → inconsistent state across servers |
| Branch policies | Feature branch accidentally deployed to production on a Friday evening |
| Health checks | Deploy “succeeded” but app was crash-looping — nobody noticed for 30 minutes |
| Hierarchical config | Server 1 needed different JVM heap settings than server 2, but shared everything else |
| Instant rollback | Bad deploy took down the API — took 15 minutes to rebuild and redeploy the previous version |