diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 00000000..88f33140
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+@lucaspin
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 00000000..7cf705b4
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,16 @@
+on: [push, pull_request]
+name: Test
+jobs:
+  unit-testing:
+    runs-on: windows-latest
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.23.x
+      - name: Check out repository code
+        uses: actions/checkout@v2
+      - name: Install gotestsum
+        run: go install gotest.tools/gotestsum@latest
+      - name: Test
+        run: gotestsum --format short-verbose --packages="./..." -- -p 1
diff --git a/.gitignore b/.gitignore
index 570a6ba3..7fe7de22 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 /build
 /log
 agent
+.vagrant/
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 0e55ebd6..de3fd1bf 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,9 +1,11 @@
+version: 2
 project_name: agent
 before:
   hooks:
   - go get ./...
 builds:
-- env:
+- id: non-windows-build
+  env:
   - CGO_ENABLED=0
   ldflags:
      - -s -w -X main.VERSION={{.Tag}}
@@ -13,15 +15,49 @@ builds:
   goarch:
     - 386
     - amd64
+    - arm
+    - arm64
+    - ppc64le
+- id: windows-build
+  env:
+  - CGO_ENABLED=0
+  ldflags:
+     - -s -w -X main.VERSION={{.Tag}}
+  goos:
+    - windows
+  goarch:
+    - 386
+    - amd64
+    - arm
 
 archives:
-  - id: agent
-    name_template: '{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
-    replacements:
-      darwin: Darwin
-      linux: Linux
-      386: i386
-      amd64: x86_64
+  - id: non-windows-archive
+    builds:
+      - non-windows-build
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    files:
+      - README.md
+      - install.sh
+
+  - id: windows-archive
+    builds:
+      - windows-build
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    files:
+      - README.md
+      - install.ps1
 
 checksum:
   name_template: '{{ .ProjectName }}_checksums.txt'
@@ -35,10 +71,13 @@ changelog:
     - Merge branch
 
 brews:
-  - github:
+  - repository:
       owner: semaphoreci
       name: homebrew-tap
-    folder: Formula
+    commit_author:
+      name: release-bot-agent
+      email: contact+release-bot-agent@renderedtext.com
+    directory: Formula
     homepage:  https://semaphoreci.com
     description: Semaphore 2.0 agent.
     test: |
diff --git a/.semaphore/release.yml b/.semaphore/release.yml
index 0154c61d..69c9f68b 100644
--- a/.semaphore/release.yml
+++ b/.semaphore/release.yml
@@ -2,8 +2,8 @@ version: "v1.0"
 name: Release
 agent:
   machine:
-    type: e1-standard-4
-    os_image: ubuntu1804
+    type: f1-standard-2
+    os_image: ubuntu2404
 blocks:
   - name: "Release"
     task:
@@ -11,14 +11,19 @@ blocks:
         - name: GO111MODULE
           value: "on"
       secrets:
-        - name: sem-robot-ghtoken
+        - name: github-release-bot-agent
+        - name: dockerhub-write
       prologue:
         commands:
-          - sem-version go 1.13
+          - sem-version go 1.23.8
           - "export GOPATH=~/go"
           - "export PATH=/home/semaphore/go/bin:$PATH"
           - checkout
       jobs:
-        - name: Sem Agent
+        - name: Release new version
           commands:
-            - curl -sL https://git.io/goreleaser | bash -s -- --rm-dist
+            - export GITHUB_TOKEN=$ACCESS_TOKEN
+            - curl -sL https://git.io/goreleaser | bash -s -- --clean
+            - echo $DOCKERHUB_PASSWORD | docker login -u $DOCKERHUB_USERNAME --password-stdin
+            - make docker.build
+            - make docker.push
diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
index fff7af9c..01b93609 100644
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@@ -2,11 +2,14 @@ version: v1.0
 name: Agent
 agent:
   machine:
-    type: e1-standard-2
-    os_image: ubuntu1804
+    type: f1-standard-2
+    os_image: ubuntu2404
+
+execution_time_limit:
+  minutes: 10
 
 blocks:
-  - name: "Tests"
+  - name: "Lint"
     dependencies: []
     task:
       env_vars:
@@ -15,18 +18,43 @@ blocks:
 
       prologue:
         commands:
-          - sem-version go 1.13
+          - sem-version go 1.24.12
           - checkout
-          - go version
-          - go get
-          - go build
 
       jobs:
-        - name: Unit Tests
+        - name: Lint
           commands:
-            - make test
+            - go install github.com/mgechev/revive@latest
+            - make lint
+
+  - name: "Security checks"
+    dependencies: []
+    task:
+      secrets:
+        - name: security-toolbox-shared-read-access
+      prologue:
+        commands:
+          - checkout
+          - mv ~/.ssh/security-toolbox ~/.ssh/id_rsa
+          - sudo chmod 600 ~/.ssh/id_rsa
+          - sem-version go 1.24.12
+      jobs:
+        - name: Check dependencies
+          commands:
+            - make check.deps
+        - name: Check code
+          commands:
+            - make check.static
+        - name: Check docker
+          commands:
+            - make docker.build
+            - make check.docker
+      epilogue:
+        always:
+          commands:
+            - 'if [ -f results.xml ]; then test-results publish --name="Security checks" results.xml; fi'
 
-  - name: "Shell Executor E2E tests"
+  - name: "Tests"
     dependencies: []
     task:
       env_vars:
@@ -35,45 +63,29 @@ blocks:
 
       prologue:
         commands:
-          - sem-version go 1.13
+          - sem-version go 1.24.12
           - checkout
           - go version
           - go get
           - go build
 
-      epilogue:
-        commands:
-          - docker exec -ti agent cat /tmp/agent_log
-
       jobs:
-        - name: Shell
+        - name: Unit Tests
           commands:
-            - "make e2e TEST=shell/$TEST"
-          matrix:
-            - env_var: TEST
-              values:
-                - command_aliases
-                - env_vars
-                - failed_job
-                - job_stopping
-                - file_injection
-                - file_injection_broken_file_mode
-                - stty_restoration
-                - epilogue_on_pass
-                - epilogue_on_fail
-                - ssh_jump_points
-                - unicode
-                - unknown_command
-                - broken_unicode
-                - killing_root_bash
-                - set_e
-                - set_pipefail
+            - go install gotest.tools/gotestsum@latest
+            - make test
+
+      epilogue:
+        always:
+          commands:
+            - test-results publish junit-report.xml
 
   - name: "Docker Executor E2E"
     dependencies: []
     task:
       secrets:
-        - name: aws-ecr-payground
+        - name: aws-ecr-agent-e2e-secret
+        - name: hellopuller
         - name: gcr-test-secret
         - name: docker-registry-test-secret
       env_vars:
@@ -84,28 +96,36 @@ blocks:
 
       prologue:
         commands:
-          - sem-version go 1.13
+          - sem-version go 1.24.12
           - checkout
           - go version
           - go get
           - go build
+          - mkdir /tmp/agent
 
       epilogue:
         commands:
-          - docker exec -ti agent cat /tmp/agent_log
+          - if [ "$TEST_MODE" = "api" ]; then docker exec -ti agent cat /tmp/agent_log; else docker logs e2e_support_agent_1; fi
+          - if [ "$TEST_MODE" = "api" ]; then echo "No hub"; else docker logs e2e_support_hub_1; fi
 
       jobs:
         - name: Docker
           commands:
             - "make e2e TEST=docker/$TEST"
           matrix:
+            - env_var: TEST_MODE
+              values:
+                - api
+                - listen
             - env_var: TEST
               values:
                 - hello_world
                 - command_aliases
                 - env_vars
                 - failed_job
+                - job_logs_as_artifact
                 - job_stopping
+                - job_stopping_on_epilogue
                 - file_injection
                 - file_injection_broken_file_mode
                 - stty_restoration
@@ -115,11 +135,12 @@ blocks:
                 - container_env_vars
                 - container_options
                 - dockerhub_private_image
-                - docker_registry_private_image
                 - docker_private_image_ecr
+                - docker_private_image_ecr_v2
+                - docker_private_image_ecr_account_id
+                - docker_private_image_ecr_account_id_v2
                 - docker_private_image_gcr
                 - dockerhub_private_image_bad_creds
-                - docker_registry_private_image_bad_creds
                 - docker_private_image_ecr_bad_creds
                 - docker_private_image_gcr_bad_creds
                 - ssh_jump_points
@@ -131,6 +152,134 @@ blocks:
                 - check_dev_kvm
                 - host_setup_commands
                 - multiple_containers
+                - compose_v1
+
+  - name: "Hosted E2E tests"
+    dependencies: []
+    task:
+      env_vars:
+        - name: GO111MODULE
+          value: "on"
+
+      prologue:
+        commands:
+          - sem-version go 1.24.12
+          - checkout
+          - go version
+          - go get
+          - go build
+          - mkdir /tmp/agent
+
+      epilogue:
+        commands:
+          - docker exec -ti agent cat /tmp/agent_log
+
+      jobs:
+        - name: Hosted
+          commands:
+            - "TEST_MODE=api make e2e TEST=hosted/$TEST"
+          matrix:
+            - env_var: TEST
+              values:
+                - ssh_jump_points
+                - job_logs_as_artifact_default
+                - job_logs_as_artifact_always
+                - job_logs_as_artifact_compressed
+                - job_logs_as_artifact_never
+                - job_logs_as_artifact_not_trimmed
+                - job_logs_as_artifact_trimmed
+
+  - name: "Self hosted E2E"
+    dependencies: []
+    task:
+      env_vars:
+        - name: GO111MODULE
+          value: "on"
+        - name: TEST_MODE
+          value: "listen"
+
+      prologue:
+        commands:
+          - sem-version go 1.24.12
+          - checkout
+          - go version
+          - go get
+          - go build
+          - mkdir /tmp/agent
+
+      epilogue:
+        commands:
+          - docker logs e2e_support_agent_1
+          - docker logs e2e_support_hub_1
+
+      jobs:
+        - name: Self hosted
+          commands:
+            - "make e2e TEST=self-hosted/$TEST"
+          matrix:
+            - env_var: TEST
+              values:
+                - docker_compose_host_env_vars
+                - docker_compose_host_files
+                - docker_compose_missing_host_files
+                - docker_compose_fail_on_missing_host_files
+
+  - name: "Kubernetes Executor E2E"
+    dependencies: []
+    task:
+      secrets:
+        - name: aws-ecr-agent-e2e-secret
+        - name: gcr-test-secret
+        - name: docker-registry-test-secret
+      env_vars:
+        - name: GO111MODULE
+          value: "on"
+        - name: TEST_MODE
+          value: "listen"
+        - name: AWS_REGION
+          value: "us-east-1"
+
+      prologue:
+        commands:
+          - sem-version go 1.24.12
+          - curl -sLO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && install minikube-linux-amd64 /tmp/
+          - /tmp/minikube-linux-amd64 config set WantUpdateNotification false
+          - /tmp/minikube-linux-amd64 start --driver=docker
+          - checkout
+          - mkdir /tmp/agent
+          # The docker container uses root, and not semaphore
+          - grep -rl "/home/semaphore" ~/.kube | xargs sed -i 's/home\/semaphore/root/g'
+          - grep -rl "/home/semaphore" ~/.minikube | xargs sed -i 's/home\/semaphore/root/g'
+
+      epilogue:
+        commands:
+          - docker logs e2e_support_agent_1
+          - docker logs e2e_support_hub_1
+
+      jobs:
+        - name: Kubernetes executor
+          commands:
+            - "make e2e TEST=kubernetes/$TEST"
+          matrix:
+            - env_var: TEST
+              values:
+                - shell__not-allowed
+                - shell__default-image
+                - docker_compose__env-vars
+                - docker_compose__epilogue
+                - docker_compose__file-injection
+                - docker_compose__multiple-containers
+                - job_logs_as_artifact
+                - private_image_gcr
+                - private_image_ecr_no_account_id
+                - private_image_ecr_with_account_id
+
+after_pipeline:
+  task:
+    jobs:
+      - name: Submit Reports
+        commands:
+          - test-results gen-pipeline-report
 
 promotions:
   - name: Release
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 00000000..54eed35c
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,35 @@
+# Repository Guidelines
+
+## Onboarding & Architecture Reference
+- Start by reading `DOCUMENTATION.md` for a walkthrough of architecture, component ownership, and common triage paths before tackling changes.
+- Keep the document handy when planning fixes; it maps package responsibilities, runtime flow, and gotchas you should re-check during reviews.
+
+## Project Structure & Module Organization
+- Root CLI entry point is `main.go`; domain logic lives under `pkg/` (e.g. `executors/`, `listener/`, `kubernetes/`) with packages named for their subsystem.
+- Runtime assets such as sample configs reside in `config.example.yaml`, release docs live in `docs/`, and Docker/Vagrant files support local environments; built binaries land in `build/`.
+- Tests and fixtures sit in `pkg/*/*_test.go` for unit coverage and Ruby E2E helpers in `test/` (see `test/e2e` and `test/e2e_support`).
+
+## Build, Test, and Development Commands
+- `make build` compiles a Linux CLI at `build/agent`; use `make build.windows` for a Windows artifact or `make docker.build.dev` for a dev image.
+- `make test` runs `gotestsum` across `./...` with a JUnit report; run `go test ./pkg/listener -run TestName` to iterate on a single package.
+- `make run JOB=<job-file>` executes the agent locally; `make serve` starts the API shim with a static auth token for manual workflows.
+- `make lint` executes `revive` with `lint.toml`; the `check.*` targets pull the security-toolbox for deeper audits when needed.
+
+## Coding Style & Naming Conventions
+- Target Go 1.23; always format with `gofmt` (or `go fmt ./...`) before pushing and organize imports with `goimports`.
+- Exported identifiers follow Go’s PascalCase, package-private helpers use camelCase, and test doubles mirror the production type names with `Fake` or `Stub` suffixes.
+- Keep configuration structs in `pkg/config` aligned with `config.example.yaml`; when introducing flags, add them to `pkg/server` command wiring.
+
+## Testing Guidelines
+- Co-locate `*_test.go` files with their packages and favor table-driven tests plus `testify` assertions already in use.
+- Aim to cover new branches and failure paths, especially around `pkg/executors` and `pkg/listener` which guard remote job execution.
+- For smoke verification against remote services, add or extend Ruby scripts in `test/e2e` and run with `make e2e TEST=<script>`; share new scripts in review.
+
+## Commit & Pull Request Guidelines
+- Follow the existing Conventional Commit style (`feat:`, `fix:`, `chore:`) and reference the PR number or issue in parentheses, e.g. `fix: harden retry backoff (#250)`.
+- Each PR should describe motivation, key changes, rollout considerations, and include `make test` / `make lint` output; attach logs or screenshots when touching user-facing behavior.
+- Update `CHANGELOG.md` when shipping externally visible changes and call out any config or API migrations in the PR checklist.
+
+## Security & Configuration Tips
+- Use `config.example.yaml` as a baseline; never commit real tokens or certificates—store overrides in local `.yaml` files ignored by git.
+- Rotate test certificates in `server.crt` / `server.key` if reused and prefer the supplied Docker targets (`docker.build`, `empty.ubuntu.machine`) for sandboxed validation.
diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md
new file mode 100644
index 00000000..fd6613a9
--- /dev/null
+++ b/DOCUMENTATION.md
@@ -0,0 +1,75 @@
+# Repository Architecture Notes
+
+## 1. High-Level Overview
+- Purpose: Semaphore self-hosted agent CLI written in Go 1.23; registers to the Semaphore SaaS, pulls jobs, runs them via pluggable executors, and reports status/logs.
+- Binaries: `main.go` builds a single `agent` CLI (see `make build`, `make build.windows`). Optional `serve` command spins up a lightweight local HTTP API (`pkg/server`) mainly for integration tests and hooks.
+- Configuration: Defaults come from `pkg/config/config.go`; runtime values flow from CLI flags (`pflag`), env vars (`SEMAPHORE_AGENT_*`), or a YAML file (`config.example.yaml` as template).
+
+## 2. Runtime Flow & Entry Points
+- `main.go` bootstraps logging, loads config, then either `RunListener` (default) or HTTP server handlers depending on CLI args.
+- `pkg/listener/listener.go` orchestrates lifecycle: registers the agent (`pkg/api`), long-polls for jobs, spawns `JobProcessor`.
+- `pkg/listener/job_processor.go` prepares workspace, applies hooks (pre/post job), initializes event logging, selects executor, streams updates back.
+- Graceful shutdown logic (signals, idle timeout) is centralized through `pkg/listener` and `shutdown_reason.go`.
+
+## 3. Core Packages & Responsibilities
+- `pkg/api`: HTTP client models for Semaphore endpoints (register agent, fetch job requests). Requires endpoint/token from config.
+- `pkg/jobs`: Domain model for jobs (commands, files, secrets) with helper logic around panic recovery and resource locks.
+- `pkg/executors`: Strategy interface plus implementations (`shell_executor`, `docker_compose_executor`, `kubernetes_executor`). Handles workspace setup, command execution, log streaming.
+- `pkg/eventlogger`: Multiplexed logging backends (in-memory, file, HTTP). Default pipeline: formatter → `httpbackend` (streams to Semaphore) with file or stdout mirrors.
+- `pkg/httputils`, `pkg/osinfo`, `pkg/random`, `pkg/retry`: shared utilities to keep domain packages focused.
+- `pkg/kubernetes`, `pkg/docker`, `pkg/aws`: helper modules invoked by executors for cluster API interactions, Docker Compose templating, and AWS metadata respectively.
+- `pkg/server`: Local HTTP server used for self-hosted coordination (`/jobs`, `/status` etc.), typically driven through `make serve` or tests.
+
+## 4. Job Lifecycle (Happy Path)
+1. Listener authenticates with `POST /agents/register` using token.
+2. Long polling obtains `JobRequest` (see `pkg/api/job_request.go`).
+3. Processor sets up workspace: downloads files (`pkg/listener.ParseFiles`), exports env vars, runs pre-job hook if configured.
+4. Executor runs commands (selected from job payload). Shell executor runs directly on host; Docker Compose builds ephemeral services; Kubernetes executor schedules pods using supplied pod spec and allowed image list.
+5. Event logs are appended via `pkg/eventlogger.Logger`, forwarded to Semaphore and optionally flushed to disk.
+6. Post-job hook runs, artifacts/log uploads occur if enabled (`config.UploadJobLogs*`).
+7. Processor reports status, acknowledges completion; listener loops for next job or exits based on disconnect flags.
+
+## 5. Configuration & Secrets
+- CLI flags defined in `RunListener`; env vars map 1:1 via `SEMAPHORE_AGENT_<FLAG>` (dashes become underscores).
+- File injections support `--files path:dest` pairs; validation handled in `pkg/listener/files.go`.
+- Hooks (`--shutdown-hook-path`, `--pre-job-hook-path`, `--post-job-hook-path`) execute via shell; when `--source-pre-job-hook` is set, the script runs within the current shell.
+- Sensitive data (tokens, certs) must never be committed—use local overrides. Example config lives in repository solely for documentation.
+
+## 6. Logging & Metrics
+- Logging uses `logrus` with levels derived from `SEMAPHORE_AGENT_LOG_LEVEL`; defaults to info, writes to rotating file under `$TMPDIR/agent_log` unless overridden.
+- Event logs leverage chunked HTTP uploads, with optional plain-text file backup (`pkg/eventlogger/filebackend`).
+- StatsD support is provided via `gopkg.in/alexcesaro/statsd.v2` (see `pkg/listener/selfhostedapi` for references).
+
+## 7. Testing Strategy
+- Unit tests co-located with code (`*_test.go`). `test` target runs via `gotestsum` capturing JUnit reports.
+- Integration/end-to-end tests live in `test/e2e` (Ruby scripts) with Docker Compose helpers under `test/e2e_support`. Trigger using `make e2e TEST=<script>`.
+- Static analysis: `make lint` (revive). Security/regression suites via `make check.static`, `check.deps`, `check.docker` requiring `renderedtext/security-toolbox`.
+- Benchmarks example: `make test.bench`, mostly targeting performance hotspots like event logging.
+
+## 8. Build, Packaging & Release
+- `Makefile` contains canonical targets for building cross-platform binaries, docker images (`docker.build`, `docker.push`), and release tagging (`release.minor/major/patch`).
+- Docker images use `Dockerfile.self_hosted` for production, `Dockerfile.dev` for local dev, `Dockerfile.ecr` for AWS integration tests, and `Dockerfile.empty_ubuntu` for sandbox experiments.
+- Release automation integrates with Semaphore pipelines; tagging triggers builds that publish to GitHub and Homebrew via scripts referenced in `README.md`.
+
+## 9. Key Directories & Files
+- `docs/`: supplemental guides (currently Kubernetes executor details).
+- `examples/`: sample configurations/scripts for self-hosted deployments.
+- `scripts/`: utility scripts for CI/CD tasks, log collection, or environment bootstrapping.
+- `config.example.yaml`: baseline YAML demonstrating all config fields.
+- `lint.toml`: revive configuration (style rules, ignores).
+- `large_log.txt`: fixture for event logger performance tests.
+- `run*/`: captured logs/traces from local executions—safe to ignore unless debugging historical failures.
+
+## 10. Common Pitfalls & Tips
+- Many commands assume Docker/Compose availability; ensure local environment mirrors production (see `empty.ubuntu.machine` target).
+- Kubernetes executor requires `SEMAPHORE_KUBECONFIG` or in-cluster config plus allowed image regexes; missing configs lead to pod creation failures early in the job run.
+- When modifying job processing, keep concurrency limits and interrupt handling in mind (`InterruptionGracePeriod`, `DisconnectAfterIdleTimeout`).
+- Event logger writes large buffers; prefer streaming to avoid memory bloat. See recent commit `fix: improve eventlogger.GeneratePlainTextFile()` for context on large files.
+- Before touching release scripts, review `CHANGELOG.md` and follow semantic versioning via `make tag.*` targets.
+
+## 11. Getting Oriented Quickly
+- Start debugging by running `make serve` + `make run JOB=test/job.json` using fixtures in `examples/` to reproduce flows.
+- Trace a job end-to-end via `pkg/listener/listener.go:Run()` (entry point), `pkg/listener/job_processor.go:Process()`, and chosen executor implementation.
+- For API schema updates, adjust `pkg/api` models first; downstream packages (`pkg/jobs`, `pkg/executors`) typically only consume typed structs.
+- Use `pkg/eventlogger/test_helpers.go` to stub logging when writing tests around job execution.
+- Architecture diagram suggestion: Listener ↔ Semaphore API ↔ Executor ↔ Workspace; keep this mental model handy.
diff --git a/Dockerfile.dev b/Dockerfile.dev
new file mode 100644
index 00000000..78904955
--- /dev/null
+++ b/Dockerfile.dev
@@ -0,0 +1,27 @@
+FROM ubuntu:22.04
+
+ARG USERNAME=semaphore
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+# Create the user
+RUN groupadd --gid $USER_GID $USERNAME && \
+  useradd --uid $USER_UID --gid $USER_GID -m $USERNAME
+
+RUN apt-get update -y && apt-get install -y ca-certificates curl
+RUN update-ca-certificates
+
+# kubectl is required to be present in the container running the agent
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+RUN install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+
+# Install Semaphore agent
+RUN mkdir -p /opt/semaphore
+ADD build/agent /opt/semaphore/agent
+RUN chown ${USER_UID}:${USER_GID} /opt/semaphore
+
+USER $USERNAME
+WORKDIR /home/semaphore
+HEALTHCHECK NONE
+
+CMD ["/opt/semaphore/agent", "start", "--config-file", "/opt/semaphore/semaphore-agent.yml"]
diff --git a/Dockerfile.ecr b/Dockerfile.ecr
new file mode 100644
index 00000000..add7cd0b
--- /dev/null
+++ b/Dockerfile.ecr
@@ -0,0 +1,7 @@
+FROM python:3
+
+RUN apt-get update && \
+  apt-get install curl -y && \
+  curl -sSL https://get.docker.com/ | sh && \
+  apt-get install -y ssh && \
+  pip install docker-compose awscli
diff --git a/Dockerfile.empty_ubuntu b/Dockerfile.empty_ubuntu
new file mode 100644
index 00000000..09155fe4
--- /dev/null
+++ b/Dockerfile.empty_ubuntu
@@ -0,0 +1,7 @@
+FROM ubuntu:22.04
+
+RUN apt-get update -qy
+RUN apt-get install -y ca-certificates openssh-client
+RUN update-ca-certificates
+
+WORKDIR /app
diff --git a/Dockerfile.self_hosted b/Dockerfile.self_hosted
new file mode 100644
index 00000000..e3262234
--- /dev/null
+++ b/Dockerfile.self_hosted
@@ -0,0 +1,27 @@
+FROM ubuntu:22.04
+
+ARG USERNAME=semaphore
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+# Create the user
+RUN groupadd --gid $USER_GID $USERNAME && \
+  useradd --uid $USER_UID --gid $USER_GID -m $USERNAME
+
+RUN apt-get update -y && apt-get upgrade -y && apt-get install -y --no-install-recommends ca-certificates curl
+RUN update-ca-certificates
+
+# kubectl is required to be present in the container running the agent
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+RUN install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+
+# Install Semaphore agent
+RUN mkdir -p /opt/semaphore
+COPY build/agent /opt/semaphore/agent
+RUN chown ${USER_UID}:${USER_GID} /opt/semaphore
+
+USER $USERNAME
+WORKDIR /home/semaphore
+HEALTHCHECK NONE
+
+CMD ["/opt/semaphore/agent", "start", "--config-file", "/opt/semaphore/semaphore-agent.yml"]
diff --git a/Dockerfile.test b/Dockerfile.test
index 04656c90..ae2696a3 100644
--- a/Dockerfile.test
+++ b/Dockerfile.test
@@ -3,8 +3,28 @@ FROM python:3
 RUN apt-get update && \
   apt-get install curl -y && \
   curl -sSL https://get.docker.com/ | sh && \
-  apt-get install -y ssh && \
-  pip install docker-compose awscli
+  apt-get install -y ssh docker-compose-plugin && \
+  # Install standalone docker-compose for backward compatibility
+  curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && \
+  chmod +x /usr/local/bin/docker-compose && \
+  # pin pyyaml to 5.3.1 until https://github.com/yaml/pyyaml/issues/724 is fixed
+  pip install pyyaml==5.3.1 && \
+  pip install awscli
+
+# By default, sshd runs on port 22, we need it to run on port 2222
+RUN sed -i 's/#Port 22/Port 2222/g' /etc/ssh/sshd_config
+
+# kubectl is required to be present in the container running the agent
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
+  install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+
+# Semaphore toolbox should also be available
+RUN curl -sL https://github.com/semaphoreci/toolbox/releases/latest/download/self-hosted-linux.tar -o toolbox.tar && \
+  tar -xf toolbox.tar && \
+  mv toolbox /root/.toolbox && \
+  /root/.toolbox/install-toolbox && \
+  echo 'source ~/.toolbox/toolbox' >> /root/.bash_profile && \
+  rm toolbox.tar
 
 ADD server.key /app/server.key
 ADD server.crt /app/server.crt
@@ -12,4 +32,4 @@ ADD build/agent /app/agent
 
 WORKDIR /app
 
-CMD service ssh restart && ./agent serve
+CMD ["sh", "-c", "service ssh restart && ./agent serve --port 30000"]
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 00000000..34345f54
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2024 Semaphore Technologies
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/Makefile b/Makefile
index 8e2c8107..f6d8e69f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,12 +1,40 @@
+.PHONY: e2e
 AGENT_PORT_IN_TESTS=30000
 AGENT_SSH_PORT_IN_TESTS=2222
 
-go.install:
-	cd /tmp
-	sudo curl -O https://dl.google.com/go/go1.11.linux-amd64.tar.gz
-	sudo tar -xf go1.11.linux-amd64.tar.gz
-	sudo mv go /usr/local
-	cd -
+SECURITY_TOOLBOX_BRANCH ?= master
+SECURITY_TOOLBOX_TMP_DIR ?= /tmp/security-toolbox
+
+AGENT_VERSION=dev
+ifneq ($(SEMAPHORE_GIT_TAG_NAME),)
+	AGENT_VERSION=$(SEMAPHORE_GIT_TAG_NAME)
+endif
+
+check.prepare:
+	rm -rf $(SECURITY_TOOLBOX_TMP_DIR)
+	git clone git@github.com:renderedtext/security-toolbox.git $(SECURITY_TOOLBOX_TMP_DIR) && (cd $(SECURITY_TOOLBOX_TMP_DIR) && git checkout $(SECURITY_TOOLBOX_BRANCH) && cd -)
+
+check.static: check.prepare
+	docker run -it -v $$(pwd):/app \
+		-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
+		registry.semaphoreci.com/ruby:2.7 \
+		bash -c 'cd /app && $(SECURITY_TOOLBOX_TMP_DIR)/code --language go -d'
+
+check.deps: check.prepare
+	docker run -it -v $$(pwd):/app \
+		-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
+		registry.semaphoreci.com/ruby:2.7 \
+		bash -c 'cd /app && $(SECURITY_TOOLBOX_TMP_DIR)/dependencies --language go -d'
+
+check.docker: check.prepare
+	docker run -it -v $$(pwd):/app \
+		-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
+		-v /var/run/docker.sock:/var/run/docker.sock \
+		registry.semaphoreci.com/ruby:2.7 \
+		bash -c 'cd /app && $(SECURITY_TOOLBOX_TMP_DIR)/docker -d --image semaphoreci/agent:latest --skip-files Dockerfile.ecr,Dockerfile.test,Dockerfile.dev,test/hub_reference/Dockerfile,Dockerfile.empty_ubuntu,/usr/local/bin/kubectl'
+
+lint:
+	revive -formatter friendly -config lint.toml ./...
 
 run:
 	go run *.go run $(JOB)
@@ -17,34 +45,61 @@ serve:
 .PHONY: serve
 
 test:
-	go test -short -v ./...
+	gotestsum --format short-verbose --junitfile junit-report.xml --packages="./..." -- -p 1
 .PHONY: test
 
+test.bench:
+	go test -benchmem -run=^$$ -bench . ./... -count=10
+
 build:
 	rm -rf build
-	go build -o build/agent main.go
+	env GOOS=linux GOARCH=386 go build -o build/agent main.go
 .PHONY: build
 
-docker.build: build
-	-docker stop agent
-	-docker rm agent
-	docker build -t agent -f Dockerfile.test .
-.PHONY: docker.build
+build.windows:
+	rm -rf build
+	env GOOS=windows GOARCH=amd64 go build -o build/agent.exe main.go
+
+e2e: build
+	ruby test/e2e/$(TEST).rb
 
-docker.run: docker.build
-	-docker stop agent
-	docker run --privileged --device /dev/ptmx -v /tmp/agent-temp-directory/:/tmp/agent-temp-directory -v /var/run/docker.sock:/var/run/docker.sock -p $(AGENT_PORT_IN_TESTS):8000 -p $(AGENT_SSH_PORT_IN_TESTS):22 --name agent -tdi agent bash -c "service ssh restart && nohup ./agent serve --auth-token-secret 'TzRVcspTmxhM9fUkdi1T/0kVXNETCi8UdZ8dLM8va4E' & sleep infinity"
-	sleep 2
-.PHONY: docker.run
+e2e.listen.mode.logs:
+	docker-compose -f test/e2e_support/docker-compose-listen.yml logs -f
 
-docker.clean:
-	-docker stop $$(docker ps -q)
-	-docker rm $$(docker ps -qa)
-.PHONY: docker.clean
+#
+# An ubuntu environment that has the ./build/agent CLI mounted.
+# This environment is ideal for testing self-hosted agents without the fear
+# that some runaway command will mess up your dev environment.
+#
+empty.ubuntu.machine:
+	docker run --rm -v $(PWD):/app -ti empty-ubuntu-self-hosted-agent /bin/bash
 
-e2e: docker.clean docker.run
-	ruby test/e2e/$(TEST).rb
-.PHONY: e2e
+empty.ubuntu.machine.build:
+	docker build -f Dockerfile.empty_ubuntu -t empty-ubuntu-self-hosted-agent .
+
+ecr.test.build:
+	docker build -f Dockerfile.ecr -t agent-testing .
+
+ecr.test.push:
+	aws ecr get-login-password --region $(AWS_REGION) | docker login --username AWS --password-stdin $(AWS_ECR_REGISTRY)
+	docker tag agent-testing:latest $(AWS_ECR_REGISTRY)/agent-testing:latest
+	docker push $(AWS_ECR_REGISTRY)/agent-testing:latest
+
+# Helpful when developing and testing locally
+docker.build.dev:
+	docker build -f Dockerfile.dev -t semaphoreci/agent:dev .
+
+#
+# Docker Release
+#
+docker.build:
+	env GOOS=linux GOARCH=amd64 go build -ldflags='-s -w -X "main.VERSION=$(AGENT_VERSION)"' -o build/agent main.go
+	docker build -f Dockerfile.self_hosted -t semaphoreci/agent:latest .
+
+docker.push:
+	docker tag semaphoreci/agent:latest semaphoreci/agent:$(AGENT_VERSION)
+	docker push semaphoreci/agent:$(AGENT_VERSION)
+	docker push semaphoreci/agent:latest
 
 release.major:
 	git fetch --tags
diff --git a/README.md b/README.md
index 5566589b..e8664002 100644
--- a/README.md
+++ b/README.md
@@ -1,44 +1,54 @@
-# Semaphore 2.0 Agents
+# Semaphore 2.0 Agent
 
 Base agent responsibilities:
 
-- [x] Run jobs
-- [x] Provide output logs
-- [x] Run a server
-- [x] Inject env variables
-- [x] Inject files
-- [x] Run epilogue commands
-- [x] Set up an SSH jump-point
+- Run jobs
+- Provide output logs
+- Run a server
+- Inject env variables
+- Inject files
+- Run epilogue commands
+- Set up an SSH jump-point (only available in hosted environment)
 
 Docker Based CI/CD:
 
-- [x] Run commands in docker container
-- [x] Start multiple docker containers, connect them via DNS
-- [x] Checkout source code, run tests
-- [x] Inject files and environments variables
-- [x] Pull private docker images
-- [x] Store and restore files from cache
-- [x] Build docker in docker
-- [x] Upload docker images from docker
-- [x] Set up an SSH jump-point
+- Run commands in docker container
+- Start multiple docker containers, connect them via DNS
+- Checkout source code, run tests
+- Inject files and environments variables
+- Pull private docker images
+- Store and restore files from cache (only available in hosted environment for now)
+- Build docker in docker
+- Upload docker images from docker
+- Set up an SSH jump-point (only available in hosted version)
 
 ## Usage
 
-``` bash
-agent [command] [flag]
-```
+This agent is intended to be used in two environments: hosted or self hosted.
 
-Commands:
+### Hosted environment
 
-``` txt
-  version   Print Agent version
-  serve     Start server
-  run       Runs a single job
-```
+In the hosted environment, the agent runs inside Semaphore's infrastructure, starting an HTTP server that receives jobs in HTTP requests. The [`agent serve`](#agent-serve-flags) command is used to run the agent in that scenario.
+
+### Self hosted environment
+
+In the self hosted environment, you control where you run it and no HTTP server is started; that way, all communication happens from the agent to Semaphore and no HTTP endpoint is required to exist inside your infrastructure.
+
+The [`agent start`](#agent-start-flags) command is used to run the agent in that scenario.
+
+## Commands
+
+### `agent start [flags]`
+
+Starts the agent in a self hosted environment. The agent will register itself with Semaphore and periodically sync with Semaphore. No HTTP server is started and exposed. Read more about it [in the docs](https://docs.semaphoreci.com/ci-cd-environment/self-hosted-agents-overview).
+
+### `agent serve [flags]`
+
+Starts the agent as an HTTP server that receives requests in HTTP requests. Intended only to run jobs in Semaphore's own infrastructure. If you are looking for the command to run the agent in a self hosted environment, check [`agent start`](#agent-start-params).
 
 Flags:
 
-``` txt
+```txt
  --auth-token-secret  Auth token for accessing the server (required)
  --port               Set a custom port (default 8000)
  --host               Set the bind address to a specific IP (default 0.0.0.0)
@@ -47,6 +57,7 @@ Flags:
  --statsd-host        The host where to send StatsD metrics.
  --statsd-port        The port where to send StatsD metrics.
  --statsd-namespace   The prefix to be added to every StatsD metric.
+```
 
 Start with defaults:
 
@@ -54,10 +65,7 @@ Start with defaults:
 agent serve --auth-token-secret 'myJwtToken'
 ```
 
-## SSH jump-points
-
-When a job starts, the public SSH keys sent with the Job Request are injected
-into the '~/.ssh/authorized_keys'.
+When a job starts, the public SSH keys sent with the Job Request are injected into the `~/.ssh/authorized_keys`.
 
 After that, a jump point for accessing the job is set up. For shell based
 executors this is a simple `bash --login`. For docker compose based executors,
@@ -66,12 +74,10 @@ executes `docker-compose exec <name> bash --login`.
 
 To SSH into an agent, use:
 
-``` bash
+```bash
 ssh -t -p <port> <ip> bash /tmp/ssh_jump_point
 ```
 
-### Collecting Statds Metrics from the Agent
-
 If configured, the Agent can publish the following StatsD metrics:
 
 - compose_ci.docker_pull.duration, tagged with: [image name]
@@ -85,7 +91,16 @@ To configure Statsd publishing provide the following command-line flags to the A
 
 Example Usage:
 
-agent start --statsd-host "192.1.1.9" --statsd-port 8192 --statsd-namespace "agent.prod"
+```
+agent serve --statsd-host "192.1.1.9" --statsd-port 8192 --statsd-namespace "agent.prod"
+```
 
 If StatsD flags are not provided, the Agent will not publish any StatsD metric.
 
+### `agent run [path]`
+
+Runs a single job. Useful for debugging or agent development. It takes the path to the job request YAML file as an argument
+
+### `agent version`
+
+Prints out the agent version
diff --git a/Vagrantfile b/Vagrantfile
new file mode 100644
index 00000000..b3f3824f
--- /dev/null
+++ b/Vagrantfile
@@ -0,0 +1,8 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # https://github.com/gusztavvargadr/packer/
+  config.vm.box = "gusztavvargadr/windows-server-2019-standard"
+  config.vm.provision "shell", path: "scripts/provision-windows-box.ps1"
+end
diff --git a/config.example.yaml b/config.example.yaml
new file mode 100644
index 00000000..ae485742
--- /dev/null
+++ b/config.example.yaml
@@ -0,0 +1,8 @@
+endpoint: ""
+token: ""
+no-https: false
+shutdown-hook-path: ""
+disconnect-after-job: false
+env-vars: []
+files: []
+fail-on-missing-files: false
diff --git a/docs/kubernetes-executor.md b/docs/kubernetes-executor.md
new file mode 100644
index 00000000..542b9227
--- /dev/null
+++ b/docs/kubernetes-executor.md
@@ -0,0 +1,249 @@
+The Kubernetes executor creates a new Kubernetes pod to run every job it receives. Usually, the agents themselves run inside the Kubernetes cluster, but you can also run Semaphore jobs in Kubernetes pods while the agent runs somewhere else.
+
+- [Requirements](#requirements)
+- [Permissions](#permissions)
+- [Limitations](#limitations)
+- [Configuration](#configuration)
+  - [--kubernetes-executor](#--kubernetes-executor)
+  - [--kubernetes-pod-start-timeout](#--kubernetes-pod-start-timeout)
+  - [--kubernetes-pod-spec](#--kubernetes-pod-spec)
+- [Examples](#examples)
+  - [Specifying containers](#specifying-containers)
+  - [Configuring image pull policies](#configuring-image-pull-policies)
+  - [Using environment variables](#using-environment-variables)
+  - [Using files](#using-files)
+  - [Enforcing resource constraints](#enforcing-resource-constraints)
+  - [Using volumes and volume mounts](#using-volumes-and-volume-mounts)
+  - [Use private images](#use-private-images)
+    - [Semaphore secrets](#semaphore-secrets)
+    - [Use a manually created Kubernetes secret](#use-a-manually-created-kubernetes-secret)
+  - [Restricting images used in jobs](#restricting-images-used-in-jobs)
+  - [Default image used in jobs](#default-image-used-in-jobs)
+
+## Requirements
+
+- The `kubectl` CLI needs to be available in the pod/host where the agent is running.
+- `bash` and `git` should be available in the main container used for the job.
+- In self-hosted environments, the [Semaphore toolbox](https://github.com/semaphoreci/toolbox) is not automatically installed during the beginning of the job, so it should be already available in the image being used for the job. Alternatively, you can use a pre-job hook to install it.
+- The [GitHub SSH keys](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints) should be available in the image used for the job, to avoid having to manually verifying GitHub hosts.
+
+## Permissions
+
+The Kubernetes permissions required by the agent to use the Kubernetes executor are:
+
+```yaml
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "create", "delete"]
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["create"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create", "delete"]
+```
+
+## Limitations
+
+- Running system-level software such as systemd and Docker requires privileged access to the Kubernetes nodes, which is not safe. If you need to run those workflows, consider using the [agent-aws-stack](https://github.com/renderedtext/agent-aws-stack) or [sysbox](https://github.com/nestybox/sysbox).
+
+## Configuration
+
+### --kubernetes-executor
+
+A flag to enable the Kubernetes executor. If not specified, the agent will follow its default mode: using the shell executor to run jobs without containers, and the docker-compose executor to run jobs with containers.
+
+If the agent is running inside a Kubernetes pod, it uses the service account Kubernetes gives to pods to create the Kubernetes client. If the agent is not running inside a Kubernetes pod, it will use the `~/.kube/config` file to authenticate with the Kubernetes cluster.
+
+### --kubernetes-pod-start-timeout
+
+By default, the Kubernetes executor waits for 300s for the pod to be ready to run the Semaphore job. If the pod doesn't come up in time, the Semaphore job will fail. That value can be configured with the Semaphore agent `--kubernetes-pod-start-timeout` parameter, which accepts a number of seconds.
+
+### --kubernetes-pod-spec
+
+By default, all the information to create the pod comes from the Semaphore YAML. More specifically, from the containers specified in the Semaphore YAML. However, you might need to configure the pod and the containers in it further. You can do that with the `--kubernetes-pod-spec` parameter.
+
+That parameter receives the name of a Kubernetes config map with additional configuration for the main container, sidecar containers and the pod itself:
+
+```yaml
+apiVersion: core/v1
+kind: ConfigMap
+metadata:
+  name: pod-spec-decorator-for-semaphore-jobs
+data:
+  mainContainer: ""
+  sidecarContainers: ""
+  pod: ""
+```
+
+Each of the keys in the config map decorate a specific part of the pod created for the Semaphore job, and receive a string containing a YAML document:
+- The `mainContainer` key allows you to specify the fields in the [Kubernetes container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core) where the job commands will execute.
+- The `sidecarContainers` key allows you to specify the fields in the [Kubernetes containers](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core) used as sidecars.
+- The `pod` key allows you to specify the fields in the [Kubernetes pod](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#pod-v1-core) created for the Semaphore job.
+
+> **Note**<br/>
+> The `--kubernetes-pod-spec` parameter does not override what comes from the Semaphore YAML. It only decorates it. If you want to reject jobs that use untrusted images, use the [--kubernetes-allowed-images](#configure-the-allowed-images) parameter.
+
+## Examples
+
+### Specifying containers
+
+The Kubernetes executor requires that containers are defined in the Semaphore YAML or that a [default image](#default-image-used-in-jobs) is configured. If neither a container nor a default image is provided, the job will fail.
+
+Here are the configurable fields in a container definition in the Semaphore YAML:
+
+```yaml
+containers:
+
+  # The first container (main) is where the commands will run.
+  # The only thing we need for that container is that it remains up,
+  # so we can `kubectl exec` into it, create a PTY, and run the commands.
+  # For that reason, we don't allow configuring the `entrypoint` and `command` fields of that container.
+  - name: main
+    image: ruby:2.7
+    env_vars: []
+
+  # For the additional containers, `entrypoint` and `command` can be configured as well.
+  - name: db
+    image: postgres:9.6
+    command: ""
+    entrypoint: ""
+    env_vars: []
+```
+
+More information about how to specify containers in the Semaphore YAML in the [public docs](https://docs.semaphoreci.com/ci-cd-environment/custom-ci-cd-environment-with-docker/).
+
+### Configuring image pull policies
+
+By default, no image pull policy is set on any of the containers in the pod. That means Kubernetes will use its default, which is `IfNotPresent`. You can use the `--kubernetes-pod-spec` parameter to specify them:
+
+```yaml
+kind: ConfigMap
+metadata:
+  name: pod-spec-decorator-for-semaphore-jobs
+data:
+  mainContainer: |
+    imagePullPolicy: Never
+  sidecarContainers: |
+    imagePullPolicy: Never
+```
+
+### Using environment variables
+
+You can use [Semaphore secrets](https://docs.semaphoreci.com/essentials/using-secrets/) or the Semaphore YAML's [env_vars](https://docs.semaphoreci.com/essentials/environment-variables/) to pass environment variables to your jobs, just like in cloud jobs.
+
+If you want to provide additional environment variables configured on the agent side, you can use the `--kubernetes-pod-spec` agent configuration parameter:
+
+```yaml
+kind: ConfigMap
+metadata:
+  name: pod-spec-for-semaphore-job
+data:
+  # Add environment variables to the main container.
+  # These will only be available in the container where the Semaphore job runs.
+  mainContainer: |
+    env:
+      - name: FOO
+        value: BAR
+
+  # You can also add environment variables to the sidecar containers in the pod.
+  # These will be added to all sidecar containers.
+  sidecarContainers: |
+    env:
+      - name: FOO
+        value: BAR
+```
+
+The environment variables specified with this approach will be appended to the ones specified in the Semaphore YAML (if any).
+
+### Using files
+
+You can use [Semaphore secrets](https://docs.semaphoreci.com/essentials/using-secrets/) to provide files to your job, just like in cloud jobs. Additionally, if you want to provide files to jobs from the agent side, you can use the `--kubernetes-pod-spec` agent parameter to decorate the pod spec.
+
+For example, if you have a Kubernetes secret called `secret-file`, you can inject that secret into the main container running the job using the pod spec config map:
+
+```yaml
+kind: ConfigMap
+metadata:
+  name: pod-spec-for-semaphore-job
+data:
+  mainContainer: |
+    volumeMounts:
+      - name: myfile
+        mountPath: /app/files
+  pod: |
+    volumes:
+      - name: myfile
+        secret:
+          secretName: secret-file
+```
+
+All keys in the `secret-file` Kubernetes secret will be injected into the `/app/files` directory as files.
+
+### Enforcing resource constraints
+
+Use the `--kubernetes-pod-spec` agent parameter:
+
+```yaml
+kind: ConfigMap
+metadata:
+  name: pod-spec-for-semaphore-job
+data:
+  mainContainer: |
+    resources:
+      limits:
+        cpu: "0.5"
+        memory: 500Mi
+      requests:
+        cpu: "0.25"
+        memory: 250Mi
+  sidecarContainers: |
+    resources:
+      limits:
+        cpu: "0.1"
+        memory: 100Mi
+      requests:
+        cpu: "0.1"
+        memory: 100Mi
+```
+
+### Using volumes and volume mounts
+
+See the [files](#use-files) section.
+
+### Use private images
+
+If the image being used to run the job is private, authentication is required to pull it.
+
+#### Semaphore secrets
+
+You can create a Semaphore secret containing the credentials to authenticate to your registry, and use it in your Semaphore YAML's [image_pull_secrets](https://docs.semaphoreci.com/ci-cd-environment/custom-ci-cd-environment-with-docker/#pulling-private-docker-images-from-dockerhub). When using this appproach, the Kubernetes executor will create a temporary Kubernetes secret to store the credentials, and use it to pull the images. When the job finishes, the Kubernetes secret will be deleted.
+
+> **Note**<br/>
+> This is the only way to use ECR images, since ECR doesn't allow long-lived tokens for authentication.
+
+#### Use a manually created Kubernetes secret
+
+You can also manually create a Kubernetes secret with your registry's credentials, and use the `--kubernetes-pod-spec` agent configuration parameter to use it:
+
+```yaml
+kind: ConfigMap
+metadata:
+  name: pod-spec-decorator-for-semaphore-jobs
+data:
+  pod: |
+    imagePullSecrets:
+      - my-k8s-registry-secret
+```
+
+### Restricting images used in jobs
+
+By default, the Kubernetes executor accepts all images specified in the Semaphore YAML. If you want to restrict the images used in the jobs executed by your agents, you can use the `--kubernetes-allowed-images`.
+
+That parameter takes a list of regular expressions. If the image specified in the Semaphore YAML matches one of the expressions, it is allowed. For example, if you want to restrict jobs to only use images from a `custom-registry-1.com` registry, you can use `--kubernetes-allowed-images ^custom-registry-1\.com\/(.+)`
+
+### Default image used in jobs
+
+The Kubernetes executor will fail if you do not specify an image in the Semaphore YAML. To set a default image for agents, use the `--kubernetes-default-image` parameter.
+
+The parameter accepts the name of an image. For example: `registry.semaphoreci.com/ubuntu:22.04`
diff --git a/docs/requirments.md b/docs/requirments.md
deleted file mode 100644
index d8e374d9..00000000
--- a/docs/requirments.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# Requirments
-
-This doc lists and explains the reasons for deprecating our current Job Runner
-in favor of Semaphore Agents.
-
-Topics:
-
-- Agents in enterprise installations
-- Running compose style CI and executing commands without Net::SSH
-- Log collection and Live log for Agents (exploration of the resumable log collection to increase stability)
-- DevOps overhead with Ruby
-- Running Agents inside vs. outside of KVM images
-- Open source code base for Agents and how to handle proprietery KVM managment
-- Installation of Agents and security
-- Support for multiple & extendable Agent backends
-  - Kubernetes backend
-  - NoVM backend
-  - KVM backend
-  - Docker backend
-  - SSH backend
-  - Docker Compose backend
-  - Docker swarm backend
-  - iOS
-  - Windows
diff --git a/examples/dockercompose/hello_world.yaml b/examples/dockercompose/hello_world.yaml
index 156e5fd9..916b3373 100644
--- a/examples/dockercompose/hello_world.yaml
+++ b/examples/dockercompose/hello_world.yaml
@@ -24,6 +24,6 @@ epilogue_commands:
   - directive: "echo 'hello world'"
 
 callbacks:
-  started: "https://httpbin.org/status/200"
-  finished: "https://httpbin.org/status/200"
-  teardown_finished: "https://httpbin.org/status/200"
+  started: "https://httpbingo.org/status/200"
+  finished: "https://httpbingo.org/status/200"
+  teardown_finished: "https://httpbingo.org/status/200"
diff --git a/examples/failure.yaml b/examples/failure.yaml
index 86682c6f..6d5a93ad 100644
--- a/examples/failure.yaml
+++ b/examples/failure.yaml
@@ -16,5 +16,5 @@ epilogue_commands:
   - directive: "echo 'hello world'"
 
 callbacks:
-  started: "https://httpbin.org/status/200"
-  finished: "https://httpbin.org/status/200"
+  started: "https://httpbingo.org/status/200"
+  finished: "https://httpbingo.org/status/200"
diff --git a/examples/shell/hello_world.yaml b/examples/shell/hello_world.yaml
index a9c4653a..8f8a3132 100644
--- a/examples/shell/hello_world.yaml
+++ b/examples/shell/hello_world.yaml
@@ -19,6 +19,6 @@ epilogue_commands:
   - directive: "echo 'hello world'"
 
 callbacks:
-  started: "https://httpbin.org/status/200"
-  finished: "https://httpbin.org/status/200"
-  teardown_finished: "https://httpbin.org/status/200"
+  started: "https://httpbingo.org/status/200"
+  finished: "https://httpbingo.org/status/200"
+  teardown_finished: "https://httpbingo.org/status/200"
diff --git a/go.mod b/go.mod
index 3eb919e3..030598f4 100644
--- a/go.mod
+++ b/go.mod
@@ -1,18 +1,79 @@
 module github.com/semaphoreci/agent
 
 require (
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
+	github.com/cenkalti/backoff/v4 v4.2.1
+	github.com/creack/pty v1.1.18
 	github.com/ghodss/yaml v1.0.0
-	github.com/gorilla/handlers v1.4.0
-	github.com/gorilla/mux v1.6.2
-	github.com/kr/pty v1.1.3
-	github.com/renderedtext/go-watchman v0.0.0-20200730135545-ce6ef348090b
-	github.com/sethgrid/pester v0.0.0-20190127155807-68a33a018ad0
-	github.com/spf13/pflag v1.0.3
-	github.com/stretchr/testify v1.6.1
-	golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613
-	golang.org/x/sys v0.0.0-20190204103248-980327fe3c65 // indirect
-	gopkg.in/yaml.v2 v2.2.2
+	github.com/golang-jwt/jwt/v4 v4.5.2
+	github.com/gorilla/handlers v1.5.1
+	github.com/gorilla/mux v1.8.0
+	github.com/hashicorp/go-version v1.6.0
+	github.com/mitchellh/panicwrap v1.0.0
+	github.com/renderedtext/go-watchman v0.0.0-20221222100224-451a6f3c8d92
+	github.com/sirupsen/logrus v1.9.3
+	github.com/spf13/pflag v1.0.5
+	github.com/spf13/viper v1.17.0
+	github.com/stretchr/testify v1.8.4
+	golang.org/x/sys v0.31.0
+	gopkg.in/yaml.v3 v3.0.1
+	k8s.io/api v0.26.2
+	k8s.io/apimachinery v0.26.2
+	k8s.io/client-go v0.26.2
 )
 
-go 1.13
+require (
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/felixge/httpsnoop v1.0.2 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
+	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/sagikazarmark/locafero v0.3.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.10.0 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/multierr v1.9.0 // indirect
+	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
+	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/oauth2 v0.27.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/alexcesaro/statsd.v2 v2.0.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/klog/v2 v2.80.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
+	k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect
+	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)
+
+go 1.23.12
diff --git a/go.sum b/go.sum
index 8ce24eb8..3aada118 100644
--- a/go.sum
+++ b/go.sum
@@ -1,37 +1,622 @@
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
+github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
+github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
+github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o=
+github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
+github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gorilla/handlers v1.4.0 h1:XulKRWSQK5uChr4pEgSE4Tc/OcmnU9GJuSwdog/tZsA=
-github.com/gorilla/handlers v1.4.0/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/kr/pty v1.1.3 h1:/Um6a/ZmD5tF7peoOJ5oN5KMQ0DrGVQSXLNwyckutPk=
-github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
+github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
+github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
+github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
+github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng=
+github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
+github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
+github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
+github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
+github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
+github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
+github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/panicwrap v1.0.0 h1:67zIyVakCIvcs69A0FGfZjBdPleaonSgGlXRSRlb6fE=
+github.com/mitchellh/panicwrap v1.0.0/go.mod h1:pKvZHwWrZowLUzftuFq7coarnxbBXU4aQh3N0BJOeeA=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
+github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo=
+github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
+github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg=
+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/renderedtext/agent v0.10.3 h1:IEE0tpbVYsul4EwH0p69vJd5SCUiHRtOb+wzp5ggIXQ=
-github.com/renderedtext/go-watchman v0.0.0-20200730135545-ce6ef348090b h1:sZjcW+SvItRxFg0QPm5WvntUclh9FNfXKjHNdMHF7Dg=
-github.com/renderedtext/go-watchman v0.0.0-20200730135545-ce6ef348090b/go.mod h1:03mXTO745K1BK5zKy7Z6/uaMCw05BNhvGyC4A3AwVxo=
-github.com/sethgrid/pester v0.0.0-20190127155807-68a33a018ad0 h1:X9XMOYjxEfAYSy3xK1DzO5dMkkWhs9E9UCcS1IERx2k=
-github.com/sethgrid/pester v0.0.0-20190127155807-68a33a018ad0/go.mod h1:Ad7IjTpvzZO8Fl0vh9AzQ+j/jYZfyp2diGwI8m5q+ns=
-github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/renderedtext/go-watchman v0.0.0-20221222100224-451a6f3c8d92 h1:OmDghaSHy96nHV+ZnXBKQnXBLvuSQNdFZRYIQiDDXsg=
+github.com/renderedtext/go-watchman v0.0.0-20221222100224-451a6f3c8d92/go.mod h1:Z+qanDzSoUGCbcrTM7G6YCA9ST2KBdte7sCz+HQAp7I=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ=
+github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY=
+github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
+github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
+github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI=
+github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI=
+github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613 h1:MQ/ZZiDsUapFFiMS+vzwXkCTeEKaum+Do5rINYJDmxc=
-golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/sys v0.0.0-20190204103248-980327fe3c65 h1:kWe3kjq30rdgl/nMB+ZR7kWcMnlZZ35LNkvwLN7yBco=
-golang.org/x/sys v0.0.0-20190204103248-980327fe3c65/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
+go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
+golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
+golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc=
 gopkg.in/alexcesaro/statsd.v2 v2.0.0/go.mod h1:i0ubccKGzBVNBpdGV5MocxyA/XlLUJzA7SLonnE4drU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
+k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
+k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
+k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
+k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
+k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
+k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
+k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
+k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
+k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs=
+k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/install.ps1 b/install.ps1
new file mode 100644
index 00000000..72333f77
--- /dev/null
+++ b/install.ps1
@@ -0,0 +1,97 @@
+$ProgressPreference = 'SilentlyContinue'
+$ErrorActionPreference = "Stop"
+$InstallationDirectory = $PSScriptRoot
+
+#
+# Assert required variables are set
+#
+if (Test-Path env:SemaphoreEndpoint) {
+  $SemaphoreEndpoint = $env:SemaphoreEndpoint
+} else {
+  if (-not (Test-Path env:SemaphoreOrganization)) {
+    Write-Warning 'Either $env:SemaphoreOrganization or $env:SemaphoreEndpoint needs to be specified. Exiting...'
+    Exit 1
+  }
+
+  $SemaphoreEndpoint = "$env:SemaphoreOrganization.semaphoreci.com"
+  Write-Warning "`$env:SemaphoreEndpoint not set, using '$SemaphoreEndpoint'"
+}
+
+if (-not (Test-Path env:SemaphoreRegistrationToken)) {
+  Write-Warning 'Registration token cannot be empty, set $env:SemaphoreRegistrationToken. Exiting...'
+  Exit 1
+}
+
+#
+# Set defaults in case some variables are not set
+#
+if (Test-Path env:SemaphoreAgentDisconnectAfterJob) {
+  $DisconnectAfterJob = $env:SemaphoreAgentDisconnectAfterJob
+} else {
+  $DisconnectAfterJob = "false"
+}
+
+if (Test-Path env:SemaphoreAgentDisconnectAfterIdleTimeout) {
+  $DisconnectAfterIdleTimeout = $env:SemaphoreAgentDisconnectAfterIdleTimeout
+} else {
+  $DisconnectAfterIdleTimeout = 0
+}
+
+#
+# Download and unpack toolbox
+#
+$ToolboxDirectory = Join-Path $HOME ".toolbox"
+$InstallScriptPath = Join-Path $ToolboxDirectory "install-toolbox.ps1"
+
+Write-Output "> Toolbox will be installed at $ToolboxDirectory."
+if (Test-Path $ToolboxDirectory) {
+  Write-Output "> Toolbox already installed at $ToolboxDirectory. Overriding it..."
+  Remove-Item -Path $ToolboxDirectory -Force -Recurse
+}
+
+if (Test-Path env:SemaphoreToolboxVersion) {
+  Write-Output "> Downloading and unpacking $env:SemaphoreToolboxVersion toolbox..."
+  Invoke-WebRequest "https://github.com/semaphoreci/toolbox/releases/download/$env:SemaphoreToolboxVersion/self-hosted-windows.tar" -OutFile toolbox.tar
+} else {
+  Write-Output '> $env:SemaphoreToolboxVersion is not set. Downloading and unpacking latest toolbox...'
+  Invoke-WebRequest "https://github.com/semaphoreci/toolbox/releases/latest/download/self-hosted-windows.tar" -OutFile toolbox.tar
+}
+
+tar.exe -xf toolbox.tar -C $HOME
+Rename-Item "$HOME\toolbox" $ToolboxDirectory
+Remove-Item toolbox.tar -Force
+
+#
+# Install toolbox
+#
+Write-Output "> Installing toolbox..."
+& $InstallScriptPath
+
+#
+# Create agent config in current directory
+#
+$AgentConfig = @"
+endpoint: "$SemaphoreEndpoint"
+token: "$env:SemaphoreRegistrationToken"
+no-https: false
+shutdown-hook-path: "$env:SemaphoreAgentShutdownHook"
+disconnect-after-job: $DisconnectAfterJob
+disconnect-after-idle-timeout: $DisconnectAfterIdleTimeout
+env-vars: []
+files: []
+fail-on-missing-files: false
+"@
+
+$AgentConfigPath = Join-Path $InstallationDirectory "config.yaml"
+if (Test-Path $AgentConfigPath) {
+  Write-Output "> Agent configuration file already exists in $AgentConfigPath. Overriding it..."
+  Remove-Item -Path $AgentConfigPath -Force -Recurse
+}
+
+New-Item -ItemType File -Path $AgentConfigPath > $null
+Set-Content -Path $AgentConfigPath -Value $AgentConfig
+
+Write-Output "> Successfully installed the agent in $InstallationDirectory."
+Write-Output "
+  Start the agent with: $InstallationDirectory\agent.exe start --config-file $AgentConfigPath
+"
diff --git a/install.sh b/install.sh
new file mode 100755
index 00000000..b5c5c716
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,278 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+#
+# Creates a 'semaphore-agent' systemd service.
+# If it already exists, it will be overriden.
+# SEMAPHORE_AGENT_START controls whether the service will be started as well.
+#
+create_systemd_service() {
+  SYSTEMD_SERVICE=$(cat <<-END
+[Unit]
+Description=Semaphore agent
+After=network.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+Restart=$SEMAPHORE_AGENT_SYSTEMD_RESTART
+RestartSec=$SEMAPHORE_AGENT_SYSTEMD_RESTART_SEC
+User=$SEMAPHORE_AGENT_INSTALLATION_USER
+WorkingDirectory=$AGENT_INSTALLATION_DIRECTORY
+ExecStart=$AGENT_INSTALLATION_DIRECTORY/agent start --config-file $AGENT_CONFIG_PATH
+Environment=SEMAPHORE_AGENT_LOG_FILE_PATH=$AGENT_INSTALLATION_DIRECTORY/agent.log
+
+[Install]
+WantedBy=multi-user.target
+END
+  )
+
+  SYSTEMD_PATH=/etc/systemd/system
+  SERVICE_NAME=semaphore-agent
+  SYSTEMD_SERVICE_PATH=$SYSTEMD_PATH/$SERVICE_NAME.service
+
+  echo "Creating $SYSTEMD_SERVICE_PATH..."
+
+  if [[ -f "$SYSTEMD_SERVICE_PATH" ]]; then
+    echo "systemd service already exists at $SYSTEMD_SERVICE_PATH. Overriding it..."
+    echo "$SYSTEMD_SERVICE" > $SYSTEMD_SERVICE_PATH
+    systemctl daemon-reload
+    if [[ "$SEMAPHORE_AGENT_START" == "false" ]]; then
+      echo "Not restarting agent."
+    else
+      echo "Restarting semaphore-agent service..."
+      systemctl restart semaphore-agent
+    fi
+  else
+    echo "$SYSTEMD_SERVICE" > $SYSTEMD_SERVICE_PATH
+    if [[ "$SEMAPHORE_AGENT_START" == "false" ]]; then
+      echo "Not starting agent."
+    else
+      echo "Starting semaphore-agent service..."
+      systemctl start semaphore-agent
+    fi
+  fi
+}
+
+#
+# Creates a 'com.semaphoreci.agent' launchd daemon, at /Library/LaunchDaemons.
+# If it already exists, it will be overriden. SEMAPHORE_AGENT_START controls
+# whether the daemon will be started as well.
+#
+create_launchd_daemon() {
+  LAUNCHD_DAEMON_LABEL=com.semaphoreci.agent
+  LAUNCHD_DAEMON=$(cat <<-END
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>$LAUNCHD_DAEMON_LABEL</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>$AGENT_INSTALLATION_DIRECTORY/agent</string>
+    <string>start</string>
+    <string>--config-file</string>
+    <string>$AGENT_CONFIG_PATH</string>
+  </array>
+  <key>EnvironmentVariables</key>
+  <dict>
+    <key>SEMAPHORE_AGENT_LOG_FILE_PATH</key>
+    <string>$AGENT_INSTALLATION_DIRECTORY/agent.log</string>
+    <key>PATH</key>
+    <string>/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin</string>
+  </dict>
+  <key>RunAtLoad</key>
+  <false/>
+  <key>KeepAlive</key>
+  <dict>
+    <key>Crashed</key>
+    <true/>
+  </dict>
+  <key>UserName</key>
+  <string>$SEMAPHORE_AGENT_INSTALLATION_USER</string>
+  <key>WorkingDirectory</key>
+  <string>$AGENT_INSTALLATION_DIRECTORY</string>
+</dict>
+</plist>
+END
+  )
+
+  LAUNCHD_PATH=/Library/LaunchDaemons
+  LAUNCHD_DAEMON_PATH=$LAUNCHD_PATH/$LAUNCHD_DAEMON_LABEL.plist
+
+  echo "Creating $LAUNCHD_DAEMON_PATH..."
+
+  if [[ -f "$LAUNCHD_DAEMON_PATH" ]]; then
+    echo "launchd daemon already exists at $LAUNCHD_DAEMON_PATH. Overriding it..."
+    echo "$LAUNCHD_DAEMON" > $LAUNCHD_DAEMON_PATH
+
+    if [[ "$SEMAPHORE_AGENT_START" == "false" ]]; then
+      echo "Not starting/restarting $LAUNCHD_DAEMON_LABEL."
+    else
+      echo "Bootout $LAUNCHD_DAEMON_LABEL..."
+      launchctl bootout system $LAUNCHD_DAEMON_PATH || true
+
+      echo "Bootstrap $LAUNCHD_DAEMON_LABEL..."
+      launchctl bootstrap system $LAUNCHD_DAEMON_PATH
+
+      echo "Kickstart $LAUNCHD_DAEMON_LABEL..."
+      launchctl kickstart -k system/com.semaphoreci.agent
+    fi
+  else
+    echo "$LAUNCHD_DAEMON" > $LAUNCHD_DAEMON_PATH
+
+    if [[ "$SEMAPHORE_AGENT_START" == "false" ]]; then
+      echo "Not starting $LAUNCHD_DAEMON_LABEL."
+    else
+      echo "Bootstrap $LAUNCHD_DAEMON_LABEL service..."
+      launchctl bootstrap system $LAUNCHD_DAEMON_PATH
+
+      echo "Kickstart $LAUNCHD_DAEMON_LABEL service..."
+      launchctl kickstart -k system/com.semaphoreci.agent
+    fi
+  fi
+}
+
+# Find the toolbox URL based on operating system (linux/darwin) and architecture.
+# It also considers SEMAPHORE_TOOLBOX_VERSION. If not set, it uses the latest version.
+find_toolbox_url() {
+  local os=$(echo $DIST | tr '[:upper:]' '[:lower:]')
+  local tarball_name="self-hosted-${os}.tar"
+  if [[ ${ARCH} =~ "arm" || ${ARCH} == "aarch64" ]]; then
+    tarball_name="self-hosted-${os}-arm.tar"
+  fi
+
+  if [[ -z "${SEMAPHORE_TOOLBOX_VERSION}" ]]; then
+    echo "https://github.com/semaphoreci/toolbox/releases/latest/download/${tarball_name}"
+  else
+    echo "https://github.com/semaphoreci/toolbox/releases/download/${SEMAPHORE_TOOLBOX_VERSION}/${tarball_name}"
+  fi
+}
+
+#
+# Main script
+#
+
+DIST=$(uname)
+ARCH=$(uname -m)
+AGENT_INSTALLATION_DIRECTORY="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+
+if [[ "$EUID" -ne 0 ]]; then
+  echo "Please run with sudo."
+  exit 1
+fi
+
+if [[ -z $SEMAPHORE_ENDPOINT ]]; then
+  if [[ -z $SEMAPHORE_ORGANIZATION ]]; then
+    read -p "Enter organization: " SEMAPHORE_ORGANIZATION
+    if [[ -z $SEMAPHORE_ORGANIZATION ]]; then
+      echo "Organization cannot be empty."
+      exit 1
+    fi
+  fi
+
+  SEMAPHORE_ENDPOINT="$SEMAPHORE_ORGANIZATION.semaphoreci.com"
+fi
+
+if [[ -z $SEMAPHORE_REGISTRATION_TOKEN ]]; then
+  read -p "Enter registration token: " SEMAPHORE_REGISTRATION_TOKEN
+  if [[ -z $SEMAPHORE_REGISTRATION_TOKEN ]]; then
+    echo "Registration token cannot be empty."
+    exit 1
+  fi
+fi
+
+if [[ -z $SEMAPHORE_AGENT_INSTALLATION_USER ]]; then
+  LOGGED_IN_USER=$(logname)
+  read -p "Enter user [$LOGGED_IN_USER]: " SEMAPHORE_AGENT_INSTALLATION_USER
+  SEMAPHORE_AGENT_INSTALLATION_USER="${SEMAPHORE_AGENT_INSTALLATION_USER:=$LOGGED_IN_USER}"
+fi
+
+if ! id "$SEMAPHORE_AGENT_INSTALLATION_USER" &>/dev/null; then
+  echo "User $SEMAPHORE_AGENT_INSTALLATION_USER does not exist. Exiting..."
+  exit 1
+fi
+
+#
+# Download toolbox
+#
+USER_HOME_DIRECTORY=$(sudo -u $SEMAPHORE_AGENT_INSTALLATION_USER -H bash -c 'echo $HOME')
+TOOLBOX_DIRECTORY="$USER_HOME_DIRECTORY/.toolbox"
+if [[ -d "$TOOLBOX_DIRECTORY" ]]; then
+  echo "Toolbox was already installed at $TOOLBOX_DIRECTORY. Overriding it..."
+  rm -rf "$TOOLBOX_DIRECTORY"
+fi
+
+toolbox_url=$(find_toolbox_url)
+echo "Downloading toolbox from ${toolbox_url}..."
+curl -sL ${toolbox_url} -o toolbox.tar
+
+tar -xf toolbox.tar
+mv toolbox $TOOLBOX_DIRECTORY
+
+case $DIST in
+  Darwin)
+    sudo chown -R $SEMAPHORE_AGENT_INSTALLATION_USER $TOOLBOX_DIRECTORY
+    ;;
+  Linux)
+    sudo chown -R $SEMAPHORE_AGENT_INSTALLATION_USER:$SEMAPHORE_AGENT_INSTALLATION_USER $TOOLBOX_DIRECTORY
+    ;;
+esac
+
+sudo -u $SEMAPHORE_AGENT_INSTALLATION_USER -H bash $TOOLBOX_DIRECTORY/install-toolbox
+echo "source ~/.toolbox/toolbox" >> $USER_HOME_DIRECTORY/.bash_profile
+rm toolbox.tar
+
+#
+# Create agent config
+#
+SEMAPHORE_AGENT_DISCONNECT_AFTER_JOB=${SEMAPHORE_AGENT_DISCONNECT_AFTER_JOB:-false}
+SEMAPHORE_AGENT_DISCONNECT_AFTER_IDLE_TIMEOUT=${SEMAPHORE_AGENT_DISCONNECT_AFTER_IDLE_TIMEOUT:-0}
+AGENT_CONFIG=$(cat <<-END
+endpoint: "$SEMAPHORE_ENDPOINT"
+token: "$SEMAPHORE_REGISTRATION_TOKEN"
+no-https: false
+shutdown-hook-path: "$SEMAPHORE_AGENT_SHUTDOWN_HOOK"
+disconnect-after-job: $SEMAPHORE_AGENT_DISCONNECT_AFTER_JOB
+disconnect-after-idle-timeout: $SEMAPHORE_AGENT_DISCONNECT_AFTER_IDLE_TIMEOUT
+env-vars: []
+files: []
+fail-on-missing-files: false
+END
+)
+
+AGENT_CONFIG_PATH="$AGENT_INSTALLATION_DIRECTORY/config.yaml"
+echo "Creating agent config file at $AGENT_CONFIG_PATH..."
+echo "$AGENT_CONFIG" > $AGENT_CONFIG_PATH
+case $DIST in
+  Darwin)
+    sudo chown $SEMAPHORE_AGENT_INSTALLATION_USER $AGENT_CONFIG_PATH
+    ;;
+  Linux)
+    sudo chown $SEMAPHORE_AGENT_INSTALLATION_USER:$SEMAPHORE_AGENT_INSTALLATION_USER $AGENT_CONFIG_PATH
+    ;;
+esac
+
+SEMAPHORE_AGENT_SYSTEMD_RESTART=${SEMAPHORE_AGENT_SYSTEMD_RESTART:-always}
+SEMAPHORE_AGENT_SYSTEMD_RESTART_SEC=${SEMAPHORE_AGENT_SYSTEMD_RESTART_SEC:-60}
+
+#
+# Check if we can use some kind of service manager to run the agent.
+# We use systemd for Linux, and launchd for MacOS.
+#
+case $DIST in
+  Darwin)
+    create_launchd_daemon
+    ;;
+  Linux)
+    create_systemd_service
+    ;;
+  *)
+    echo "$DIST is not supported. You can still start the agent with '$AGENT_INSTALLATION_DIRECTORY/agent start --config $AGENT_CONFIG_PATH'."
+    ;;
+esac
+
+echo "Done."
diff --git a/lint.toml b/lint.toml
new file mode 100644
index 00000000..f28910b6
--- /dev/null
+++ b/lint.toml
@@ -0,0 +1,27 @@
+ignoreGeneratedHeader = false
+severity = "warning"
+confidence = 0.8
+errorCode = 1
+warningCode = 1
+
+[rule.blank-imports]
+[rule.context-as-argument]
+[rule.context-keys-type]
+[rule.dot-imports]
+[rule.error-return]
+[rule.error-strings]
+[rule.error-naming]
+# [rule.exported]
+[rule.if-return]
+[rule.increment-decrement]
+[rule.var-naming]
+[rule.var-declaration]
+[rule.range]
+[rule.receiver-naming]
+[rule.time-naming]
+[rule.unexported-return]
+[rule.indent-error-flow]
+[rule.errorf]
+
+[rule.package-comments]
+  Disabled = true
diff --git a/main.go b/main.go
index e255720a..4766b87c 100644
--- a/main.go
+++ b/main.go
@@ -1,44 +1,78 @@
 package main
 
 import (
+	"encoding/base64"
 	"fmt"
 	"io"
-	"log"
 	"math/rand"
+	"net/http"
+	"net/url"
 	"os"
+	"path"
+	"path/filepath"
+	"strings"
 	"time"
 
+	"github.com/mitchellh/panicwrap"
 	watchman "github.com/renderedtext/go-watchman"
 	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
+	"github.com/semaphoreci/agent/pkg/eventlogger"
 	jobs "github.com/semaphoreci/agent/pkg/jobs"
+	"github.com/semaphoreci/agent/pkg/kubernetes"
+	listener "github.com/semaphoreci/agent/pkg/listener"
 	server "github.com/semaphoreci/agent/pkg/server"
+	slices "github.com/semaphoreci/agent/pkg/slices"
+	log "github.com/sirupsen/logrus"
 	pflag "github.com/spf13/pflag"
+	"github.com/spf13/viper"
 )
 
 var VERSION = "dev"
+var HTTPUserAgent = fmt.Sprintf("SemaphoreAgent/%s", VERSION)
 
 func main() {
+	logfile := OpenLogfile()
+	log.SetOutput(logfile)
+	log.SetFormatter(new(eventlogger.CustomFormatter))
+	log.SetLevel(getLogLevel())
+
+	exitStatus, err := panicwrap.BasicWrap(panicHandler)
+	if err != nil {
+		panic(err)
+	}
+
+	// If exitStatus >= 0, then we're the parent process and the panicwrap
+	// re-executed ourselves and completed. Just exit with the proper status.
+	if exitStatus >= 0 {
+		os.Exit(exitStatus)
+	}
+
+	// Otherwise, exitStatus < 0 means we're the child. Continue executing as normal...
 	// Initialize global randomness
 	rand.Seed(time.Now().UnixNano())
 
 	action := os.Args[1]
 
-	logfile := OpenLogfile()
-	log.SetOutput(logfile)
-	log.SetFlags(log.Ldate | log.Lmicroseconds | log.Lshortfile)
+	httpClient := &http.Client{
+		Timeout: 30 * time.Second,
+	}
 
 	switch action {
+	case "start":
+		RunListener(httpClient, logfile)
 	case "serve":
-		RunServer(logfile)
+		RunServer(httpClient, logfile)
 	case "run":
-		RunSingleJob()
+		RunSingleJob(httpClient)
 	case "version":
 		fmt.Println(VERSION)
 	}
 }
 
 func OpenLogfile() io.Writer {
-	f, err := os.OpenFile("/tmp/agent_log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
+	// #nosec
+	f, err := os.OpenFile(getLogFilePath(), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
 
 	if err != nil {
 		log.Fatal(err)
@@ -47,7 +81,291 @@ func OpenLogfile() io.Writer {
 	return io.MultiWriter(f, os.Stdout)
 }
 
-func RunServer(logfile io.Writer) {
+func getLogLevel() log.Level {
+	logLevel := os.Getenv("SEMAPHORE_AGENT_LOG_LEVEL")
+	if logLevel == "" {
+		return log.InfoLevel
+	}
+
+	level, err := log.ParseLevel(logLevel)
+	if err != nil {
+		log.Fatalf("Log level %s not supported", logLevel)
+	}
+
+	return level
+}
+
+func getLogFilePath() string {
+	logFilePath := os.Getenv("SEMAPHORE_AGENT_LOG_FILE_PATH")
+	if logFilePath == "" {
+		return filepath.Join(os.TempDir(), "agent_log")
+	}
+
+	parentDirectory := path.Dir(logFilePath)
+	err := os.MkdirAll(parentDirectory, 0640)
+	if err != nil {
+		log.Panicf("Could not create directories to place log file in '%s': %v", logFilePath, err)
+	}
+
+	return logFilePath
+}
+
+func RunListener(httpClient *http.Client, logfile io.Writer) {
+	configFile := pflag.String(config.ConfigFile, "", "Config file")
+	_ = pflag.String(config.Name, "", "Name to use for the agent. If not set, a default random one is used.")
+	_ = pflag.String(config.NameFromEnv, "", "Specify name to use for the agent, using an environment variable. Deprecated, use SEMAPHORE_AGENT_NAME instead.")
+	_ = pflag.String(config.Endpoint, "", "Endpoint where agents are registered")
+	_ = pflag.String(config.Token, "", "Registration token")
+	_ = pflag.Bool(config.NoHTTPS, false, "Use http for communication")
+	_ = pflag.String(config.ShutdownHookPath, "", "Shutdown hook path")
+	_ = pflag.String(config.PreJobHookPath, "", "Pre-job hook path")
+	_ = pflag.String(config.PostJobHookPath, "", "Post-job hook path")
+	_ = pflag.Bool(config.DisconnectAfterJob, false, "Disconnect after job")
+	_ = pflag.String(config.JobID, "", "Request a specific job to run")
+	_ = pflag.Int(config.DisconnectAfterIdleTimeout, 0, "Disconnect after idle timeout, in seconds")
+	_ = pflag.Int(config.InterruptionGracePeriod, 0, "The grace period, in seconds, to wait after receiving an interrupt signal")
+	_ = pflag.StringSlice(config.EnvVars, []string{}, "Export environment variables in jobs")
+	_ = pflag.StringSlice(config.Files, []string{}, "Inject files into container, when using docker compose executor")
+	_ = pflag.Bool(config.FailOnMissingFiles, false, "Fail job if files specified using --files are missing")
+	_ = pflag.String(config.UploadJobLogs, config.UploadJobLogsConditionNever, "When should the agent upload the job logs as a job artifact. Default is never.")
+	_ = pflag.Bool(config.FailOnPreJobHookError, false, "Fail job if pre-job hook fails")
+	_ = pflag.Bool(config.SourcePreJobHook, false, "Execute pre-job hook in the current shell (using 'source <script>') instead of in a new shell (using 'bash <script>')")
+	_ = pflag.Bool(config.KubernetesExecutor, false, "Use Kubernetes executor")
+	_ = pflag.String(config.KubernetesPodSpec, "", "Use a Kubernetes configmap to decorate the pod created to run the Semaphore job")
+	_ = pflag.StringSlice(config.KubernetesAllowedImages, []string{}, "List of regexes for allowed images to use for the Kubernetes executor")
+	_ = pflag.StringSlice(config.KubernetesLabels, []string{}, "Add labels to resources created by the kubernetes executor")
+	_ = pflag.Int(
+		config.KubernetesPodStartTimeout,
+		config.DefaultKubernetesPodStartTimeout,
+		fmt.Sprintf("Timeout for the pod to be ready, in seconds. Default is %d.", config.DefaultKubernetesPodStartTimeout),
+	)
+	_ = pflag.String(config.KubernetesDefaultImage, "", "Default image to use in Kubernetes executor if no containers are specified in the job request")
+
+	pflag.Parse()
+
+	// Specifying configuration parameters with
+	// environment variables should also be possible through a SEMAPHORE_AGENT_ prefix,
+	// e.g., --endpoint can be specified with SEMAPHORE_AGENT_ENDPOINT.
+	viper.AutomaticEnv()
+	viper.SetEnvPrefix("SEMAPHORE_AGENT")
+
+	// Configuration parameters with a dash (-) in their name can also be configured
+	// For example, --disconnect-after-job can be configured through SEMAPHORE_AGENT_DISCONNECT_AFTER_JOB.
+	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
+
+	if *configFile != "" {
+		loadConfigFile(*configFile)
+	}
+
+	err := viper.BindPFlags(pflag.CommandLine)
+	if err != nil {
+		log.Fatalf("Error binding pflags: %v", err)
+	}
+
+	validateConfiguration()
+
+	if viper.GetString(config.Endpoint) == "" {
+		log.Fatal("Semaphore endpoint was not specified. Exiting...")
+	}
+
+	if viper.GetString(config.Token) == "" {
+		log.Fatal("Agent registration token was not specified. Exiting...")
+	}
+
+	if viper.GetInt(config.DisconnectAfterIdleTimeout) < 0 {
+		log.Fatal("Idle timeout can't be negative. Exiting...")
+	}
+
+	if viper.GetInt(config.KubernetesPodStartTimeout) < 0 {
+		log.Fatal("Kubernetes pod start timeout can't be negative. Exiting...")
+	}
+
+	scheme := "https"
+	if viper.GetBool(config.NoHTTPS) {
+		scheme = "http"
+	}
+
+	hostEnvVars, err := ParseEnvVars()
+	if err != nil {
+		log.Fatalf("Error parsing --env-vars: %v", err)
+	}
+
+	fileInjections, err := ParseFiles(viper.GetStringSlice(config.Files))
+	if err != nil {
+		log.Fatalf("Error parsing --files: %v", err)
+	}
+
+	kubernetesLabels, err := ParseLabels()
+	if err != nil {
+		log.Fatalf("Error parsing --%s: %v", config.KubernetesLabels, err)
+	}
+
+	config := listener.Config{
+		AgentName:                        getAgentName(),
+		Endpoint:                         viper.GetString(config.Endpoint),
+		Token:                            viper.GetString(config.Token),
+		RegisterRetryLimit:               30,
+		GetJobRetryLimit:                 10,
+		CallbackRetryLimit:               60,
+		Scheme:                           scheme,
+		ShutdownHookPath:                 viper.GetString(config.ShutdownHookPath),
+		PreJobHookPath:                   viper.GetString(config.PreJobHookPath),
+		PostJobHookPath:                  viper.GetString(config.PostJobHookPath),
+		DisconnectAfterJob:               viper.GetBool(config.DisconnectAfterJob),
+		JobID:                            viper.GetString(config.JobID),
+		DisconnectAfterIdleSeconds:       viper.GetInt(config.DisconnectAfterIdleTimeout),
+		InterruptionGracePeriod:          viper.GetInt(config.InterruptionGracePeriod),
+		EnvVars:                          hostEnvVars,
+		FileInjections:                   fileInjections,
+		FailOnMissingFiles:               viper.GetBool(config.FailOnMissingFiles),
+		UploadJobLogs:                    viper.GetString(config.UploadJobLogs),
+		FailOnPreJobHookError:            viper.GetBool(config.FailOnPreJobHookError),
+		SourcePreJobHook:                 viper.GetBool(config.SourcePreJobHook),
+		AgentVersion:                     VERSION,
+		UserAgent:                        HTTPUserAgent,
+		ExitOnShutdown:                   true,
+		KubernetesExecutor:               viper.GetBool(config.KubernetesExecutor),
+		KubernetesPodSpec:                viper.GetString(config.KubernetesPodSpec),
+		KubernetesImageValidator:         createImageValidator(viper.GetStringSlice(config.KubernetesAllowedImages)),
+		KubernetesPodStartTimeoutSeconds: viper.GetInt(config.KubernetesPodStartTimeout),
+		KubernetesLabels:                 kubernetesLabels,
+		KubernetesDefaultImage:           viper.GetString(config.KubernetesDefaultImage),
+	}
+
+	go func() {
+		_, err := listener.Start(httpClient, config)
+		if err != nil {
+			log.Panicf("Could not start agent: %v", err)
+		}
+	}()
+
+	select {}
+}
+
+func createImageValidator(expressions []string) *kubernetes.ImageValidator {
+	imageValidator, err := kubernetes.NewImageValidator(expressions)
+	if err != nil {
+		log.Panicf("Error creating image validator: %v", err)
+	}
+
+	return imageValidator
+}
+
+func loadConfigFile(configFile string) {
+	viper.SetConfigFile(configFile)
+	if err := viper.ReadInConfig(); err != nil {
+		if _, ok := err.(viper.ConfigFileNotFoundError); ok {
+			log.Fatalf("Couldn't find config file %s: %v", configFile, err)
+		} else {
+			log.Fatalf("Error reading config file %s: %v", configFile, err)
+		}
+	}
+}
+
+func validateConfiguration() {
+	for _, key := range viper.AllKeys() {
+		if !slices.Contains(config.ValidConfigKeys, key) {
+			log.Fatalf("Unrecognized option '%s'. Exiting...", key)
+		}
+	}
+
+	if viper.GetString(config.JobID) != "" && !viper.GetBool(config.DisconnectAfterJob) {
+		log.Fatalf("%s can only be used if %s is also used. Exiting...", config.JobID, config.DisconnectAfterJob)
+	}
+
+	uploadJobLogs := viper.GetString(config.UploadJobLogs)
+	if !slices.Contains(config.ValidUploadJobLogsCondition, uploadJobLogs) {
+		log.Fatalf(
+			"Unsupported value '%s' for '%s'. Allowed values are: %v. Exiting...",
+			uploadJobLogs,
+			config.UploadJobLogs,
+			config.ValidUploadJobLogsCondition,
+		)
+	}
+}
+
+func getAgentName() string {
+	// --name configuration parameter was specified.
+	agentName := viper.GetString(config.Name)
+	if agentName != "" {
+		if err := validateAgentName(agentName); err != nil {
+			log.Fatalf("Agent name validation failed: %v", err)
+		}
+
+		return agentName
+	}
+
+	// --name-from-env configuration parameter was passed.
+	// We need to fetch the actual name from the environment variable.
+	envVarName := viper.GetString(config.NameFromEnv)
+	if envVarName != "" {
+		agentName := os.Getenv(envVarName)
+		if err := validateAgentName(agentName); err != nil {
+			log.Fatalf("Agent name validation failed: %v", err)
+		}
+
+		return agentName
+	}
+
+	// No name was specified - we generate a random one.
+	log.Infof("Agent name was not assigned - using a random one.")
+	randomName, err := randomName()
+	if err != nil {
+		log.Fatalf("Error generating name for agent: %v", err)
+	}
+
+	return randomName
+}
+
+func ParseEnvVars() ([]config.HostEnvVar, error) {
+	vars := []config.HostEnvVar{}
+	for _, envVar := range viper.GetStringSlice(config.EnvVars) {
+		nameAndValue := strings.Split(envVar, "=")
+		if len(nameAndValue) != 2 {
+			return nil, fmt.Errorf("%s is not a valid environment variable", envVar)
+		}
+
+		vars = append(vars, config.HostEnvVar{
+			Name:  nameAndValue[0],
+			Value: nameAndValue[1],
+		})
+	}
+
+	return vars, nil
+}
+
+func ParseFiles(files []string) ([]config.FileInjection, error) {
+	fileInjections := []config.FileInjection{}
+	for _, file := range files {
+		hostPathAndDestination := strings.Split(file, ":")
+		if len(hostPathAndDestination) != 2 {
+			return nil, fmt.Errorf("%s is not a valid file injection", file)
+		}
+
+		fileInjections = append(fileInjections, config.FileInjection{
+			HostPath:    hostPathAndDestination[0],
+			Destination: hostPathAndDestination[1],
+		})
+	}
+
+	return fileInjections, nil
+}
+
+func ParseLabels() (map[string]string, error) {
+	labels := map[string]string{}
+	for _, label := range viper.GetStringSlice(config.KubernetesLabels) {
+		nameAndValue := strings.Split(label, "=")
+		if len(nameAndValue) != 2 {
+			return nil, fmt.Errorf("%s is not a valid label", label)
+		}
+
+		labels[nameAndValue[0]] = nameAndValue[1]
+	}
+
+	return labels, nil
+}
+
+func RunServer(httpClient *http.Client, logfile io.Writer) {
 	authTokenSecret := pflag.String("auth-token-secret", "", "Auth token for accessing the server")
 	port := pflag.Int("port", 8000, "Port of the server")
 	host := pflag.String("host", "0.0.0.0", "Host of the server")
@@ -56,6 +374,10 @@ func RunServer(logfile io.Writer) {
 	statsdHost := pflag.String("statsd-host", "", "Metrics Host")
 	statsdPort := pflag.String("statsd-port", "", "Metrics port")
 	statsdNamespace := pflag.String("statsd-namespace", "agent.prod", "The prefix to be added to every StatsD metric")
+	callbackRetryAttempts := pflag.Int("callback-retry-attempts", server.DefaultCallbackRetryAttempts, "Number of times to retry sending the callback after the job is finished")
+	preJobHookPath := pflag.String(config.PreJobHookPath, "", "The path to a pre-job hook script")
+	files := pflag.StringSlice(config.Files, []string{}, "Inject files into container, when using docker compose executor")
+	exposeKvmDevice := pflag.Bool(config.ExposeKvmDevice, true, "Expose /dev/kvm device, when using docker compose executor")
 
 	pflag.Parse()
 
@@ -67,29 +389,48 @@ func RunServer(logfile io.Writer) {
 		// Initialize watchman
 		err := watchman.Configure(*statsdHost, *statsdPort, *statsdNamespace)
 		if err != nil {
-			log.Printf("(err) Failed to configure statsd connection with watchman. Error: %s", err.Error())
+			log.Errorf("Failed to configure statsd connection with watchman. Error: %s", err.Error())
 		}
 	}
 
-	server.NewServer(
-		*host,
-		*port,
-		*tlsCertPath,
-		*tlsKeyPath,
-		VERSION,
-		logfile,
-		[]byte(*authTokenSecret),
-	).Serve()
+	fileInjections, err := ParseFiles(*files)
+	if err != nil {
+		log.Fatalf("Error parsing --files: %v", err)
+	}
+
+	log.Infof("Callback retry attempts: %d", *callbackRetryAttempts)
+
+	server.NewServer(server.ServerConfig{
+		Host:                  *host,
+		Port:                  *port,
+		UserAgent:             HTTPUserAgent,
+		TLSCertPath:           *tlsCertPath,
+		TLSKeyPath:            *tlsKeyPath,
+		Version:               VERSION,
+		LogFile:               logfile,
+		JWTSecret:             []byte(*authTokenSecret),
+		HTTPClient:            httpClient,
+		PreJobHookPath:        *preJobHookPath,
+		FileInjections:        fileInjections,
+		CallbackRetryAttempts: *callbackRetryAttempts,
+		ExposeKvmDevice:       *exposeKvmDevice,
+	}).Serve()
 }
 
-func RunSingleJob() {
+func RunSingleJob(httpClient *http.Client) {
 	request, err := api.NewRequestFromYamlFile(os.Args[2])
 
 	if err != nil {
 		panic(err)
 	}
 
-	job, err := jobs.NewJob(request)
+	job, err := jobs.NewJobWithOptions(&jobs.JobOptions{
+		Request:         request,
+		Client:          httpClient,
+		ExposeKvmDevice: true,
+		FileInjections:  []config.FileInjection{},
+	})
+
 	if err != nil {
 		panic(err)
 	}
@@ -98,3 +439,38 @@ func RunSingleJob() {
 
 	job.Run()
 }
+
+func panicHandler(output string) {
+	log.Printf("Child agent process panicked:\n\n%s\n", output)
+	os.Exit(1)
+}
+
+// base64 gives you 4 chars every 3 bytes, we want 20 chars, so 15 bytes
+const nameLength = 15
+
+func randomName() (string, error) {
+	buffer := make([]byte, nameLength)
+
+	// #nosec
+	_, err := rand.Read(buffer)
+
+	if err != nil {
+		return "", err
+	}
+
+	return base64.URLEncoding.EncodeToString(buffer), nil
+}
+
+func validateAgentName(name string) error {
+	// Do not apply length restriction on URLs.
+	if _, err := url.ParseRequestURI(name); err == nil {
+		return nil
+	}
+
+	// Not a URL - apply length restriction.
+	if len(name) < 8 || len(name) > 80 {
+		return fmt.Errorf("name should have between 8 and 80 characters. '%s' has %d", name, len(name))
+	}
+
+	return nil
+}
diff --git a/pkg/api/job_request.go b/pkg/api/job_request.go
index 5ab6edbc..395fa151 100644
--- a/pkg/api/job_request.go
+++ b/pkg/api/job_request.go
@@ -1,13 +1,16 @@
-package api
+package agentapi
 
 import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"io/fs"
 	"io/ioutil"
 	"path/filepath"
+	"strconv"
+	"strings"
 
-	yaml "gopkg.in/yaml.v2"
+	yaml "gopkg.in/yaml.v3"
 )
 
 type Container struct {
@@ -46,9 +49,41 @@ type File struct {
 	Mode    string `json:"mode" yaml:"mode"`
 }
 
+func (f *File) NormalizePath(homeDir string) string {
+	// convert path to platform-specific one first
+	path := filepath.FromSlash(f.Path)
+
+	if filepath.IsAbs(path) {
+		return path
+	}
+
+	if strings.HasPrefix(path, "~") {
+		return strings.ReplaceAll(path, "~", homeDir)
+	}
+
+	return filepath.Join(homeDir, path)
+}
+
+func (f *File) ParseMode() (fs.FileMode, error) {
+	fileMode, err := strconv.ParseUint(f.Mode, 8, 32)
+	if err != nil {
+		return 0, fmt.Errorf("bad file permission '%s'", f.Mode)
+	}
+
+	return fs.FileMode(fileMode), nil
+}
+
 type Callbacks struct {
 	Finished         string `json:"finished" yaml:"finished"`
 	TeardownFinished string `json:"teardown_finished" yaml:"teardown_finished"`
+	Token            string `json:"token" yaml:"token"`
+}
+
+type Logger struct {
+	Method         string `json:"method" yaml:"method"`
+	URL            string `json:"url" yaml:"url"`
+	Token          string `json:"token" yaml:"token"`
+	MaxSizeInBytes int    `json:"max_size_in_bytes" yaml:"max_size_in_bytes"`
 }
 
 type PublicKey string
@@ -58,7 +93,7 @@ func (p *PublicKey) Decode() ([]byte, error) {
 }
 
 type JobRequest struct {
-	ID            string      `json:"id" yaml:"id"`
+	JobID         string      `json:"job_id" yaml:"job_id"`
 	Executor      string      `json:"executor" yaml:"executor"`
 	Compose       Compose     `json:"compose" yaml:"compose"`
 	Commands      []Command   `json:"commands" yaml:"commands"`
@@ -71,6 +106,11 @@ type JobRequest struct {
 	EnvVars   []EnvVar  `json:"env_vars" yaml:"env_vars"`
 	Files     []File    `json:"files" yaml:"file"`
 	Callbacks Callbacks `json:"callbacks" yaml:"callbacks"`
+	Logger    Logger    `json:"logger" yaml:"logger"`
+}
+
+func (j *JobRequest) FindEnvVar(varName string) (string, error) {
+	return findEnvVar(j.EnvVars, varName)
 }
 
 func NewRequestFromJSON(content []byte) (*JobRequest, error) {
@@ -87,6 +127,8 @@ func NewRequestFromJSON(content []byte) (*JobRequest, error) {
 
 func NewRequestFromYamlFile(path string) (*JobRequest, error) {
 	filename, _ := filepath.Abs(path)
+
+	// #nosec
 	yamlFile, err := ioutil.ReadFile(filename)
 
 	jobRequest := &JobRequest{}
@@ -116,6 +158,56 @@ const ImagePullCredentialsStrategyGenericDocker = "GenericDocker"
 const ImagePullCredentialsStrategyECR = "AWS_ECR"
 const ImagePullCredentialsStrategyGCR = "GCR"
 
+func (c *ImagePullCredentials) ToCmdEnvVars() ([]string, error) {
+	envs := []string{}
+
+	for _, env := range c.EnvVars {
+		name := env.Name
+		value, err := env.Decode()
+		if err != nil {
+			return envs, fmt.Errorf("error decoding '%s': %v", env.Name, err)
+		}
+
+		envs = append(envs, fmt.Sprintf("%s=%s", name, string(value)))
+	}
+
+	return envs, nil
+}
+
+func (c *ImagePullCredentials) FindFile(path string) (string, error) {
+	for _, f := range c.Files {
+		if f.Path == path {
+			v, err := f.Decode()
+			if err != nil {
+				return "", fmt.Errorf("error decoding '%s': %v", path, err)
+			}
+
+			return string(v), nil
+		}
+	}
+
+	return "", fmt.Errorf("no file '%s' found", path)
+}
+
+func (c *ImagePullCredentials) FindEnvVar(varName string) (string, error) {
+	return findEnvVar(c.EnvVars, varName)
+}
+
+func findEnvVar(envVars []EnvVar, varName string) (string, error) {
+	for _, envVar := range envVars {
+		if envVar.Name == varName {
+			v, err := envVar.Decode()
+			if err != nil {
+				return "", fmt.Errorf("error decoding '%s': %v", varName, err)
+			}
+
+			return string(v), nil
+		}
+	}
+
+	return "", fmt.Errorf("no env var '%s' found", varName)
+}
+
 func (c *ImagePullCredentials) Strategy() (string, error) {
 	for _, e := range c.EnvVars {
 		if e.Name == "DOCKER_CREDENTIAL_TYPE" {
@@ -135,7 +227,7 @@ func (c *ImagePullCredentials) Strategy() (string, error) {
 			case ImagePullCredentialsStrategyGCR:
 				return ImagePullCredentialsStrategyGCR, nil
 			default:
-				return "", fmt.Errorf("Unknown DOCKER_CREDENTIAL_TYPE: '%s'", v)
+				return "", fmt.Errorf("unknown DOCKER_CREDENTIAL_TYPE: '%s'", v)
 			}
 		}
 	}
diff --git a/pkg/api/job_request_test.go b/pkg/api/job_request_test.go
new file mode 100644
index 00000000..6f84f5a4
--- /dev/null
+++ b/pkg/api/job_request_test.go
@@ -0,0 +1,123 @@
+package agentapi
+
+import (
+	"encoding/base64"
+	"path/filepath"
+	"runtime"
+	"testing"
+
+	assert "github.com/stretchr/testify/assert"
+)
+
+func Test__JobRequest(t *testing.T) {
+	homeDir := filepath.Join("/first", "second", "home")
+
+	t.Run("file path with ~ is normalized", func(t *testing.T) {
+		file := File{Path: "~/dir/somefile", Content: "", Mode: "0644"}
+		if runtime.GOOS == "windows" {
+			assert.Equal(t, file.NormalizePath(homeDir), "\\first\\second\\home\\dir\\somefile")
+		} else {
+			assert.Equal(t, file.NormalizePath(homeDir), "/first/second/home/dir/somefile")
+		}
+	})
+
+	t.Run("absolute file path remains the same", func(t *testing.T) {
+		if runtime.GOOS == "windows" {
+			file := File{Path: "C:\\first\\second\\home\\somefile", Content: "", Mode: "0644"}
+			assert.Equal(t, file.NormalizePath(homeDir), "C:\\first\\second\\home\\somefile")
+		} else {
+			file := File{Path: "/first/second/home/somefile", Content: "", Mode: "0644"}
+			assert.Equal(t, file.NormalizePath(homeDir), "/first/second/home/somefile")
+		}
+	})
+
+	t.Run("relative file path is put on home directory", func(t *testing.T) {
+		file := File{Path: "somefile", Content: "", Mode: "0644"}
+		if runtime.GOOS == "windows" {
+			assert.Equal(t, file.NormalizePath(homeDir), "\\first\\second\\home\\somefile")
+		} else {
+			assert.Equal(t, file.NormalizePath(homeDir), "/first/second/home/somefile")
+		}
+	})
+
+	t.Run("accepted file modes", func(t *testing.T) {
+		fileModes := []string{"0600", "0644", "0777"}
+		for _, fileMode := range fileModes {
+			file := File{Path: "somefile", Content: "", Mode: fileMode}
+			_, err := file.ParseMode()
+			assert.Nil(t, err)
+		}
+	})
+
+	t.Run("bad file modes", func(t *testing.T) {
+		fileModes := []string{"+x", "+r", "+w", "+rw"}
+		for _, fileMode := range fileModes {
+			file := File{Path: "somefile", Content: "", Mode: fileMode}
+			_, err := file.ParseMode()
+			assert.NotNil(t, err)
+		}
+	})
+}
+
+func Test__ImagePullCredentials(t *testing.T) {
+	t.Run("ToCmdEnvVars()", func(t *testing.T) {
+		// returns slice of key-value env vars
+		c := ImagePullCredentials{EnvVars: []EnvVar{
+			{Name: "FOO", Value: base64.StdEncoding.EncodeToString([]byte("FOO_VALUE"))},
+			{Name: "BAR", Value: base64.StdEncoding.EncodeToString([]byte("BAR_VALUE"))},
+		}}
+
+		envs, err := c.ToCmdEnvVars()
+		assert.NoError(t, err)
+		assert.Equal(t, envs, []string{"FOO=FOO_VALUE", "BAR=BAR_VALUE"})
+
+		// returns error
+		c = ImagePullCredentials{EnvVars: []EnvVar{
+			{Name: "FOO", Value: base64.StdEncoding.EncodeToString([]byte("FOO_VALUE"))},
+			{Name: "BAR", Value: "NOT_PROPERLY_ENCODED"},
+		}}
+
+		_, err = c.ToCmdEnvVars()
+		assert.ErrorContains(t, err, "error decoding 'BAR'")
+	})
+
+	t.Run("FindEnvVar()", func(t *testing.T) {
+		c := ImagePullCredentials{EnvVars: []EnvVar{
+			{Name: "FOO", Value: base64.StdEncoding.EncodeToString([]byte("FOO_VALUE"))},
+			{Name: "BAR", Value: "not-encoded-value"},
+		}}
+
+		// env var that exists returns no error
+		v, err := c.FindEnvVar("FOO")
+		assert.NoError(t, err)
+		assert.Equal(t, "FOO_VALUE", v)
+
+		// env var that exists, but is not properly encoded returns error
+		_, err = c.FindEnvVar("BAR")
+		assert.ErrorContains(t, err, "error decoding 'BAR'")
+
+		// env var that does not exist returns error
+		_, err = c.FindEnvVar("DOES_NOT_EXIST")
+		assert.ErrorContains(t, err, "no env var 'DOES_NOT_EXIST' found")
+	})
+
+	t.Run("FindFile()", func(t *testing.T) {
+		c := ImagePullCredentials{Files: []File{
+			{Path: "a/b/c", Content: base64.StdEncoding.EncodeToString([]byte("VALUE_1"))},
+			{Path: "d/e/f", Content: "not-encoded-value"},
+		}}
+
+		// file that exists returns no error
+		v, err := c.FindFile("a/b/c")
+		assert.NoError(t, err)
+		assert.Equal(t, "VALUE_1", v)
+
+		// file that exists, but is not properly encoded returns error
+		_, err = c.FindFile("d/e/f")
+		assert.ErrorContains(t, err, "error decoding 'd/e/f'")
+
+		// file that does not exist returns error
+		_, err = c.FindFile("does/not/exist")
+		assert.ErrorContains(t, err, "no file 'does/not/exist' found")
+	})
+}
diff --git a/pkg/aws/aws.go b/pkg/aws/aws.go
new file mode 100644
index 00000000..11c900ad
--- /dev/null
+++ b/pkg/aws/aws.go
@@ -0,0 +1,136 @@
+package aws
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+
+	versions "github.com/hashicorp/go-version"
+	api "github.com/semaphoreci/agent/pkg/api"
+	log "github.com/sirupsen/logrus"
+)
+
+func GetECRServerURL(credentials api.ImagePullCredentials) (string, error) {
+	region, err := credentials.FindEnvVar("AWS_REGION")
+	if err != nil {
+		return "", err
+	}
+
+	accountID, err := GetAccountID(credentials)
+	if err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com", accountID, region), nil
+}
+
+func GetECRLoginPassword(credentials api.ImagePullCredentials) (string, error) {
+	envs, err := credentials.ToCmdEnvVars()
+	if err != nil {
+		return "", err
+	}
+
+	cmd := exec.Command("bash", "-c", "aws ecr get-login-password --region $AWS_REGION")
+	cmd.Env = envs
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", fmt.Errorf("error executing aws ecr get-login-password: Output: %s - Error: %v", string(output), err)
+	}
+
+	return strings.TrimSuffix(string(output), "\n"), nil
+}
+
+func GetECRLoginCmd(credentials api.ImagePullCredentials) (string, error) {
+	awsV2, _ := versions.NewVersion("2.0.0")
+	awsCLIVersion, err := findAWSCLIVersion()
+	if err != nil {
+		return "", err
+	}
+
+	if awsCLIVersion.GreaterThanOrEqual(awsV2) {
+		accountID, err := GetAccountID(credentials)
+		if err != nil {
+			return "", err
+		}
+
+		/*
+		 * get-login-password was added in v1.17.10 and is the only command available in v2.
+		 * That command doesn't generate a docker login command by itself, only the password.
+		 * So we need to pipe that into the docker login command ourselves.
+		 * See: https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login-password.html.
+		 * The only difference here is that we need to determine the AWS account id for ourselves.
+		 */
+		return fmt.Sprintf(
+			`aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin %s.dkr.ecr.$AWS_REGION.amazonaws.com`,
+			accountID,
+		), nil
+	}
+
+	/*
+	 * get-login is only available in AWS CLI v1.
+	 * The way it works is it generates a token, and then prints the
+	 * docker login command to actually login. Note the extra $() around it.
+	 * This is to make sure we execute the output of that command as well.
+	 * See: https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html
+	 */
+	accountID, err := credentials.FindEnvVar("AWS_ACCOUNT_ID")
+	if err != nil {
+		return `$(aws ecr get-login --no-include-email --region $AWS_REGION)`, nil
+	}
+
+	/*
+	 * If AWS_ACCOUNT_ID is specified in the env vars, the registry is
+	 * possibly living in a separate AWS account, so we set --registry-ids.
+	 */
+	return fmt.Sprintf(`$(aws ecr get-login --no-include-email --region $AWS_REGION --registry-ids %s)`, accountID), nil
+}
+
+func GetAccountID(credentials api.ImagePullCredentials) (string, error) {
+	accountID, err := credentials.FindEnvVar("AWS_ACCOUNT_ID")
+	if err == nil {
+		return accountID, nil
+	}
+
+	accountID, err = getAccountIDFromSTS(credentials)
+	if err != nil {
+		return "", err
+	}
+
+	return accountID, nil
+}
+
+func getAccountIDFromSTS(credentials api.ImagePullCredentials) (string, error) {
+	envs, err := credentials.ToCmdEnvVars()
+	if err != nil {
+		return "", err
+	}
+
+	cmd := exec.Command("bash", "-c", "aws sts get-caller-identity --query Account --output text")
+	cmd.Env = envs
+
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Errorf("Error finding AWS account ID: Output: %s - Error: %v", string(output), err)
+		return "", err
+	}
+
+	return strings.TrimSuffix(string(output), "\n"), nil
+}
+
+func findAWSCLIVersion() (*versions.Version, error) {
+	cmd := exec.Command("bash", "-c", `aws --version 2>&1 | awk -F'[/ ]' '{print $2}'`)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Errorf("Error determing AWS CLI version: Output '%s' - Error: %v", string(output), err)
+		return nil, err
+	}
+
+	versionAsString := strings.TrimSuffix(string(output), "\n")
+	version, err := versions.NewVersion(versionAsString)
+	if err != nil {
+		log.Errorf("Error parsing AWS CLI version from '%s': %v", versionAsString, err)
+		return nil, err
+	}
+
+	return version, nil
+}
diff --git a/pkg/compression/gzip.go b/pkg/compression/gzip.go
new file mode 100644
index 00000000..234b670f
--- /dev/null
+++ b/pkg/compression/gzip.go
@@ -0,0 +1,40 @@
+package compression
+
+import (
+	"compress/gzip"
+	"fmt"
+	"io"
+	"os"
+)
+
+func Compress(rawFileName string) (string, error) {
+	// #nosec
+	rawFile, err := os.Open(rawFileName)
+	if err != nil {
+		return "", fmt.Errorf("error opening raw file %s: %v", rawFileName, err)
+	}
+
+	gzippedFileName := rawFileName + ".gz"
+
+	// #nosec
+	gzippedFile, err := os.Create(gzippedFileName)
+	if err != nil {
+		return "", fmt.Errorf("error creating file %s for compression: %v", gzippedFileName, err)
+	}
+
+	defer gzippedFile.Close()
+	gzipWriter := gzip.NewWriter(gzippedFile)
+	defer gzipWriter.Close()
+
+	_, err = io.Copy(gzipWriter, rawFile)
+	if err != nil {
+		return "", fmt.Errorf("error writing data into %s: %v", gzippedFileName, err)
+	}
+
+	err = gzipWriter.Flush()
+	if err != nil {
+		return "", fmt.Errorf("error flushing compressed data into %s: %v", gzippedFileName, err)
+	}
+
+	return gzippedFileName, nil
+}
diff --git a/pkg/compression/gzip_test.go b/pkg/compression/gzip_test.go
new file mode 100644
index 00000000..99e98a9f
--- /dev/null
+++ b/pkg/compression/gzip_test.go
@@ -0,0 +1,43 @@
+package compression
+
+import (
+	"compress/gzip"
+	"fmt"
+	"io"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func Test__Compress(t *testing.T) {
+	// create text file for compression
+	raw, err := os.CreateTemp(os.TempDir(), "*.txt")
+	require.NoError(t, err)
+
+	defer os.Remove(raw.Name())
+
+	content := ""
+	for i := 0; i < 100; i++ {
+		l := fmt.Sprintf("[%d] abcdefghijklmnopqrstuvwxyz\n", i)
+		raw.WriteString(l)
+		content += l
+	}
+
+	require.NoError(t, raw.Close())
+
+	// compress file
+	compressed, err := Compress(raw.Name())
+	require.NoError(t, err)
+
+	defer os.Remove(compressed)
+
+	// decompress and assert its contents are correct
+	f, err := os.Open(compressed)
+	require.NoError(t, err)
+	gzipReader, err := gzip.NewReader(f)
+	require.NoError(t, err)
+	text, err := io.ReadAll(gzipReader)
+	require.NoError(t, err)
+	require.Equal(t, content, string(text))
+}
diff --git a/pkg/config/config.go b/pkg/config/config.go
new file mode 100644
index 00000000..05949f97
--- /dev/null
+++ b/pkg/config/config.go
@@ -0,0 +1,109 @@
+package config
+
+import "os"
+
+const (
+	ConfigFile                 = "config-file"
+	Name                       = "name"
+	NameFromEnv                = "name-from-env"
+	Endpoint                   = "endpoint"
+	Token                      = "token"
+	NoHTTPS                    = "no-https"
+	ShutdownHookPath           = "shutdown-hook-path"
+	PreJobHookPath             = "pre-job-hook-path"
+	PostJobHookPath            = "post-job-hook-path"
+	DisconnectAfterJob         = "disconnect-after-job"
+	JobID                      = "job-id"
+	DisconnectAfterIdleTimeout = "disconnect-after-idle-timeout"
+	EnvVars                    = "env-vars"
+	Files                      = "files"
+	ExposeKvmDevice            = "expose-kvm-device"
+	FailOnMissingFiles         = "fail-on-missing-files"
+	UploadJobLogs              = "upload-job-logs"
+	FailOnPreJobHookError      = "fail-on-pre-job-hook-error"
+	SourcePreJobHook           = "source-pre-job-hook"
+	InterruptionGracePeriod    = "interruption-grace-period"
+	KubernetesExecutor         = "kubernetes-executor"
+	KubernetesPodSpec          = "kubernetes-pod-spec"
+	KubernetesAllowedImages    = "kubernetes-allowed-images"
+	KubernetesPodStartTimeout  = "kubernetes-pod-start-timeout"
+	KubernetesLabels           = "kubernetes-labels"
+	KubernetesDefaultImage     = "kubernetes-default-image"
+)
+
+const DefaultKubernetesPodStartTimeout = 300
+
+type ImagePullPolicy string
+
+const (
+	ImagePullPolicyNever        = "Never"
+	ImagePullPolicyAlways       = "Always"
+	ImagePullPolicyIfNotPresent = "IfNotPresent"
+)
+
+var ValidImagePullPolicies = []string{
+	ImagePullPolicyNever,
+	ImagePullPolicyAlways,
+	ImagePullPolicyIfNotPresent,
+}
+
+type UploadJobLogsCondition string
+
+const (
+	UploadJobLogsConditionNever       = "never"
+	UploadJobLogsConditionAlways      = "always"
+	UploadJobLogsConditionWhenTrimmed = "when-trimmed"
+)
+
+var ValidUploadJobLogsCondition = []string{
+	UploadJobLogsConditionNever,
+	UploadJobLogsConditionAlways,
+	UploadJobLogsConditionWhenTrimmed,
+}
+
+var ValidConfigKeys = []string{
+	ConfigFile,
+	Name,
+	NameFromEnv,
+	Endpoint,
+	Token,
+	NoHTTPS,
+	ShutdownHookPath,
+	PreJobHookPath,
+	PostJobHookPath,
+	DisconnectAfterJob,
+	JobID,
+	DisconnectAfterIdleTimeout,
+	EnvVars,
+	Files,
+	FailOnMissingFiles,
+	UploadJobLogs,
+	FailOnPreJobHookError,
+	SourcePreJobHook,
+	InterruptionGracePeriod,
+	KubernetesExecutor,
+	KubernetesPodSpec,
+	KubernetesAllowedImages,
+	KubernetesPodStartTimeout,
+	KubernetesLabels,
+	KubernetesDefaultImage,
+}
+
+type HostEnvVar struct {
+	Name  string
+	Value string
+}
+
+type FileInjection struct {
+	HostPath    string
+	Destination string
+}
+
+func (f *FileInjection) CheckFileExists() error {
+	_, err := os.Stat(f.HostPath)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/docker/docker.go b/pkg/docker/docker.go
new file mode 100644
index 00000000..171bcc81
--- /dev/null
+++ b/pkg/docker/docker.go
@@ -0,0 +1,154 @@
+package docker
+
+import (
+	"encoding/base64"
+	"fmt"
+	"os/exec"
+	"regexp"
+	"strings"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/aws"
+)
+
+var dockerComposeV2VersionRegex = regexp.MustCompile(`^Docker Compose version (.*)$`)
+var dockerComposeV1VersionRegex = regexp.MustCompile(`^docker-compose version (.*),.*$`)
+
+type DockerConfig struct {
+	Auths map[string]DockerConfigAuthEntry `json:"auths" datapolicy:"token"`
+}
+
+type DockerConfigAuthEntry struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty" datapolicy:"password"`
+	Auth     string `json:"auth,omitempty" datapolicy:"token"`
+}
+
+func NewDockerConfig(credentials []api.ImagePullCredentials) (*DockerConfig, error) {
+	if len(credentials) == 0 {
+		return nil, fmt.Errorf("no credentials")
+	}
+
+	dockerConfig := DockerConfig{Auths: map[string]DockerConfigAuthEntry{}}
+
+	for _, credential := range credentials {
+		strategy, err := credential.Strategy()
+		if err != nil {
+			return nil, err
+		}
+
+		u, err := configUsername(strategy, credential)
+		if err != nil {
+			return nil, err
+		}
+
+		p, err := configPassword(strategy, credential)
+		if err != nil {
+			return nil, err
+		}
+
+		server, err := configServerURL(strategy, credential)
+		if err != nil {
+			return nil, err
+		}
+
+		e := DockerConfigAuthEntry{
+			Username: u,
+			Password: p,
+			Auth:     base64.StdEncoding.EncodeToString([]byte(u + ":" + p)),
+		}
+
+		dockerConfig.Auths[server] = e
+	}
+
+	return &dockerConfig, nil
+}
+
+func configUsername(strategy string, credentials api.ImagePullCredentials) (string, error) {
+	switch strategy {
+	case api.ImagePullCredentialsStrategyDockerHub:
+		return credentials.FindEnvVar("DOCKERHUB_USERNAME")
+	case api.ImagePullCredentialsStrategyGenericDocker:
+		return credentials.FindEnvVar("DOCKER_USERNAME")
+	case api.ImagePullCredentialsStrategyECR:
+		return "AWS", nil
+	case api.ImagePullCredentialsStrategyGCR:
+		return "_json_key", nil
+	default:
+		return "", fmt.Errorf("%s not supported", strategy)
+	}
+}
+
+func configPassword(strategy string, credentials api.ImagePullCredentials) (string, error) {
+	switch strategy {
+	case api.ImagePullCredentialsStrategyDockerHub:
+		return credentials.FindEnvVar("DOCKERHUB_PASSWORD")
+	case api.ImagePullCredentialsStrategyGenericDocker:
+		return credentials.FindEnvVar("DOCKER_PASSWORD")
+	case api.ImagePullCredentialsStrategyECR:
+		return aws.GetECRLoginPassword(credentials)
+	case api.ImagePullCredentialsStrategyGCR:
+		fileContent, err := credentials.FindFile("/tmp/gcr/keyfile.json")
+		if err != nil {
+			return "", err
+		}
+
+		return fileContent, nil
+	default:
+		return "", fmt.Errorf("%s not supported", strategy)
+	}
+}
+
+func configServerURL(strategy string, credentials api.ImagePullCredentials) (string, error) {
+	switch strategy {
+	case api.ImagePullCredentialsStrategyDockerHub:
+		return "docker.io", nil
+	case api.ImagePullCredentialsStrategyGenericDocker:
+		return credentials.FindEnvVar("DOCKER_URL")
+	case api.ImagePullCredentialsStrategyGCR:
+		return credentials.FindEnvVar("GCR_HOSTNAME")
+	case api.ImagePullCredentialsStrategyECR:
+		return aws.GetECRServerURL(credentials)
+	default:
+		return "", fmt.Errorf("%s not supported", strategy)
+	}
+}
+
+func DockerComposePluginVersion() (string, error) {
+	output, err := exec.Command("docker", "compose", "version").Output()
+	if err != nil {
+		return "", err
+	}
+
+	match := dockerComposeV2VersionRegex.FindStringSubmatch(strings.Trim(string(output), "\n"))
+	if match == nil {
+		return "", fmt.Errorf("error finding docker compose v2 version: '%s'", string(output))
+	}
+
+	return match[1], nil
+}
+
+// NOTE: this doesn't necessarily points to a docker compose v1 installation.
+// Sometimes, 'docker-compose' is an alias to the docker compose v2 plugin.
+func DockerComposeCLIVersion() (string, error) {
+	output, err := exec.Command("docker-compose", "--version").Output()
+	if err != nil {
+		return "", err
+	}
+
+	match := dockerComposeV1VersionRegex.FindStringSubmatch(strings.Trim(string(output), "\n"))
+	if match == nil {
+		return "", fmt.Errorf("error finding docker compose v1 version: %s", string(output))
+	}
+
+	return match[1], nil
+}
+
+func DockerComposeVersion() (string, error) {
+	version, err := DockerComposePluginVersion()
+	if err == nil {
+		return version, nil
+	}
+
+	return DockerComposeCLIVersion()
+}
diff --git a/pkg/docker/docker_test.go b/pkg/docker/docker_test.go
new file mode 100644
index 00000000..5e610cb2
--- /dev/null
+++ b/pkg/docker/docker_test.go
@@ -0,0 +1,216 @@
+package docker
+
+import (
+	"encoding/base64"
+	"runtime"
+	"testing"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__DockerComposeVersion(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	// Test plugin version (v2+) - should have "v" prefix
+	pluginVersion, err := DockerComposePluginVersion()
+	assert.NoError(t, err)
+	assert.True(t, len(pluginVersion) > 0 && pluginVersion[0] == 'v',
+		"Docker Compose plugin version should start with 'v', got: %s", pluginVersion)
+
+	// Test legacy CLI version if available - should NOT have "v" prefix
+	cliVersion, err := DockerComposeCLIVersion()
+	if err == nil {
+		assert.True(t, len(cliVersion) > 0 && cliVersion[0] != 'v',
+			"Docker Compose CLI version should not start with 'v', got: %s", cliVersion)
+	}
+}
+
+func Test__NewDockerConfig(t *testing.T) {
+	t.Run("no credentials", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{})
+		assert.ErrorContains(t, err, "no credentials")
+	})
+
+	t.Run("no strategy", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{{EnvVars: []api.EnvVar{}}})
+		assert.ErrorContains(t, err, "DOCKER_CREDENTIAL_TYPE not set")
+	})
+
+	t.Run("unsupported strategy", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte("WHATEVER"))},
+				},
+			},
+		})
+
+		assert.ErrorContains(t, err, "unknown DOCKER_CREDENTIAL_TYPE: 'WHATEVER'")
+	})
+
+	t.Run("dockerhub - no DOCKERHUB_USERNAME leads to error", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyDockerHub))},
+				},
+			},
+		})
+
+		assert.ErrorContains(t, err, "no env var 'DOCKERHUB_USERNAME' found")
+	})
+
+	t.Run("dockerhub - no DOCKERHUB_PASSWORD leads to error", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyDockerHub))},
+					{Name: "DOCKERHUB_USERNAME", Value: base64.StdEncoding.EncodeToString([]byte("dockerhubuser"))},
+				},
+			},
+		})
+
+		assert.ErrorContains(t, err, "no env var 'DOCKERHUB_PASSWORD' found")
+	})
+
+	t.Run("dockerhub - returns config", func(t *testing.T) {
+		dockerCfg, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyDockerHub))},
+					{Name: "DOCKERHUB_USERNAME", Value: base64.StdEncoding.EncodeToString([]byte("dockerhubuser"))},
+					{Name: "DOCKERHUB_PASSWORD", Value: base64.StdEncoding.EncodeToString([]byte("dockerhubpass"))},
+				},
+			},
+		})
+
+		assert.NoError(t, err)
+		assert.Equal(t, *dockerCfg, DockerConfig{
+			Auths: map[string]DockerConfigAuthEntry{
+				"docker.io": {
+					Username: "dockerhubuser",
+					Password: "dockerhubpass",
+					Auth:     base64.StdEncoding.EncodeToString([]byte("dockerhubuser:dockerhubpass")),
+				},
+			},
+		})
+	})
+
+	t.Run("generic docker - no DOCKER_USERNAME leads to error", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyGenericDocker))},
+				},
+			},
+		})
+
+		assert.ErrorContains(t, err, "no env var 'DOCKER_USERNAME' found")
+	})
+
+	t.Run("generic docker - no DOCKER_PASSWORD leads to error", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyGenericDocker))},
+					{Name: "DOCKER_USERNAME", Value: base64.StdEncoding.EncodeToString([]byte("dockeruser"))},
+				},
+			},
+		})
+
+		assert.ErrorContains(t, err, "no env var 'DOCKER_PASSWORD' found")
+	})
+
+	t.Run("generic docker - no DOCKER_URL leads to error", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyGenericDocker))},
+					{Name: "DOCKER_USERNAME", Value: base64.StdEncoding.EncodeToString([]byte("dockeruser"))},
+					{Name: "DOCKER_PASSWORD", Value: base64.StdEncoding.EncodeToString([]byte("dockerpass"))},
+				},
+			},
+		})
+
+		assert.ErrorContains(t, err, "no env var 'DOCKER_URL' found")
+	})
+
+	t.Run("generic docker - returns config", func(t *testing.T) {
+		dockerCfg, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyGenericDocker))},
+					{Name: "DOCKER_USERNAME", Value: base64.StdEncoding.EncodeToString([]byte("dockeruser"))},
+					{Name: "DOCKER_PASSWORD", Value: base64.StdEncoding.EncodeToString([]byte("dockerpass"))},
+					{Name: "DOCKER_URL", Value: base64.StdEncoding.EncodeToString([]byte("custom-registry.com"))},
+				},
+			},
+		})
+
+		assert.NoError(t, err)
+		assert.Equal(t, *dockerCfg, DockerConfig{
+			Auths: map[string]DockerConfigAuthEntry{
+				"custom-registry.com": {
+					Username: "dockeruser",
+					Password: "dockerpass",
+					Auth:     base64.StdEncoding.EncodeToString([]byte("dockeruser:dockerpass")),
+				},
+			},
+		})
+	})
+
+	t.Run("GCR - no /tmp/gcr/keyfile.json leads to error", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyGCR))},
+				},
+			},
+		})
+
+		assert.ErrorContains(t, err, "no file '/tmp/gcr/keyfile.json' found")
+	})
+
+	t.Run("GCR - no GCR_HOSTNAME leads to error", func(t *testing.T) {
+		_, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyGCR))},
+				},
+				Files: []api.File{
+					{Path: "/tmp/gcr/keyfile.json", Content: base64.StdEncoding.EncodeToString([]byte("aosidaoshd0a9hsd"))},
+				},
+			},
+		})
+
+		assert.ErrorContains(t, err, "no env var 'GCR_HOSTNAME' found")
+	})
+
+	t.Run("GCR - returns config", func(t *testing.T) {
+		dockerCfg, err := NewDockerConfig([]api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyGCR))},
+					{Name: "GCR_HOSTNAME", Value: base64.StdEncoding.EncodeToString([]byte("gcr.io"))},
+				},
+				Files: []api.File{
+					{Path: "/tmp/gcr/keyfile.json", Content: base64.StdEncoding.EncodeToString([]byte("aosidaoshd0a9hsd"))},
+				},
+			},
+		})
+
+		assert.NoError(t, err)
+		assert.Equal(t, *dockerCfg, DockerConfig{
+			Auths: map[string]DockerConfigAuthEntry{
+				"gcr.io": {
+					Username: "_json_key",
+					Password: "aosidaoshd0a9hsd",
+					Auth:     base64.StdEncoding.EncodeToString([]byte("_json_key:aosidaoshd0a9hsd")),
+				},
+			},
+		})
+	})
+}
diff --git a/pkg/eventlogger/backend.go b/pkg/eventlogger/backend.go
index 392361b6..b567bb65 100644
--- a/pkg/eventlogger/backend.go
+++ b/pkg/eventlogger/backend.go
@@ -1,10 +1,20 @@
 package eventlogger
 
+import "io"
+
 type Backend interface {
 	Open() error
 	Write(interface{}) error
+	Read(startFrom, maxLines int, writer io.Writer) (int, error)
+	Iterate(fn func(event []byte) error) error
 	Close() error
+	CloseWithOptions(CloseOptions) error
+}
+
+type CloseOptions struct {
+	OnClose func(bool)
 }
 
 var _ Backend = (*FileBackend)(nil)
+var _ Backend = (*HTTPBackend)(nil)
 var _ Backend = (*InMemoryBackend)(nil)
diff --git a/pkg/eventlogger/default.go b/pkg/eventlogger/default.go
index 54404681..15cf4af5 100644
--- a/pkg/eventlogger/default.go
+++ b/pkg/eventlogger/default.go
@@ -1,7 +1,84 @@
 package eventlogger
 
-func Default() (*Logger, error) {
-	backend, err := NewFileBackend("/tmp/job_log.json")
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+)
+
+const LoggerMethodPull = "pull"
+const LoggerMethodPush = "push"
+
+type LoggerOptions struct {
+	Request        *api.JobRequest
+	RefreshTokenFn func() (string, error)
+	UserAgent      string
+}
+
+func CreateLogger(options LoggerOptions) (*Logger, error) {
+	if options.Request == nil {
+		return nil, fmt.Errorf("request is required")
+	}
+
+	switch options.Request.Logger.Method {
+	case LoggerMethodPull:
+		return Default(options.Request)
+	case LoggerMethodPush:
+		return DefaultHTTP(options)
+	default:
+		return nil, fmt.Errorf("unknown logger type")
+	}
+}
+
+func Default(request *api.JobRequest) (*Logger, error) {
+	path := filepath.Join(os.TempDir(), fmt.Sprintf("job_log_%d.json", time.Now().UnixNano()))
+
+	maxSize := DefaultMaxSizeInBytes
+	if request.Logger.MaxSizeInBytes > 0 {
+		maxSize = request.Logger.MaxSizeInBytes
+	}
+
+	backend, err := NewFileBackend(path, maxSize)
+	if err != nil {
+		return nil, err
+	}
+
+	logger, err := NewLogger(backend)
+	if err != nil {
+		return nil, err
+	}
+
+	err = logger.Open()
+	if err != nil {
+		return nil, err
+	}
+
+	return logger, nil
+}
+
+func DefaultHTTP(options LoggerOptions) (*Logger, error) {
+	request := options.Request
+	if request.Logger.URL == "" {
+		return nil, errors.New("HTTP logger needs a URL")
+	}
+
+	if options.RefreshTokenFn == nil {
+		return nil, errors.New("HTTP logger needs a refresh token function")
+	}
+
+	backend, err := NewHTTPBackend(HTTPBackendConfig{
+		URL:                   request.Logger.URL,
+		Token:                 request.Logger.Token,
+		RefreshTokenFn:        options.RefreshTokenFn,
+		UserAgent:             options.UserAgent,
+		LinesPerRequest:       MaxLinesPerRequest,
+		FlushTimeoutInSeconds: DefaultFlushTimeoutInSeconds,
+	})
+
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/eventlogger/filebackend.go b/pkg/eventlogger/filebackend.go
index da4ad519..23b69ab1 100644
--- a/pkg/eventlogger/filebackend.go
+++ b/pkg/eventlogger/filebackend.go
@@ -5,17 +5,23 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"log"
 	"os"
+
+	log "github.com/sirupsen/logrus"
 )
 
+// We use 16MB as the default max size for a job log.
+// This default value is used when the job request doesn't specify a limit.
+const DefaultMaxSizeInBytes = 16777216
+
 type FileBackend struct {
-	path string
-	file *os.File
+	path           string
+	file           *os.File
+	maxSizeInBytes int
 }
 
-func NewFileBackend(path string) (*FileBackend, error) {
-	return &FileBackend{path: path}, nil
+func NewFileBackend(path string, maxSizeInBytes int) (*FileBackend, error) {
+	return &FileBackend{path: path, maxSizeInBytes: maxSizeInBytes}, nil
 }
 
 func (l *FileBackend) Open() error {
@@ -30,47 +36,118 @@ func (l *FileBackend) Open() error {
 }
 
 func (l *FileBackend) Write(event interface{}) error {
-	jsonString, _ := json.Marshal(event)
+	jsonBytes, err := json.Marshal(event)
+	if err != nil {
+		return err
+	}
+	jsonBytes = append(jsonBytes, '\n')
 
-	l.file.Write([]byte(jsonString))
-	l.file.Write([]byte("\n"))
+	_, err = l.file.Write(jsonBytes)
+	if err != nil {
+		return err
+	}
 
-	log.Printf("%s", jsonString)
+	log.Debugf("%s", jsonBytes)
 
 	return nil
 }
 
 func (l *FileBackend) Close() error {
+	return l.CloseWithOptions(CloseOptions{})
+}
+
+func (l *FileBackend) CloseWithOptions(options CloseOptions) error {
+	err := l.file.Close()
+	if err != nil {
+		log.Errorf("Error closing file %s: %v\n", l.file.Name(), err)
+		return err
+	}
+
+	if options.OnClose != nil {
+		fileInfo, err := os.Stat(l.file.Name())
+		if err != nil {
+			log.Errorf("Couldn't stat file '%s': %v", l.file.Name(), err)
+		} else {
+			trimmed := fileInfo.Size() >= int64(l.maxSizeInBytes)
+			log.Debugf(
+				"Log file has %d bytes - max bytes allowed are %d - trimmed=%v",
+				fileInfo.Size(),
+				int64(l.maxSizeInBytes),
+				trimmed,
+			)
+
+			options.OnClose(trimmed)
+		}
+	}
+
+	log.Debugf("Removing %s\n", l.file.Name())
+	if err := os.Remove(l.file.Name()); err != nil {
+		log.Errorf("Error removing logger file %s: %v\n", l.file.Name(), err)
+		return err
+	}
+
 	return nil
 }
 
-func (l *FileBackend) Stream(startLine int, writter io.Writer) error {
+func (l *FileBackend) Iterate(fn func([]byte) error) error {
 	fd, err := os.OpenFile(l.path, os.O_RDONLY, os.ModePerm)
 	if err != nil {
-		return err
+		return fmt.Errorf("error opening file '%s': %v", l.path, err)
 	}
+
 	defer fd.Close()
 
+	scanner := bufio.NewScanner(fd)
+	for scanner.Scan() {
+		if len(scanner.Bytes()) == 0 {
+			continue
+		}
+
+		if err := fn(scanner.Bytes()); err != nil {
+			return fmt.Errorf("error processing event: %v", err)
+		}
+	}
+
+	return scanner.Err()
+}
+
+func (l *FileBackend) Read(startingLineNumber, maxLines int, writer io.Writer) (int, error) {
+	fd, err := os.OpenFile(l.path, os.O_RDONLY, os.ModePerm)
+	if err != nil {
+		return startingLineNumber, err
+	}
+
 	reader := bufio.NewReader(fd)
-	lineIndex := 0
+	lineNumber := 0
+	linesStreamed := 0
 
 	for {
 		line, err := reader.ReadString('\n')
 		if err != nil {
 			if err != io.EOF {
-				return err
+				_ = fd.Close()
+				return lineNumber, err
 			}
 
 			break
 		}
 
-		if lineIndex < startLine {
-			lineIndex++
+		// If current line is before the starting line we are after, we just skip it.
+		if lineNumber < startingLineNumber {
+			lineNumber++
 			continue
 		}
 
-		fmt.Fprintln(writter, line)
+		// Otherwise, we advance to the next line and stream the current line.
+		lineNumber++
+		fmt.Fprint(writer, line)
+		linesStreamed++
+
+		// if we have streamed the number of lines we want, we stop.
+		if linesStreamed == maxLines {
+			break
+		}
 	}
 
-	return nil
+	return lineNumber, fd.Close()
 }
diff --git a/pkg/eventlogger/filebackend_test.go b/pkg/eventlogger/filebackend_test.go
new file mode 100644
index 00000000..917529d1
--- /dev/null
+++ b/pkg/eventlogger/filebackend_test.go
@@ -0,0 +1,133 @@
+package eventlogger
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__LogsArePushedToFile(t *testing.T) {
+	tmpFileName := filepath.Join(os.TempDir(), fmt.Sprintf("logs_%d.json", time.Now().UnixNano()))
+	fileBackend, err := NewFileBackend(tmpFileName, DefaultMaxSizeInBytes)
+	assert.Nil(t, err)
+	assert.Nil(t, fileBackend.Open())
+
+	timestamp := int(time.Now().Unix())
+	assert.Nil(t, fileBackend.Write(&JobStartedEvent{Timestamp: timestamp, Event: "job_started"}))
+	assert.Nil(t, fileBackend.Write(&CommandStartedEvent{Timestamp: timestamp, Event: "cmd_started", Directive: "echo hello"}))
+	assert.Nil(t, fileBackend.Write(&CommandOutputEvent{Timestamp: timestamp, Event: "cmd_output", Output: "hello\n"}))
+	assert.Nil(t, fileBackend.Write(&CommandFinishedEvent{
+		Timestamp:  timestamp,
+		Event:      "cmd_finished",
+		Directive:  "echo hello",
+		ExitCode:   0,
+		StartedAt:  timestamp,
+		FinishedAt: timestamp,
+	}))
+	assert.Nil(t, fileBackend.Write(&JobFinishedEvent{Timestamp: timestamp, Event: "job_finished", Result: "passed"}))
+
+	bytes, err := ioutil.ReadFile(tmpFileName)
+	assert.Nil(t, err)
+	logs := strings.Split(string(bytes), "\n")
+
+	assert.Equal(t, []string{
+		fmt.Sprintf(`{"event":"job_started","timestamp":%d}`, timestamp),
+		fmt.Sprintf(`{"event":"cmd_started","timestamp":%d,"directive":"echo hello"}`, timestamp),
+		fmt.Sprintf(`{"event":"cmd_output","timestamp":%d,"output":"hello\n"}`, timestamp),
+		fmt.Sprintf(`{"event":"cmd_finished","timestamp":%d,"directive":"echo hello","exit_code":0,"started_at":%d,"finished_at":%d}`, timestamp, timestamp, timestamp),
+		fmt.Sprintf(`{"event":"job_finished","timestamp":%d,"result":"passed"}`, timestamp),
+		"", // newline at the end of the file
+	}, logs)
+
+	err = fileBackend.Close()
+	assert.Nil(t, err)
+}
+
+func Test__ReadDoesNotIncludeDoubleNewlines(t *testing.T) {
+	tmpFileName := filepath.Join(os.TempDir(), fmt.Sprintf("logs_%d.json", time.Now().UnixNano()))
+	fileBackend, err := NewFileBackend(tmpFileName, DefaultMaxSizeInBytes)
+	assert.Nil(t, err)
+	assert.Nil(t, fileBackend.Open())
+
+	timestamp := int(time.Now().Unix())
+	assert.Nil(t, fileBackend.Write(&JobStartedEvent{Timestamp: timestamp, Event: "job_started"}))
+	assert.Nil(t, fileBackend.Write(&CommandStartedEvent{Timestamp: timestamp, Event: "cmd_started", Directive: "echo hello"}))
+	assert.Nil(t, fileBackend.Write(&CommandOutputEvent{Timestamp: timestamp, Event: "cmd_output", Output: "hello\n"}))
+	assert.Nil(t, fileBackend.Write(&CommandFinishedEvent{
+		Timestamp:  timestamp,
+		Event:      "cmd_finished",
+		Directive:  "echo hello",
+		ExitCode:   0,
+		StartedAt:  timestamp,
+		FinishedAt: timestamp,
+	}))
+	assert.Nil(t, fileBackend.Write(&JobFinishedEvent{Timestamp: timestamp, Event: "job_finished", Result: "passed"}))
+
+	w := new(bytes.Buffer)
+	_, err = fileBackend.Read(0, 1000, w)
+	assert.NoError(t, err)
+	logs := strings.Split(w.String(), "\n")
+
+	assert.Equal(t, []string{
+		fmt.Sprintf(`{"event":"job_started","timestamp":%d}`, timestamp),
+		fmt.Sprintf(`{"event":"cmd_started","timestamp":%d,"directive":"echo hello"}`, timestamp),
+		fmt.Sprintf(`{"event":"cmd_output","timestamp":%d,"output":"hello\n"}`, timestamp),
+		fmt.Sprintf(`{"event":"cmd_finished","timestamp":%d,"directive":"echo hello","exit_code":0,"started_at":%d,"finished_at":%d}`, timestamp, timestamp, timestamp),
+		fmt.Sprintf(`{"event":"job_finished","timestamp":%d,"result":"passed"}`, timestamp),
+		"", // newline at the end of the file
+	}, logs)
+
+	err = fileBackend.Close()
+	assert.Nil(t, err)
+}
+
+func Test__CloseWithOptions(t *testing.T) {
+
+	t.Run("trimmed logs", func(t *testing.T) {
+		tmpFileName := filepath.Join(os.TempDir(), fmt.Sprintf("logs_%d.json", time.Now().UnixNano()))
+
+		// The max is 50 bytes
+		fileBackend, err := NewFileBackend(tmpFileName, 50)
+		assert.Nil(t, err)
+		assert.Nil(t, fileBackend.Open())
+
+		timestamp := int(time.Now().Unix())
+		assert.Nil(t, fileBackend.Write(&JobStartedEvent{Timestamp: timestamp, Event: "job_started"}))
+		assert.Nil(t, fileBackend.Write(&CommandStartedEvent{Timestamp: timestamp, Event: "cmd_started", Directive: "echo hello"}))
+		assert.Nil(t, fileBackend.Write(&CommandOutputEvent{Timestamp: timestamp, Event: "cmd_output", Output: "hello\n"}))
+
+		logsWereTrimmed := false
+		err = fileBackend.CloseWithOptions(CloseOptions{OnClose: func(b bool) { logsWereTrimmed = b }})
+		assert.Nil(t, err)
+		assert.True(t, logsWereTrimmed)
+	})
+
+	t.Run("no trimmed logs", func(t *testing.T) {
+		tmpFileName := filepath.Join(os.TempDir(), fmt.Sprintf("logs_%d.json", time.Now().UnixNano()))
+
+		// The max is 1M
+		fileBackend, err := NewFileBackend(tmpFileName, 1024*1024)
+		assert.Nil(t, err)
+		assert.Nil(t, fileBackend.Open())
+
+		timestamp := int(time.Now().Unix())
+		assert.Nil(t, fileBackend.Write(&JobStartedEvent{Timestamp: timestamp, Event: "job_started"}))
+		assert.Nil(t, fileBackend.Write(&CommandStartedEvent{Timestamp: timestamp, Event: "cmd_started", Directive: "echo hello"}))
+		assert.Nil(t, fileBackend.Write(&CommandOutputEvent{Timestamp: timestamp, Event: "cmd_output", Output: "hello\n"}))
+
+		logsWereTrimmed := false
+		err = fileBackend.CloseWithOptions(CloseOptions{OnClose: func(b bool) {
+			logsWereTrimmed = b
+		}})
+
+		assert.Nil(t, err)
+		assert.False(t, logsWereTrimmed)
+	})
+}
diff --git a/pkg/eventlogger/formatter.go b/pkg/eventlogger/formatter.go
new file mode 100644
index 00000000..2f60dc02
--- /dev/null
+++ b/pkg/eventlogger/formatter.go
@@ -0,0 +1,40 @@
+package eventlogger
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type CustomFormatter struct {
+	AgentName string
+}
+
+func (f *CustomFormatter) Format(entry *log.Entry) ([]byte, error) {
+	parts := []string{}
+	parts = append(parts, entry.Time.UTC().Format(time.StampMilli))
+
+	if f.AgentName != "" {
+		parts = append(parts, f.AgentName)
+	}
+
+	extraFields := f.formatFields(entry.Data)
+	if extraFields != "" {
+		parts = append(parts, extraFields)
+	}
+
+	parts = append(parts, ":")
+	parts = append(parts, fmt.Sprintf("%s\n", entry.Message))
+	return []byte(strings.Join(parts, " ")), nil
+}
+
+func (f *CustomFormatter) formatFields(fields log.Fields) string {
+	result := []string{}
+	for key, value := range fields {
+		result = append(result, fmt.Sprintf("%s=%s", key, value))
+	}
+
+	return strings.Join(result, " ")
+}
diff --git a/pkg/eventlogger/httpbackend.go b/pkg/eventlogger/httpbackend.go
new file mode 100644
index 00000000..3250c6a7
--- /dev/null
+++ b/pkg/eventlogger/httpbackend.go
@@ -0,0 +1,263 @@
+package eventlogger
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"net/http"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/semaphoreci/agent/pkg/random"
+	"github.com/semaphoreci/agent/pkg/retry"
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	MaxLinesPerRequest           = 2000
+	MaxFlushTimeoutInSeconds     = 900
+	DefaultFlushTimeoutInSeconds = 60
+)
+
+type HTTPBackend struct {
+	client      *http.Client
+	fileBackend FileBackend
+	startFrom   int
+	config      HTTPBackendConfig
+	stop        bool
+	flush       bool
+	useArtifact bool
+}
+
+type HTTPBackendConfig struct {
+	URL                   string
+	UserAgent             string
+	Token                 string
+	LinesPerRequest       int
+	FlushTimeoutInSeconds int
+	RefreshTokenFn        func() (string, error)
+}
+
+func NewHTTPBackend(config HTTPBackendConfig) (*HTTPBackend, error) {
+	if config.LinesPerRequest <= 0 || config.LinesPerRequest > MaxLinesPerRequest {
+		return nil, fmt.Errorf("config.LinesPerRequest must be between 1 and %d", MaxLinesPerRequest)
+	}
+
+	if config.FlushTimeoutInSeconds <= 0 || config.FlushTimeoutInSeconds > MaxFlushTimeoutInSeconds {
+		return nil, fmt.Errorf("config.FlushTimeoutInSeconds must be between 1 and %d", MaxFlushTimeoutInSeconds)
+	}
+
+	path := filepath.Join(os.TempDir(), fmt.Sprintf("job_log_%d.json", time.Now().UnixNano()))
+
+	// The API will instruct the HTTP backend when to stop
+	// streaming logs due to their size hitting the limits.
+	// We don't need to impose any limits on the underlying file backend.
+	fileBackend, err := NewFileBackend(path, math.MaxInt32)
+	if err != nil {
+		return nil, err
+	}
+
+	httpBackend := HTTPBackend{
+		client: &http.Client{
+			Timeout: 30 * time.Second,
+		},
+		fileBackend: *fileBackend,
+		startFrom:   0,
+		config:      config,
+	}
+
+	go httpBackend.push()
+
+	return &httpBackend, nil
+}
+
+func (l *HTTPBackend) Open() error {
+	return l.fileBackend.Open()
+}
+
+func (l *HTTPBackend) Write(event interface{}) error {
+	return l.fileBackend.Write(event)
+}
+
+func (l *HTTPBackend) Read(startFrom, maxLines int, writer io.Writer) (int, error) {
+	return l.fileBackend.Read(startFrom, maxLines, writer)
+}
+
+func (l *HTTPBackend) Iterate(fn func([]byte) error) error {
+	return l.fileBackend.Iterate(fn)
+}
+
+func (l *HTTPBackend) push() {
+	log.Infof("Logs will be pushed to %s", l.config.URL)
+
+	for {
+
+		/*
+		 * Check if streaming is necessary. There are three cases where it isn't necessary anymore:
+		 *   1. The job has exhausted the amount of log space it has available.
+		 *      The API will reject all subsequent attempts, so we just stop trying.
+		 *   2. The job is finished and all the logs were already pushed.
+		 *   3. The job is finished, not all logs were pushed, but we gave up because it was taking too long.
+		 */
+		if l.stop {
+			break
+		}
+
+		/*
+		 * Wait for the appropriate amount of time
+		 * before trying to send the next batch of logs.
+		 */
+		delay := l.delay()
+		log.Infof("Waiting %v to push next batch of logs...", delay)
+		time.Sleep(delay)
+
+		/*
+		 * Send the next batch of logs.
+		 * If an error occurs, it will be retried in the next tick,
+		 * so there is no need to retry requests that failed here.
+		 */
+		err := l.newRequest()
+		if err != nil {
+			log.Errorf("Error pushing logs: %v", err)
+		}
+	}
+
+	log.Info("Stopped pushing logs.")
+}
+
+/*
+ * The delay between log requests.
+ * Note that this isn't a rate,
+ * but a delay between the end of one request and the start of the next one.
+ */
+func (l *HTTPBackend) delay() time.Duration {
+
+	/*
+	 * if we are flushing,
+	 * we use a tighter range of 500ms - 1000ms.
+	 */
+	if l.flush {
+		delay, _ := random.DurationInRange(250, 500)
+		return *delay
+	}
+
+	/*
+	 * if we are not flushing,
+	 * we use a wider range of 1500ms - 3000ms.
+	 */
+	delay, _ := random.DurationInRange(1500, 3000)
+	return *delay
+}
+
+func (l *HTTPBackend) newRequest() error {
+	buffer := bytes.NewBuffer([]byte{})
+	nextStartFrom, err := l.fileBackend.Read(l.startFrom, l.config.LinesPerRequest, buffer)
+	if err != nil {
+		return err
+	}
+
+	/*
+	 * If no more logs are found, we may be in two scenarios:
+	 *   1. The job is not done, so more logs might be generated. We just skip until there is some new logs.
+	 *   2. The job is done, so no more logs will be generated. We stop pushing altogether.
+	 */
+	if l.startFrom == nextStartFrom {
+		if l.flush {
+			log.Infof("No more logs to flush - stopping")
+			l.stop = true
+			return nil
+		}
+
+		log.Infof("No logs to push - skipping")
+		return nil
+	}
+
+	log.Infof("Pushing next batch of logs with %d log events...", (nextStartFrom - l.startFrom))
+	url := fmt.Sprintf("%s?start_from=%d", l.config.URL, l.startFrom)
+	request, err := http.NewRequest("POST", url, buffer)
+	if err != nil {
+		return err
+	}
+
+	request.Header.Set("Content-Type", "text/plain")
+	request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", l.config.Token))
+	request.Header.Set("User-Agent", l.config.UserAgent)
+	response, err := l.client.Do(request)
+	if err != nil {
+		return err
+	}
+
+	switch response.StatusCode {
+
+	// Everything went fine,
+	// just update the index and move on.
+	case http.StatusOK:
+		l.startFrom = nextStartFrom
+		return nil
+
+	// No more space is available for this job's logs.
+	// The API will keep rejecting the requests if we keep sending them, so just stop.
+	case http.StatusUnprocessableEntity:
+		l.stop = true
+		l.useArtifact = true
+		return errors.New("no more space available for logs - stopping")
+
+	// The token issued for the agent expired.
+	// Try to refresh the token and try again.
+	// Here, we only update the token, and we let the caller do the retrying.
+	case http.StatusUnauthorized:
+		newToken, err := l.config.RefreshTokenFn()
+		if err != nil {
+			return err
+		}
+
+		l.config.Token = newToken
+		return fmt.Errorf("request to %s failed: %s", url, response.Status)
+
+	// something else went wrong
+	default:
+		return fmt.Errorf("request to %s failed: %s", url, response.Status)
+	}
+}
+
+func (l *HTTPBackend) CloseWithOptions(options CloseOptions) error {
+	/*
+	 * Try to flush all the remaining logs.
+	 * We wait for them to be flushed for a period of time (60s).
+	 * If they are not yet completely flushed after that period of time, we give up.
+	 */
+	l.flush = true
+
+	log.Printf("Waiting for all logs to be flushed...")
+	err := retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "wait for logs to be flushed",
+		MaxAttempts:          l.config.FlushTimeoutInSeconds,
+		DelayBetweenAttempts: time.Second,
+		HideError:            true,
+		Fn: func() error {
+			if l.stop {
+				return nil
+			}
+
+			return fmt.Errorf("not fully flushed")
+		},
+	})
+
+	if options.OnClose != nil {
+		options.OnClose(l.useArtifact)
+	}
+
+	if err != nil {
+		log.Errorf("Could not push all logs to %s - giving up", l.config.URL)
+	}
+
+	l.stop = true
+	return l.fileBackend.Close()
+}
+
+func (l *HTTPBackend) Close() error {
+	return l.CloseWithOptions(CloseOptions{})
+}
diff --git a/pkg/eventlogger/httpbackend_test.go b/pkg/eventlogger/httpbackend_test.go
new file mode 100644
index 00000000..58628dfb
--- /dev/null
+++ b/pkg/eventlogger/httpbackend_test.go
@@ -0,0 +1,315 @@
+package eventlogger
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	testsupport "github.com/semaphoreci/agent/test/support"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__ArgumentsMustBeValid(t *testing.T) {
+	t.Run("linesPerRequest cannot be unspecified or 0", func(t *testing.T) {
+		backend, err := NewHTTPBackend(HTTPBackendConfig{
+			URL:            "whatever",
+			Token:          "token",
+			RefreshTokenFn: func() (string, error) { return "", nil },
+		})
+
+		assert.Nil(t, backend)
+		assert.ErrorContains(t, err, "must be between 1 and 2000")
+	})
+
+	t.Run("linesPerRequest cannot be negative", func(t *testing.T) {
+		backend, err := NewHTTPBackend(HTTPBackendConfig{
+			URL:             "whatever",
+			Token:           "token",
+			RefreshTokenFn:  func() (string, error) { return "", nil },
+			LinesPerRequest: -1,
+		})
+
+		assert.Nil(t, backend)
+		assert.ErrorContains(t, err, "must be between 1 and 2000")
+	})
+
+	t.Run("linesPerRequest cannot be above the maximum allowed", func(t *testing.T) {
+		backend, err := NewHTTPBackend(HTTPBackendConfig{
+			URL:             "whatever",
+			Token:           "token",
+			RefreshTokenFn:  func() (string, error) { return "", nil },
+			LinesPerRequest: 10000,
+		})
+
+		assert.Nil(t, backend)
+		assert.ErrorContains(t, err, "must be between 1 and 2000")
+	})
+
+	t.Run("FlushTimeoutInSeconds cannot be unspecified or 0", func(t *testing.T) {
+		backend, err := NewHTTPBackend(HTTPBackendConfig{
+			URL:             "whatever",
+			Token:           "token",
+			LinesPerRequest: MaxLinesPerRequest,
+			RefreshTokenFn:  func() (string, error) { return "", nil },
+		})
+
+		assert.Nil(t, backend)
+		assert.ErrorContains(t, err, "must be between 1 and 900")
+	})
+
+	t.Run("FlushTimeoutInSeconds cannot be negative", func(t *testing.T) {
+		backend, err := NewHTTPBackend(HTTPBackendConfig{
+			URL:                   "whatever",
+			Token:                 "token",
+			LinesPerRequest:       MaxLinesPerRequest,
+			FlushTimeoutInSeconds: -1,
+			RefreshTokenFn:        func() (string, error) { return "", nil },
+		})
+
+		assert.Nil(t, backend)
+		assert.ErrorContains(t, err, "must be between 1 and 900")
+	})
+
+	t.Run("FlushTimeoutInSeconds cannot be above the maximum allowed", func(t *testing.T) {
+		backend, err := NewHTTPBackend(HTTPBackendConfig{
+			URL:                   "whatever",
+			Token:                 "token",
+			RefreshTokenFn:        func() (string, error) { return "", nil },
+			LinesPerRequest:       MaxLinesPerRequest,
+			FlushTimeoutInSeconds: 1000000,
+		})
+
+		assert.Nil(t, backend)
+		assert.ErrorContains(t, err, "must be between 1 and 900")
+	})
+}
+
+func Test__LogsArePushedToHTTPEndpoint(t *testing.T) {
+	mockServer := testsupport.NewLoghubMockServer()
+	mockServer.Init()
+
+	httpBackend, err := NewHTTPBackend(HTTPBackendConfig{
+		URL:                   mockServer.URL(),
+		Token:                 "token",
+		RefreshTokenFn:        func() (string, error) { return "", nil },
+		LinesPerRequest:       20,
+		FlushTimeoutInSeconds: DefaultFlushTimeoutInSeconds,
+		UserAgent:             fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	})
+
+	assert.Nil(t, err)
+	assert.Nil(t, httpBackend.Open())
+
+	generateLogEvents(t, 1, httpBackend)
+
+	err = httpBackend.Close()
+	assert.Nil(t, err)
+
+	eventObjects, err := TransformToObjects(mockServer.GetLogs())
+	assert.Nil(t, err)
+
+	simplifiedEvents, err := SimplifyLogEvents(eventObjects, SimplifyOptions{IncludeOutput: true})
+	assert.Nil(t, err)
+
+	assert.Equal(t, []string{
+		"job_started",
+
+		"directive: echo hello",
+		"hello\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	}, simplifiedEvents)
+
+	mockServer.Close()
+}
+
+func Test__RequestsAreCappedAtLinesPerRequest(t *testing.T) {
+	mockServer := testsupport.NewLoghubMockServer()
+	mockServer.Init()
+
+	httpBackend, err := NewHTTPBackend(HTTPBackendConfig{
+		URL:                   mockServer.URL(),
+		Token:                 "token",
+		RefreshTokenFn:        func() (string, error) { return "", nil },
+		LinesPerRequest:       2,
+		FlushTimeoutInSeconds: DefaultFlushTimeoutInSeconds,
+		UserAgent:             fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	})
+
+	assert.Nil(t, err)
+	assert.Nil(t, httpBackend.Open())
+
+	generateLogEvents(t, 10, httpBackend)
+	_ = httpBackend.Close()
+
+	// assert no more than 2 events were sent per batch
+	for _, batchSize := range mockServer.GetBatchSizesUsed() {
+		assert.LessOrEqual(t, batchSize, 2)
+	}
+
+	eventObjects, err := TransformToObjects(mockServer.GetLogs())
+	assert.Nil(t, err)
+
+	simplifiedEvents, err := SimplifyLogEvents(eventObjects, SimplifyOptions{IncludeOutput: true})
+	assert.Nil(t, err)
+
+	assert.Equal(t, []string{
+		"job_started",
+
+		"directive: echo hello",
+		"hello\n",
+		"hello\n",
+		"hello\n",
+		"hello\n",
+		"hello\n",
+		"hello\n",
+		"hello\n",
+		"hello\n",
+		"hello\n",
+		"hello\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	}, simplifiedEvents)
+
+	mockServer.Close()
+}
+
+func Test__FlushingGivesUpAfterTimeout(t *testing.T) {
+	mockServer := testsupport.NewLoghubMockServer()
+	mockServer.Init()
+
+	httpBackend, err := NewHTTPBackend(HTTPBackendConfig{
+		URL:                   mockServer.URL(),
+		Token:                 "token",
+		RefreshTokenFn:        func() (string, error) { return "", nil },
+		LinesPerRequest:       2,
+		FlushTimeoutInSeconds: 10,
+		UserAgent:             fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	})
+
+	assert.Nil(t, err)
+	assert.Nil(t, httpBackend.Open())
+
+	// 1000+ log events at 2 per request
+	// would take more time to flush everything that the timeout we give it.
+	generateLogEvents(t, 1000, httpBackend)
+
+	_ = httpBackend.Close()
+
+	eventObjects, err := TransformToObjects(mockServer.GetLogs())
+	assert.Nil(t, err)
+
+	simplifiedEvents, err := SimplifyLogEvents(eventObjects, SimplifyOptions{IncludeOutput: true})
+	assert.Nil(t, err)
+
+	// logs are incomplete
+	assert.NotContains(t, simplifiedEvents, "job_finished: passed")
+
+	mockServer.Close()
+}
+
+func Test__ExecutesOnCloseCallback(t *testing.T) {
+	mockServer := testsupport.NewLoghubMockServer()
+	mockServer.Init()
+	mockServer.SetMaxSizeForLogs(30)
+
+	httpBackend, err := NewHTTPBackend(HTTPBackendConfig{
+		URL:                   mockServer.URL(),
+		Token:                 "token",
+		RefreshTokenFn:        func() (string, error) { return "", nil },
+		LinesPerRequest:       10,
+		FlushTimeoutInSeconds: 10,
+		UserAgent:             fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	})
+
+	assert.Nil(t, err)
+	assert.Nil(t, httpBackend.Open())
+
+	// 1000+ log events at 10 per request would take 4 requests
+	// to go over the max size of 30 events.
+	generateLogEvents(t, 1000, httpBackend)
+
+	callbackExecuted := false
+	_ = httpBackend.CloseWithOptions(CloseOptions{OnClose: func(trimmed bool) {
+		callbackExecuted = true
+	}})
+
+	assert.True(t, callbackExecuted)
+	mockServer.Close()
+}
+
+func Test__TokenIsRefreshed(t *testing.T) {
+	mockServer := testsupport.NewLoghubMockServer()
+	mockServer.Init()
+
+	tokenWasRefreshed := false
+
+	httpBackend, err := NewHTTPBackend(HTTPBackendConfig{
+		URL:                   mockServer.URL(),
+		Token:                 testsupport.ExpiredLogToken,
+		LinesPerRequest:       20,
+		FlushTimeoutInSeconds: DefaultFlushTimeoutInSeconds,
+		UserAgent:             fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+		RefreshTokenFn: func() (string, error) {
+			tokenWasRefreshed = true
+			return "some-new-and-shiny-valid-token", nil
+		},
+	})
+
+	assert.Nil(t, err)
+	assert.Nil(t, httpBackend.Open())
+
+	generateLogEvents(t, 1, httpBackend)
+	_ = httpBackend.Close()
+	assert.True(t, tokenWasRefreshed)
+
+	eventObjects, err := TransformToObjects(mockServer.GetLogs())
+	assert.Nil(t, err)
+
+	simplifiedEvents, err := SimplifyLogEvents(eventObjects, SimplifyOptions{IncludeOutput: true})
+	assert.Nil(t, err)
+
+	assert.Equal(t, []string{
+		"job_started",
+
+		"directive: echo hello",
+		"hello\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	}, simplifiedEvents)
+
+	mockServer.Close()
+}
+
+func generateLogEventsWithOutputGenerator(t testing.TB, outputEventsCount int, backend Backend, outputGenerator func() string) {
+	timestamp := int(time.Now().Unix())
+
+	assert.Nil(t, backend.Write(&JobStartedEvent{Timestamp: timestamp, Event: "job_started"}))
+	assert.Nil(t, backend.Write(&CommandStartedEvent{Timestamp: timestamp, Event: "cmd_started", Directive: "echo hello"}))
+
+	count := outputEventsCount
+	for count > 0 {
+		assert.Nil(t, backend.Write(&CommandOutputEvent{Timestamp: timestamp, Event: "cmd_output", Output: outputGenerator() + "\n"}))
+		count--
+	}
+
+	assert.Nil(t, backend.Write(&CommandFinishedEvent{
+		Timestamp:  timestamp,
+		Event:      "cmd_finished",
+		Directive:  "echo hello",
+		ExitCode:   0,
+		StartedAt:  timestamp,
+		FinishedAt: timestamp,
+	}))
+
+	assert.Nil(t, backend.Write(&JobFinishedEvent{Timestamp: timestamp, Event: "job_finished", Result: "passed"}))
+}
+
+func generateLogEvents(t testing.TB, outputEventsCount int, backend Backend) {
+	generateLogEventsWithOutputGenerator(t, outputEventsCount, backend, func() string {
+		return "hello"
+	})
+}
diff --git a/pkg/eventlogger/inmemorybackend.go b/pkg/eventlogger/inmemorybackend.go
index 086f0f42..ed2cdf86 100644
--- a/pkg/eventlogger/inmemorybackend.go
+++ b/pkg/eventlogger/inmemorybackend.go
@@ -1,7 +1,7 @@
 package eventlogger
 
 import (
-	"fmt"
+	"io"
 	"strings"
 )
 
@@ -17,6 +17,14 @@ func (l *InMemoryBackend) Open() error {
 	return nil
 }
 
+func (l *InMemoryBackend) Iterate(fn func([]byte) error) error {
+	return nil
+}
+
+func (l *InMemoryBackend) Read(startFrom, maxLines int, writer io.Writer) (int, error) {
+	return 0, nil
+}
+
 func (l *InMemoryBackend) Write(event interface{}) error {
 	l.Events = append(l.Events, event)
 
@@ -27,31 +35,22 @@ func (l *InMemoryBackend) Close() error {
 	return nil
 }
 
-func (l *InMemoryBackend) SimplifiedEvents() []string {
-	events := []string{}
-
-	for _, event := range l.Events {
-		switch e := event.(type) {
-		case *JobStartedEvent:
-			events = append(events, "job_started")
-		case *JobFinishedEvent:
-			events = append(events, "job_finished")
-		case *CommandStartedEvent:
-			events = append(events, "directive: "+e.Directive)
-		case *CommandOutputEvent:
-			events = append(events, e.Output)
-		case *CommandFinishedEvent:
-			events = append(events, fmt.Sprintf("Exit Code: %d", e.ExitCode))
-		default:
-			panic("Unknown shell event")
-		}
-	}
+func (l *InMemoryBackend) CloseWithOptions(options CloseOptions) error {
+	return nil
+}
 
-	return events
+func (l *InMemoryBackend) SimplifiedEvents(includeOutput, useSingleOutputEvent bool) ([]string, error) {
+	return SimplifyLogEvents(l.Events, SimplifyOptions{
+		IncludeOutput:          includeOutput,
+		UseSingleItemForOutput: useSingleOutputEvent,
+	})
 }
 
-func (l *InMemoryBackend) SimplifiedEventsWithoutDockerPull() []string {
-	logs := l.SimplifiedEvents()
+func (l *InMemoryBackend) SimplifiedEventsWithoutDockerPull() ([]string, error) {
+	logs, err := l.SimplifiedEvents(true, false)
+	if err != nil {
+		return []string{}, err
+	}
 
 	start := 0
 
@@ -71,5 +70,5 @@ func (l *InMemoryBackend) SimplifiedEventsWithoutDockerPull() []string {
 		}
 	}
 
-	return append([]string{logs[start]}, logs[end:]...)
+	return append([]string{logs[start]}, logs[end:]...), nil
 }
diff --git a/pkg/eventlogger/logger.go b/pkg/eventlogger/logger.go
index 19866a90..a800e91e 100644
--- a/pkg/eventlogger/logger.go
+++ b/pkg/eventlogger/logger.go
@@ -1,6 +1,14 @@
 package eventlogger
 
-import "time"
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"os"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
 
 type Logger struct {
 	Backend Backend
@@ -18,46 +26,114 @@ func (l *Logger) Close() error {
 	return l.Backend.Close()
 }
 
-func (l *Logger) LogJobStarted() error {
+func (l *Logger) CloseWithOptions(options CloseOptions) error {
+	return l.Backend.CloseWithOptions(options)
+}
+
+func (l *Logger) GeneratePlainTextFileIn(directory string) (string, error) {
+	tmpFile, err := os.CreateTemp(directory, "*.txt")
+	if err != nil {
+		return "", fmt.Errorf("error creating plain text file: %v", err)
+	}
+
+	defer tmpFile.Close()
+
+	bufferedWriter := bufio.NewWriterSize(tmpFile, 64*1024)
+	err = l.Backend.Iterate(func(event []byte) error {
+		var object map[string]interface{}
+		err := json.Unmarshal(event, &object)
+		if err != nil {
+			return fmt.Errorf("error unmarshaling log event '%s': %v", string(event), err)
+		}
+
+		switch eventType := object["event"].(string); {
+		case eventType == "cmd_started":
+			if _, err := bufferedWriter.WriteString(object["directive"].(string) + "\n"); err != nil {
+				return fmt.Errorf("error writing to output: %v", err)
+			}
+		case eventType == "cmd_output":
+			if _, err := bufferedWriter.WriteString(object["output"].(string)); err != nil {
+				return fmt.Errorf("error writing to output: %v", err)
+			}
+		default:
+			// We can ignore all the other event types here
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		return "", fmt.Errorf("error iterating on log backend: %v", err)
+	}
+
+	err = bufferedWriter.Flush()
+	if err != nil {
+		return "", fmt.Errorf("error flushing buffered writer: %v", err)
+	}
+
+	return tmpFile.Name(), nil
+}
+
+/*
+ * Convert the JSON logs file into a plain text one.
+ * Note: the caller must delete the generated plain text file after it's done with it.
+ */
+func (l *Logger) GeneratePlainTextFile() (string, error) {
+	return l.GeneratePlainTextFileIn(os.TempDir())
+}
+
+func (l *Logger) LogJobStarted() {
 	event := &JobStartedEvent{
 		Timestamp: int(time.Now().Unix()),
 		Event:     "job_started",
 	}
 
-	return l.Backend.Write(event)
+	err := l.Backend.Write(event)
+	if err != nil {
+		log.Errorf("Error writing job_started log: %v", err)
+	}
 }
 
-func (l *Logger) LogJobFinished(result string) error {
+func (l *Logger) LogJobFinished(result string) {
 	event := &JobFinishedEvent{
 		Timestamp: int(time.Now().Unix()),
 		Event:     "job_finished",
 		Result:    result,
 	}
 
-	return l.Backend.Write(event)
+	err := l.Backend.Write(event)
+	if err != nil {
+		log.Errorf("Error writing job_finished log: %v", err)
+	}
 }
 
-func (l *Logger) LogCommandStarted(directive string) error {
+func (l *Logger) LogCommandStarted(directive string) {
 	event := &CommandStartedEvent{
 		Timestamp: int(time.Now().Unix()),
 		Event:     "cmd_started",
 		Directive: directive,
 	}
 
-	return l.Backend.Write(event)
+	err := l.Backend.Write(event)
+	if err != nil {
+		log.Errorf("Error writing cmd_started log: %v", err)
+	}
 }
 
-func (l *Logger) LogCommandOutput(output string) error {
+func (l *Logger) LogCommandOutput(output string) {
 	event := &CommandOutputEvent{
 		Timestamp: int(time.Now().Unix()),
 		Event:     "cmd_output",
 		Output:    output,
 	}
 
-	return l.Backend.Write(event)
+	err := l.Backend.Write(event)
+	if err != nil {
+		log.Errorf("Error writing cmd_output log: %v", err)
+	}
 }
 
-func (l *Logger) LogCommandFinished(directive string, exitCode int, startedAt int, finishedAt int) error {
+func (l *Logger) LogCommandFinished(directive string, exitCode int, startedAt int, finishedAt int) {
 	event := &CommandFinishedEvent{
 		Timestamp:  int(time.Now().Unix()),
 		Event:      "cmd_finished",
@@ -67,5 +143,8 @@ func (l *Logger) LogCommandFinished(directive string, exitCode int, startedAt in
 		FinishedAt: finishedAt,
 	}
 
-	return l.Backend.Write(event)
+	err := l.Backend.Write(event)
+	if err != nil {
+		log.Errorf("Error writing cmd_finished log: %v", err)
+	}
 }
diff --git a/pkg/eventlogger/logger_test.go b/pkg/eventlogger/logger_test.go
new file mode 100644
index 00000000..18b6c64d
--- /dev/null
+++ b/pkg/eventlogger/logger_test.go
@@ -0,0 +1,103 @@
+package eventlogger
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test__GeneratePlainLogs(t *testing.T) {
+	tmpFileName := filepath.Join(os.TempDir(), fmt.Sprintf("logs_%d.json", time.Now().UnixNano()))
+	backend, _ := NewFileBackend(tmpFileName, DefaultMaxSizeInBytes)
+	assert.Nil(t, backend.Open())
+	logger, _ := NewLogger(backend)
+	generateLogEvents(t, 10, backend)
+
+	file, err := logger.GeneratePlainTextFile()
+	assert.NoError(t, err)
+	assert.FileExists(t, file)
+
+	bytes, err := os.ReadFile(file)
+	assert.NoError(t, err)
+
+	lines := strings.Split(string(bytes), "\n")
+	assert.Equal(t, []string{
+		"echo hello",
+		"hello",
+		"hello",
+		"hello",
+		"hello",
+		"hello",
+		"hello",
+		"hello",
+		"hello",
+		"hello",
+		"hello",
+		"",
+	}, lines)
+
+	assert.NoError(t, logger.Close())
+	os.Remove(file)
+}
+
+func Benchmark__GeneratePlainLogs(b *testing.B) {
+	//
+	// We do not want to account for this setup time in our benchmark
+	// so we stop the timer here, while we are creating the file backend
+	// and generating and writing the log events to it.
+	//
+	b.StopTimer()
+	tmpFileName := filepath.Join(os.TempDir(), fmt.Sprintf("logs_%d.json", time.Now().UnixNano()))
+	backend, _ := NewFileBackend(tmpFileName, DefaultMaxSizeInBytes)
+	require.Nil(b, backend.Open())
+	logger, _ := NewLogger(backend)
+
+	//
+	// Write a lot of log events into our file backend.
+	// In this case, 1M `cmd_output` log events with a random string in it.
+	//
+	buf := make([]byte, 45)
+	expected := []string{}
+	expected = append(expected, "echo hello")
+	generateLogEventsWithOutputGenerator(b, 1000000, backend, func() string {
+		// #nosec
+		_, err := rand.Read(buf)
+		require.NoError(b, err)
+		o := base64.URLEncoding.EncodeToString(buf)
+		expected = append(expected, o)
+		return o
+	})
+
+	expected = append(expected, "")
+
+	//
+	// Actually run the benchmark.
+	// We start the timer at the beginning of the iteration,
+	// and stop it right after logger.GeneratePlainTextFile() returns,
+	// because we only want to account for the amount of time it takes
+	// for that function to run, but we also want to assert the output is correct.
+	//
+	for i := 0; i < b.N; i++ {
+		b.StartTimer()
+		file, err := logger.GeneratePlainTextFile()
+
+		b.StopTimer()
+		require.NoError(b, err)
+		require.FileExists(b, file)
+		bytes, err := os.ReadFile(file)
+		require.NoError(b, err)
+		assert.Equal(b, expected, strings.Split(string(bytes), "\n"))
+
+		os.Remove(file)
+	}
+
+	require.NoError(b, logger.Close())
+}
diff --git a/pkg/eventlogger/test_helpers.go b/pkg/eventlogger/test_helpers.go
new file mode 100644
index 00000000..89b66ee5
--- /dev/null
+++ b/pkg/eventlogger/test_helpers.go
@@ -0,0 +1,76 @@
+package eventlogger
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+func TransformToObjects(events []string) ([]interface{}, error) {
+	objects := []interface{}{}
+	for _, event := range events {
+		var object map[string]interface{}
+		err := json.Unmarshal([]byte(event), &object)
+		if err != nil {
+			return []interface{}{}, err
+		}
+
+		switch eventType := object["event"].(string); {
+		case eventType == "job_started":
+			objects = append(objects, &JobStartedEvent{Event: eventType})
+		case eventType == "job_finished":
+			objects = append(objects, &JobFinishedEvent{Event: eventType, Result: object["result"].(string)})
+		case eventType == "cmd_started":
+			objects = append(objects, &CommandStartedEvent{Event: eventType, Directive: object["directive"].(string)})
+		case eventType == "cmd_output":
+			objects = append(objects, &CommandOutputEvent{Event: eventType, Output: object["output"].(string)})
+		case eventType == "cmd_finished":
+			objects = append(objects, &CommandFinishedEvent{Event: eventType, ExitCode: int(object["exit_code"].(float64))})
+		}
+	}
+
+	return objects, nil
+}
+
+type SimplifyOptions struct {
+	IncludeOutput          bool
+	UseSingleItemForOutput bool
+}
+
+func SimplifyLogEvents(events []interface{}, options SimplifyOptions) ([]string, error) {
+	simplified := []string{}
+
+	output := ""
+
+	for _, event := range events {
+		switch e := event.(type) {
+		case *JobStartedEvent:
+			simplified = append(simplified, "job_started")
+		case *JobFinishedEvent:
+			simplified = append(simplified, "job_finished: "+e.Result)
+		case *CommandStartedEvent:
+			simplified = append(simplified, "directive: "+e.Directive)
+		case *CommandOutputEvent:
+			if options.IncludeOutput {
+				if options.UseSingleItemForOutput {
+					output = output + e.Output
+				} else {
+					simplified = append(simplified, e.Output)
+				}
+			}
+		case *CommandFinishedEvent:
+			if options.IncludeOutput && options.UseSingleItemForOutput {
+				if output != "" {
+					simplified = append(simplified, output)
+				}
+
+				output = ""
+			}
+
+			simplified = append(simplified, fmt.Sprintf("Exit Code: %d", e.ExitCode))
+		default:
+			return []string{}, fmt.Errorf("unknown shell event")
+		}
+	}
+
+	return simplified, nil
+}
diff --git a/pkg/executors/authorized_keys.go b/pkg/executors/authorized_keys.go
index 9a11abd2..22c679c2 100644
--- a/pkg/executors/authorized_keys.go
+++ b/pkg/executors/authorized_keys.go
@@ -8,15 +8,24 @@ import (
 )
 
 func InjectEntriesToAuthorizedKeys(keys []api.PublicKey) error {
-	sshDirectory := filepath.Join(UserHomeDir(), ".ssh")
+	if len(keys) == 0 {
+		return nil
+	}
+
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		return err
+	}
 
-	err := os.MkdirAll(sshDirectory, os.ModePerm)
+	sshDirectory := filepath.Join(homeDir, ".ssh")
+	err = os.MkdirAll(sshDirectory, os.ModePerm)
 	if err != nil {
 		return err
 	}
 
 	authorizedKeysPath := filepath.Join(sshDirectory, "authorized_keys")
 
+	// #nosec
 	authorizedKeys, err := os.OpenFile(
 		authorizedKeysPath,
 		os.O_APPEND|os.O_WRONLY|os.O_CREATE,
@@ -26,19 +35,19 @@ func InjectEntriesToAuthorizedKeys(keys []api.PublicKey) error {
 		return err
 	}
 
-	defer authorizedKeys.Close()
-
 	for _, key := range keys {
 		authorizedKeysEntry, err := key.Decode()
 		if err != nil {
+			_ = authorizedKeys.Close()
 			return err
 		}
 
 		_, err = authorizedKeys.WriteString(string(authorizedKeysEntry) + "\n")
 		if err != nil {
+			_ = authorizedKeys.Close()
 			return err
 		}
 	}
 
-	return nil
+	return authorizedKeys.Close()
 }
diff --git a/pkg/executors/docker_compose_executor.go b/pkg/executors/docker_compose_executor.go
index fdf07ede..32454397 100644
--- a/pkg/executors/docker_compose_executor.go
+++ b/pkg/executors/docker_compose_executor.go
@@ -2,20 +2,25 @@ package executors
 
 import (
 	"bufio"
+	"bytes"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
 	"os/exec"
 	"path"
+	"path/filepath"
+	"runtime"
 	"strings"
 	"time"
 
-	pty "github.com/kr/pty"
 	watchman "github.com/renderedtext/go-watchman"
 	api "github.com/semaphoreci/agent/pkg/api"
+	aws "github.com/semaphoreci/agent/pkg/aws"
+	"github.com/semaphoreci/agent/pkg/config"
+	"github.com/semaphoreci/agent/pkg/docker"
 	eventlogger "github.com/semaphoreci/agent/pkg/eventlogger"
 	shell "github.com/semaphoreci/agent/pkg/shell"
+	log "github.com/sirupsen/logrus"
 )
 
 type DockerComposeExecutor struct {
@@ -26,23 +31,41 @@ type DockerComposeExecutor struct {
 	tmpDirectory              string
 	dockerConfiguration       api.Compose
 	dockerComposeManifestPath string
+	dockerComposeVersion      string
 	mainContainerName         string
+	exposeKvmDevice           bool
+	fileInjections            []config.FileInjection
+	FailOnMissingFiles        bool
 }
 
-func NewDockerComposeExecutor(request *api.JobRequest, logger *eventlogger.Logger) *DockerComposeExecutor {
+type DockerComposeExecutorOptions struct {
+	ExposeKvmDevice    bool
+	FileInjections     []config.FileInjection
+	FailOnMissingFiles bool
+}
+
+func NewDockerComposeExecutor(request *api.JobRequest, logger *eventlogger.Logger, options DockerComposeExecutorOptions) *DockerComposeExecutor {
 	return &DockerComposeExecutor{
 		Logger:                    logger,
 		jobRequest:                request,
 		dockerConfiguration:       request.Compose,
+		exposeKvmDevice:           options.ExposeKvmDevice,
+		fileInjections:            options.FileInjections,
+		FailOnMissingFiles:        options.FailOnMissingFiles,
 		dockerComposeManifestPath: "/tmp/docker-compose.yml",
 		tmpDirectory:              "/tmp/agent-temp-directory", // make a better random name
 
 		// during testing the name main gets taken up, if we make it random we avoid headaches
-		mainContainerName: fmt.Sprintf("%s", request.Compose.Containers[0].Name),
+		mainContainerName: request.Compose.Containers[0].Name,
 	}
 }
 
 func (e *DockerComposeExecutor) Prepare() int {
+	if runtime.GOOS == "windows" {
+		log.Error("docker-compose executor is not supported in Windows")
+		return 1
+	}
+
 	err := os.MkdirAll(e.tmpDirectory, os.ModePerm)
 	if err != nil {
 		return 1
@@ -53,27 +76,67 @@ func (e *DockerComposeExecutor) Prepare() int {
 		return 1
 	}
 
-	compose := ConstructDockerComposeFile(e.dockerConfiguration)
-	log.Println("Compose File:")
-	log.Println(compose)
+	version, err := docker.DockerComposeVersion()
+	if err != nil {
+		log.Errorf("Error finding docker compose: %v", err)
+		return 1
+	}
+
+	log.Infof("Using Docker Compose version %s", version)
+	e.dockerComposeVersion = version
+
+	filesToInject, err := e.findValidFilesToInject()
+	if err != nil {
+		log.Errorf("Error injecting files: %v", err)
+		return 1
+	}
 
-	ioutil.WriteFile(e.dockerComposeManifestPath, []byte(compose), 0644)
+	compose := ConstructDockerComposeFile(e.dockerConfiguration, e.exposeKvmDevice, filesToInject)
+	log.Debug("Compose File:")
+	log.Debug(compose)
+
+	// #nosec
+	err = ioutil.WriteFile(e.dockerComposeManifestPath, []byte(compose), 0644)
+	if err != nil {
+		log.Errorf("Error writing docker compose manifest file: %v", err)
+		return 1
+	}
 
 	return e.setUpSSHJumpPoint()
 }
 
+func (e *DockerComposeExecutor) findValidFilesToInject() ([]config.FileInjection, error) {
+	filesToInject := []config.FileInjection{}
+	for _, fileInjection := range e.fileInjections {
+		err := fileInjection.CheckFileExists()
+		if err == nil {
+			filesToInject = append(filesToInject, fileInjection)
+		} else {
+			if e.FailOnMissingFiles {
+				return nil, err
+			}
+
+			log.Warningf("Error injecting file %s - ignoring it: %v", fileInjection.HostPath, err)
+		}
+	}
+
+	return filesToInject, nil
+}
+
 func (e *DockerComposeExecutor) executeHostCommands() error {
 	hostCommands := e.jobRequest.Compose.HostSetupCommands
 
 	for _, c := range hostCommands {
-		log.Println("Executing Host Command:", c.Directive)
+		log.Debug("Executing Host Command:", c.Directive)
+
+		// #nosec
 		cmd := exec.Command("bash", "-c", c.Directive)
 
 		out, err := cmd.CombinedOutput()
-		log.Println(string(out))
+		log.Debug(string(out))
 
 		if err != nil {
-			log.Println("Error:", err)
+			log.Errorf("Error: %v", err)
 			return err
 		}
 	}
@@ -84,7 +147,7 @@ func (e *DockerComposeExecutor) setUpSSHJumpPoint() int {
 	err := InjectEntriesToAuthorizedKeys(e.jobRequest.SSHPublicKeys)
 
 	if err != nil {
-		log.Printf("Failed to inject authorized keys: %+v", err)
+		log.Errorf("Failed to inject authorized keys: %+v", err)
 		return 1
 	}
 
@@ -117,7 +180,7 @@ func (e *DockerComposeExecutor) setUpSSHJumpPoint() int {
 
 	err = SetUpSSHJumpPoint(script)
 	if err != nil {
-		log.Printf("Failed to set up SSH jump point: %+v", err)
+		log.Errorf("Failed to set up SSH jump point: %+v", err)
 		return 1
 	}
 
@@ -127,13 +190,13 @@ func (e *DockerComposeExecutor) setUpSSHJumpPoint() int {
 func (e *DockerComposeExecutor) Start() int {
 	exitCode := e.injectImagePullSecrets()
 	if exitCode != 0 {
-		log.Printf("[SHELL] Failed to set up image pull secrets")
+		log.Error("[SHELL] Failed to set up image pull secrets")
 		return exitCode
 	}
 
 	exitCode = e.pullDockerImages()
 	if exitCode != 0 {
-		log.Printf("Failed to pull images")
+		log.Error("Failed to pull images")
 		return exitCode
 	}
 
@@ -142,6 +205,16 @@ func (e *DockerComposeExecutor) Start() int {
 	return exitCode
 }
 
+func (e *DockerComposeExecutor) composeExecutableAndArgs() (string, []string) {
+	// Docker Compose plugin (v2+) returns versions with "v" prefix (e.g., v2.20.0, v5.0.0)
+	// Legacy standalone docker-compose (v1) returns versions without "v" prefix (e.g., 1.29.2)
+	if strings.HasPrefix(e.dockerComposeVersion, "v") {
+		return "docker", []string{"compose"}
+	}
+
+	return "docker-compose", []string{}
+}
+
 func (e *DockerComposeExecutor) startBashSession() int {
 	commandStartedAt := int(time.Now().Unix())
 	directive := "Starting the docker image..."
@@ -157,14 +230,16 @@ func (e *DockerComposeExecutor) startBashSession() int {
 
 	e.Logger.LogCommandOutput("Starting a new bash session.\n")
 
-	log.Printf("Starting stateful shell")
+	log.Debug("Starting stateful shell")
 
-	cmd := exec.Command(
-		"docker-compose",
-		"--no-ansi",
+	executable, args := e.composeExecutableAndArgs()
+	args = append(args,
+		"--ansi",
+		"never",
 		"-f",
 		e.dockerComposeManifestPath,
 		"run",
+		"--rm",
 		"--name",
 		e.mainContainerName,
 		"-v",
@@ -175,9 +250,9 @@ func (e *DockerComposeExecutor) startBashSession() int {
 		"bash",
 	)
 
-	shell, err := shell.NewShell(cmd, e.tmpDirectory)
+	shell, err := shell.NewShellFromExecAndArgs(executable, args, e.tmpDirectory)
 	if err != nil {
-		log.Printf("Failed to start stateful shell err: %+v", err)
+		log.Errorf("Failed to start stateful shell err: %+v", err)
 
 		e.Logger.LogCommandOutput("Failed to start the docker image\n")
 		e.Logger.LogCommandOutput(err.Error())
@@ -188,7 +263,7 @@ func (e *DockerComposeExecutor) startBashSession() int {
 
 	err = shell.Start()
 	if err != nil {
-		log.Printf("Failed to start stateful shell err: %+v", err)
+		log.Errorf("Failed to start stateful shell err: %+v", err)
 
 		e.Logger.LogCommandOutput("Failed to start the docker image\n")
 		e.Logger.LogCommandOutput(err.Error())
@@ -226,7 +301,7 @@ func (e *DockerComposeExecutor) injectImagePullSecrets() int {
 		case api.ImagePullCredentialsStrategyDockerHub:
 			exitCode = e.injectImagePullSecretsForDockerHub(c.EnvVars)
 		case api.ImagePullCredentialsStrategyECR:
-			exitCode = e.injectImagePullSecretsForECR(c.EnvVars)
+			exitCode = e.injectImagePullSecretsForECR(c)
 		case api.ImagePullCredentialsStrategyGenericDocker:
 			exitCode = e.injectImagePullSecretsForGenericDocker(c.EnvVars)
 		case api.ImagePullCredentialsStrategyGCR:
@@ -322,27 +397,24 @@ func (e *DockerComposeExecutor) injectImagePullSecretsForGenericDocker(envVars [
 	return 0
 }
 
-func (e *DockerComposeExecutor) injectImagePullSecretsForECR(envVars []api.EnvVar) int {
+func (e *DockerComposeExecutor) injectImagePullSecretsForECR(credentials api.ImagePullCredentials) int {
 	e.Logger.LogCommandOutput("Setting up credentials for ECR\n")
 
-	envs := []string{}
-
-	for _, env := range envVars {
-		name := env.Name
-		value, err := env.Decode()
-
-		if err != nil {
-			e.Logger.LogCommandOutput(fmt.Sprintf("Failed to decode %s\n", name))
-			return 1
-		}
-
-		envs = append(envs, fmt.Sprintf("%s=%s", name, string(value)))
+	envs, err := credentials.ToCmdEnvVars()
+	if err != nil {
+		e.Logger.LogCommandOutput(fmt.Sprintf("Error preparing environment variables: %v", err))
+		return 1
 	}
 
-	loginCmd := `$(aws ecr get-login --no-include-email --region $AWS_REGION)`
+	loginCmd, err := aws.GetECRLoginCmd(credentials)
+	if err != nil {
+		e.Logger.LogCommandOutput(fmt.Sprintf("Failed to determine docker login command: %v\n", err))
+		return 1
+	}
 
 	e.Logger.LogCommandOutput(loginCmd + "\n")
 
+	// #nosec
 	cmd := exec.Command("bash", "-c", loginCmd)
 	cmd.Env = envs
 
@@ -367,12 +439,13 @@ func (e *DockerComposeExecutor) injectImagePullSecretsForGCR(envVars []api.EnvVa
 		content, err := f.Decode()
 
 		if err != nil {
-			e.Logger.LogCommandOutput("Failed to decode content of file.\n")
+			e.Logger.LogCommandOutput("Failed to decode the content of the file.\n")
 			return 1
 		}
 
 		tmpPath := fmt.Sprintf("%s/file", e.tmpDirectory)
 
+		// #nosec
 		err = ioutil.WriteFile(tmpPath, []byte(content), 0644)
 		if err != nil {
 			e.Logger.LogCommandOutput(err.Error() + "\n")
@@ -388,6 +461,8 @@ func (e *DockerComposeExecutor) injectImagePullSecretsForGCR(envVars []api.EnvVa
 		}
 
 		fileCmd := fmt.Sprintf("mkdir -p %s", path.Dir(destPath))
+
+		// #nosec
 		cmd := exec.Command("bash", "-c", fileCmd)
 		out, err := cmd.CombinedOutput()
 		if err != nil {
@@ -397,6 +472,8 @@ func (e *DockerComposeExecutor) injectImagePullSecretsForGCR(envVars []api.EnvVa
 		}
 
 		fileCmd = fmt.Sprintf("cp %s %s", tmpPath, destPath)
+
+		// #nosec
 		cmd = exec.Command("bash", "-c", fileCmd)
 		out, err = cmd.CombinedOutput()
 		if err != nil {
@@ -406,6 +483,8 @@ func (e *DockerComposeExecutor) injectImagePullSecretsForGCR(envVars []api.EnvVa
 		}
 
 		fileCmd = fmt.Sprintf("chmod %s %s", f.Mode, destPath)
+
+		// #nosec
 		cmd = exec.Command("bash", "-c", fileCmd)
 		out, err = cmd.CombinedOutput()
 		if err != nil {
@@ -450,7 +529,7 @@ func (e *DockerComposeExecutor) injectImagePullSecretsForGCR(envVars []api.EnvVa
 }
 
 func (e *DockerComposeExecutor) pullDockerImages() int {
-	log.Printf("Pulling docker images")
+	log.Debug("Pulling docker images")
 	directive := "Pulling docker images..."
 	commandStartedAt := int(time.Now().Unix())
 	e.SubmitDockerStats("compose.docker.pull.rate")
@@ -472,18 +551,23 @@ func (e *DockerComposeExecutor) pullDockerImages() int {
 	// are not present locally.
 	//
 
-	cmd := exec.Command(
-		"docker-compose",
-		"--no-ansi",
+	executable, args := e.composeExecutableAndArgs()
+	args = append(args,
+		"--ansi",
+		"never",
 		"-f",
 		e.dockerComposeManifestPath,
 		"run",
+		"--rm",
 		e.mainContainerName,
-		"true")
+		"true",
+	)
 
-	tty, err := pty.Start(cmd)
+	// #nosec
+	cmd := exec.Command(executable, args...)
+	tty, err := shell.StartPTY(cmd)
 	if err != nil {
-		log.Printf("Failed to initialize docker pull, err: %+v", err)
+		log.Errorf("Failed to initialize docker pull, err: %+v", err)
 		return 1
 	}
 
@@ -494,7 +578,7 @@ func (e *DockerComposeExecutor) pullDockerImages() int {
 			break
 		}
 
-		log.Println("(tty) ", line)
+		log.Debug("(tty) ", line)
 
 		e.Logger.LogCommandOutput(line + "\n")
 	}
@@ -502,12 +586,12 @@ func (e *DockerComposeExecutor) pullDockerImages() int {
 	exitCode := 0
 
 	if err := cmd.Wait(); err != nil {
-		log.Println("Docker pull failed", err)
+		log.Errorf("Docker pull failed: %v", err)
 		e.SubmitDockerStats("compose.docker.error.rate")
 		exitCode = 1
 	}
 
-	log.Println("Docker pull finished. Exit Code", exitCode)
+	log.Infof("Docker pull finished. Exit Code: %d", exitCode)
 
 	commandFinishedAt := int(time.Now().Unix())
 	e.SubmitDockerPullTime(commandFinishedAt - commandStartedAt)
@@ -516,9 +600,9 @@ func (e *DockerComposeExecutor) pullDockerImages() int {
 	return exitCode
 }
 
-func (e *DockerComposeExecutor) ExportEnvVars(envVars []api.EnvVar) int {
+func (e *DockerComposeExecutor) ExportEnvVars(envVars []api.EnvVar, hostEnvVars []config.HostEnvVar) int {
 	commandStartedAt := int(time.Now().Unix())
-	directive := fmt.Sprintf("Exporting environment variables")
+	directive := "Exporting environment variables"
 	exitCode := 0
 
 	e.Logger.LogCommandStarted(directive)
@@ -529,36 +613,30 @@ func (e *DockerComposeExecutor) ExportEnvVars(envVars []api.EnvVar) int {
 		e.Logger.LogCommandFinished(directive, exitCode, commandStartedAt, commandFinishedAt)
 	}()
 
-	envFile := ""
-
-	for _, env := range envVars {
-		e.Logger.LogCommandOutput(fmt.Sprintf("Exporting %s\n", env.Name))
-
-		value, err := env.Decode()
-
-		if err != nil {
-			exitCode = 1
-			return exitCode
-		}
-
-		envFile += fmt.Sprintf("export %s=%s\n", env.Name, ShellQuote(string(value)))
+	environment, err := shell.CreateEnvironment(envVars, hostEnvVars)
+	if err != nil {
+		log.Errorf("Error creating environment: %v", err)
+		exitCode = 1
+		return exitCode
 	}
 
-	envPath := fmt.Sprintf("%s/.env", e.tmpDirectory)
-	err := ioutil.WriteFile(envPath, []byte(envFile), 0644)
+	envFileName := filepath.Join(e.tmpDirectory, ".env")
+	err = environment.ToFile(envFileName, func(name string) {
+		e.Logger.LogCommandOutput(fmt.Sprintf("Exporting %s\n", name))
+	})
 
 	if err != nil {
 		exitCode = 255
 		return exitCode
 	}
 
-	cmd := fmt.Sprintf("source %s", envPath)
+	cmd := fmt.Sprintf("source %s", envFileName)
 	exitCode = e.RunCommand(cmd, true, "")
 	if exitCode != 0 {
 		return exitCode
 	}
 
-	cmd = fmt.Sprintf("echo 'source %s' >> ~/.bash_profile", envPath)
+	cmd = fmt.Sprintf("echo 'source %s' >> ~/.bash_profile", envFileName)
 	exitCode = e.RunCommand(cmd, true, "")
 	if exitCode != 0 {
 		return exitCode
@@ -568,7 +646,7 @@ func (e *DockerComposeExecutor) ExportEnvVars(envVars []api.EnvVar) int {
 }
 
 func (e *DockerComposeExecutor) InjectFiles(files []api.File) int {
-	directive := fmt.Sprintf("Injecting Files")
+	directive := "Injecting Files"
 	commandStartedAt := int(time.Now().Unix())
 	exitCode := 0
 
@@ -582,13 +660,14 @@ func (e *DockerComposeExecutor) InjectFiles(files []api.File) int {
 		content, err := f.Decode()
 
 		if err != nil {
-			e.Logger.LogCommandOutput("Failed to decode content of file.\n")
+			e.Logger.LogCommandOutput("Failed to decode the content of the file.\n")
 			exitCode = 1
 			return exitCode
 		}
 
 		tmpPath := fmt.Sprintf("%s/file", e.tmpDirectory)
 
+		// #nosec
 		err = ioutil.WriteFile(tmpPath, []byte(content), 0644)
 		if err != nil {
 			e.Logger.LogCommandOutput(err.Error() + "\n")
@@ -636,31 +715,52 @@ func (e *DockerComposeExecutor) InjectFiles(files []api.File) int {
 	return exitCode
 }
 
+func (e *DockerComposeExecutor) GetOutputFromCommand(command string) (string, int) {
+	out := bytes.Buffer{}
+	p := e.Shell.NewProcessWithOutput(command, func(output string) {
+		out.WriteString(output)
+	})
+
+	p.Run()
+	return out.String(), p.ExitCode
+}
+
 func (e *DockerComposeExecutor) RunCommand(command string, silent bool, alias string) int {
-	directive := command
-	if alias != "" {
-		directive = alias
+	return e.RunCommandWithOptions(CommandOptions{
+		Command: command,
+		Silent:  silent,
+		Alias:   alias,
+		Warning: "",
+	})
+}
+
+func (e *DockerComposeExecutor) RunCommandWithOptions(options CommandOptions) int {
+	directive := options.Command
+	if options.Alias != "" {
+		directive = options.Alias
 	}
 
-	p := e.Shell.NewProcess(command)
+	p := e.Shell.NewProcessWithOutput(options.Command, func(output string) {
+		if !options.Silent {
+			e.Logger.LogCommandOutput(output)
+		}
+	})
 
-	if !silent {
+	if !options.Silent {
 		e.Logger.LogCommandStarted(directive)
 
-		if alias != "" {
-			e.Logger.LogCommandOutput(fmt.Sprintf("Running: %s\n", command))
+		if options.Alias != "" {
+			e.Logger.LogCommandOutput(fmt.Sprintf("Running: %s\n", options.Command))
 		}
-	}
 
-	p.OnStdout(func(output string) {
-		if !silent {
-			e.Logger.LogCommandOutput(output)
+		if options.Warning != "" {
+			e.Logger.LogCommandOutput(fmt.Sprintf("Warning: %s\n", options.Warning))
 		}
-	})
+	}
 
 	p.Run()
 
-	if !silent {
+	if !options.Silent {
 		e.Logger.LogCommandFinished(directive, p.ExitCode, p.StartedAt, p.FinishedAt)
 	}
 
@@ -668,21 +768,36 @@ func (e *DockerComposeExecutor) RunCommand(command string, silent bool, alias st
 }
 
 func (e *DockerComposeExecutor) Stop() int {
-	log.Println("Starting the process killing procedure")
+	log.Debug("Starting the process killing procedure")
 
-	err := e.Shell.Close()
-	if err != nil {
-		log.Printf("Process killing procedure returned an erorr %+v\n", err)
-
-		return 0
+	if e.Shell != nil {
+		err := e.Shell.Close()
+		if err != nil {
+			log.Errorf("Process killing procedure returned an error %+v\n", err)
+		}
 	}
 
-	log.Printf("Process killing finished without errors")
-
-	return 0
+	return e.Cleanup()
 }
 
 func (e *DockerComposeExecutor) Cleanup() int {
+	log.Info("Cleaning up docker resources")
+
+	executable, args := e.composeExecutableAndArgs()
+	args = append(args,
+		"-f",
+		e.dockerComposeManifestPath,
+		"down",
+		"--remove-orphans",
+	)
+
+	// #nosec
+	cmd := exec.Command(executable, args...)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Errorf("Error removing docker resources: %v - %s", err, output)
+	}
+
 	return 0
 }
 
@@ -692,13 +807,19 @@ func (e *DockerComposeExecutor) SubmitDockerStats(metricName string) {
 
 func (e *DockerComposeExecutor) SubmitStats(imageName, metricName string, tags []string, value int) {
 	if strings.Contains(e.jobRequest.Compose.Containers[0].Image, imageName) {
-		watchman.SubmitWithTags(metricName, tags, value)
+		err := watchman.SubmitWithTags(metricName, tags, value)
+		if err != nil {
+			log.Errorf("Error submiting metrics: %v", err)
+		}
 	}
 }
 
 func (e *DockerComposeExecutor) SubmitDockerPullTime(duration int) {
 	if strings.Contains(e.jobRequest.Compose.Containers[0].Image, "semaphoreci/android") {
 		// only submiting android metrics.
-		watchman.SubmitWithTags("compose.docker.pull.duration", []string{"semaphoreci/android"}, duration)
+		err := watchman.SubmitWithTags("compose.docker.pull.duration", []string{"semaphoreci/android"}, duration)
+		if err != nil {
+			log.Errorf("Error submiting metrics: %v", err)
+		}
 	}
 }
diff --git a/pkg/executors/docker_compose_executor_test.go b/pkg/executors/docker_compose_executor_test.go
index a2fefd6c..dd902f3a 100644
--- a/pkg/executors/docker_compose_executor_test.go
+++ b/pkg/executors/docker_compose_executor_test.go
@@ -3,10 +3,12 @@ package executors
 import (
 	"encoding/base64"
 	"os/exec"
+	"runtime"
 	"testing"
 	"time"
 
 	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
 	eventlogger "github.com/semaphoreci/agent/pkg/eventlogger"
 	assert "github.com/stretchr/testify/assert"
 )
@@ -15,20 +17,20 @@ func startComposeExecutor() (*DockerComposeExecutor, *eventlogger.Logger, *event
 	request := &api.JobRequest{
 		Compose: api.Compose{
 			Containers: []api.Container{
-				api.Container{
+				{
 					Name:  "main",
 					Image: "ruby:2.6",
 				},
-				api.Container{
+				{
 					Name:    "db",
 					Image:   "postgres:9.6",
 					Command: "postgres start",
 					EnvVars: []api.EnvVar{
-						api.EnvVar{
+						{
 							Name:  "FOO",
 							Value: base64.StdEncoding.EncodeToString([]byte("BAR")),
 						},
-						api.EnvVar{
+						{
 							Name:  "FAZ",
 							Value: base64.StdEncoding.EncodeToString([]byte("ZEZ")),
 						},
@@ -48,7 +50,10 @@ func startComposeExecutor() (*DockerComposeExecutor, *eventlogger.Logger, *event
 
 	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
 
-	e := NewDockerComposeExecutor(request, testLogger)
+	e := NewDockerComposeExecutor(request, testLogger, DockerComposeExecutorOptions{
+		ExposeKvmDevice: true,
+		FileInjections:  []config.FileInjection{},
+	})
 
 	if code := e.Prepare(); code != 0 {
 		panic("Prapare failed")
@@ -62,6 +67,10 @@ func startComposeExecutor() (*DockerComposeExecutor, *eventlogger.Logger, *event
 }
 
 func Test__DockerComposeExecutor(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("docker-compose executor is not yet support in Windows")
+	}
+
 	e, _, testLoggerBackend := startComposeExecutor()
 
 	e.RunCommand("echo 'here'", false, "")
@@ -74,14 +83,14 @@ func Test__DockerComposeExecutor(t *testing.T) {
 	e.RunCommand(multilineCmd, false, "")
 
 	envVars := []api.EnvVar{
-		api.EnvVar{Name: "A", Value: "Zm9vCg=="},
+		{Name: "A", Value: "Zm9vCg=="},
 	}
 
-	e.ExportEnvVars(envVars)
+	e.ExportEnvVars(envVars, []config.HostEnvVar{})
 	e.RunCommand("echo $A", false, "")
 
 	files := []api.File{
-		api.File{
+		{
 			Path:    "/tmp/random-file.txt",
 			Content: "YWFhYmJiCgo=",
 			Mode:    "0600",
@@ -96,7 +105,10 @@ func Test__DockerComposeExecutor(t *testing.T) {
 	e.Stop()
 	e.Cleanup()
 
-	assert.Equal(t, testLoggerBackend.SimplifiedEventsWithoutDockerPull(), []string{
+	simplifiedLogEvents, err := testLoggerBackend.SimplifiedEventsWithoutDockerPull()
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedLogEvents, []string{
 		"directive: Pulling docker images...",
 		"Exit Code: 0",
 
@@ -135,6 +147,10 @@ func Test__DockerComposeExecutor(t *testing.T) {
 }
 
 func Test__DockerComposeExecutor__StopingRunningJob(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("docker-compose executor is not yet support in Windows")
+	}
+
 	e, _, testLoggerBackend := startComposeExecutor()
 
 	go func() {
@@ -149,7 +165,10 @@ func Test__DockerComposeExecutor__StopingRunningJob(t *testing.T) {
 
 	time.Sleep(1 * time.Second)
 
-	assert.Equal(t, testLoggerBackend.SimplifiedEventsWithoutDockerPull(), []string{
+	simplifiedLogEvents, err := testLoggerBackend.SimplifiedEventsWithoutDockerPull()
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedLogEvents, []string{
 		"directive: Pulling docker images...",
 		"Exit Code: 0",
 
@@ -165,3 +184,73 @@ func Test__DockerComposeExecutor__StopingRunningJob(t *testing.T) {
 		"Exit Code: 1",
 	})
 }
+
+func Test__DockerComposeExecutor__composeExecutableAndArgs(t *testing.T) {
+	testCases := []struct {
+		name         string
+		version      string
+		expectedExec string
+		expectedArgs []string
+	}{
+		{
+			name:         "v1 legacy standalone",
+			version:      "1.29.2",
+			expectedExec: "docker-compose",
+			expectedArgs: []string{},
+		},
+		{
+			name:         "v2 plugin",
+			version:      "v2.20.0",
+			expectedExec: "docker",
+			expectedArgs: []string{"compose"},
+		},
+		{
+			name:         "v2 plugin with build metadata",
+			version:      "v2.21.0-desktop.1",
+			expectedExec: "docker",
+			expectedArgs: []string{"compose"},
+		},
+		{
+			name:         "v3 plugin",
+			version:      "v3.0.0",
+			expectedExec: "docker",
+			expectedArgs: []string{"compose"},
+		},
+		{
+			name:         "v4 plugin",
+			version:      "v4.0.0",
+			expectedExec: "docker",
+			expectedArgs: []string{"compose"},
+		},
+		{
+			name:         "v5 plugin",
+			version:      "v5.0.0",
+			expectedExec: "docker",
+			expectedArgs: []string{"compose"},
+		},
+		{
+			name:         "v5 plugin with build metadata",
+			version:      "v5.1.0-desktop.1",
+			expectedExec: "docker",
+			expectedArgs: []string{"compose"},
+		},
+		{
+			name:         "future v10 plugin",
+			version:      "v10.0.0",
+			expectedExec: "docker",
+			expectedArgs: []string{"compose"},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			e := &DockerComposeExecutor{
+				dockerComposeVersion: tc.version,
+			}
+
+			exec, args := e.composeExecutableAndArgs()
+			assert.Equal(t, tc.expectedExec, exec)
+			assert.Equal(t, tc.expectedArgs, args)
+		})
+	}
+}
diff --git a/pkg/executors/docker_compose_file.go b/pkg/executors/docker_compose_file.go
index 819ae565..b762e939 100644
--- a/pkg/executors/docker_compose_file.go
+++ b/pkg/executors/docker_compose_file.go
@@ -5,14 +5,21 @@ import (
 	"fmt"
 
 	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
 )
 
 type DockerComposeFile struct {
-	configuration api.Compose
+	configuration   api.Compose
+	exposeKvmDevice bool
+	fileInjections  []config.FileInjection
 }
 
-func ConstructDockerComposeFile(conf api.Compose) string {
-	f := DockerComposeFile{configuration: conf}
+func ConstructDockerComposeFile(conf api.Compose, exposeKvmDevice bool, fileInjections []config.FileInjection) string {
+	f := DockerComposeFile{
+		configuration:   conf,
+		exposeKvmDevice: exposeKvmDevice,
+		fileInjections:  fileInjections,
+	}
 	return f.Construct()
 }
 
@@ -41,8 +48,11 @@ func (f *DockerComposeFile) Service(container api.Container) string {
 	result := ""
 	result += fmt.Sprintf("  %s:\n", container.Name)
 	result += fmt.Sprintf("    image: %s\n", container.Image)
-	result += "    devices:\n"
-	result += "      - \"/dev/kvm:/dev/kvm\"\n"
+
+	if f.exposeKvmDevice {
+		result += "    devices:\n"
+		result += "      - \"/dev/kvm:/dev/kvm\"\n"
+	}
 
 	if container.Command != "" {
 		result += fmt.Sprintf("    command: %s\n", container.Command)
@@ -80,5 +90,12 @@ func (f *DockerComposeFile) ServiceWithLinks(c api.Container, links []api.Contai
 		}
 	}
 
+	if len(f.fileInjections) > 0 {
+		result += "    volumes:\n"
+		for _, fileInjection := range f.fileInjections {
+			result += fmt.Sprintf("      - %s:%s\n", fileInjection.HostPath, fileInjection.Destination)
+		}
+	}
+
 	return result
 }
diff --git a/pkg/executors/docker_compose_file_test.go b/pkg/executors/docker_compose_file_test.go
index a7354207..75811bc1 100644
--- a/pkg/executors/docker_compose_file_test.go
+++ b/pkg/executors/docker_compose_file_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
 	assert "github.com/stretchr/testify/assert"
 )
 
@@ -58,6 +59,6 @@ services:
 
 `
 
-	compose := ConstructDockerComposeFile(conf)
+	compose := ConstructDockerComposeFile(conf, true, []config.FileInjection{})
 	assert.Equal(t, expected, compose)
 }
diff --git a/pkg/executors/executor.go b/pkg/executors/executor.go
index 8621a453..c8c94985 100644
--- a/pkg/executors/executor.go
+++ b/pkg/executors/executor.go
@@ -1,32 +1,29 @@
 package executors
 
 import (
-	"fmt"
-
 	api "github.com/semaphoreci/agent/pkg/api"
-	eventlogger "github.com/semaphoreci/agent/pkg/eventlogger"
+	"github.com/semaphoreci/agent/pkg/config"
 )
 
 type Executor interface {
 	Prepare() int
 	Start() int
-	ExportEnvVars([]api.EnvVar) int
+	ExportEnvVars([]api.EnvVar, []config.HostEnvVar) int
 	InjectFiles([]api.File) int
 	RunCommand(string, bool, string) int
+	RunCommandWithOptions(options CommandOptions) int
+	GetOutputFromCommand(string) (string, int)
 	Stop() int
 	Cleanup() int
 }
 
+type CommandOptions struct {
+	Command string
+	Silent  bool
+	Alias   string
+	Warning string
+}
+
 const ExecutorTypeShell = "shell"
 const ExecutorTypeDockerCompose = "dockercompose"
-
-func CreateExecutor(request *api.JobRequest, logger *eventlogger.Logger) (Executor, error) {
-	switch request.Executor {
-	case ExecutorTypeShell:
-		return NewShellExecutor(request, logger), nil
-	case ExecutorTypeDockerCompose:
-		return NewDockerComposeExecutor(request, logger), nil
-	default:
-		return nil, fmt.Errorf("Uknown executor type")
-	}
-}
+const ExecutorKubernetes = "kubernetes"
diff --git a/pkg/executors/kubernetes_executor.go b/pkg/executors/kubernetes_executor.go
new file mode 100644
index 00000000..a05eea11
--- /dev/null
+++ b/pkg/executors/kubernetes_executor.go
@@ -0,0 +1,466 @@
+package executors
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
+	eventlogger "github.com/semaphoreci/agent/pkg/eventlogger"
+	"github.com/semaphoreci/agent/pkg/kubernetes"
+	shell "github.com/semaphoreci/agent/pkg/shell"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type KubernetesExecutor struct {
+	k8sClient       *kubernetes.KubernetesClient
+	jobRequest      *api.JobRequest
+	podName         string
+	envSecretName   string
+	imagePullSecret string
+	logger          *eventlogger.Logger
+	Shell           *shell.Shell
+
+	// If the executor is stopped before it even starts, we need to cancel it.
+	cancelFunc context.CancelFunc
+
+	// We need to keep track if the initial environment has already
+	// been exposed or not, because ExportEnvVars() gets called twice.
+	initialEnvironmentExposed bool
+}
+
+func NewKubernetesExecutor(jobRequest *api.JobRequest, logger *eventlogger.Logger, k8sConfig kubernetes.Config) (*KubernetesExecutor, error) {
+	clientset, err := kubernetes.NewInClusterClientset()
+	if err != nil {
+		log.Warnf("No in-cluster configuration found - using ~/.kube/config...")
+
+		clientset, err = kubernetes.NewClientsetFromConfig()
+		if err != nil {
+			return nil, fmt.Errorf("error creating kubernetes clientset: %v", err)
+		}
+	}
+
+	k8sClient, err := kubernetes.NewKubernetesClient(clientset, k8sConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return &KubernetesExecutor{
+		k8sClient:  k8sClient,
+		jobRequest: jobRequest,
+		logger:     logger,
+	}, nil
+}
+
+func (e *KubernetesExecutor) Prepare() int {
+	commandStartedAt := int(time.Now().Unix())
+	directive := "Creating Kubernetes resources for job..."
+	exitCode := 0
+
+	e.logger.LogCommandStarted(directive)
+
+	defer func() {
+		commandFinishedAt := int(time.Now().Unix())
+		e.logger.LogCommandFinished(directive, exitCode, commandStartedAt, commandFinishedAt)
+	}()
+
+	err := e.k8sClient.LoadPodSpec()
+	if err != nil {
+		log.Errorf("Failed to load pod spec: %v", err)
+		e.logger.LogCommandOutput(fmt.Sprintf("Failed to load pod spec: %v\n", err))
+		exitCode = 1
+		return exitCode
+	}
+
+	e.podName = fmt.Sprintf("semaphore-job-%s", e.jobRequest.JobID)
+	e.envSecretName = fmt.Sprintf("%s-secret", e.podName)
+	err = e.k8sClient.CreateSecret(e.envSecretName, e.jobRequest)
+	if err != nil {
+		log.Errorf("Failed to create environment secret: %v", err)
+		e.logger.LogCommandOutput(fmt.Sprintf("Failed to create environment secret: %v\n", err))
+		exitCode = 1
+		return exitCode
+	}
+
+	// If image pull credentials are specified in the YAML,
+	// we create a temporary secret to store them and use it to pull the image.
+	if len(e.jobRequest.Compose.ImagePullCredentials) > 0 {
+		e.imagePullSecret = fmt.Sprintf("%s-image-pull-secret", e.podName)
+		err = e.k8sClient.CreateImagePullSecret(e.imagePullSecret, e.jobRequest.Compose.ImagePullCredentials)
+		if err != nil {
+			log.Errorf("Failed to create temporary image pull secret: %v", err)
+			e.logger.LogCommandOutput(fmt.Sprintf("Failed to create temporary image pull secret: %v\n", err))
+			exitCode = 1
+			return exitCode
+		}
+	}
+
+	err = e.k8sClient.CreatePod(e.podName, e.envSecretName, e.imagePullSecret, e.jobRequest)
+	if err != nil {
+		log.Errorf("Failed to create pod: %v", err)
+		e.logger.LogCommandOutput(fmt.Sprintf("Failed to create pod: %v\n", err))
+		exitCode = 1
+		return exitCode
+	}
+
+	return 0
+}
+
+func (e *KubernetesExecutor) Start() int {
+	commandStartedAt := int(time.Now().Unix())
+	directive := "Starting shell session..."
+	exitCode := 0
+
+	e.logger.LogCommandStarted(directive)
+
+	defer func() {
+		commandFinishedAt := int(time.Now().Unix())
+		e.logger.LogCommandFinished(directive, exitCode, commandStartedAt, commandFinishedAt)
+	}()
+
+	ctx, cancel := context.WithCancel(context.TODO())
+	e.cancelFunc = cancel
+
+	err := e.k8sClient.WaitForPod(ctx, e.podName, func(msg string) {
+		e.logger.LogCommandOutput(msg + "\n")
+		log.Info(msg)
+	})
+
+	if err != nil {
+		log.Errorf("Failed to create pod: %v", err)
+		e.logger.LogCommandOutput(fmt.Sprintf("Failed to create pod: %v\n", err))
+		exitCode = 1
+		return exitCode
+	}
+
+	e.logger.LogCommandOutput("Pod is ready.\n")
+	e.logger.LogCommandOutput("Starting a new bash session in the pod...\n")
+
+	// #nosec
+	executable := "kubectl"
+	args := []string{
+		"exec",
+		"-it",
+		e.podName,
+		"-c",
+		"main",
+		"--",
+		"bash",
+		"--login",
+	}
+
+	shell, err := shell.NewShellFromExecAndArgs(executable, args, os.TempDir())
+	if err != nil {
+		log.Errorf("Failed to create shell: %v", err)
+		e.logger.LogCommandOutput("Failed to create shell in kubernetes container\n")
+		e.logger.LogCommandOutput(err.Error())
+
+		exitCode = 1
+		return exitCode
+	}
+
+	err = shell.Start()
+	if err != nil {
+		log.Errorf("Failed to start shell err: %+v", err)
+		e.logger.LogCommandOutput("Failed to start shell in kubernetes container\n")
+		e.logger.LogCommandOutput(err.Error())
+
+		exitCode = 1
+		return exitCode
+	}
+
+	e.logger.LogCommandOutput("Shell session is ready.\n")
+	e.Shell = shell
+
+	// Find the user being used to run the commands.
+	// Mostly helpful when troubleshooting issues with permissions on the container.
+	output, code := e.GetOutputFromCommand("whoami")
+	if code != 0 {
+		log.Errorf("Failed to determine user: exit code %d - %s", code, output)
+		e.logger.LogCommandOutput("Failed to determine user\n")
+		e.logger.LogCommandOutput(fmt.Sprintf("exit code %d - %s", code, output))
+		exitCode = code
+		return exitCode
+	}
+
+	log.Infof("User: %s", output)
+	e.logger.LogCommandOutput(fmt.Sprintf("User: %s", output))
+
+	// Find the user identity for the user being used to run the commands.
+	// Mostly helpful when troubleshooting issues with permissions on the container.
+	output, code = e.GetOutputFromCommand("id")
+	if code != 0 {
+		log.Errorf("Failed to determine user identity: exit code %d - %s", code, output)
+		e.logger.LogCommandOutput("Failed to determine user identity\n")
+		e.logger.LogCommandOutput(fmt.Sprintf("exit code %d - %s", code, output))
+		exitCode = code
+		return exitCode
+	}
+
+	log.Infof("User identity: %s", output)
+	e.logger.LogCommandOutput(fmt.Sprintf("User identity: %s", output))
+
+	// Find the working directory.
+	// Mostly helpful when troubleshooting issues with permissions on the container.
+	output, code = e.GetOutputFromCommand("pwd")
+	if code != 0 {
+		log.Errorf("Failed to determine working directory: exit code %d - %s", code, output)
+		e.logger.LogCommandOutput("Failed to determine working directory\n")
+		e.logger.LogCommandOutput(fmt.Sprintf("exit code %d - %s", code, output))
+		exitCode = code
+		return exitCode
+	}
+
+	log.Infof("Working directory: %s", output)
+	e.logger.LogCommandOutput(fmt.Sprintf("Working directory: %s", output))
+	return exitCode
+}
+
+// This function gets called twice during a job's execution:
+//   - On the first call, the environment variables come from a secret file injected into the pod.
+//   - On the second call, the environment variables (currently, just the job result) need to be exported
+//     through commands executed through the PTY.
+func (e *KubernetesExecutor) ExportEnvVars(envVars []api.EnvVar, hostEnvVars []config.HostEnvVar) int {
+	commandStartedAt := int(time.Now().Unix())
+	directive := "Exporting environment variables"
+	exitCode := 0
+
+	e.logger.LogCommandStarted(directive)
+
+	defer func() {
+		commandFinishedAt := int(time.Now().Unix())
+		e.logger.LogCommandFinished(directive, exitCode, commandStartedAt, commandFinishedAt)
+		e.initialEnvironmentExposed = true
+	}()
+
+	// Include the environment variables exposed in the job log.
+	for _, envVar := range envVars {
+		e.logger.LogCommandOutput(fmt.Sprintf("Exporting %s\n", envVar.Name))
+	}
+
+	// Second call of this function.
+	// Export environment variables through the PTY, one by one, using commands.
+	if e.initialEnvironmentExposed {
+		env, err := shell.CreateEnvironment(envVars, hostEnvVars)
+		if err != nil {
+			exitCode = 1
+			log.Errorf("Error creating environment: %v", err)
+			return exitCode
+		}
+
+		for _, command := range env.ToCommands() {
+			exitCode = e.RunCommand(command, true, "")
+			if exitCode != 0 {
+				log.Errorf("Error exporting environment variables")
+				return exitCode
+			}
+		}
+
+		return exitCode
+	}
+
+	// First call of this function.
+	// In this case, a secret with all the environment variables has been exposed in the pod spec,
+	// so all we need to do here is to source that file through the PTY session.
+	exitCode = e.RunCommand("source /tmp/injected/.env", true, "")
+	if exitCode != 0 {
+		log.Errorf("Error sourcing environment file")
+		return exitCode
+	}
+
+	return exitCode
+}
+
+// All the files have already been exposed to the main container
+// through a temporary secret created before the k8s pod was created, and used in the pod spec.
+// Here, we just need to move the files to their correct location.
+func (e *KubernetesExecutor) InjectFiles(files []api.File) int {
+	directive := "Injecting Files"
+	commandStartedAt := int(time.Now().Unix())
+	exitCode := 0
+	output := ""
+
+	e.logger.LogCommandStarted(directive)
+
+	defer func() {
+		commandFinishedAt := int(time.Now().Unix())
+		e.logger.LogCommandFinished(directive, exitCode, commandStartedAt, commandFinishedAt)
+	}()
+
+	for _, file := range files {
+
+		// Find the key used to inject the file in /tmp/injected
+		fileNameSecretKey := base64.RawURLEncoding.EncodeToString([]byte(file.Path))
+
+		// Normalize path to properly handle absolute/relative/~ paths
+		destPath := ""
+		if file.Path[0] == '/' || file.Path[0] == '~' {
+			destPath = file.Path
+		} else {
+			destPath = "~/" + file.Path
+		}
+
+		e.logger.LogCommandOutput(fmt.Sprintf("Injecting %s with file mode %s\n", file.Path, file.Mode))
+
+		// Create the parent directory
+		parentDir := filepath.Dir(destPath)
+		output, exitCode = e.GetOutputFromCommand(fmt.Sprintf("mkdir -p %s", parentDir))
+		if exitCode != 0 {
+			errMessage := fmt.Sprintf("Error injecting file %s: failed to created parent directory %s: %s\n", destPath, parentDir, output)
+			e.logger.LogCommandOutput(errMessage)
+			log.Errorf(errMessage)
+			return exitCode
+		}
+
+		// Copy the file injected as a secret in the /tmp/injected directory to its proper place
+		output, exitCode = e.GetOutputFromCommand(fmt.Sprintf("cp /tmp/injected/%s %s", fileNameSecretKey, destPath))
+		if exitCode != 0 {
+			errMessage := fmt.Sprintf("Error injecting file %s: %s\n", destPath, output)
+			e.logger.LogCommandOutput(errMessage)
+			log.Errorf(errMessage)
+			return exitCode
+		}
+
+		// Adjust the injected file's mode
+		output, exitCode = e.GetOutputFromCommand(fmt.Sprintf("chmod %s %s", file.Mode, destPath))
+		if exitCode != 0 {
+			errMessage := fmt.Sprintf("Error injecting file %s: error setting file mode %s: %s\n", destPath, file.Mode, output)
+			e.logger.LogCommandOutput(errMessage)
+			log.Errorf(errMessage)
+			return exitCode
+		}
+	}
+
+	return exitCode
+}
+
+func (e *KubernetesExecutor) RunCommand(command string, silent bool, alias string) int {
+	return e.RunCommandWithOptions(CommandOptions{
+		Command: command,
+		Silent:  silent,
+		Alias:   alias,
+		Warning: "",
+	})
+}
+
+// Similar to RunCommand(), but instead of displaying the output
+// of the commands in the job log, we return them to the caller.
+func (e *KubernetesExecutor) GetOutputFromCommand(command string) (string, int) {
+	out := bytes.Buffer{}
+	p := e.Shell.NewProcessWithConfig(shell.Config{
+		UseBase64Encoding: true,
+		Command:           command,
+		Shell:             e.Shell,
+		OnOutput: func(output string) {
+			out.WriteString(output)
+		},
+	})
+
+	p.Run()
+
+	return out.String(), p.ExitCode
+}
+
+func (e *KubernetesExecutor) RunCommandWithOptions(options CommandOptions) int {
+	directive := options.Command
+	if options.Alias != "" {
+		directive = options.Alias
+	}
+
+	/*
+	 * Unlike the shell and docker-compose executors,
+	 * where a folder can be shared between the agent and the PTY executing the commands,
+	 * in here, we don't have that ability. So, we do not use a temporary folder for storing
+	 * the command being executed, and instead use base64 encoding to make sure multiline commands
+	 * and commands with different types of quote usage are handled properly.
+	 */
+	p := e.Shell.NewProcessWithConfig(shell.Config{
+		UseBase64Encoding: true,
+		Command:           options.Command,
+		Shell:             e.Shell,
+		OnOutput: func(output string) {
+			if !options.Silent {
+				e.logger.LogCommandOutput(output)
+			}
+		},
+	})
+
+	if !options.Silent {
+		e.logger.LogCommandStarted(directive)
+
+		if options.Alias != "" {
+			e.logger.LogCommandOutput(fmt.Sprintf("Running: %s\n", options.Command))
+		}
+
+		if options.Warning != "" {
+			e.logger.LogCommandOutput(fmt.Sprintf("Warning: %s\n", options.Warning))
+		}
+	}
+
+	p.Run()
+
+	if !options.Silent {
+		e.logger.LogCommandFinished(directive, p.ExitCode, p.StartedAt, p.FinishedAt)
+	}
+
+	return p.ExitCode
+}
+
+func (e *KubernetesExecutor) Stop() int {
+	log.Debug("Starting the process killing procedure")
+
+	if e.cancelFunc != nil {
+		e.cancelFunc()
+	}
+
+	if e.Shell != nil {
+		err := e.Shell.Close()
+		if err != nil {
+			log.Errorf("Process killing procedure returned an error %+v\n", err)
+		}
+	}
+
+	return e.Cleanup()
+}
+
+func (e *KubernetesExecutor) Cleanup() int {
+	e.removeK8sResources()
+	e.removeLocalResources()
+	return 0
+}
+
+func (e *KubernetesExecutor) removeK8sResources() {
+	if e.podName != "" {
+		if err := e.k8sClient.DeletePod(e.podName); err != nil {
+			log.Errorf("Error deleting pod '%s': %v\n", e.podName, err)
+		}
+	}
+
+	if e.envSecretName != "" {
+		if err := e.k8sClient.DeleteSecret(e.envSecretName); err != nil {
+			log.Errorf("Error deleting secret '%s': %v\n", e.envSecretName, err)
+		}
+	}
+
+	// Not all jobs create this temporary secret,
+	// just the ones that send credentials to pull images
+	// in the job definition, so we only delete it if it was previously created.
+	if e.imagePullSecret != "" {
+		if err := e.k8sClient.DeleteSecret(e.imagePullSecret); err != nil {
+			log.Errorf("Error deleting secret '%s': %v\n", e.imagePullSecret, err)
+		}
+	}
+}
+
+func (e *KubernetesExecutor) removeLocalResources() {
+	envFileName := filepath.Join(os.TempDir(), ".env")
+	if err := os.Remove(envFileName); err != nil {
+		log.Errorf("Error removing local file '%s': %v", envFileName, err)
+	}
+}
diff --git a/pkg/executors/shell_executor.go b/pkg/executors/shell_executor.go
index 02497f30..069b7f41 100644
--- a/pkg/executors/shell_executor.go
+++ b/pkg/executors/shell_executor.go
@@ -1,38 +1,48 @@
 package executors
 
 import (
+	"bytes"
 	"fmt"
-	"io/ioutil"
-	"log"
-	"os/exec"
-	"path"
+	"os"
+	"path/filepath"
+	"runtime"
 	"strings"
 	"time"
 
 	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
 	eventlogger "github.com/semaphoreci/agent/pkg/eventlogger"
 	shell "github.com/semaphoreci/agent/pkg/shell"
+	log "github.com/sirupsen/logrus"
 )
 
 type ShellExecutor struct {
 	Executor
-
-	Logger     *eventlogger.Logger
-	Shell      *shell.Shell
-	jobRequest *api.JobRequest
-
-	tmpDirectory string
+	Logger                  *eventlogger.Logger
+	Shell                   *shell.Shell
+	jobRequest              *api.JobRequest
+	tmpDirectory            string
+	hasSSHJumpPoint         bool
+	shouldUpdateBashProfile bool
+	cleanupAfterClose       []string
 }
 
-func NewShellExecutor(request *api.JobRequest, logger *eventlogger.Logger) *ShellExecutor {
+func NewShellExecutor(request *api.JobRequest, logger *eventlogger.Logger, selfHosted bool) *ShellExecutor {
 	return &ShellExecutor{
-		Logger:       logger,
-		jobRequest:   request,
-		tmpDirectory: "/tmp",
+		Logger:                  logger,
+		jobRequest:              request,
+		tmpDirectory:            os.TempDir(),
+		hasSSHJumpPoint:         !selfHosted,
+		shouldUpdateBashProfile: !selfHosted,
+		cleanupAfterClose:       []string{},
 	}
 }
 
 func (e *ShellExecutor) Prepare() int {
+	if !e.hasSSHJumpPoint {
+		return 0
+	}
+
 	return e.setUpSSHJumpPoint()
 }
 
@@ -40,7 +50,7 @@ func (e *ShellExecutor) setUpSSHJumpPoint() int {
 	err := InjectEntriesToAuthorizedKeys(e.jobRequest.SSHPublicKeys)
 
 	if err != nil {
-		log.Printf("Failed to inject authorized keys: %+v", err)
+		log.Errorf("Failed to inject authorized keys: %+v", err)
 		return 1
 	}
 
@@ -56,7 +66,7 @@ func (e *ShellExecutor) setUpSSHJumpPoint() int {
 
 	err = SetUpSSHJumpPoint(script)
 	if err != nil {
-		log.Printf("Failed to set up SSH jump point: %+v", err)
+		log.Errorf("Failed to set up SSH jump point: %+v", err)
 		return 1
 	}
 
@@ -64,28 +74,40 @@ func (e *ShellExecutor) setUpSSHJumpPoint() int {
 }
 
 func (e *ShellExecutor) Start() int {
-	cmd := exec.Command("bash", "--login")
-
-	shell, err := shell.NewShell(cmd, e.tmpDirectory)
+	sh, err := shell.NewShell(e.tmpDirectory)
 	if err != nil {
-		log.Println(shell)
+		log.Debug(sh)
 		return 1
 	}
 
-	e.Shell = shell
+	e.Shell = sh
 
 	err = e.Shell.Start()
 	if err != nil {
-		log.Println(err)
+		log.Error(err)
 		return 1
 	}
 
 	return 0
 }
 
-func (e *ShellExecutor) ExportEnvVars(envVars []api.EnvVar) int {
+func (e *ShellExecutor) envFileName() string {
+	//
+	// On Windows, we do not use the environment file at all during the job,
+	// but we still need it to be created for debug sessions to work properly.
+	// And, in order for users to be able to "source" the file in a PowerShell debug session,
+	// the file has to be suffixed with the .ps1 suffix.
+	//
+	if runtime.GOOS == "windows" {
+		return filepath.Join(e.tmpDirectory, fmt.Sprintf(".env-%d.ps1", time.Now().UnixNano()))
+	}
+
+	return filepath.Join(e.tmpDirectory, fmt.Sprintf(".env-%d", time.Now().UnixNano()))
+}
+
+func (e *ShellExecutor) ExportEnvVars(envVars []api.EnvVar, hostEnvVars []config.HostEnvVar) int {
 	commandStartedAt := int(time.Now().Unix())
-	directive := fmt.Sprintf("Exporting environment variables")
+	directive := "Exporting environment variables"
 	exitCode := 0
 
 	e.Logger.LogCommandStarted(directive)
@@ -96,98 +118,116 @@ func (e *ShellExecutor) ExportEnvVars(envVars []api.EnvVar) int {
 		e.Logger.LogCommandFinished(directive, exitCode, commandStartedAt, commandFinishedAt)
 	}()
 
-	envFile := ""
-
-	for _, env := range envVars {
-		e.Logger.LogCommandOutput(fmt.Sprintf("Exporting %s\n", env.Name))
-
-		value, err := env.Decode()
-
-		if err != nil {
-			exitCode = 1
-			return exitCode
-		}
-
-		envFile += fmt.Sprintf("export %s=%s\n", env.Name, ShellQuote(string(value)))
+	environment, err := shell.CreateEnvironment(envVars, hostEnvVars)
+	if err != nil {
+		exitCode = 1
+		return exitCode
 	}
 
-	err := ioutil.WriteFile("/tmp/.env", []byte(envFile), 0644)
+	/*
+	 * Create a temporary file containing all the environment variables.
+	 * For Windows agents, we don't use this file for the job itself,
+	 * since we keep track of the environment in-memory due to the lack of a PTY,
+	 * But we still need the file to be created for debug sessions.
+	 */
+	envFileName := e.envFileName()
+	e.cleanupAfterClose = append(e.cleanupAfterClose, envFileName)
+	err = environment.ToFile(envFileName, func(name string) {
+		e.Logger.LogCommandOutput(fmt.Sprintf("Exporting %s\n", name))
+	})
 
 	if err != nil {
 		exitCode = 1
 		return exitCode
 	}
 
-	exitCode = e.RunCommand("source /tmp/.env", true, "")
-	if exitCode != 0 {
+	/*
+	 * In windows, no PTY is used, so we don't source the environment file.
+	 * Instead, we keep track of the environment changes in the shell object itself.
+	 */
+	if runtime.GOOS == "windows" {
+		e.Shell.Env.Append(environment, nil)
+		exitCode = 0
 		return exitCode
 	}
 
-	exitCode = e.RunCommand("echo 'source /tmp/.env' >> ~/.bash_profile", true, "")
+	cmd := fmt.Sprintf("source %s", envFileName)
+	exitCode = e.RunCommand(cmd, true, "")
 	if exitCode != 0 {
 		return exitCode
 	}
 
+	if e.shouldUpdateBashProfile {
+		cmd = fmt.Sprintf("echo 'source %s' >> ~/.bash_profile", envFileName)
+		exitCode = e.RunCommand(cmd, true, "")
+		if exitCode != 0 {
+			return exitCode
+		}
+	}
+
 	return exitCode
 }
 
 func (e *ShellExecutor) InjectFiles(files []api.File) int {
-	directive := fmt.Sprintf("Injecting Files")
+	directive := "Injecting Files"
 	commandStartedAt := int(time.Now().Unix())
 	exitCode := 0
 
 	e.Logger.LogCommandStarted(directive)
 
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		log.Errorf("Error finding home directory: %v\n", err)
+		return 1
+	}
+
 	for _, f := range files {
-		output := fmt.Sprintf("Injecting %s with file mode %s\n", f.Path, f.Mode)
+		destPath := f.NormalizePath(homeDir)
 
+		output := fmt.Sprintf("Injecting %s with file mode %s\n", destPath, f.Mode)
 		e.Logger.LogCommandOutput(output)
 
 		content, err := f.Decode()
 		if err != nil {
-			e.Logger.LogCommandOutput("Failed to decode content of file.\n")
+			e.Logger.LogCommandOutput("Failed to decode the content of the file.\n")
 			exitCode = 1
 			return exitCode
 		}
 
-		tmpPath := fmt.Sprintf("%s/file", e.tmpDirectory)
-
-		err = ioutil.WriteFile(tmpPath, []byte(content), 0644)
+		parentDir := filepath.Dir(destPath)
+		err = os.MkdirAll(parentDir, 0750)
 		if err != nil {
-			e.Logger.LogCommandOutput(err.Error() + "\n")
-			exitCode = 255
+			e.Logger.LogCommandOutput(fmt.Sprintf("Failed to create directory '%s': %v\n", parentDir, err))
+			exitCode = 1
 			break
 		}
 
-		destPath := ""
-
-		if f.Path[0] == '/' || f.Path[0] == '~' {
-			destPath = f.Path
-		} else {
-			destPath = "~/" + f.Path
+		// #nosec
+		destFile, err := os.OpenFile(destPath, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0644)
+		if err != nil {
+			e.Logger.LogCommandOutput(fmt.Sprintf("Failed to create destination path '%s': %v\n", destPath, err))
+			exitCode = 1
+			break
 		}
 
-		cmd := fmt.Sprintf("mkdir -p %s", path.Dir(destPath))
-		exitCode = e.RunCommand(cmd, true, "")
-		if exitCode != 0 {
-			output := fmt.Sprintf("Failed to create destination path %s", destPath)
-			e.Logger.LogCommandOutput(output + "\n")
+		_, err = destFile.Write(content)
+		if err != nil {
+			e.Logger.LogCommandOutput(err.Error() + "\n")
+			exitCode = 255
 			break
 		}
 
-		cmd = fmt.Sprintf("cp %s %s", tmpPath, destPath)
-		exitCode = e.RunCommand(cmd, true, "")
-		if exitCode != 0 {
-			output := fmt.Sprintf("Failed to move to destination path %s %s", tmpPath, destPath)
-			e.Logger.LogCommandOutput(output + "\n")
+		fileMode, err := f.ParseMode()
+		if err != nil {
+			e.Logger.LogCommandOutput(err.Error() + "\n")
+			exitCode = 1
 			break
 		}
 
-		cmd = fmt.Sprintf("chmod %s %s", f.Mode, destPath)
-		exitCode = e.RunCommand(cmd, true, "")
-		if exitCode != 0 {
-			output := fmt.Sprintf("Failed to set file mode to %s", f.Mode)
-			e.Logger.LogCommandOutput(output + "\n")
+		err = os.Chmod(destPath, fileMode)
+		if err != nil {
+			e.Logger.LogCommandOutput(fmt.Sprintf("Failed to set file mode '%s' for '%s': %v\n", f.Mode, destPath, err))
+			exitCode = 1
 			break
 		}
 	}
@@ -199,31 +239,53 @@ func (e *ShellExecutor) InjectFiles(files []api.File) int {
 	return exitCode
 }
 
+func (e *ShellExecutor) GetOutputFromCommand(command string) (string, int) {
+	out := bytes.Buffer{}
+	p := e.Shell.NewProcessWithOutput(command, func(output string) {
+		out.WriteString(output)
+	})
+
+	p.Run()
+
+	return out.String(), p.ExitCode
+}
+
 func (e *ShellExecutor) RunCommand(command string, silent bool, alias string) int {
-	directive := command
-	if alias != "" {
-		directive = alias
+	return e.RunCommandWithOptions(CommandOptions{
+		Command: command,
+		Silent:  silent,
+		Alias:   alias,
+		Warning: "",
+	})
+}
+
+func (e *ShellExecutor) RunCommandWithOptions(options CommandOptions) int {
+	directive := options.Command
+	if options.Alias != "" {
+		directive = options.Alias
 	}
 
-	p := e.Shell.NewProcess(command)
+	p := e.Shell.NewProcessWithOutput(options.Command, func(output string) {
+		if !options.Silent {
+			e.Logger.LogCommandOutput(output)
+		}
+	})
 
-	if !silent {
+	if !options.Silent {
 		e.Logger.LogCommandStarted(directive)
 
-		if alias != "" {
-			e.Logger.LogCommandOutput(fmt.Sprintf("Running: %s\n", command))
+		if options.Alias != "" {
+			e.Logger.LogCommandOutput(fmt.Sprintf("Running: %s\n", options.Command))
 		}
-	}
 
-	p.OnStdout(func(output string) {
-		if !silent {
-			e.Logger.LogCommandOutput(output)
+		if options.Warning != "" {
+			e.Logger.LogCommandOutput(fmt.Sprintf("Warning: %s\n", options.Warning))
 		}
-	})
+	}
 
 	p.Run()
 
-	if !silent {
+	if !options.Silent {
 		e.Logger.LogCommandFinished(directive, p.ExitCode, p.StartedAt, p.FinishedAt)
 	}
 
@@ -231,18 +293,35 @@ func (e *ShellExecutor) RunCommand(command string, silent bool, alias string) in
 }
 
 func (e *ShellExecutor) Stop() int {
-	log.Println("Starting the process killing procedure")
+	log.Debug("Starting the process killing procedure")
 
 	err := e.Shell.Close()
 	if err != nil {
-		fmt.Println(err)
+		log.Error(err)
 	}
 
-	log.Printf("Process killing finished without errors")
+	err = e.Shell.Terminate()
+	if err != nil {
+		log.Errorf("Error terminating shell: %v", err)
+		return 1
+	}
+
+	exitCode := e.Cleanup()
+	if exitCode != 0 {
+		log.Errorf("Error cleaning up executor resources: %v", err)
+		return exitCode
+	}
 
+	log.Debug("Process killing finished without errors")
 	return 0
 }
 
 func (e *ShellExecutor) Cleanup() int {
+	for _, resource := range e.cleanupAfterClose {
+		if err := os.Remove(resource); err != nil {
+			log.Errorf("Error removing %s: %v\n", resource, err)
+		}
+	}
+
 	return 0
 }
diff --git a/pkg/executors/shell_executor_test.go b/pkg/executors/shell_executor_test.go
index 483c9e4c..b3b2706f 100644
--- a/pkg/executors/shell_executor_test.go
+++ b/pkg/executors/shell_executor_test.go
@@ -2,165 +2,442 @@ package executors
 
 import (
 	"encoding/base64"
+	"fmt"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
 	"testing"
 	"time"
 
 	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
 	eventlogger "github.com/semaphoreci/agent/pkg/eventlogger"
 	testsupport "github.com/semaphoreci/agent/test/support"
 	assert "github.com/stretchr/testify/assert"
 )
 
-func Test__ShellExecutor(t *testing.T) {
-	testsupport.SetupTestLogs()
+var UnicodeOutput1 = `特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。`
+var UnicodeOutput2 = `━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`
 
-	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+func Test__ShellExecutor__SSHJumpPointIsCreatedForHosted(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
 
-	request := &api.JobRequest{
-		SSHPublicKeys: []api.PublicKey{
-			api.PublicKey(base64.StdEncoding.EncodeToString([]byte("ssh-rsa aaaaa"))),
-		},
+	sshJumpPointPath := "/tmp/ssh_jump_point"
+	os.Remove(sshJumpPointPath)
+	_, _ = setupShellExecutor(t, false)
+	assert.FileExists(t, sshJumpPointPath)
+	os.Remove(sshJumpPointPath)
+}
+
+func Test__ShellExecutor__SSHJumpPointIsNotCreatedForWindows(t *testing.T) {
+	if runtime.GOOS != "windows" {
+		t.Skip()
 	}
 
-	e := NewShellExecutor(request, testLogger)
+	sshJumpPointPath := "/tmp/ssh_jump_point"
+	os.Remove(sshJumpPointPath)
+	_, _ = setupShellExecutor(t, false)
+	assert.NoFileExists(t, sshJumpPointPath)
+	os.Remove(sshJumpPointPath)
+}
+
+func Test__ShellExecutor__SSHJumpPointIsNotCreatedForSelfHosted(t *testing.T) {
+	sshJumpPointPath := "/tmp/ssh_jump_point"
+	os.Remove(sshJumpPointPath)
+	_, _ = setupShellExecutor(t, true)
+	assert.NoFileExists(t, sshJumpPointPath)
+	os.Remove(sshJumpPointPath)
+}
+
+func Test__ShellExecutor__EnvVars(t *testing.T) {
+	e, testLoggerBackend := setupShellExecutor(t, true)
+	assert.Zero(t, e.ExportEnvVars(
+		[]api.EnvVar{
+			{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("AAA"))},
+			{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("BBB"))},
+			{Name: "VAR_WITH_QUOTES", Value: base64.StdEncoding.EncodeToString([]byte("quotes ' quotes"))},
+			{Name: "VAR_WITH_ENV_VAR", Value: base64.StdEncoding.EncodeToString([]byte(testsupport.NestedEnvVarValue("PATH", ":/etc/a")))},
+		},
+		[]config.HostEnvVar{
+			{Name: "C", Value: "CCC"},
+			{Name: "D", Value: "DDD"},
+		},
+	))
+
+	assert.Zero(t, e.RunCommand(testsupport.EchoEnvVar("A"), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.EchoEnvVar("B"), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.EchoEnvVar("VAR_WITH_QUOTES"), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.EchoEnvVar("VAR_WITH_ENV_VAR"), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.EchoEnvVar("C"), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.EchoEnvVar("D"), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.EchoEnvVar("E"), false, ""))
+	assert.Zero(t, e.Stop())
+	assert.Zero(t, e.Cleanup())
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"directive: Exporting environment variables",
+		"Exporting A\n",
+		"Exporting B\n",
+		"Exporting C\n",
+		"Exporting D\n",
+		"Exporting VAR_WITH_ENV_VAR\n",
+		"Exporting VAR_WITH_QUOTES\n",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("A")),
+		"AAA",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("B")),
+		"BBB",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("VAR_WITH_QUOTES")),
+		"quotes ' quotes",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("VAR_WITH_ENV_VAR")),
+		testsupport.NestedEnvVarValue("PATH", ":/etc/a"),
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("C")),
+		"CCC",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("D")),
+		"DDD",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("E")),
+		"Exit Code: 0",
+	})
+}
 
-	e.Prepare()
-	e.Start()
+func Test__ShellExecutor__InjectFiles(t *testing.T) {
+	e, testLoggerBackend := setupShellExecutor(t, true)
+	homeDir, _ := os.UserHomeDir()
 
-	e.RunCommand("echo 'here'", false, "")
+	absoluteFile := api.File{
+		Path:    filepath.Join(os.TempDir(), "absolute-file.txt"),
+		Content: base64.StdEncoding.EncodeToString([]byte("absolute\n")),
+		Mode:    "0400",
+	}
 
-	multilineCmd := `
-	  if [ -d /etc ]; then
-	    echo 'etc exists, multiline huzzahh!'
-	  fi
-	`
-	e.RunCommand(multilineCmd, false, "")
+	absoluteFileInMissingDir := api.File{
+		Path:    filepath.Join(os.TempDir(), "somedir", "absolute-file-missing-dir.txt"),
+		Content: base64.StdEncoding.EncodeToString([]byte("absolute-in-missing-dir\n")),
+		Mode:    "0440",
+	}
 
-	envVars := []api.EnvVar{
-		api.EnvVar{Name: "A", Value: "Zm9vCg=="},
+	relativeFile := api.File{
+		Path:    filepath.Join("somedir", "relative-file.txt"),
+		Content: base64.StdEncoding.EncodeToString([]byte("relative\n")),
+		Mode:    "0600",
 	}
 
-	e.ExportEnvVars(envVars)
-	e.RunCommand("echo $A", false, "")
+	relativeFileInMissingDir := api.File{
+		Path:    filepath.Join("somedir", "relative-file-in-missing-dir.txt"),
+		Content: base64.StdEncoding.EncodeToString([]byte("relative-in-missing-dir\n")),
+		Mode:    "0644",
+	}
 
-	files := []api.File{
-		api.File{
-			Path:    "/tmp/random-file.txt",
-			Content: "YWFhYmJiCgo=",
-			Mode:    "0600",
-		},
+	homeFile := api.File{
+		Path:    "~/home-file.txt",
+		Content: base64.StdEncoding.EncodeToString([]byte("home\n")),
+		Mode:    "0777",
 	}
 
-	e.InjectFiles(files)
-	e.RunCommand("cat /tmp/random-file.txt", false, "")
+	assert.Zero(t, e.InjectFiles([]api.File{
+		absoluteFile,
+		absoluteFileInMissingDir,
+		relativeFile,
+		relativeFileInMissingDir,
+		homeFile,
+	}))
+
+	assert.Zero(t, e.RunCommand(testsupport.Cat(absoluteFile.NormalizePath(homeDir)), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.Cat(absoluteFileInMissingDir.NormalizePath(homeDir)), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.Cat(relativeFile.NormalizePath(homeDir)), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.Cat(relativeFileInMissingDir.NormalizePath(homeDir)), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.Cat(homeFile.NormalizePath(homeDir)), false, ""))
+	assert.Zero(t, e.Stop())
+	assert.Zero(t, e.Cleanup())
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"directive: Injecting Files",
+		fmt.Sprintf("Injecting %s with file mode 0400\n", absoluteFile.NormalizePath(homeDir)),
+		fmt.Sprintf("Injecting %s with file mode 0440\n", absoluteFileInMissingDir.NormalizePath(homeDir)),
+		fmt.Sprintf("Injecting %s with file mode 0600\n", relativeFile.NormalizePath(homeDir)),
+		fmt.Sprintf("Injecting %s with file mode 0644\n", relativeFileInMissingDir.NormalizePath(homeDir)),
+		fmt.Sprintf("Injecting %s with file mode 0777\n", homeFile.NormalizePath(homeDir)),
+		"Exit Code: 0",
 
-	e.RunCommand("echo $?", false, "")
+		fmt.Sprintf("directive: %s", testsupport.Cat(absoluteFile.NormalizePath(homeDir))),
+		"absolute\n",
+		"Exit Code: 0",
 
-	e.Stop()
-	e.Cleanup()
+		fmt.Sprintf("directive: %s", testsupport.Cat(absoluteFileInMissingDir.NormalizePath(homeDir))),
+		"absolute-in-missing-dir\n",
+		"Exit Code: 0",
 
-	assert.Equal(t, testLoggerBackend.SimplifiedEvents(), []string{
-		"directive: echo 'here'",
-		"here\n",
+		fmt.Sprintf("directive: %s", testsupport.Cat(relativeFile.NormalizePath(homeDir))),
+		"relative\n",
 		"Exit Code: 0",
 
-		"directive: " + multilineCmd,
-		"etc exists, multiline huzzahh!\n",
+		fmt.Sprintf("directive: %s", testsupport.Cat(relativeFileInMissingDir.NormalizePath(homeDir))),
+		"relative-in-missing-dir\n",
 		"Exit Code: 0",
 
-		"directive: Exporting environment variables",
-		"Exporting A\n",
+		fmt.Sprintf("directive: %s", testsupport.Cat(homeFile.NormalizePath(homeDir))),
+		"home\n",
 		"Exit Code: 0",
+	})
 
-		"directive: echo $A",
-		"foo\n",
+	// Assert file modes
+	if runtime.GOOS == "windows" {
+		// windows file modes are a bit different, since it uses ACLs and not flags like unix.
+		// Therefore, 04xx means everybody can read it, 06xx means everybody can write and read it
+		// See: https://pkg.go.dev/os#Chmod
+		assertFileMode(t, absoluteFile.NormalizePath(homeDir), fs.FileMode(0444))
+		assertFileMode(t, absoluteFileInMissingDir.NormalizePath(homeDir), fs.FileMode(0444))
+		assertFileMode(t, relativeFile.NormalizePath(homeDir), fs.FileMode(0666))
+		assertFileMode(t, relativeFileInMissingDir.NormalizePath(homeDir), fs.FileMode(0666))
+		assertFileMode(t, homeFile.NormalizePath(homeDir), fs.FileMode(0666))
+	} else {
+		assertFileMode(t, absoluteFile.NormalizePath(homeDir), fs.FileMode(0400))
+		assertFileMode(t, absoluteFileInMissingDir.NormalizePath(homeDir), fs.FileMode(0440))
+		assertFileMode(t, relativeFile.NormalizePath(homeDir), fs.FileMode(0600))
+		assertFileMode(t, relativeFileInMissingDir.NormalizePath(homeDir), fs.FileMode(0644))
+		assertFileMode(t, homeFile.NormalizePath(homeDir), fs.FileMode(0777))
+	}
+
+	os.Remove(absoluteFile.NormalizePath(homeDir))
+	os.Remove(absoluteFileInMissingDir.NormalizePath(homeDir))
+	os.Remove(relativeFile.NormalizePath(homeDir))
+	os.Remove(relativeFileInMissingDir.NormalizePath(homeDir))
+	os.Remove(homeFile.NormalizePath(homeDir))
+}
+
+func Test__ShellExecutor__MultilineCommand(t *testing.T) {
+	e, testLoggerBackend := setupShellExecutor(t, true)
+
+	assert.Zero(t, e.RunCommand(testsupport.Multiline(), false, ""))
+	assert.Zero(t, e.Stop())
+	assert.Zero(t, e.Cleanup())
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		fmt.Sprintf("directive: %s", testsupport.Multiline()),
+		"etc exists, multiline huzzahh!\n",
 		"Exit Code: 0",
+	})
+}
+
+func Test__ShellExecutor__ChangesCurrentDirectory(t *testing.T) {
+	e, testLoggerBackend := setupShellExecutor(t, true)
+
+	dirName := "somedir"
+	absolutePath := filepath.Join(os.TempDir(), dirName, "some-file.txt")
+	relativePath := filepath.Join(dirName, "some-file.txt")
+
+	fileInDir := api.File{
+		Path:    absolutePath,
+		Content: base64.StdEncoding.EncodeToString([]byte("content")),
+		Mode:    "0644",
+	}
+
+	assert.Zero(t, e.InjectFiles([]api.File{fileInDir}))
+
+	// fails because current directory is not 'dirName'
+	assert.NotZero(t, e.RunCommand(testsupport.Cat(relativePath), false, ""))
 
+	// works because we are now in the correct directory
+	assert.Zero(t, e.RunCommand(testsupport.Chdir(os.TempDir()), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.Cat(relativePath), false, ""))
+
+	assert.Zero(t, e.Stop())
+	assert.Zero(t, e.Cleanup())
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(false, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
 		"directive: Injecting Files",
-		"Injecting /tmp/random-file.txt with file mode 0600\n",
 		"Exit Code: 0",
 
-		"directive: cat /tmp/random-file.txt",
-		"aaabbb\n\n",
+		fmt.Sprintf("directive: %s", testsupport.Cat(relativePath)),
+		"Exit Code: 1",
+
+		fmt.Sprintf("directive: %s", testsupport.Chdir(os.TempDir())),
 		"Exit Code: 0",
 
-		"directive: echo $?",
-		"0\n",
+		fmt.Sprintf("directive: %s", testsupport.Cat(relativePath)),
 		"Exit Code: 0",
 	})
 }
 
-func Test__ShellExecutor__StopingRunningJob(t *testing.T) {
-	testsupport.SetupTestLogs()
+func Test__ShellExecutor__ChangesEnvVars(t *testing.T) {
+	e, testLoggerBackend := setupShellExecutor(t, true)
 
-	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	varName := "IMPORTANT_VAR"
+	assert.Zero(t, e.RunCommand(testsupport.EchoEnvVar(varName), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.SetEnvVar(varName, "IMPORTANT_VAR_VALUE"), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.EchoEnvVar(varName), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.UnsetEnvVar(varName), false, ""))
 
-	request := &api.JobRequest{
-		SSHPublicKeys: []api.PublicKey{
-			api.PublicKey(base64.StdEncoding.EncodeToString([]byte("ssh-rsa aaaaa"))),
-		},
-	}
+	assert.Zero(t, e.Stop())
+	assert.Zero(t, e.Cleanup())
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar(varName)),
+		"Exit Code: 0",
 
-	e := NewShellExecutor(request, testLogger)
+		fmt.Sprintf("directive: %s", testsupport.SetEnvVar(varName, "IMPORTANT_VAR_VALUE")),
+		"Exit Code: 0",
 
-	e.Prepare()
-	e.Start()
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar(varName)),
+		"IMPORTANT_VAR_VALUE",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.UnsetEnvVar(varName)),
+		"Exit Code: 0",
+	})
+}
+
+func Test__ShellExecutor__StoppingRunningJob(t *testing.T) {
+	e, testLoggerBackend := setupShellExecutor(t, true)
 
 	go func() {
-		e.RunCommand("echo 'here'", false, "")
-		e.RunCommand("sleep 5", false, "")
+		e.RunCommand("echo here", false, "")
+		e.RunCommand("sleep 20", false, "")
 	}()
 
-	time.Sleep(1 * time.Second)
+	time.Sleep(10 * time.Second)
 
-	e.Stop()
-	e.Cleanup()
+	assert.Zero(t, e.Stop())
+	assert.Zero(t, e.Cleanup())
 
 	time.Sleep(1 * time.Second)
 
-	assert.Equal(t, testLoggerBackend.SimplifiedEvents()[0:4], []string{
-		"directive: echo 'here'",
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents[0:4], []string{
+		"directive: echo here",
 		"here\n",
 		"Exit Code: 0",
 
-		"directive: sleep 5",
+		"directive: sleep 20",
 	})
 }
 
 func Test__ShellExecutor__LargeCommandOutput(t *testing.T) {
-	testsupport.SetupTestLogs()
+	e, testLoggerBackend := setupShellExecutor(t, true)
 
-	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	assert.Zero(t, e.RunCommand(testsupport.LargeOutputCommand(), false, ""))
+	assert.Zero(t, e.Stop())
+	assert.Zero(t, e.Cleanup())
 
-	request := &api.JobRequest{
-		SSHPublicKeys: []api.PublicKey{
-			api.PublicKey(base64.StdEncoding.EncodeToString([]byte("ssh-rsa aaaaa"))),
-		},
-	}
+	time.Sleep(1 * time.Second)
 
-	e := NewShellExecutor(request, testLogger)
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, true)
+	assert.Nil(t, err)
 
-	e.Prepare()
-	e.Start()
+	assert.Equal(t, simplifiedEvents, []string{
+		fmt.Sprintf("directive: %s", testsupport.LargeOutputCommand()),
+		strings.Repeat("hello", 100),
+		"Exit Code: 0",
+	})
+}
+
+func Test__ShellExecutor__Unicode(t *testing.T) {
+	e, testLoggerBackend := setupShellExecutor(t, true)
+	assert.Zero(t, e.RunCommand(testsupport.Output(UnicodeOutput1), false, ""))
+	assert.Zero(t, e.RunCommand(testsupport.Output(UnicodeOutput2), false, ""))
+	assert.Zero(t, e.Stop())
+	assert.Zero(t, e.Cleanup())
+
+	time.Sleep(1 * time.Second)
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, true)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		fmt.Sprintf("directive: %s", testsupport.Output(UnicodeOutput1)),
+		"特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output(UnicodeOutput2)),
+		"━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━",
+		"Exit Code: 0",
+	})
+}
+
+func Test__ShellExecutor__BrokenUnicode(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	e, testLoggerBackend := setupShellExecutor(t, true)
 
 	go func() {
-		e.RunCommand("for i in {1..100}; { printf 'hello'; }", false, "")
+		assert.Zero(t, e.RunCommand(testsupport.EchoBrokenUnicode(), false, ""))
 	}()
 
 	time.Sleep(5 * time.Second)
 
-	e.Stop()
-	e.Cleanup()
+	assert.Zero(t, e.Stop())
+	assert.Zero(t, e.Cleanup())
 
 	time.Sleep(1 * time.Second)
 
-	assert.Equal(t, testLoggerBackend.SimplifiedEvents(), []string{
-		"directive: for i in {1..100}; { printf 'hello'; }",
-		"hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello",
-		"hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello",
-		"hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello",
-		"hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello",
-		"hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello",
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		fmt.Sprintf("directive: %s", testsupport.EchoBrokenUnicode()),
+		"\u0096\u0096\u0096\u0096\u0096",
 		"Exit Code: 0",
 	})
 }
+
+func basicRequest() *api.JobRequest {
+	return &api.JobRequest{
+		SSHPublicKeys: []api.PublicKey{
+			api.PublicKey(base64.StdEncoding.EncodeToString([]byte("ssh-rsa aaaaa"))),
+		},
+	}
+}
+
+func assertFileMode(t *testing.T, fileName string, fileMode fs.FileMode) {
+	stat, err := os.Stat(fileName)
+	if assert.Nil(t, err) {
+		assert.Equal(t, stat.Mode(), fileMode)
+	}
+}
+
+func setupShellExecutor(t *testing.T, selfHosted bool) (*ShellExecutor, *eventlogger.InMemoryBackend) {
+	testsupport.SetupTestLogs()
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	e := NewShellExecutor(basicRequest(), testLogger, selfHosted)
+
+	assert.Zero(t, e.Prepare())
+	assert.Zero(t, e.Start())
+
+	return e, testLoggerBackend
+}
diff --git a/pkg/executors/ssh_jump_point.go b/pkg/executors/ssh_jump_point.go
index 9baad36e..e62d1360 100644
--- a/pkg/executors/ssh_jump_point.go
+++ b/pkg/executors/ssh_jump_point.go
@@ -1,16 +1,32 @@
 package executors
 
-import "os"
+import (
+	"os"
+	"runtime"
 
-const SSHJumpPointPath = "/tmp/ssh_jump_point"
+	log "github.com/sirupsen/logrus"
+)
 
 func SetUpSSHJumpPoint(script string) error {
-	f, err := os.OpenFile(SSHJumpPointPath, os.O_WRONLY|os.O_CREATE, 0644)
+	if runtime.GOOS == "windows" {
+		log.Warn("Debug sessions are not supported in Windows - skipping")
+		return nil
+	}
+
+	/*
+	 * We can't use os.TempDir() here, because on macOS,
+	 * $TMPDIR resolves to something like /var/folders/rg/92ky7bj54xj6pcv5l24g6l_00000gn/T/,
+	 * and the sem CLI needs a /tmp/ssh_jump_point file.
+	 */
+	path := "/tmp/ssh_jump_point"
+
+	// #nosec
+	f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, 0644)
 	if err != nil {
 		return err
 	}
 
 	_, err = f.WriteString(script)
-
+	_ = f.Close()
 	return err
 }
diff --git a/pkg/executors/utils.go b/pkg/executors/utils.go
deleted file mode 100644
index bb584e69..00000000
--- a/pkg/executors/utils.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package executors
-
-import (
-	"os"
-	"regexp"
-	"runtime"
-	"strings"
-)
-
-func UserHomeDir() string {
-	if runtime.GOOS == "windows" {
-		home := os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH")
-		if home == "" {
-			home = os.Getenv("USERPROFILE")
-		}
-		return home
-	}
-	return os.Getenv("HOME")
-}
-
-func ShellQuote(s string) string {
-	pattern := regexp.MustCompile(`[^\w@%+=:,./-]`)
-
-	if len(s) == 0 {
-		return "''"
-	}
-	if pattern.MatchString(s) {
-		return "'" + strings.Replace(s, "'", "'\"'\"'", -1) + "'"
-	}
-
-	return s
-}
diff --git a/pkg/httputils/httputils.go b/pkg/httputils/httputils.go
new file mode 100644
index 00000000..fbf36a25
--- /dev/null
+++ b/pkg/httputils/httputils.go
@@ -0,0 +1,5 @@
+package httputils
+
+func IsSuccessfulCode(code int) bool {
+	return code >= 200 && code < 300
+}
diff --git a/pkg/jobs/job.go b/pkg/jobs/job.go
index 4a199c10..1561bb01 100644
--- a/pkg/jobs/job.go
+++ b/pkg/jobs/job.go
@@ -2,20 +2,41 @@ package jobs
 
 import (
 	"bytes"
+	"encoding/base64"
 	"fmt"
-	"log"
+	"net/http"
+	"os"
+	"os/exec"
+	"runtime"
+	"strconv"
+	"strings"
 	"time"
 
 	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/compression"
+	"github.com/semaphoreci/agent/pkg/config"
 	eventlogger "github.com/semaphoreci/agent/pkg/eventlogger"
 	executors "github.com/semaphoreci/agent/pkg/executors"
-	pester "github.com/sethgrid/pester"
+	httputils "github.com/semaphoreci/agent/pkg/httputils"
+	"github.com/semaphoreci/agent/pkg/kubernetes"
+	"github.com/semaphoreci/agent/pkg/listener/selfhostedapi"
+	"github.com/semaphoreci/agent/pkg/retry"
+	log "github.com/sirupsen/logrus"
 )
 
-const JOB_PASSED = "passed"
-const JOB_FAILED = "failed"
+const JobPassed = "passed"
+const JobFailed = "failed"
+const JobStopped = "stopped"
+
+// By default, we will only compress the job logs before uploading them as an artifact
+// if their size goes above 100MB. However, the SEMAPHORE_AGENT_LOGS_COMPRESSION_SIZE environment
+// variable can be used to configure that value, with anything between 1MB and 1GB being possible.
+const MinSizeForCompression = 1024 * 1024
+const DefaultSizeForCompression = 1024 * 1024 * 100
+const MaxSizeForCompression = 1024 * 1024 * 1024
 
 type Job struct {
+	Client  *http.Client
 	Request *api.JobRequest
 	Logger  *eventlogger.Logger
 
@@ -23,52 +44,200 @@ type Job struct {
 
 	JobLogArchived bool
 	Stopped        bool
+	Finished       bool
+	UploadJobLogs  string
+	UserAgent      string
+}
 
-	//
-	// The Teardown phase can be entered either after:
-	//  - a regular job execution ends
-	//  - from the Job.Stop procedure
-	//
-	// With this lock, we are making sure that only one Teardown is
-	// executed. This solves the race condition where both the job finishes
-	// and the job stops at the same time.
-	//
-	TeardownLock Lock
+type JobOptions struct {
+	Request                          *api.JobRequest
+	Client                           *http.Client
+	Logger                           *eventlogger.Logger
+	ExposeKvmDevice                  bool
+	FileInjections                   []config.FileInjection
+	FailOnMissingFiles               bool
+	SelfHosted                       bool
+	UseKubernetesExecutor            bool
+	PodSpecDecoratorConfigMap        string
+	KubernetesPodStartTimeoutSeconds int
+	KubernetesLabels                 map[string]string
+	KubernetesImageValidator         *kubernetes.ImageValidator
+	KubernetesDefaultImage           string
+	UploadJobLogs                    string
+	RefreshTokenFn                   func() (string, error)
+	UserAgent                        string
 }
 
-func NewJob(request *api.JobRequest) (*Job, error) {
-	log.Printf("Constructing an executor for the job")
+func NewJob(request *api.JobRequest, client *http.Client) (*Job, error) {
+	return NewJobWithOptions(&JobOptions{
+		Request:            request,
+		Client:             client,
+		ExposeKvmDevice:    true,
+		FileInjections:     []config.FileInjection{},
+		FailOnMissingFiles: false,
+		SelfHosted:         false,
+		RefreshTokenFn:     nil,
+	})
+}
 
-	if request.Executor == "" {
-		request.Executor = executors.ExecutorTypeShell
+func NewJobWithOptions(options *JobOptions) (*Job, error) {
+	if options.Request.Executor == "" {
+		log.Infof("No executor specified - using %s executor", executors.ExecutorTypeShell)
+		options.Request.Executor = executors.ExecutorTypeShell
 	}
 
-	logger, err := eventlogger.Default()
-	if err != nil {
-		return nil, err
+	if options.Request.Logger.Method == "" {
+		log.Infof("No logger method specified - using %s logger method", eventlogger.LoggerMethodPull)
+		options.Request.Logger.Method = eventlogger.LoggerMethodPull
 	}
 
-	executor, err := executors.CreateExecutor(request, logger)
+	job := &Job{
+		Client:         options.Client,
+		Request:        options.Request,
+		JobLogArchived: false,
+		Stopped:        false,
+		UploadJobLogs:  options.UploadJobLogs,
+		UserAgent:      options.UserAgent,
+	}
+
+	if options.Logger != nil {
+		job.Logger = options.Logger
+	} else {
+		l, err := eventlogger.CreateLogger(eventlogger.LoggerOptions{
+			Request:        options.Request,
+			RefreshTokenFn: options.RefreshTokenFn,
+			UserAgent:      options.UserAgent,
+		})
+
+		if err != nil {
+			return nil, err
+		}
+
+		job.Logger = l
+	}
+
+	executor, err := CreateExecutor(options.Request, job.Logger, *options)
 	if err != nil {
+		_ = job.Logger.Close()
 		return nil, err
 	}
 
-	log.Printf("Job Request %+v\n", request)
-	log.Printf("Constructed job")
+	job.Executor = executor
+	return job, nil
+}
 
-	return &Job{
-		Request:        request,
-		Executor:       executor,
-		JobLogArchived: false,
-		Stopped:        false,
-		Logger:         logger,
-	}, nil
+func CreateExecutor(request *api.JobRequest, logger *eventlogger.Logger, jobOptions JobOptions) (executors.Executor, error) {
+	if jobOptions.UseKubernetesExecutor {
+		// The downwards API allows the namespace to be exposed
+		// to the agent container through an environment variable.
+		// See: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information.
+		namespace := os.Getenv("KUBERNETES_NAMESPACE")
+		if namespace == "" {
+			namespace = "default"
+		}
+
+		return executors.NewKubernetesExecutor(request, logger, kubernetes.Config{
+			Namespace:                 namespace,
+			ImageValidator:            jobOptions.KubernetesImageValidator,
+			PodSpecDecoratorConfigMap: jobOptions.PodSpecDecoratorConfigMap,
+			PodPollingAttempts:        jobOptions.KubernetesPodStartTimeoutSeconds,
+			Labels:                    jobOptions.KubernetesLabels,
+			PodPollingInterval:        time.Second,
+			DefaultImage:              jobOptions.KubernetesDefaultImage,
+		})
+	}
+
+	switch request.Executor {
+	case executors.ExecutorTypeShell:
+		return executors.NewShellExecutor(request, logger, jobOptions.SelfHosted), nil
+	case executors.ExecutorTypeDockerCompose:
+		executorOptions := executors.DockerComposeExecutorOptions{
+			ExposeKvmDevice:    jobOptions.ExposeKvmDevice,
+			FileInjections:     jobOptions.FileInjections,
+			FailOnMissingFiles: jobOptions.FailOnMissingFiles,
+		}
+
+		return executors.NewDockerComposeExecutor(request, logger, executorOptions), nil
+	default:
+		return nil, fmt.Errorf("unknown executor type")
+	}
+}
+
+type RunOptions struct {
+	EnvVars               []config.HostEnvVar
+	PreJobHookPath        string
+	PostJobHookPath       string
+	FailOnPreJobHookError bool
+	SourcePreJobHook      bool
+	OnJobFinished         func(selfhostedapi.JobResult)
+	CallbackRetryAttempts int
+}
+
+func (o *RunOptions) GetPreJobHookWarning() string {
+	if o.PreJobHookPath == "" {
+		return ""
+	}
+
+	if o.FailOnPreJobHookError {
+		return `The agent is configured to fail the job if the pre-job hook fails.`
+	}
+
+	return `The agent is configured to proceed with the job even if the pre-job hook fails.`
+}
+
+func (o *RunOptions) GetPreJobHookCommand() string {
+
+	/*
+	 * If we are dealing with PowerShell, we make sure to just call the script directly,
+	 * without creating a new powershell process. If we did, people would need to set
+	 * $ErrorActionPreference to "STOP" in order for errors to propagate properly.
+	 */
+	if runtime.GOOS == "windows" {
+		return o.PreJobHookPath
+	}
+
+	/*
+	 * This executes the pre-job hook without opening a new shell.
+	 * That means that changes to the environment performed in the hook
+	 * (current directory, environment variables, export commands)
+	 * will be visible by the next job commands.
+	 */
+	if o.SourcePreJobHook {
+		return fmt.Sprintf("source %s", o.PreJobHookPath)
+	}
+
+	return fmt.Sprintf("bash %s", o.PreJobHookPath)
+}
+
+func (o *RunOptions) GetPostJobHookCommand() string {
+
+	/*
+	 * If we are dealing with PowerShell, we make sure to just call the script directly,
+	 * without creating a new powershell process. If we did, people would need to set
+	 * $ErrorActionPreference to "STOP" in order for errors to propagate properly.
+	 */
+	if runtime.GOOS == "windows" {
+		return o.PostJobHookPath
+	}
+
+	return fmt.Sprintf("bash %s", o.PostJobHookPath)
 }
 
 func (job *Job) Run() {
-	log.Printf("Job Started")
+	job.RunWithOptions(RunOptions{
+		EnvVars:               []config.HostEnvVar{},
+		PreJobHookPath:        "",
+		PostJobHookPath:       "",
+		OnJobFinished:         nil,
+		CallbackRetryAttempts: 60,
+	})
+}
+
+func (job *Job) RunWithOptions(options RunOptions) {
+	log.Infof("Running job %s", job.Request.JobID)
 	executorRunning := false
-	result := JOB_FAILED
+	epiloguesExecuted := false
+	result := JobFailed
 
 	job.Logger.LogJobStarted()
 
@@ -76,74 +245,214 @@ func (job *Job) Run() {
 	if exitCode == 0 {
 		executorRunning = true
 	} else {
-		log.Printf("Executor failed to boot up")
+		log.Error("Executor failed to boot up")
 	}
 
 	if executorRunning {
-		result = job.RunRegularCommands()
+		result = job.RunRegularCommands(options)
+		log.Debug("Exporting job result")
 
-		log.Printf("Regular Commands Finished. Result: %s", result)
+		if !job.Stopped {
+			log.Debug("Handling epilogues")
+			job.handleEpilogues(result)
+			epiloguesExecuted = true
+		}
+	}
 
-		log.Printf("Exporting job result")
+	// The post-job hook executes after the job's commands finished,
+	// so they do not influence the job's result, just like the epilogues.
+	job.runPostJobHook(options)
 
-		job.RunCommandsUntilFirstFailure([]api.Command{
-			api.Command{
-				Directive: fmt.Sprintf("export SEMAPHORE_JOB_RESULT=%s", result),
-			},
-		})
-
-		log.Printf("Starting Epilogue Always Commands.")
-		job.RunCommandsUntilFirstFailure(job.Request.EpilogueAlwaysCommands)
+	result, err := job.Teardown(result, epiloguesExecuted, options.CallbackRetryAttempts)
+	if err != nil {
+		log.Errorf("Error tearing down job: %v", err)
+	}
 
-		if result == JOB_PASSED {
-			log.Printf("Starting Epilogue On Pass Commands.")
-			job.RunCommandsUntilFirstFailure(job.Request.EpilogueOnPassCommands)
-		} else {
-			log.Printf("Starting Epilogue On Fail Commands.")
-			job.RunCommandsUntilFirstFailure(job.Request.EpilogueOnFailCommands)
-		}
+	// the executor is already stopped when the job is stopped, so there's no need to stop it again
+	if !job.Stopped {
+		job.Executor.Stop()
 	}
 
-	job.Teardown(result)
+	job.Finished = true
+	if options.OnJobFinished != nil {
+		options.OnJobFinished(selfhostedapi.JobResult(result))
+	}
 }
 
 func (job *Job) PrepareEnvironment() int {
 	exitCode := job.Executor.Prepare()
 	if exitCode != 0 {
-		log.Printf("Failed to prepare executor")
+		log.Error("Failed to prepare executor")
 		return exitCode
 	}
 
 	exitCode = job.Executor.Start()
 	if exitCode != 0 {
-		log.Printf("Failed to start executor")
+		log.Error("Failed to start executor")
 		return exitCode
 	}
 
 	return 0
 }
 
-func (job *Job) RunRegularCommands() string {
-	exitCode := job.Executor.ExportEnvVars(job.Request.EnvVars)
-	if exitCode != 0 {
-		log.Printf("Failed to export env vars")
+func (job *Job) envVar(name string) string {
+	if runtime.GOOS == "windows" {
+		return "$env:" + name
+	}
 
-		return JOB_FAILED
+	return "$" + name
+}
+
+func (job *Job) RunRegularCommands(options RunOptions) string {
+	exitCode := job.Executor.ExportEnvVars(job.Request.EnvVars, options.EnvVars)
+	if exitCode != 0 {
+		log.Error("Failed to export env vars")
+		return JobFailed
 	}
 
 	exitCode = job.Executor.InjectFiles(job.Request.Files)
 	if exitCode != 0 {
-		log.Printf("Failed to inject files")
+		log.Error("Failed to inject files")
+		return JobFailed
+	}
+
+	shouldProceed := job.runPreJobHook(options)
+	if !shouldProceed {
+		return JobFailed
+	}
 
-		return JOB_FAILED
+	if len(job.Request.Commands) == 0 {
+		exitCode = 0
+	} else {
+		exitCode = job.RunCommandsUntilFirstFailure(job.Request.Commands)
 	}
 
-	exitCode = job.RunCommandsUntilFirstFailure(job.Request.Commands)
+	// Job was stopped from UI or API
+	if job.Stopped {
+		log.Info("Regular commands were stopped")
+		return JobStopped
+	}
+
+	// Job was stopped from the job itself.
+	// Here, we need to know which job status to report.
+	// We use the SEMAPHORE_JOB_RESULT environment variable for that.
+	if exitCode == 130 {
+		job.Stopped = true
+		return job.handleStopExitCode()
+	}
 
 	if exitCode == 0 {
-		return JOB_PASSED
-	} else {
-		return JOB_FAILED
+		log.Info("Regular commands finished successfully")
+		return JobPassed
+	}
+
+	log.Info("Regular commands finished with failure")
+	return JobFailed
+}
+
+func (job *Job) handleStopExitCode() string {
+	directive := "Checking job result"
+	job.Logger.LogCommandStarted(directive)
+	defer func() {
+		now := int(time.Now().Unix())
+		job.Logger.LogCommandFinished(directive, 0, now, now)
+	}()
+
+	output, _ := job.Executor.GetOutputFromCommand("echo " + job.envVar("SEMAPHORE_JOB_RESULT"))
+	status := strings.Trim(output, "\n")
+	switch status {
+	case "passed":
+		job.Logger.LogCommandOutput("SEMAPHORE_JOB_RESULT=passed - stopping job and marking it as passed")
+		return JobPassed
+	case "failed":
+		job.Logger.LogCommandOutput("SEMAPHORE_JOB_RESULT=failed - stopping job and marking it as failed")
+		return JobFailed
+	default:
+		job.Logger.LogCommandOutput(fmt.Sprintf(
+			"SEMAPHORE_JOB_RESULT is set to '%s' - stopping job and marking it as stopped", status),
+		)
+		return JobStopped
+	}
+}
+
+func (job *Job) runPreJobHook(options RunOptions) bool {
+	if options.PreJobHookPath == "" {
+		log.Info("No pre-job hook configured.")
+		return true
+	}
+
+	log.Infof("Executing pre-job hook at %s", options.PreJobHookPath)
+	exitCode := job.Executor.RunCommandWithOptions(executors.CommandOptions{
+		Command: options.GetPreJobHookCommand(),
+		Silent:  false,
+		Alias:   "Running the pre-job hook configured in the agent",
+		Warning: options.GetPreJobHookWarning(),
+	})
+
+	if exitCode == 0 {
+		log.Info("Pre-job hook executed successfully.")
+		return true
+	}
+
+	if options.FailOnPreJobHookError {
+		log.Error("Error executing pre-job hook - failing job")
+		return false
+	}
+
+	log.Error("Error executing pre-job hook - proceeding")
+	return true
+}
+
+func (job *Job) runPostJobHook(options RunOptions) {
+	if options.PostJobHookPath == "" {
+		log.Info("No post-job hook configured.")
+		return
+	}
+
+	log.Infof("Executing post-job hook at %s", options.PostJobHookPath)
+	exitCode := job.Executor.RunCommandWithOptions(executors.CommandOptions{
+		Command: options.GetPostJobHookCommand(),
+		Silent:  false,
+		Alias:   "Running the post-job hook configured in the agent",
+	})
+
+	if exitCode == 0 {
+		log.Info("Post-job hook executed successfully.")
+		return
+	}
+
+	log.Errorf("Error executing post-job hook - hook return exit code %d", exitCode)
+}
+
+func (job *Job) handleEpilogues(result string) {
+	envVars := []api.EnvVar{
+		{Name: "SEMAPHORE_JOB_RESULT", Value: base64.RawStdEncoding.EncodeToString([]byte(result))},
+	}
+
+	exitCode := job.Executor.ExportEnvVars(envVars, []config.HostEnvVar{})
+	if exitCode != 0 {
+		log.Errorf("Error setting SEMAPHORE_JOB_RESULT: exit code %d", exitCode)
+	}
+
+	job.executeIfNotStopped(func() {
+		log.Info("Starting epilogue always commands")
+		job.RunCommandsUntilFirstFailure(job.Request.EpilogueAlwaysCommands)
+	})
+
+	job.executeIfNotStopped(func() {
+		if result == JobPassed {
+			log.Info("Starting epilogue on pass commands")
+			job.RunCommandsUntilFirstFailure(job.Request.EpilogueOnPassCommands)
+		} else {
+			log.Info("Starting epilogue on fail commands")
+			job.RunCommandsUntilFirstFailure(job.Request.EpilogueOnFailCommands)
+		}
+	})
+}
+
+func (job *Job) executeIfNotStopped(callback func()) {
+	if !job.Stopped && callback != nil {
+		callback()
 	}
 }
 
@@ -166,19 +475,34 @@ func (job *Job) RunCommandsUntilFirstFailure(commands []api.Command) int {
 	return lastExitCode
 }
 
-func (job *Job) Teardown(result string) {
-	if !job.TeardownLock.TryLock() {
-		log.Printf("[warning] Duplicate attempts to enter the Teardown phase")
-		return
+func (job *Job) Teardown(result string, epiloguesExecuted bool, callbackRetryAttempts int) (string, error) {
+	// if job was stopped during the epilogues, result should be stopped
+	if epiloguesExecuted && job.Stopped {
+		result = JobStopped
 	}
 
-	log.Printf("Job Teardown Started")
+	if job.Request.Logger.Method == eventlogger.LoggerMethodPull {
+		return result, job.teardownWithCallbacks(result, callbackRetryAttempts)
+	}
 
-	log.Printf("Sending finished callback.")
-	job.SendFinishedCallback(result)
-	job.Logger.LogJobFinished(result)
+	return result, job.teardownWithNoCallbacks(result)
+}
 
-	log.Printf("Waiting for archivator")
+/*
+ * For hosted jobs, we use callbacks:
+ * 1. Send finished callback and log job_finished event
+ * 2. Wait for archivator to collect all the logs
+ * 3. Send teardown_finished callback and close the logger
+ */
+func (job *Job) teardownWithCallbacks(result string, callbackRetryAttempts int) error {
+	err := job.SendFinishedCallback(result, callbackRetryAttempts)
+	if err != nil {
+		log.Errorf("Could not send finished callback: %v", err)
+		return err
+	}
+
+	job.Logger.LogJobFinished(result)
+	log.Debug("Waiting for archivator")
 
 	for {
 		if job.JobLogArchived {
@@ -188,54 +512,261 @@ func (job *Job) Teardown(result string) {
 		}
 	}
 
-	job.SendTeardownFinishedCallback()
+	log.Debug("Archivator finished")
 
-	log.Printf("Archivator finished")
+	// The job already finished, but executor is still open.
+	// We use the open executor to upload the job logs as
+	// an artifact, in case it is above the acceptable limit.
+	err = job.Logger.CloseWithOptions(eventlogger.CloseOptions{
+		OnClose: job.uploadLogsAsArtifact,
+	})
+
+	if err != nil {
+		log.Errorf("Error closing logger: %+v", err)
+	}
 
-	err := job.Logger.Close()
+	err = job.SendTeardownFinishedCallback(callbackRetryAttempts)
 	if err != nil {
-		log.Printf("Event Logger error %+v", err)
+		log.Errorf("Could not send teardown finished callback: %v", err)
+		return err
 	}
 
-	log.Printf("Job Teardown Finished")
+	log.Info("Job teardown finished")
+	return nil
 }
 
-func (j *Job) Stop() {
-	log.Printf("Stopping job")
+/*
+ * For self-hosted jobs, we don't use callbacks.
+ * The only thing we need to do is log the job_finished event and close the logger.
+ */
+func (job *Job) teardownWithNoCallbacks(result string) error {
+	job.Logger.LogJobFinished(result)
 
-	j.Stopped = true
+	// The job already finished, but executor is still open.
+	// We use the open executor to upload the job logs as an artifact,
+	// in case it has been trimmed during streaming.
+	err := job.Logger.CloseWithOptions(eventlogger.CloseOptions{
+		OnClose: job.uploadLogsAsArtifact,
+	})
 
-	log.Printf("Invoking process stopping")
+	if err != nil {
+		log.Errorf("Error closing logger: %+v", err)
+	}
 
-	PreventPanicPropagation(func() {
-		j.Executor.Stop()
-	})
+	log.Info("Job teardown finished")
+	return nil
+}
 
-	log.Printf("Process stopping finished. Entering the Teardown phase.")
+func (job *Job) minSizeForCompression() int64 {
+	fromEnv := os.Getenv("SEMAPHORE_AGENT_LOGS_COMPRESSION_SIZE")
+	if fromEnv == "" {
+		return DefaultSizeForCompression
+	}
+
+	n, err := strconv.ParseInt(fromEnv, 10, 64)
+	if err != nil {
+		log.Errorf(
+			"Error parsing SEMAPHORE_AGENT_LOGS_COMPRESSION_SIZE: %v - using default of %d",
+			err,
+			DefaultSizeForCompression,
+		)
+
+		return DefaultSizeForCompression
+	}
+
+	if n < MinSizeForCompression || n > MaxSizeForCompression {
+		log.Errorf(
+			"Invalid SEMAPHORE_AGENT_LOGS_COMPRESSION_SIZE %d, not in range %d-%d, using default %d",
+			n,
+			MinSizeForCompression,
+			MaxSizeForCompression,
+			DefaultSizeForCompression,
+		)
+
+		return DefaultSizeForCompression
+	}
 
-	j.Teardown("stopped")
+	return n
 }
 
-func (job *Job) SendFinishedCallback(result string) error {
-	payload := fmt.Sprintf(`{"result": "%s"}`, result)
+// #nosec
+func (job *Job) findFileSize(fileName string) (int64, error) {
+	file, err := os.Open(fileName)
+	if err != nil {
+		return 0, fmt.Errorf("error opening %s: %v", fileName, err)
+	}
+
+	defer file.Close()
+	fileInfo, err := file.Stat()
+	if err != nil {
+		return 0, fmt.Errorf("error determining size for file %s: %v", fileName, err)
+	}
 
-	return job.SendCallback(job.Request.Callbacks.Finished, payload)
+	return fileInfo.Size(), nil
 }
 
-func (job *Job) SendTeardownFinishedCallback() error {
-	return job.SendCallback(job.Request.Callbacks.TeardownFinished, "{}")
+func (job *Job) prepareArtifactForUpload() (string, error) {
+	log.Info("Converting job logs to plain-text format...")
+	rawFileName, err := job.Logger.GeneratePlainTextFile()
+	if err != nil {
+		return "", fmt.Errorf("error converting '%s' to plain text: %v", rawFileName, err)
+	}
+
+	//
+	// If an error happens determing the size of the raw logs file,
+	// we should still try to upload the raw logs,
+	// so we don't return an error here.
+	//
+	rawFileSize, err := job.findFileSize(rawFileName)
+	if err != nil {
+		log.Errorf("Error determining size for %s: %v", rawFileName, err)
+		return rawFileName, nil
+	}
+
+	// If the size of the file is below our threshold for compression, we upload the raw file.
+	minSizeForCompression := job.minSizeForCompression()
+	if rawFileSize < minSizeForCompression {
+		log.Infof("Logs are below the minimum size for compression - size=%d, minimum=%d", rawFileSize, minSizeForCompression)
+		return rawFileName, nil
+	}
+
+	log.Info("Compressing job logs")
+
+	//
+	// If an error happens compressing the logs,
+	// we should still try to upload the raw logs,
+	// so we don't return an error here as well.
+	//
+	compressedFile, err := compression.Compress(rawFileName)
+	if err != nil {
+		log.Errorf("Error compressing job logs %s: %v - using raw file", rawFileName, err)
+		return rawFileName, nil
+	}
+
+	// Remove the raw file since we are using the compressed one now.
+	if err := os.Remove(rawFileName); err != nil {
+		log.Errorf("Error removing file %s: %v", rawFileName, err)
+	}
+
+	return compressedFile, nil
+}
+
+func (job *Job) uploadLogsAsArtifact(trimmed bool) {
+	if job.UploadJobLogs == config.UploadJobLogsConditionNever {
+		log.Info("upload-job-logs=never - not uploading job logs as job artifact.")
+		return
+	}
+
+	if job.UploadJobLogs == config.UploadJobLogsConditionWhenTrimmed && !trimmed {
+		log.Info("upload-job-logs=when-trimmed - logs were not trimmed, not uploading job logs as job artifact.")
+		return
+	}
+
+	token, err := job.Request.FindEnvVar("SEMAPHORE_ARTIFACT_TOKEN")
+	if err != nil {
+		log.Error("Error uploading job logs as artifact - no SEMAPHORE_ARTIFACT_TOKEN available")
+		return
+	}
+
+	orgURL, err := job.Request.FindEnvVar("SEMAPHORE_ORGANIZATION_URL")
+	if err != nil {
+		log.Error("Error uploading job logs as artifact - no SEMAPHORE_ORGANIZATION_URL available")
+		return
+	}
+
+	path, err := exec.LookPath("artifact")
+	if err != nil {
+		log.Error("Error uploading job logs as artifact - no artifact CLI available")
+		return
+	}
+
+	file, err := job.prepareArtifactForUpload()
+	if err != nil {
+		log.Errorf("Error preparing artifact for upload: %v", err)
+		return
+	}
+
+	artifactPath := "agent/job_logs.txt"
+	if strings.HasSuffix(file, ".gz") {
+		artifactPath = artifactPath + ".gz"
+	}
+
+	args := []string{"push", "job", file, "-d", artifactPath}
+
+	// #nosec
+	cmd := exec.Command(path, args...)
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", "SEMAPHORE_ARTIFACT_TOKEN", token))
+	cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", "SEMAPHORE_JOB_ID", job.Request.JobID))
+	cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", "SEMAPHORE_ORGANIZATION_URL", orgURL))
+
+	log.Info("Uploading job logs as artifact...")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Errorf("Error uploading job logs as artifact: %v, %s", err, output)
+		return
+	}
+
+	log.Info("Successfully uploaded job logs as artifact")
+}
+
+func (job *Job) Stop() {
+	log.Info("Stopping job")
+
+	job.Stopped = true
+
+	log.Debug("Invoking process stopping")
+
+	PreventPanicPropagation(func() {
+		job.Executor.Stop()
+	})
+}
+
+func (job *Job) SendFinishedCallback(result string, retries int) error {
+	payload := fmt.Sprintf(`{"result": "%s"}`, result)
+	log.Infof("Sending finished callback: %+v", payload)
+	return retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "Send finished callback",
+		MaxAttempts:          retries,
+		DelayBetweenAttempts: time.Second,
+		Fn: func() error {
+			return job.SendCallback(job.Request.Callbacks.Finished, payload)
+		},
+	})
+}
+
+func (job *Job) SendTeardownFinishedCallback(retries int) error {
+	log.Info("Sending teardown finished callback")
+	return retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "Send teardown finished callback",
+		MaxAttempts:          retries,
+		DelayBetweenAttempts: time.Second,
+		Fn: func() error {
+			return job.SendCallback(job.Request.Callbacks.TeardownFinished, "{}")
+		},
+	})
 }
 
 func (job *Job) SendCallback(url string, payload string) error {
-	log.Printf("Sending callback: %s with %+v\n", url, payload)
+	log.Debugf("Sending callback to %s: %+v", url, payload)
+	request, err := http.NewRequest("POST", url, bytes.NewBuffer([]byte(payload)))
+	if err != nil {
+		return err
+	}
 
-	client := pester.New()
-	client.MaxRetries = 100
-	client.KeepLog = true
+	if job.Request.Callbacks.Token != "" {
+		request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", job.Request.Callbacks.Token))
+	}
 
-	resp, err := client.Post(url, "application/json", bytes.NewBuffer([]byte(payload)))
+	request.Header.Set("User-Agent", job.UserAgent)
+	response, err := job.Client.Do(request)
+	if err != nil {
+		return err
+	}
 
-	log.Printf("%+v\n", resp)
+	if !httputils.IsSuccessfulCode(response.StatusCode) {
+		return fmt.Errorf("callback to %s got HTTP %d", url, response.StatusCode)
+	}
 
-	return err
+	return nil
 }
diff --git a/pkg/jobs/job_test.go b/pkg/jobs/job_test.go
new file mode 100644
index 00000000..6bcad3cc
--- /dev/null
+++ b/pkg/jobs/job_test.go
@@ -0,0 +1,1383 @@
+package jobs
+
+import (
+	"encoding/base64"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
+	eventlogger "github.com/semaphoreci/agent/pkg/eventlogger"
+	testsupport "github.com/semaphoreci/agent/test/support"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__EnvVarsAreAvailableToCommands(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		Commands: []api.Command{
+			{Directive: testsupport.EchoEnvVar("A")},
+			{Directive: testsupport.EchoEnvVar("B")},
+			{Directive: testsupport.EchoEnvVar("C")},
+		},
+		EnvVars: []api.EnvVar{
+			{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_A"))},
+			{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_B"))},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exporting A\n",
+		"Exporting B\n",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("A")),
+		"VALUE_A",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("B")),
+		"VALUE_B",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("C")),
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+}
+
+func Test__EnvVarsAreAvailableToEpilogueAlwaysAndOnPass(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		Commands: []api.Command{},
+		EnvVars: []api.EnvVar{
+			{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_A"))},
+			{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_B"))},
+		},
+		EpilogueAlwaysCommands: []api.Command{
+			{Directive: testsupport.Output("On EpilogueAlways")},
+			{Directive: testsupport.EchoEnvVar("A")},
+			{Directive: testsupport.EchoEnvVar("B")},
+			{Directive: testsupport.EchoEnvVar("C")},
+			{Directive: testsupport.EchoEnvVar("SEMAPHORE_JOB_RESULT")},
+		},
+		EpilogueOnPassCommands: []api.Command{
+			{Directive: testsupport.Output("On EpilogueOnPass")},
+			{Directive: testsupport.EchoEnvVar("A")},
+			{Directive: testsupport.EchoEnvVar("B")},
+			{Directive: testsupport.EchoEnvVar("C")},
+			{Directive: testsupport.EchoEnvVar("SEMAPHORE_JOB_RESULT")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exporting A\n",
+		"Exporting B\n",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On EpilogueAlways")),
+		"On EpilogueAlways",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("A")),
+		"VALUE_A",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("B")),
+		"VALUE_B",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("C")),
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("SEMAPHORE_JOB_RESULT")),
+		"passed",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On EpilogueOnPass")),
+		"On EpilogueOnPass",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("A")),
+		"VALUE_A",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("B")),
+		"VALUE_B",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("C")),
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("SEMAPHORE_JOB_RESULT")),
+		"passed",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+}
+
+func Test__EnvVarsAreAvailableToEpilogueAlwaysAndOnFail(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		Commands: []api.Command{
+			{Directive: "badcommand"},
+		},
+		EnvVars: []api.EnvVar{
+			{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_A"))},
+			{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_B"))},
+		},
+		EpilogueAlwaysCommands: []api.Command{
+			{Directive: testsupport.Output("On EpilogueAlways")},
+			{Directive: testsupport.EchoEnvVar("A")},
+			{Directive: testsupport.EchoEnvVar("B")},
+			{Directive: testsupport.EchoEnvVar("C")},
+			{Directive: testsupport.EchoEnvVar("SEMAPHORE_JOB_RESULT")},
+		},
+		EpilogueOnFailCommands: []api.Command{
+			{Directive: testsupport.Output("On EpilogueOnFail")},
+			{Directive: testsupport.EchoEnvVar("A")},
+			{Directive: testsupport.EchoEnvVar("B")},
+			{Directive: testsupport.EchoEnvVar("C")},
+			{Directive: testsupport.EchoEnvVar("SEMAPHORE_JOB_RESULT")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	testsupport.AssertSimplifiedJobLogs(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exporting A\n",
+		"Exporting B\n",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: badcommand",
+		"*** OUTPUT ***",
+		fmt.Sprintf("Exit Code: %d", testsupport.UnknownCommandExitCode()),
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On EpilogueAlways")),
+		"On EpilogueAlways",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("A")),
+		"VALUE_A",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("B")),
+		"VALUE_B",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("C")),
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("SEMAPHORE_JOB_RESULT")),
+		"failed",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On EpilogueOnFail")),
+		"On EpilogueOnFail",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("A")),
+		"VALUE_A",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("B")),
+		"VALUE_B",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("C")),
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("SEMAPHORE_JOB_RESULT")),
+		"failed",
+		"Exit Code: 0",
+
+		"job_finished: failed",
+	})
+}
+
+func Test__EpilogueOnPassOnlyExecutesOnSuccessfulJob(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello")},
+		},
+		EpilogueAlwaysCommands: []api.Command{
+			{Directive: testsupport.Output("On epilogue always")},
+		},
+		EpilogueOnFailCommands: []api.Command{
+			{Directive: testsupport.Output("On epilogue on fail")},
+		},
+		EpilogueOnPassCommands: []api.Command{
+			{Directive: testsupport.Output("On epilogue on pass")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("hello")),
+		"hello",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On epilogue always")),
+		"On epilogue always",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On epilogue on pass")),
+		"On epilogue on pass",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+}
+
+func Test__EpilogueOnFailOnlyExecutesOnFailedJob(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: "badcommand"},
+		},
+		EpilogueAlwaysCommands: []api.Command{
+			{Directive: testsupport.Output("On epilogue always")},
+		},
+		EpilogueOnFailCommands: []api.Command{
+			{Directive: testsupport.Output("On epilogue on fail")},
+		},
+		EpilogueOnPassCommands: []api.Command{
+			{Directive: testsupport.Output("On epilogue on pass")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	testsupport.AssertSimplifiedJobLogs(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: badcommand",
+		"*** OUTPUT ***",
+		fmt.Sprintf("Exit Code: %d", testsupport.UnknownCommandExitCode()),
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On epilogue always")),
+		"On epilogue always",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On epilogue on fail")),
+		"On epilogue on fail",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+}
+
+func Test__UsingCommandAliases(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello world"), Alias: "Display Hello World"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: Display Hello World",
+		fmt.Sprintf("Running: %s\n", testsupport.Output("hello world")),
+		"hello world",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+}
+
+func Test__StopJob(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: "sleep 60"},
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	go job.Run()
+
+	time.Sleep(10 * time.Second)
+	job.Stop()
+
+	assert.True(t, job.Stopped)
+	assert.Eventually(t, func() bool { return job.Finished }, 5*time.Second, 1*time.Second)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: sleep 60",
+		fmt.Sprintf("Exit Code: %d", testsupport.StoppedCommandExitCode()),
+
+		"job_finished: stopped",
+	})
+}
+
+func Test__StopJobWithExitCode(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: testsupport.ReturnExitCodeCommand(130)},
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	job.Run()
+
+	assert.True(t, job.Stopped)
+	assert.Eventually(t, func() bool { return job.Finished }, 5*time.Second, 1*time.Second)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.ReturnExitCodeCommand(130)),
+		fmt.Sprintf("Exit Code: %d", testsupport.ManuallyStoppedCommandExitCode()),
+
+		"directive: Checking job result",
+		"SEMAPHORE_JOB_RESULT is set to '' - stopping job and marking it as stopped",
+		"Exit Code: 0",
+
+		"job_finished: stopped",
+	})
+}
+
+func Test__StopJobWithExitCodeWithResultSetToPassed(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: testsupport.SetEnvVar("SEMAPHORE_JOB_RESULT", "passed")},
+			{Directive: testsupport.ReturnExitCodeCommand(130)},
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	job.Run()
+
+	assert.Eventually(t, func() bool { return job.Finished }, 5*time.Second, 1*time.Second)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.SetEnvVar("SEMAPHORE_JOB_RESULT", "passed")),
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.ReturnExitCodeCommand(130)),
+		fmt.Sprintf("Exit Code: %d", testsupport.ManuallyStoppedCommandExitCode()),
+
+		"directive: Checking job result",
+		"SEMAPHORE_JOB_RESULT=passed - stopping job and marking it as passed",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+}
+
+func Test__StopJobWithExitCodeWithResultSetToFailed(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: testsupport.SetEnvVar("SEMAPHORE_JOB_RESULT", "failed")},
+			{Directive: testsupport.ReturnExitCodeCommand(130)},
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	job.Run()
+
+	assert.Eventually(t, func() bool { return job.Finished }, 5*time.Second, 1*time.Second)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.SetEnvVar("SEMAPHORE_JOB_RESULT", "failed")),
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.ReturnExitCodeCommand(130)),
+		fmt.Sprintf("Exit Code: %d", testsupport.ManuallyStoppedCommandExitCode()),
+
+		"directive: Checking job result",
+		"SEMAPHORE_JOB_RESULT=failed - stopping job and marking it as failed",
+		"Exit Code: 0",
+
+		"job_finished: failed",
+	})
+}
+
+func Test__StopJobOnEpilogue(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello")},
+		},
+		EpilogueAlwaysCommands: []api.Command{
+			{Directive: "sleep 60"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{
+		Request: request,
+		Client:  http.DefaultClient,
+		Logger:  testLogger,
+	})
+
+	assert.Nil(t, err)
+
+	go job.Run()
+
+	time.Sleep(10 * time.Second)
+	job.Stop()
+
+	assert.True(t, job.Stopped)
+	assert.Eventually(t, func() bool { return job.Finished }, 5*time.Second, 1*time.Second)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("hello")),
+		"hello",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"directive: sleep 60",
+		fmt.Sprintf("Exit Code: %d", testsupport.StoppedCommandExitCode()),
+
+		"job_finished: stopped",
+	})
+}
+
+func Test__STTYRestoration(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("Windows does not support pty")
+	}
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: "stty echo"},
+			{Directive: "echo Hello World"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: stty echo",
+		"Exit Code: 0",
+
+		"directive: echo Hello World",
+		"Hello World\n",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+}
+
+func Test__BackgroundJobIsKilledAfterJobIsDoneInWindows(t *testing.T) {
+	if runtime.GOOS != "windows" {
+		t.Skip()
+	}
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: "Start-Process ping -ArgumentList '-n','300','127.0.0.1'"},
+			{Directive: "sleep 5"},
+			{Directive: "(Get-Process ping -ErrorAction SilentlyContinue) -and ($true)"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: Start-Process ping -ArgumentList '-n','300','127.0.0.1'",
+		"Exit Code: 0",
+
+		"directive: sleep 5",
+		"Exit Code: 0",
+
+		"directive: (Get-Process ping -ErrorAction SilentlyContinue) -and ($true)",
+		"True\n",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+
+	// assert process is not running anymore
+	cmd := exec.Command(
+		"powershell",
+		"-NoProfile",
+		"-NonInteractive",
+		"-Command",
+		"(Get-Process ping -ErrorAction SilentlyContinue) -and ($true)",
+	)
+
+	output, err := cmd.CombinedOutput()
+	assert.Nil(t, err)
+	assert.Equal(t, "False\r\n", string(output))
+}
+
+func Test__BackgroundJobIsKilledAfterJobIsDoneInNonWindows(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: "ping -c 300 127.0.0.1 > /dev/null &"},
+			{Directive: "sleep 5"},
+			{Directive: "pgrep ping > /dev/null && true"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: ping -c 300 127.0.0.1 > /dev/null &",
+		"Exit Code: 0",
+
+		"directive: sleep 5",
+		"Exit Code: 0",
+
+		"directive: pgrep ping > /dev/null && true",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+
+	// assert process is not running anymore
+	cmd := exec.Command(
+		"bash",
+		"-c",
+		"'pgrep ping > /dev/null && true'",
+	)
+
+	_, err = cmd.CombinedOutput()
+	assert.NotNil(t, err)
+}
+
+func Test__KillingRootBash(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: "sleep infinity &"},
+			{Directive: "exit 1"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: sleep infinity &",
+		"Exit Code: 0",
+
+		"directive: exit 1",
+		"Exit Code: 1",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 1",
+
+		"job_finished: failed",
+	})
+}
+
+func Test__BashSetE(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: "sleep infinity &"},
+			{Directive: "set -e"},
+			{Directive: "false"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: sleep infinity &",
+		"Exit Code: 0",
+
+		"directive: set -e",
+		"Exit Code: 0",
+
+		"directive: false",
+		"Exit Code: 1",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 1",
+
+		"job_finished: failed",
+	})
+}
+
+func Test__BashSetPipefail(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: "sleep infinity &"},
+			{Directive: "set -eo pipefail"},
+			{Directive: "cat non_existant | sort"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	job.Run()
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	assert.Equal(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: sleep infinity &",
+		"Exit Code: 0",
+
+		"directive: set -eo pipefail",
+		"Exit Code: 0",
+
+		"directive: cat non_existant | sort",
+		"cat: non_existant: No such file or directory\n",
+		"Exit Code: 1",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 1",
+
+		"job_finished: failed",
+	})
+}
+
+func Test__UsePreJobHook(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	hook, _ := testsupport.TempFileWithExtension()
+	_ = ioutil.WriteFile(hook, []byte(testsupport.Output("hello from pre-job hook")), 0777)
+
+	job.RunWithOptions(RunOptions{
+		EnvVars:               []config.HostEnvVar{},
+		PreJobHookPath:        hook,
+		OnJobFinished:         nil,
+		CallbackRetryAttempts: 1,
+	})
+
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	testsupport.AssertSimplifiedJobLogs(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: Running the pre-job hook configured in the agent",
+		"*** IGNORE SINGLE LINE ***", // we are using a temp file, it's hard to assert its path, just ignore it
+		"Warning: The agent is configured to proceed with the job even if the pre-job hook fails.\n",
+		"hello from pre-job hook",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("hello")),
+		"hello",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+
+	os.Remove(hook)
+}
+
+func Test__UsePostJobHook(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello")},
+		},
+		EpilogueAlwaysCommands: []api.Command{
+			{Directive: testsupport.Output("On EpilogueAlways")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	hook, _ := testsupport.TempFileWithExtension()
+	_ = ioutil.WriteFile(hook, []byte(testsupport.Output("hello from post-job hook")), 0777)
+
+	job.RunWithOptions(RunOptions{
+		EnvVars:               []config.HostEnvVar{},
+		PostJobHookPath:       hook,
+		OnJobFinished:         nil,
+		CallbackRetryAttempts: 1,
+	})
+
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	testsupport.AssertSimplifiedJobLogs(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("hello")),
+		"hello",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On EpilogueAlways")),
+		"On EpilogueAlways",
+		"Exit Code: 0",
+
+		"directive: Running the post-job hook configured in the agent",
+		"*** IGNORE SINGLE LINE ***", // we are using a temp file, it's hard to assert its path, just ignore it
+		"hello from post-job hook",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+
+	os.Remove(hook)
+}
+
+func Test__PreJobHookHasAccessToEnvVars(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{
+			{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_A"))},
+			{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_B"))},
+		},
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	hook, _ := testsupport.TempFileWithExtension()
+	hookContent := []string{
+		testsupport.EchoEnvVar("A"),
+		testsupport.Output(" - "),
+		testsupport.EchoEnvVar("B"),
+	}
+
+	_ = ioutil.WriteFile(hook, []byte(strings.Join(hookContent, "\n")), 0777)
+	job.RunWithOptions(RunOptions{
+		EnvVars:               []config.HostEnvVar{},
+		PreJobHookPath:        hook,
+		OnJobFinished:         nil,
+		CallbackRetryAttempts: 1,
+	})
+
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	testsupport.AssertSimplifiedJobLogs(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exporting A\n",
+		"Exporting B\n",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: Running the pre-job hook configured in the agent",
+		"*** IGNORE SINGLE LINE ***", // we are using a temp file, it's hard to assert its path, just ignore it
+		"Warning: The agent is configured to proceed with the job even if the pre-job hook fails.\n",
+		"VALUE_A - VALUE_B",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("hello")),
+		"hello",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+
+	os.Remove(hook)
+}
+
+func Test__PostJobHookHasAccessToEnvVars(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{
+			{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_A"))},
+			{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("VALUE_B"))},
+		},
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	hook, _ := testsupport.TempFileWithExtension()
+	hookContent := []string{
+		testsupport.EchoEnvVar("A"),
+		testsupport.Output(" - "),
+		testsupport.EchoEnvVar("B"),
+	}
+
+	_ = ioutil.WriteFile(hook, []byte(strings.Join(hookContent, "\n")), 0777)
+	job.RunWithOptions(RunOptions{
+		EnvVars:               []config.HostEnvVar{},
+		PostJobHookPath:       hook,
+		OnJobFinished:         nil,
+		CallbackRetryAttempts: 1,
+	})
+
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	testsupport.AssertSimplifiedJobLogs(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exporting A\n",
+		"Exporting B\n",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("hello")),
+		"hello",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"directive: Running the post-job hook configured in the agent",
+		"*** IGNORE SINGLE LINE ***", // we are using a temp file, it's hard to assert its path, just ignore it
+		"VALUE_A - VALUE_B",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	})
+
+	os.Remove(hook)
+}
+
+func Test__UsePreJobHookAndFailOnError(t *testing.T) {
+	testLogger, testLoggerBackend := eventlogger.DefaultTestLogger()
+	request := &api.JobRequest{
+		EnvVars: []api.EnvVar{},
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+		},
+	}
+
+	job, err := NewJobWithOptions(&JobOptions{Request: request, Client: http.DefaultClient, Logger: testLogger})
+	assert.Nil(t, err)
+
+	hook, _ := testsupport.TempFileWithExtension()
+	_ = ioutil.WriteFile(hook, []byte("badcommand"), 0777)
+
+	job.RunWithOptions(RunOptions{
+		EnvVars:               []config.HostEnvVar{},
+		PreJobHookPath:        hook,
+		FailOnPreJobHookError: true,
+		OnJobFinished:         nil,
+		CallbackRetryAttempts: 1,
+	})
+
+	assert.True(t, job.Finished)
+
+	simplifiedEvents, err := testLoggerBackend.SimplifiedEvents(true, false)
+	assert.Nil(t, err)
+
+	testsupport.AssertSimplifiedJobLogs(t, simplifiedEvents, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		"directive: Running the pre-job hook configured in the agent",
+		"*** IGNORE SINGLE LINE ***", // we are using a temp file, it's hard to assert its path, just ignore it
+		"Warning: The agent is configured to fail the job if the pre-job hook fails.\n",
+		"*** IGNORE LINES UNTIL EXIT CODE ***", // also hard to assert the actual error message, just ignore it
+		fmt.Sprintf("Exit Code: %d", testsupport.UnknownCommandExitCode()),
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"job_finished: failed",
+	})
+
+	os.Remove(hook)
+}
diff --git a/pkg/kubernetes/client.go b/pkg/kubernetes/client.go
new file mode 100644
index 00000000..ad6e7cb3
--- /dev/null
+++ b/pkg/kubernetes/client.go
@@ -0,0 +1,642 @@
+package kubernetes
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/ghodss/yaml"
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
+	"github.com/semaphoreci/agent/pkg/docker"
+	"github.com/semaphoreci/agent/pkg/retry"
+	"github.com/semaphoreci/agent/pkg/shell"
+	log "github.com/sirupsen/logrus"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+)
+
+type Config struct {
+	Namespace                 string
+	ImageValidator            *ImageValidator
+	PodSpecDecoratorConfigMap string
+	PodPollingAttempts        int
+	Labels                    map[string]string
+	PodPollingInterval        time.Duration
+	DefaultImage              string
+}
+
+func (c *Config) LabelMap() map[string]string {
+	if c.Labels == nil {
+		return map[string]string{}
+	}
+
+	return c.Labels
+}
+
+func (c *Config) PollingInterval() time.Duration {
+	if c.PodPollingInterval == 0 {
+		return time.Second
+	}
+
+	return c.PodPollingInterval
+}
+
+func (c *Config) PollingAttempts() int {
+	if c.PodPollingAttempts == 0 {
+		return 60
+	}
+
+	return c.PodPollingAttempts
+}
+
+func (c *Config) Validate() error {
+	if c.Namespace == "" {
+		return fmt.Errorf("namespace must be specified")
+	}
+
+	return nil
+}
+
+type KubernetesClient struct {
+	clientset            kubernetes.Interface
+	config               Config
+	podSpec              *corev1.PodSpec
+	mainContainerSpec    *corev1.Container
+	sidecarContainerSpec *corev1.Container
+}
+
+func NewKubernetesClient(clientset kubernetes.Interface, config Config) (*KubernetesClient, error) {
+	if err := config.Validate(); err != nil {
+		return nil, fmt.Errorf("config is invalid: %v", err)
+	}
+
+	c := &KubernetesClient{
+		clientset: clientset,
+		config:    config,
+	}
+
+	return c, nil
+}
+
+func NewInClusterClientset() (kubernetes.Interface, error) {
+	k8sConfig, err := rest.InClusterConfig()
+	if err != nil {
+		return nil, err
+	}
+
+	clientset, err := kubernetes.NewForConfig(k8sConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return clientset, nil
+}
+
+func NewClientsetFromConfig() (kubernetes.Interface, error) {
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		return nil, fmt.Errorf("error getting user home directory: %v", err)
+	}
+
+	kubeConfigPath := filepath.Join(homeDir, ".kube", "config")
+	kubeConfig, err := clientcmd.BuildConfigFromFlags("", kubeConfigPath)
+	if err != nil {
+		return nil, fmt.Errorf("error getting Kubernetes config: %v", err)
+	}
+
+	clientset, err := kubernetes.NewForConfig(kubeConfig)
+	if err != nil {
+		return nil, fmt.Errorf("error creating kubernetes clientset from config file: %v", err)
+	}
+
+	return clientset, nil
+}
+
+// We use github.com/ghodss/yaml here
+// because it can deserialise from YAML by using the json
+// struct tags that are defined in the K8s API object structs.
+func (c *KubernetesClient) LoadPodSpec() error {
+	if c.config.PodSpecDecoratorConfigMap == "" {
+		return nil
+	}
+
+	configMap, err := c.clientset.CoreV1().
+		ConfigMaps(c.config.Namespace).
+		Get(context.TODO(), c.config.PodSpecDecoratorConfigMap, v1.GetOptions{})
+
+	if err != nil {
+		return fmt.Errorf("error finding configmap '%s': %v", c.config.PodSpecDecoratorConfigMap, err)
+	}
+
+	podSpecRaw, exists := configMap.Data["pod"]
+	if !exists {
+		log.Infof("No 'pod' key in '%s' - skipping pod decoration", c.config.PodSpecDecoratorConfigMap)
+		c.podSpec = nil
+	} else {
+		var podSpec corev1.PodSpec
+		err = yaml.Unmarshal([]byte(podSpecRaw), &podSpec)
+		if err != nil {
+			return fmt.Errorf("error unmarshaling pod spec from configmap '%s': %v", c.config.PodSpecDecoratorConfigMap, err)
+		}
+
+		c.podSpec = &podSpec
+	}
+
+	mainContainerSpecRaw, exists := configMap.Data["mainContainer"]
+	if !exists {
+		log.Infof("No 'mainContainer' key in '%s' - skipping main container decoration", c.config.PodSpecDecoratorConfigMap)
+		c.mainContainerSpec = nil
+	} else {
+		var mainContainer corev1.Container
+		err = yaml.Unmarshal([]byte(mainContainerSpecRaw), &mainContainer)
+		if err != nil {
+			return fmt.Errorf("error unmarshaling main container spec from configmap '%s': %v", c.config.PodSpecDecoratorConfigMap, err)
+		}
+
+		c.mainContainerSpec = &mainContainer
+	}
+
+	sidecarContainerSpecRaw, exists := configMap.Data["sidecarContainers"]
+	if !exists {
+		log.Infof("No 'sidecarContainers' key in '%s' - skipping sidecar containers decoration", c.config.PodSpecDecoratorConfigMap)
+		c.sidecarContainerSpec = nil
+	} else {
+		var sidecarContainer corev1.Container
+		err = yaml.Unmarshal([]byte(sidecarContainerSpecRaw), &sidecarContainer)
+		if err != nil {
+			return fmt.Errorf("error unmarshaling sidecar containers spec from configmap '%s': %v", c.config.PodSpecDecoratorConfigMap, err)
+		}
+
+		c.sidecarContainerSpec = &sidecarContainer
+	}
+
+	return nil
+}
+
+func (c *KubernetesClient) CreateSecret(name string, jobRequest *api.JobRequest) error {
+	environment, err := shell.CreateEnvironment(jobRequest.EnvVars, []config.HostEnvVar{})
+	if err != nil {
+		return fmt.Errorf("error creating environment: %v", err)
+	}
+
+	envFileName := filepath.Join(os.TempDir(), ".env")
+	err = environment.ToFile(envFileName, nil)
+	if err != nil {
+		return fmt.Errorf("error creating temporary environment file: %v", err)
+	}
+
+	// #nosec
+	envFile, err := os.Open(envFileName)
+	if err != nil {
+		return fmt.Errorf("error opening environment file for reading: %v", err)
+	}
+
+	defer envFile.Close()
+
+	env, err := ioutil.ReadAll(envFile)
+	if err != nil {
+		return fmt.Errorf("error reading environment file: %v", err)
+	}
+
+	// We don't allow the secret to be changed after its creation.
+	immutable := true
+
+	// We use one key for the environment variables.
+	data := map[string]string{".env": string(env)}
+
+	// And one key for each file injected in the job definition.
+	// K8s doesn't allow many special characters in a secret's key; it uses [-._a-zA-Z0-9]+ for validation.
+	// So, we encode the flle's path (using base64 URL encoding, no padding),
+	// and use it as the secret's key.
+	// K8s will inject the file at /tmp/injected/<encoded-file-path>
+	// On InjectFiles(), we move the file to its proper place.
+	for _, file := range jobRequest.Files {
+		encodedPath := base64.RawURLEncoding.EncodeToString([]byte(file.Path))
+		content, err := file.Decode()
+		if err != nil {
+			return fmt.Errorf("error decoding file '%s': %v", file.Path, err)
+		}
+
+		data[encodedPath] = string(content)
+	}
+
+	secret := corev1.Secret{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      name,
+			Namespace: c.config.Namespace,
+			Labels:    c.config.LabelMap(),
+		},
+		Type:       corev1.SecretTypeOpaque,
+		Immutable:  &immutable,
+		StringData: data,
+	}
+
+	_, err = c.clientset.CoreV1().
+		Secrets(c.config.Namespace).
+		Create(context.Background(), &secret, v1.CreateOptions{})
+
+	if err != nil {
+		return fmt.Errorf("error creating secret '%s': %v", name, err)
+	}
+
+	return nil
+}
+
+func (c *KubernetesClient) CreateImagePullSecret(secretName string, credentials []api.ImagePullCredentials) error {
+	secret, err := c.buildImagePullSecret(secretName, credentials)
+	if err != nil {
+		return fmt.Errorf("error building image pull secret spec for '%s': %v", secretName, err)
+	}
+
+	_, err = c.clientset.CoreV1().
+		Secrets(c.config.Namespace).
+		Create(context.Background(), secret, v1.CreateOptions{})
+	if err != nil {
+		return fmt.Errorf("error creating image pull secret '%s': %v", secretName, err)
+	}
+
+	return nil
+}
+
+func (c *KubernetesClient) buildImagePullSecret(secretName string, credentials []api.ImagePullCredentials) (*corev1.Secret, error) {
+	data, err := docker.NewDockerConfig(credentials)
+	if err != nil {
+		return nil, fmt.Errorf("error creating docker config for '%s': %v", secretName, err)
+	}
+
+	json, err := json.Marshal(data)
+	if err != nil {
+		return nil, fmt.Errorf("error serializing docker config for '%s': %v", secretName, err)
+	}
+
+	immutable := true
+	secret := corev1.Secret{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      secretName,
+			Namespace: c.config.Namespace,
+			Labels:    c.config.LabelMap(),
+		},
+		Type:      corev1.SecretTypeDockerConfigJson,
+		Immutable: &immutable,
+		Data:      map[string][]byte{corev1.DockerConfigJsonKey: json},
+	}
+
+	return &secret, nil
+}
+
+func (c *KubernetesClient) CreatePod(name string, envSecretName string, imagePullSecret string, jobRequest *api.JobRequest) error {
+	pod, err := c.podSpecFromJobRequest(name, envSecretName, imagePullSecret, jobRequest)
+	if err != nil {
+		return fmt.Errorf("error building pod spec: %v", err)
+	}
+
+	_, err = c.clientset.CoreV1().
+		Pods(c.config.Namespace).
+		Create(context.TODO(), pod, v1.CreateOptions{})
+
+	if err != nil {
+		return fmt.Errorf("error creating pod: %v", err)
+	}
+
+	return nil
+}
+
+func (c *KubernetesClient) podSpecFromJobRequest(podName string, envSecretName string, imagePullSecret string, jobRequest *api.JobRequest) (*corev1.Pod, error) {
+	containers, err := c.containers(jobRequest.Compose.Containers)
+	if err != nil {
+		return nil, fmt.Errorf("error building containers for pod spec: %v", err)
+	}
+
+	var spec *corev1.PodSpec
+	if c.podSpec != nil {
+		spec = c.podSpec.DeepCopy()
+	} else {
+		spec = &corev1.PodSpec{}
+	}
+
+	spec.Containers = containers
+	spec.HostAliases = c.hostAliases(containers)
+	spec.ImagePullSecrets = append(spec.ImagePullSecrets, c.imagePullSecrets(imagePullSecret)...)
+	spec.RestartPolicy = corev1.RestartPolicyNever
+	spec.Volumes = append(spec.Volumes, corev1.Volume{
+		Name: "environment",
+		VolumeSource: corev1.VolumeSource{
+			Secret: &corev1.SecretVolumeSource{
+				SecretName: envSecretName,
+			},
+		},
+	})
+
+	return &corev1.Pod{
+		Spec: *spec,
+		ObjectMeta: v1.ObjectMeta{
+			Namespace: c.config.Namespace,
+			Name:      podName,
+			Labels:    c.config.LabelMap(),
+		},
+	}, nil
+}
+
+func (c *KubernetesClient) hostAliases(containers []corev1.Container) []corev1.HostAlias {
+	// If only 1 container is used for the job, there's no need for host aliases.
+	// We only use the ones used by the pod spec, or none if no pod spec is specified.
+	if len(containers) == 1 {
+		if c.podSpec != nil {
+			return c.podSpec.HostAliases
+		}
+
+		return []corev1.HostAlias{}
+	}
+
+	// Otherwise, we add a hostAlias for each sidecar container,
+	// so they can also be addressable via their names and not only localhost.
+	alias := corev1.HostAlias{IP: "127.0.0.1", Hostnames: []string{}}
+	for _, c := range containers[1:] {
+		alias.Hostnames = append(alias.Hostnames, c.Name)
+	}
+
+	return []corev1.HostAlias{alias}
+}
+
+func (c *KubernetesClient) imagePullSecrets(imagePullSecret string) []corev1.LocalObjectReference {
+	secrets := []corev1.LocalObjectReference{}
+
+	// Use the temporary secret created for the credentials sent in the job definition.
+	if imagePullSecret != "" {
+		secrets = append(secrets, corev1.LocalObjectReference{Name: imagePullSecret})
+	}
+
+	return secrets
+}
+
+func (c *KubernetesClient) containers(apiContainers []api.Container) ([]corev1.Container, error) {
+	if len(apiContainers) > 0 {
+		if err := c.config.ImageValidator.Validate(apiContainers); err != nil {
+			return []corev1.Container{}, fmt.Errorf("error validating images: %v", err)
+		}
+
+		return c.convertContainersFromSemaphore(apiContainers), nil
+	}
+
+	if c.config.DefaultImage != "" {
+		containers := []api.Container{}
+
+		containers = append(containers, api.Container{Image: c.config.DefaultImage})
+
+		return c.convertContainersFromSemaphore(containers), nil
+	}
+
+	return []corev1.Container{}, fmt.Errorf(
+		"no containers specified in Semaphore YAML, and no default container is provided",
+		)
+}
+
+func (c *KubernetesClient) buildMainContainer(mainContainerFromAPI *api.Container) corev1.Container {
+	var mainContainer *corev1.Container
+	if c.mainContainerSpec != nil {
+		mainContainer = c.mainContainerSpec.DeepCopy()
+	} else {
+		mainContainer = &corev1.Container{}
+	}
+
+	mainContainer.Name = "main"
+	mainContainer.Image = mainContainerFromAPI.Image
+	mainContainer.Env = append(mainContainer.Env, c.convertEnvVars(mainContainerFromAPI.EnvVars)...)
+	mainContainer.Command = []string{"bash", "-c", "sleep infinity"}
+
+	// We append the volume mount for the environment variables secret,
+	// to the list of volume mounts configured.
+	mainContainer.VolumeMounts = append(mainContainer.VolumeMounts, corev1.VolumeMount{
+		Name:      "environment",
+		ReadOnly:  true,
+		MountPath: "/tmp/injected",
+	})
+
+	return *mainContainer
+}
+
+func (c *KubernetesClient) convertContainersFromSemaphore(apiContainers []api.Container) []corev1.Container {
+	main, rest := apiContainers[0], apiContainers[1:]
+
+	// The main container needs to be up forever,
+	// so we 'sleep infinity' in its command.
+	k8sContainers := []corev1.Container{c.buildMainContainer(&main)}
+
+	// The rest of the containers will just follow whatever
+	// their images are already configured to do.
+	for _, container := range rest {
+		c := c.buildSidecarContainer(container)
+		k8sContainers = append(k8sContainers, *c)
+	}
+
+	return k8sContainers
+}
+
+func (c *KubernetesClient) buildSidecarContainer(apiContainer api.Container) *corev1.Container {
+	var sidecarContainer *corev1.Container
+	if c.sidecarContainerSpec != nil {
+		sidecarContainer = c.sidecarContainerSpec.DeepCopy()
+	} else {
+		sidecarContainer = &corev1.Container{}
+	}
+
+	sidecarContainer.Name = apiContainer.Name
+	sidecarContainer.Image = apiContainer.Image
+	sidecarContainer.Env = append(sidecarContainer.Env, c.convertEnvVars(apiContainer.EnvVars)...)
+	return sidecarContainer
+}
+
+func (c *KubernetesClient) convertEnvVars(envVarsFromSemaphore []api.EnvVar) []corev1.EnvVar {
+	k8sEnvVars := []corev1.EnvVar{}
+
+	for _, envVar := range envVarsFromSemaphore {
+		v, _ := base64.StdEncoding.DecodeString(envVar.Value)
+		k8sEnvVars = append(k8sEnvVars, corev1.EnvVar{
+			Name:  envVar.Name,
+			Value: string(v),
+		})
+	}
+
+	return k8sEnvVars
+}
+
+func (c *KubernetesClient) WaitForPod(ctx context.Context, name string, logFn func(string)) error {
+	var r findPodResult
+
+	err := retry.RetryWithConstantWaitAndContext(ctx, retry.RetryOptions{
+		Task:                 "Waiting for pod to be ready",
+		MaxAttempts:          c.config.PollingAttempts(),
+		DelayBetweenAttempts: c.config.PollingInterval(),
+		HideError:            true,
+		Fn: func() error {
+			r = c.findPod(name)
+			if r.continueWaiting {
+				if r.err != nil {
+					logFn(r.err.Error())
+				}
+
+				return r.err
+			}
+
+			return nil
+		},
+	})
+
+	// If we stopped the retrying,
+	// but still an error occurred, we need to report that
+	if !r.continueWaiting && r.err != nil {
+		return r.err
+	}
+
+	return err
+}
+
+type findPodResult struct {
+	continueWaiting bool
+	err             error
+}
+
+func (c *KubernetesClient) findPod(name string) findPodResult {
+	pod, err := c.clientset.CoreV1().
+		Pods(c.config.Namespace).
+		Get(context.Background(), name, v1.GetOptions{})
+
+	if err != nil {
+		return findPodResult{continueWaiting: true, err: err}
+	}
+
+	// If the pod already finished, something went wrong.
+	if pod.Status.Phase == corev1.PodFailed || pod.Status.Phase == corev1.PodSucceeded {
+		return findPodResult{
+			continueWaiting: false,
+			err: fmt.Errorf(
+				"pod '%s' already finished with status %s - reason: '%v', message: '%v', statuses: %v",
+				pod.Name,
+				pod.Status.Phase,
+				pod.Status.Reason,
+				pod.Status.Message,
+				c.getContainerStatuses(pod.Status.ContainerStatuses),
+			),
+		}
+	}
+
+	// if one of the pod's containers isn't ready, we need to wait
+	for _, container := range pod.Status.ContainerStatuses {
+
+		// If the reason for a container to be in the waiting state
+		// is Kubernetes not being able to pull its image,
+		// we should not wait for the whole pod start timeout until the job fails.
+		if c.failedToPullImage(container.State.Waiting) {
+			return findPodResult{
+				continueWaiting: false,
+				err: fmt.Errorf(
+					"failed to pull image for '%s': %v",
+					container.Name,
+					c.getContainerStatuses(pod.Status.ContainerStatuses),
+				),
+			}
+		}
+
+		// If the container is just not ready yet, we wait.
+		if !container.Ready {
+			return findPodResult{
+				continueWaiting: true,
+				err: fmt.Errorf(
+					"container '%s' is not ready yet - statuses: %v",
+					container.Name,
+					c.getContainerStatuses(pod.Status.ContainerStatuses),
+				),
+			}
+		}
+	}
+
+	// if we get here, all the containers are ready
+	// but the pod is still pending, so we need to wait too.
+	if pod.Status.Phase == corev1.PodPending {
+		return findPodResult{
+			continueWaiting: true,
+			err: fmt.Errorf(
+				"pod in pending state - statuses: %v",
+				c.getContainerStatuses(pod.Status.ContainerStatuses),
+			),
+		}
+	}
+
+	// If we get here, everything is ready, we can start the job.
+	return findPodResult{continueWaiting: false, err: nil}
+}
+
+func (c *KubernetesClient) failedToPullImage(state *corev1.ContainerStateWaiting) bool {
+	if state == nil {
+		return false
+	}
+
+	if state.Reason == "ErrImagePull" || state.Reason == "ImagePullBackOff" {
+		return true
+	}
+
+	return false
+}
+
+func (c *KubernetesClient) getContainerStatuses(statuses []corev1.ContainerStatus) []string {
+	messages := []string{}
+	for _, s := range statuses {
+		if s.State.Terminated != nil {
+			messages = append(
+				messages,
+				fmt.Sprintf(
+					"container '%s' terminated - reason='%s', message='%s'",
+					s.Image,
+					s.State.Terminated.Reason,
+					s.State.Terminated.Message,
+				),
+			)
+		}
+
+		if s.State.Waiting != nil {
+			messages = append(
+				messages,
+				fmt.Sprintf(
+					"container '%s' waiting - reason='%s', message='%s'",
+					s.Image,
+					s.State.Waiting.Reason,
+					s.State.Waiting.Message,
+				),
+			)
+		}
+
+		if s.State.Running != nil {
+			messages = append(
+				messages,
+				fmt.Sprintf(
+					"container '%s' is running since %v",
+					s.Image,
+					s.State.Running.StartedAt,
+				),
+			)
+		}
+	}
+
+	return messages
+}
+
+func (c *KubernetesClient) DeletePod(name string) error {
+	return c.clientset.CoreV1().
+		Pods(c.config.Namespace).
+		Delete(context.Background(), name, v1.DeleteOptions{})
+}
+
+func (c *KubernetesClient) DeleteSecret(name string) error {
+	return c.clientset.CoreV1().
+		Secrets(c.config.Namespace).
+		Delete(context.Background(), name, v1.DeleteOptions{})
+}
diff --git a/pkg/kubernetes/client_test.go b/pkg/kubernetes/client_test.go
new file mode 100644
index 00000000..04683ddf
--- /dev/null
+++ b/pkg/kubernetes/client_test.go
@@ -0,0 +1,970 @@
+package kubernetes
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	stdruntime "runtime"
+	"testing"
+	"time"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	assert "github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/kubernetes/fake"
+)
+
+func Test__CreateSecret(t *testing.T) {
+	t.Run("stores .env file in secret", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		client, _ := NewKubernetesClient(clientset, Config{Namespace: "default"})
+		secretName := "mysecret"
+
+		// create secret using job request
+		assert.NoError(t, client.CreateSecret(secretName, &api.JobRequest{
+			EnvVars: []api.EnvVar{
+				{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("AAA"))},
+				{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("BBB"))},
+				{Name: "C", Value: base64.StdEncoding.EncodeToString([]byte("CCC"))},
+			},
+		}))
+
+		secret, err := clientset.CoreV1().
+			Secrets("default").
+			Get(context.Background(), secretName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.True(t, *secret.Immutable)
+		assert.Equal(t, secret.Name, secretName)
+		assert.Empty(t, secret.Labels)
+
+		var expected string
+		if stdruntime.GOOS == "windows" {
+			expected = "$env:A = \"AAA\"\n$env:B = \"BBB\"\n$env:C = \"CCC\"\n"
+		} else {
+			expected = "export A=AAA\nexport B=BBB\nexport C=CCC\n"
+		}
+
+		assert.Equal(t, secret.StringData, map[string]string{".env": expected})
+	})
+
+	t.Run("stores files in secret, with base64-encoded keys", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		client, _ := NewKubernetesClient(clientset, Config{Namespace: "default"})
+		secretName := "mysecret"
+
+		// create secret using job request
+		assert.NoError(t, client.CreateSecret(secretName, &api.JobRequest{
+			EnvVars: []api.EnvVar{
+				{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("AAA"))},
+				{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("BBB"))},
+				{Name: "C", Value: base64.StdEncoding.EncodeToString([]byte("CCC"))},
+			},
+			Files: []api.File{
+				{
+					Path:    "/tmp/random-file.txt",
+					Content: base64.StdEncoding.EncodeToString([]byte("Random content")),
+					Mode:    "0600",
+				},
+				{
+					Path:    "/tmp/random-file-2.txt",
+					Content: base64.StdEncoding.EncodeToString([]byte("Random content 2")),
+					Mode:    "0600",
+				},
+			},
+		}))
+
+		secret, err := clientset.CoreV1().
+			Secrets("default").
+			Get(context.Background(), secretName, v1.GetOptions{})
+
+		key1 := base64.RawURLEncoding.EncodeToString([]byte("/tmp/random-file.txt"))
+		key2 := base64.RawURLEncoding.EncodeToString([]byte("/tmp/random-file-2.txt"))
+
+		assert.NoError(t, err)
+		assert.True(t, *secret.Immutable)
+		assert.Equal(t, secret.Name, secretName)
+		assert.Empty(t, secret.Labels)
+
+		var expected string
+		if stdruntime.GOOS == "windows" {
+			expected = "$env:A = \"AAA\"\n$env:B = \"BBB\"\n$env:C = \"CCC\"\n"
+		} else {
+			expected = "export A=AAA\nexport B=BBB\nexport C=CCC\n"
+		}
+
+		assert.Equal(t, secret.StringData, map[string]string{
+			".env": expected,
+			key1:   "Random content",
+			key2:   "Random content 2",
+		})
+	})
+
+	t.Run("uses labels", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		secretName := "mysecret"
+
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace: "default",
+			Labels: map[string]string{
+				"app":                        "semaphore-agent",
+				"semaphoreci.com/agent-type": "s1-test",
+			},
+		})
+
+		// create secret using job request
+		assert.NoError(t, client.CreateSecret(secretName, &api.JobRequest{
+			EnvVars: []api.EnvVar{
+				{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("AAA"))},
+				{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("BBB"))},
+				{Name: "C", Value: base64.StdEncoding.EncodeToString([]byte("CCC"))},
+			},
+		}))
+
+		secret, err := clientset.CoreV1().
+			Secrets("default").
+			Get(context.Background(), secretName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.True(t, *secret.Immutable)
+		assert.Equal(t, secret.Name, secretName)
+		assert.Equal(t, secret.Labels, map[string]string{
+			"app":                        "semaphore-agent",
+			"semaphoreci.com/agent-type": "s1-test",
+		})
+
+		var expected string
+		if stdruntime.GOOS == "windows" {
+			expected = "$env:A = \"AAA\"\n$env:B = \"BBB\"\n$env:C = \"CCC\"\n"
+		} else {
+			expected = "export A=AAA\nexport B=BBB\nexport C=CCC\n"
+		}
+
+		assert.Equal(t, secret.StringData, map[string]string{".env": expected})
+	})
+}
+
+func Test__CreateImagePullSecret(t *testing.T) {
+	t.Run("bad image pull credentials -> error", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		client, _ := NewKubernetesClient(clientset, Config{Namespace: "default"})
+		err := client.CreateImagePullSecret("badsecret", []api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte("NOT_SUPPORTED"))},
+				},
+			},
+		})
+
+		assert.Error(t, err)
+		assert.ErrorContains(t, err, "unknown DOCKER_CREDENTIAL_TYPE")
+	})
+
+	t.Run("good image pull credentials -> creates secret", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		client, _ := NewKubernetesClient(clientset, Config{Namespace: "default"})
+		secretName := "mysecretname"
+
+		err := client.CreateImagePullSecret(secretName, []api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyGenericDocker))},
+					{Name: "DOCKER_USERNAME", Value: base64.StdEncoding.EncodeToString([]byte("myuser"))},
+					{Name: "DOCKER_PASSWORD", Value: base64.StdEncoding.EncodeToString([]byte("mypass"))},
+					{Name: "DOCKER_URL", Value: base64.StdEncoding.EncodeToString([]byte("my-custom-registry.com"))},
+				},
+			},
+		})
+
+		assert.NoError(t, err)
+
+		secret, err := clientset.CoreV1().
+			Secrets("default").
+			Get(context.Background(), secretName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Equal(t, corev1.SecretTypeDockerConfigJson, secret.Type)
+		assert.Empty(t, secret.Labels)
+		assert.True(t, *secret.Immutable)
+		assert.NotEmpty(t, secret.Data)
+	})
+
+	t.Run("uses labels", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		secretName := "mysecretname"
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace: "default",
+			Labels: map[string]string{
+				"app":                        "semaphore-agent",
+				"semaphoreci.com/agent-type": "s1-test",
+			},
+		})
+
+		err := client.CreateImagePullSecret(secretName, []api.ImagePullCredentials{
+			{
+				EnvVars: []api.EnvVar{
+					{Name: "DOCKER_CREDENTIAL_TYPE", Value: base64.StdEncoding.EncodeToString([]byte(api.ImagePullCredentialsStrategyGenericDocker))},
+					{Name: "DOCKER_USERNAME", Value: base64.StdEncoding.EncodeToString([]byte("myuser"))},
+					{Name: "DOCKER_PASSWORD", Value: base64.StdEncoding.EncodeToString([]byte("mypass"))},
+					{Name: "DOCKER_URL", Value: base64.StdEncoding.EncodeToString([]byte("my-custom-registry.com"))},
+				},
+			},
+		})
+
+		assert.NoError(t, err)
+
+		secret, err := clientset.CoreV1().
+			Secrets("default").
+			Get(context.Background(), secretName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Equal(t, corev1.SecretTypeDockerConfigJson, secret.Type)
+		assert.Equal(t, secret.Labels, map[string]string{
+			"app":                        "semaphore-agent",
+			"semaphoreci.com/agent-type": "s1-test",
+		})
+
+		assert.True(t, *secret.Immutable)
+		assert.NotEmpty(t, secret.Data)
+	})
+}
+
+func Test__CreatePod(t *testing.T) {
+	t.Run("no containers from YAML -> error", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:      "default",
+			ImageValidator: imageValidator,
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+		envSecretName := "mysecret"
+
+		assert.ErrorContains(t, client.CreatePod(podName, envSecretName, "", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{},
+			},
+		}), "no containers specified in Semaphore YAML, and no default container is provided")
+	})
+
+	t.Run("default image and no containers from YAML", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:      "default",
+			ImageValidator: imageValidator,
+			DefaultImage: "default-image",
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+		envSecretName := "mysecret"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, envSecretName, "", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+
+		// assert pod spec containers
+		if assert.Len(t, pod.Spec.Containers, 1) {
+			assert.Equal(t, pod.Spec.Containers[0].Name, "main")
+			assert.Equal(t, pod.Spec.Containers[0].Image, "default-image")
+			assert.Equal(t, pod.Spec.Containers[0].ImagePullPolicy, corev1.PullPolicy(""))
+			assert.Equal(t, pod.Spec.Containers[0].Command, []string{"bash", "-c", "sleep infinity"})
+			assert.Empty(t, pod.Spec.Containers[0].Env)
+			assert.Equal(t, pod.Spec.Containers[0].VolumeMounts, []corev1.VolumeMount{{Name: "environment", ReadOnly: true, MountPath: "/tmp/injected"}})
+		}
+	})
+
+	t.Run("containers and no pod spec", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, err := NewKubernetesClient(clientset, Config{
+			Namespace:      "default",
+			ImageValidator: imageValidator,
+		})
+
+		if !assert.NoError(t, err) {
+			return
+		}
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+		envSecretName := "mysecret"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, envSecretName, "", &api.JobRequest{
+			Compose: api.Compose{Containers: []api.Container{{Name: "main", Image: "my-image"}}},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+
+		// assert pod spec containers
+		if assert.Len(t, pod.Spec.Containers, 1) {
+			assert.Equal(t, pod.Spec.Containers[0].Name, "main")
+			assert.Equal(t, pod.Spec.Containers[0].Image, "my-image")
+			assert.Equal(t, pod.Spec.Containers[0].ImagePullPolicy, corev1.PullPolicy(""))
+			assert.Equal(t, pod.Spec.Containers[0].Command, []string{"bash", "-c", "sleep infinity"})
+			assert.Empty(t, pod.Spec.Containers[0].Env)
+			assert.Equal(t, pod.Spec.Containers[0].VolumeMounts, []corev1.VolumeMount{{Name: "environment", ReadOnly: true, MountPath: "/tmp/injected"}})
+		}
+	})
+
+	t.Run("1 container", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{
+			podSpecWithImagePullPolicy("default", "Always"),
+		})
+
+		imageValidator, _ := NewImageValidator([]string{})
+		client, err := NewKubernetesClient(clientset, Config{
+			Namespace:                 "default",
+			PodSpecDecoratorConfigMap: "pod-spec",
+			ImageValidator:            imageValidator,
+			DefaultImage: "default-image",
+		})
+
+		if !assert.NoError(t, err) {
+			return
+		}
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+		envSecretName := "mysecret"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, envSecretName, "", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{
+					{
+						Name:  "main",
+						Image: "custom-image",
+					},
+				},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Empty(t, pod.Spec.HostAliases)
+
+		// assert pod spec containers
+		if assert.Len(t, pod.Spec.Containers, 1) {
+			assert.Equal(t, pod.Spec.Containers[0].Name, "main")
+			assert.Equal(t, pod.Spec.Containers[0].Image, "custom-image")
+			assert.Equal(t, pod.Spec.Containers[0].ImagePullPolicy, corev1.PullAlways)
+			assert.Equal(t, pod.Spec.Containers[0].Command, []string{"bash", "-c", "sleep infinity"})
+			assert.Empty(t, pod.Spec.Containers[0].Env)
+			assert.Equal(t, pod.Spec.Containers[0].VolumeMounts, []corev1.VolumeMount{{Name: "environment", ReadOnly: true, MountPath: "/tmp/injected"}})
+		}
+	})
+
+	t.Run("container with env vars", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:      "default",
+			ImageValidator: imageValidator,
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+		envSecretName := "mysecret"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, envSecretName, "", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{
+					{
+						Name:  "main",
+						Image: "custom-image",
+						EnvVars: []api.EnvVar{
+							{
+								Name:  "A",
+								Value: base64.StdEncoding.EncodeToString([]byte("AAA")),
+							},
+						},
+					},
+				},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		if assert.Len(t, pod.Spec.Containers, 1) {
+			assert.Equal(t, pod.Spec.Containers[0].Name, "main")
+			assert.Equal(t, pod.Spec.Containers[0].Image, "custom-image")
+			assert.Equal(t, pod.Spec.Containers[0].ImagePullPolicy, corev1.PullPolicy(""))
+			assert.Equal(t, pod.Spec.Containers[0].Command, []string{"bash", "-c", "sleep infinity"})
+			assert.Equal(t, pod.Spec.Containers[0].Env, []corev1.EnvVar{{Name: "A", Value: "AAA"}})
+			assert.Equal(t, pod.Spec.Containers[0].VolumeMounts, []corev1.VolumeMount{{Name: "environment", ReadOnly: true, MountPath: "/tmp/injected"}})
+		}
+	})
+
+	t.Run("container with env vars + pod spec with env", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{podSpecWithEnv("default")})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:                 "default",
+			PodSpecDecoratorConfigMap: "pod-spec",
+			ImageValidator:            imageValidator,
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+		envSecretName := "mysecret"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, envSecretName, "", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{
+					{
+						Name:  "main",
+						Image: "custom-image",
+						EnvVars: []api.EnvVar{
+							{
+								Name:  "A",
+								Value: base64.StdEncoding.EncodeToString([]byte("AAA")),
+							},
+						},
+					},
+				},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		if assert.Len(t, pod.Spec.Containers, 1) {
+			assert.Equal(t, pod.Spec.Containers[0].Name, "main")
+			assert.Equal(t, pod.Spec.Containers[0].Image, "custom-image")
+			assert.Equal(t, pod.Spec.Containers[0].ImagePullPolicy, corev1.PullPolicy(""))
+			assert.Equal(t, pod.Spec.Containers[0].Command, []string{"bash", "-c", "sleep infinity"})
+			assert.Equal(t, pod.Spec.Containers[0].VolumeMounts, []corev1.VolumeMount{{Name: "environment", ReadOnly: true, MountPath: "/tmp/injected"}})
+			assert.Equal(t, pod.Spec.Containers[0].Env, []corev1.EnvVar{
+				{Name: "FOO_1", Value: "BAR_1"},
+				{Name: "FOO_2", Value: "BAR_2"},
+				{Name: "A", Value: "AAA"},
+			})
+		}
+	})
+
+	t.Run("multiple containers", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:      "default",
+			ImageValidator: imageValidator,
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+		envSecretName := "mysecret"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, envSecretName, "", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{
+					{
+						Name:  "main",
+						Image: "custom-image",
+					},
+					{
+						Name:  "db",
+						Image: "postgres:9.6",
+					},
+				},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Equal(t, pod.Spec.HostAliases, []corev1.HostAlias{{IP: "127.0.0.1", Hostnames: []string{"db"}}})
+
+		// assert 2 containers are used and command and volume mounts are only set for the main one
+		if assert.Len(t, pod.Spec.Containers, 2) {
+			assert.Equal(t, pod.Spec.Containers[0].Name, "main")
+			assert.Equal(t, pod.Spec.Containers[0].Image, "custom-image")
+			assert.Equal(t, pod.Spec.Containers[0].Command, []string{"bash", "-c", "sleep infinity"})
+			assert.Empty(t, pod.Spec.Containers[0].Env)
+			assert.Equal(t, pod.Spec.Containers[0].VolumeMounts, []corev1.VolumeMount{{Name: "environment", ReadOnly: true, MountPath: "/tmp/injected"}})
+			assert.Equal(t, pod.Spec.Containers[1].Name, "db")
+			assert.Equal(t, pod.Spec.Containers[1].Image, "postgres:9.6")
+			assert.Empty(t, pod.Spec.Containers[1].Env)
+			assert.Empty(t, pod.Spec.Containers[1].Command)
+			assert.Empty(t, pod.Spec.Containers[1].VolumeMounts)
+		}
+	})
+
+	t.Run("no image pull secrets", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:      "default",
+			ImageValidator: imageValidator,
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, "myenvsecret", "", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{
+					{
+						Name:  "main",
+						Image: "custom-image",
+					},
+				},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Len(t, pod.Spec.ImagePullSecrets, 0)
+	})
+
+	t.Run("with image pull secrets from pod spec", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{
+			podSpecWithImagePullSecret("default", "secret-1"),
+		})
+
+		imageValidator, _ := NewImageValidator([]string{})
+		client, err := NewKubernetesClient(clientset, Config{
+			Namespace:                 "default",
+			PodSpecDecoratorConfigMap: "pod-spec",
+			ImageValidator:            imageValidator,
+		})
+
+		if !assert.NoError(t, err) {
+			return
+		}
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, "myenvsecret", "", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{
+					{
+						Name:  "main",
+						Image: "custom-image",
+					},
+				},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Equal(t, pod.Spec.ImagePullSecrets, []corev1.LocalObjectReference{{Name: "secret-1"}})
+	})
+
+	t.Run("with image pull secret from YAML", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:      "default",
+			ImageValidator: imageValidator,
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, "myenvsecret", "my-image-pull-secret", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{
+					{
+						Name:  "main",
+						Image: "custom-image",
+					},
+				},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Equal(t, pod.Spec.ImagePullSecrets, []corev1.LocalObjectReference{{Name: "my-image-pull-secret"}})
+	})
+
+	t.Run("with image pull secret from pod spec and from YAML", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{
+			podSpecWithImagePullSecret("default", "secret-1"),
+		})
+
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:                 "default",
+			PodSpecDecoratorConfigMap: "pod-spec",
+			ImageValidator:            imageValidator,
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, "myenvsecret", "my-image-pull-secret", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{
+					{
+						Name:  "main",
+						Image: "custom-image",
+					},
+				},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Equal(t, pod.Spec.ImagePullSecrets, []corev1.LocalObjectReference{
+			{Name: "secret-1"},
+			{Name: "my-image-pull-secret"},
+		})
+	})
+
+	t.Run("with resources", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{podSpecWithResources("default")})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:                 "default",
+			PodSpecDecoratorConfigMap: "pod-spec",
+			ImageValidator:            imageValidator,
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, "myenvsecret", "my-image-pull-secret", &api.JobRequest{
+			Compose: api.Compose{
+				Containers: []api.Container{
+					{
+						Name:  "main",
+						Image: "custom-image",
+					},
+					{
+						Name:  "db",
+						Image: "postgres",
+					},
+					{
+						Name:  "cache",
+						Image: "redis",
+					},
+				},
+			},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		if assert.Len(t, pod.Spec.Containers, 3) {
+			assert.Equal(t, pod.Spec.Containers[0].Resources, corev1.ResourceRequirements{
+				Limits: corev1.ResourceList{
+					corev1.ResourceMemory: resource.MustParse("200Mi"),
+					corev1.ResourceCPU:    resource.MustParse("200m"),
+				},
+				Requests: corev1.ResourceList{
+					corev1.ResourceMemory: resource.MustParse("100Mi"),
+					corev1.ResourceCPU:    resource.MustParse("100m"),
+				},
+			})
+
+			assert.Equal(t, pod.Spec.Containers[1].Resources, corev1.ResourceRequirements{
+				Limits: corev1.ResourceList{
+					corev1.ResourceMemory: resource.MustParse("100Mi"),
+					corev1.ResourceCPU:    resource.MustParse("100m"),
+				},
+				Requests: corev1.ResourceList{
+					corev1.ResourceMemory: resource.MustParse("50Mi"),
+					corev1.ResourceCPU:    resource.MustParse("50m"),
+				},
+			})
+
+			assert.Equal(t, pod.Spec.Containers[2].Resources, corev1.ResourceRequirements{
+				Limits: corev1.ResourceList{
+					corev1.ResourceMemory: resource.MustParse("100Mi"),
+					corev1.ResourceCPU:    resource.MustParse("100m"),
+				},
+				Requests: corev1.ResourceList{
+					corev1.ResourceMemory: resource.MustParse("50Mi"),
+					corev1.ResourceCPU:    resource.MustParse("50m"),
+				},
+			})
+		}
+	})
+
+	t.Run("no labels", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:      "default",
+			ImageValidator: imageValidator,
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, "myenvsecret", "", &api.JobRequest{
+			Compose: api.Compose{Containers: []api.Container{{Name: "main", Image: "my-image"}}},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Empty(t, pod.Labels)
+	})
+
+	t.Run("with labels", func(t *testing.T) {
+		clientset := newFakeClientset([]runtime.Object{})
+		imageValidator, _ := NewImageValidator([]string{})
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:      "default",
+			ImageValidator: imageValidator,
+			Labels: map[string]string{
+				"app":                        "semaphore-agent",
+				"semaphoreci.com/agent-type": "s1-test",
+			},
+		})
+
+		_ = client.LoadPodSpec()
+		podName := "mypod"
+
+		// create pod using job request
+		assert.NoError(t, client.CreatePod(podName, "myenvsecret", "", &api.JobRequest{
+			Compose: api.Compose{Containers: []api.Container{{Name: "main", Image: "my-image"}}},
+		}))
+
+		pod, err := clientset.CoreV1().
+			Pods("default").
+			Get(context.Background(), podName, v1.GetOptions{})
+
+		assert.NoError(t, err)
+		assert.Equal(t, pod.Labels, map[string]string{
+			"app":                        "semaphore-agent",
+			"semaphoreci.com/agent-type": "s1-test",
+		})
+	})
+}
+
+func Test__WaitForPod(t *testing.T) {
+	t.Run("pod exist and is ready - no error", func(t *testing.T) {
+		podName := "mypod"
+		clientset := newFakeClientset([]runtime.Object{
+			&corev1.Pod{
+				ObjectMeta: v1.ObjectMeta{Name: podName, Namespace: "default"},
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{{Name: "main", Image: "whatever"}},
+				},
+			},
+		})
+
+		client, _ := NewKubernetesClient(clientset, Config{Namespace: "default"})
+		assert.NoError(t, client.WaitForPod(context.TODO(), podName, func(s string) {}))
+	})
+
+	t.Run("pod does not exist - error", func(t *testing.T) {
+		podName := "mypod"
+		clientset := newFakeClientset([]runtime.Object{
+			&corev1.Pod{
+				ObjectMeta: v1.ObjectMeta{Name: podName, Namespace: "default"},
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{{Name: "main", Image: "whatever"}},
+				},
+			},
+		})
+
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:          "default",
+			PodPollingAttempts: 2,
+		})
+
+		assert.Error(t, client.WaitForPod(context.TODO(), "somepodthatdoesnotexist", func(s string) {}))
+	})
+
+	t.Run("pod does not exist and context is cancelled - error", func(t *testing.T) {
+		podName := "mypod"
+		clientset := newFakeClientset([]runtime.Object{
+			&corev1.Pod{
+				ObjectMeta: v1.ObjectMeta{Name: podName, Namespace: "default"},
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{{Name: "main", Image: "whatever"}},
+				},
+			},
+		})
+
+		client, _ := NewKubernetesClient(clientset, Config{
+			Namespace:          "default",
+			PodPollingAttempts: 120,
+		})
+
+		ctx, cancel := context.WithCancel(context.TODO())
+
+		// Wait a little bit before cancelling
+		go func() {
+			time.Sleep(time.Second)
+			cancel()
+		}()
+
+		assert.ErrorContains(t, client.WaitForPod(ctx, "somepodthatdoesnotexist", func(s string) {}), "context canceled")
+	})
+}
+
+func Test_DeletePod(t *testing.T) {
+	podName := "mypod"
+	clientset := newFakeClientset([]runtime.Object{
+		&corev1.Pod{
+			ObjectMeta: v1.ObjectMeta{Name: podName, Namespace: "default"},
+			Spec: corev1.PodSpec{
+				Containers: []corev1.Container{{Name: "main", Image: "whatever"}},
+			},
+		},
+	})
+
+	client, _ := NewKubernetesClient(clientset, Config{Namespace: "default"})
+	assert.NoError(t, client.DeletePod(podName))
+
+	// pod does not exist anymore
+	pod, err := clientset.CoreV1().
+		Pods("default").
+		Get(context.Background(), podName, v1.GetOptions{})
+	assert.Error(t, err)
+	assert.Nil(t, pod)
+}
+
+func Test_DeleteSecret(t *testing.T) {
+	secretName := "mysecret"
+	clientset := newFakeClientset([]runtime.Object{
+		&corev1.Secret{
+			ObjectMeta: v1.ObjectMeta{Name: secretName, Namespace: "default"},
+			Type:       corev1.SecretTypeOpaque,
+			StringData: map[string]string{},
+		},
+	})
+
+	client, _ := NewKubernetesClient(clientset, Config{Namespace: "default"})
+	assert.NoError(t, client.DeleteSecret(secretName))
+
+	// secret does not exist anymore
+	pod, err := clientset.CoreV1().
+		Secrets("default").
+		Get(context.Background(), secretName, v1.GetOptions{})
+	assert.Error(t, err)
+	assert.Nil(t, pod)
+}
+
+func newFakeClientset(objects []runtime.Object) kubernetes.Interface {
+	return fake.NewSimpleClientset(objects...)
+}
+
+func podSpecWithEnv(namespace string) *corev1.ConfigMap {
+	return &corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{Name: "pod-spec", Namespace: namespace},
+		Data: map[string]string{
+			"mainContainer": `
+        env:
+          - name: FOO_1
+            value: BAR_1
+          - name: FOO_2
+            value: BAR_2
+      `,
+		},
+	}
+}
+
+func podSpecWithImagePullPolicy(namespace, pullPolicy string) *corev1.ConfigMap {
+	return &corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{Name: "pod-spec", Namespace: namespace},
+		Data: map[string]string{
+			"mainContainer": fmt.Sprintf(`
+        imagePullPolicy: %s
+      `, pullPolicy),
+		},
+	}
+}
+
+func podSpecWithImagePullSecret(namespace, secretName string) *corev1.ConfigMap {
+	return &corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{Name: "pod-spec", Namespace: namespace},
+		Data: map[string]string{
+			"mainContainer": `
+        imagePullPolicy: Never
+      `,
+			"pod": fmt.Sprintf(`
+        imagePullSecrets:
+          - name: %s
+      `, secretName),
+		},
+	}
+}
+
+func podSpecWithResources(namespace string) *corev1.ConfigMap {
+	return &corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{Name: "pod-spec", Namespace: namespace},
+		Data: map[string]string{
+			"mainContainer": `
+        resources:
+          limits:
+            cpu: 200m
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+      `,
+			"sidecarContainers": `
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 50m
+            memory: 50Mi
+       `,
+		},
+	}
+}
diff --git a/pkg/kubernetes/image_validator.go b/pkg/kubernetes/image_validator.go
new file mode 100644
index 00000000..7ca89675
--- /dev/null
+++ b/pkg/kubernetes/image_validator.go
@@ -0,0 +1,50 @@
+package kubernetes
+
+import (
+	"fmt"
+	"regexp"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+)
+
+type ImageValidator struct {
+	Expressions []regexp.Regexp
+}
+
+func NewImageValidator(expressions []string) (*ImageValidator, error) {
+	regexes := []regexp.Regexp{}
+	for _, exp := range expressions {
+		r, err := regexp.Compile(exp)
+		if err != nil {
+			return nil, err
+		}
+
+		regexes = append(regexes, *r)
+	}
+
+	return &ImageValidator{Expressions: regexes}, nil
+}
+
+func (v *ImageValidator) Validate(containers []api.Container) error {
+	for _, container := range containers {
+		if err := v.validateImage(container.Image); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (v *ImageValidator) validateImage(image string) error {
+	if len(v.Expressions) == 0 {
+		return nil
+	}
+
+	for _, expression := range v.Expressions {
+		if expression.MatchString(image) {
+			return nil
+		}
+	}
+
+	return fmt.Errorf("image '%s' is not allowed", image)
+}
diff --git a/pkg/kubernetes/image_validator_test.go b/pkg/kubernetes/image_validator_test.go
new file mode 100644
index 00000000..eb03f1b8
--- /dev/null
+++ b/pkg/kubernetes/image_validator_test.go
@@ -0,0 +1,51 @@
+package kubernetes
+
+import (
+	"testing"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__ImageValidator(t *testing.T) {
+	t.Run("bad expression => error creating validator", func(t *testing.T) {
+		_, err := NewImageValidator([]string{"(.*)\\((.*)\\) ?(? U)"})
+		assert.Error(t, err)
+	})
+
+	t.Run("no expressions => no restrictions", func(t *testing.T) {
+		imageValidator, err := NewImageValidator([]string{})
+		assert.NoError(t, err)
+		assert.NoError(t, imageValidator.Validate([]api.Container{
+			{Image: "registry.semaphoreci.com/ruby:2.7"},
+			{Image: "docker.io/redis"},
+			{Image: "postgres/9.6"},
+		}))
+	})
+
+	t.Run("single regex with all invalid images", func(t *testing.T) {
+		imageValidator, err := NewImageValidator([]string{
+			"^custom-registry-1\\.com\\/.+",
+		})
+
+		assert.NoError(t, err)
+		assert.ErrorContains(t, imageValidator.Validate([]api.Container{
+			{Image: "registry.semaphoreci.com/ruby:2.7"},
+			{Image: "docker.io/redis"},
+			{Image: "postgres/9.6"},
+		}), "image 'registry.semaphoreci.com/ruby:2.7' is not allowed")
+	})
+
+	t.Run("single regex with some invalid images", func(t *testing.T) {
+		imageValidator, err := NewImageValidator([]string{
+			"^registry\\.semaphoreci\\.com\\/.+",
+		})
+
+		assert.NoError(t, err)
+		assert.ErrorContains(t, imageValidator.Validate([]api.Container{
+			{Image: "registry.semaphoreci.com/ruby:2.7"},
+			{Image: "docker.io/redis"},
+			{Image: "postgres/9.6"},
+		}), "image 'docker.io/redis' is not allowed")
+	})
+}
diff --git a/pkg/listener/job_processor.go b/pkg/listener/job_processor.go
new file mode 100644
index 00000000..45239bda
--- /dev/null
+++ b/pkg/listener/job_processor.go
@@ -0,0 +1,369 @@
+package listener
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"os/exec"
+	"os/signal"
+	"runtime"
+	"sync"
+	"syscall"
+	"time"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
+	jobs "github.com/semaphoreci/agent/pkg/jobs"
+	"github.com/semaphoreci/agent/pkg/kubernetes"
+	selfhostedapi "github.com/semaphoreci/agent/pkg/listener/selfhostedapi"
+	"github.com/semaphoreci/agent/pkg/random"
+	"github.com/semaphoreci/agent/pkg/retry"
+	"github.com/semaphoreci/agent/pkg/shell"
+	log "github.com/sirupsen/logrus"
+)
+
+func StartJobProcessor(httpClient *http.Client, apiClient *selfhostedapi.API, config Config) (*JobProcessor, error) {
+	p := &JobProcessor{
+		HTTPClient:                       httpClient,
+		APIClient:                        apiClient,
+		UserAgent:                        config.UserAgent,
+		LastSuccessfulSync:               time.Now(),
+		forceSyncCh:                      make(chan bool),
+		State:                            selfhostedapi.AgentStateWaitingForJobs,
+		DisconnectRetryAttempts:          100,
+		GetJobRetryAttempts:              config.GetJobRetryLimit,
+		CallbackRetryAttempts:            config.CallbackRetryLimit,
+		ShutdownHookPath:                 config.ShutdownHookPath,
+		PreJobHookPath:                   config.PreJobHookPath,
+		PostJobHookPath:                  config.PostJobHookPath,
+		EnvVars:                          config.EnvVars,
+		FileInjections:                   config.FileInjections,
+		FailOnMissingFiles:               config.FailOnMissingFiles,
+		UploadJobLogs:                    config.UploadJobLogs,
+		FailOnPreJobHookError:            config.FailOnPreJobHookError,
+		SourcePreJobHook:                 config.SourcePreJobHook,
+		ExitOnShutdown:                   config.ExitOnShutdown,
+		KubernetesExecutor:               config.KubernetesExecutor,
+		KubernetesPodSpec:                config.KubernetesPodSpec,
+		KubernetesImageValidator:         config.KubernetesImageValidator,
+		KubernetesPodStartTimeoutSeconds: config.KubernetesPodStartTimeoutSeconds,
+		KubernetesLabels:                 config.KubernetesLabels,
+		KubernetesDefaultImage:           config.KubernetesDefaultImage,
+	}
+
+	go p.Start()
+
+	p.SetupInterruptHandler()
+
+	return p, nil
+}
+
+type JobProcessor struct {
+
+	// Job processor state
+	HTTPClient         *http.Client
+	APIClient          *selfhostedapi.API
+	State              selfhostedapi.AgentState
+	CurrentJobID       string
+	CurrentJobResult   selfhostedapi.JobResult
+	CurrentJob         *jobs.Job
+	LastSyncErrorAt    *time.Time
+	LastSuccessfulSync time.Time
+	InterruptedAt      int64
+	ShutdownReason     ShutdownReason
+	mutex              sync.Mutex
+	forceSyncCh        chan (bool)
+
+	// Job processor config
+	DisconnectRetryAttempts          int
+	GetJobRetryAttempts              int
+	CallbackRetryAttempts            int
+	ShutdownHookPath                 string
+	PreJobHookPath                   string
+	PostJobHookPath                  string
+	StopSync                         bool
+	EnvVars                          []config.HostEnvVar
+	FileInjections                   []config.FileInjection
+	FailOnMissingFiles               bool
+	UploadJobLogs                    string
+	UserAgent                        string
+	FailOnPreJobHookError            bool
+	SourcePreJobHook                 bool
+	ExitOnShutdown                   bool
+	KubernetesExecutor               bool
+	KubernetesPodSpec                string
+	KubernetesImageValidator         *kubernetes.ImageValidator
+	KubernetesPodStartTimeoutSeconds int
+	KubernetesLabels                 map[string]string
+	KubernetesDefaultImage           string
+}
+
+func (p *JobProcessor) Start() {
+	go p.SyncLoop()
+}
+
+func (p *JobProcessor) SyncLoop() {
+	for {
+		if p.StopSync {
+			break
+		}
+
+		nextSyncInterval := p.Sync()
+		log.Infof("Waiting %v for next sync...", nextSyncInterval)
+
+		// Here, we wait for the delay sent in the API to pass
+		// or we sync again before the delay has passed, if needed.
+		select {
+		case <-p.forceSyncCh:
+			log.Debug("Forcing sync due to state change")
+		case <-time.After(nextSyncInterval):
+			log.Debug("Delay requested by API expired")
+		}
+	}
+}
+
+func (p *JobProcessor) Sync() time.Duration {
+	request := &selfhostedapi.SyncRequest{
+		State:         p.State,
+		JobID:         p.CurrentJobID,
+		JobResult:     p.CurrentJobResult,
+		InterruptedAt: p.InterruptedAt,
+	}
+
+	response, err := p.APIClient.Sync(request)
+	if err != nil {
+		p.HandleSyncError(err)
+		return p.defaultSyncInterval()
+	}
+
+	p.LastSuccessfulSync = time.Now()
+	p.ProcessSyncResponse(response)
+	return p.findNextSyncInterval(response)
+}
+
+func (p *JobProcessor) findNextSyncInterval(response *selfhostedapi.SyncResponse) time.Duration {
+	if response.NextSyncAfter > 0 {
+		return time.Duration(response.NextSyncAfter) * time.Millisecond
+	}
+
+	log.Debug("No next_sync_at field on sync response - using default interval")
+	return p.defaultSyncInterval()
+}
+
+func (p *JobProcessor) defaultSyncInterval() time.Duration {
+	d, _ := random.DurationInRange(3000, 6000)
+	return *d
+}
+
+func (p *JobProcessor) HandleSyncError(err error) {
+	log.Errorf("[SYNC ERR] Failed to sync with API: %v", err)
+
+	now := time.Now()
+
+	p.LastSyncErrorAt = &now
+
+	if time.Now().Add(-10 * time.Minute).After(p.LastSuccessfulSync) {
+		log.Error("Unable to sync with Semaphore for over 10 minutes.")
+		p.Shutdown(ShutdownReasonUnableToSync, 1)
+	}
+}
+
+func (p *JobProcessor) ProcessSyncResponse(response *selfhostedapi.SyncResponse) {
+	switch response.Action {
+	case selfhostedapi.AgentActionContinue:
+		// continue what I'm doing, no action needed
+		return
+
+	case selfhostedapi.AgentActionRunJob:
+		go p.RunJob(response.JobID)
+		return
+
+	case selfhostedapi.AgentActionStopJob:
+		go p.StopJob(response.JobID)
+		return
+
+	case selfhostedapi.AgentActionShutdown:
+		log.Infof("Agent shutdown requested by Semaphore due to: %s", response.ShutdownReason)
+		p.Shutdown(ShutdownReasonFromAPI(response.ShutdownReason), 0)
+
+	case selfhostedapi.AgentActionWaitForJobs:
+		p.WaitForJobs()
+	}
+}
+
+func (p *JobProcessor) RunJob(jobID string) {
+	p.State = selfhostedapi.AgentStateStartingJob
+	p.CurrentJobID = jobID
+
+	jobRequest, err := p.getJobWithRetries(p.CurrentJobID)
+	if err != nil {
+		log.Errorf("Could not get job %s: %v", jobID, err)
+		p.JobFinished(selfhostedapi.JobResultFailed)
+		return
+	}
+
+	job, err := jobs.NewJobWithOptions(&jobs.JobOptions{
+		Request:                          jobRequest,
+		Client:                           p.HTTPClient,
+		ExposeKvmDevice:                  false,
+		FileInjections:                   p.FileInjections,
+		FailOnMissingFiles:               p.FailOnMissingFiles,
+		SelfHosted:                       true,
+		UseKubernetesExecutor:            p.KubernetesExecutor,
+		PodSpecDecoratorConfigMap:        p.KubernetesPodSpec,
+		KubernetesPodStartTimeoutSeconds: p.KubernetesPodStartTimeoutSeconds,
+		KubernetesLabels:                 p.KubernetesLabels,
+		KubernetesImageValidator:         p.KubernetesImageValidator,
+		KubernetesDefaultImage:           p.KubernetesDefaultImage,
+		UploadJobLogs:                    p.UploadJobLogs,
+		UserAgent:                        p.UserAgent,
+		RefreshTokenFn: func() (string, error) {
+			return p.APIClient.RefreshToken()
+		},
+	})
+
+	if err != nil {
+		log.Errorf("Could not construct job %s: %v", jobID, err)
+		p.JobFinished(selfhostedapi.JobResultFailed)
+		return
+	}
+
+	p.State = selfhostedapi.AgentStateRunningJob
+	p.CurrentJob = job
+
+	go job.RunWithOptions(jobs.RunOptions{
+		EnvVars:               p.EnvVars,
+		PreJobHookPath:        p.PreJobHookPath,
+		PostJobHookPath:       p.PostJobHookPath,
+		FailOnPreJobHookError: p.FailOnPreJobHookError,
+		SourcePreJobHook:      p.SourcePreJobHook,
+		CallbackRetryAttempts: p.CallbackRetryAttempts,
+		OnJobFinished:         p.JobFinished,
+	})
+}
+
+func (p *JobProcessor) getJobWithRetries(jobID string) (*api.JobRequest, error) {
+	var jobRequest *api.JobRequest
+	err := retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "Get job",
+		MaxAttempts:          p.GetJobRetryAttempts,
+		DelayBetweenAttempts: 3 * time.Second,
+		Fn: func() error {
+			job, err := p.APIClient.GetJob(jobID)
+			if err != nil {
+				return err
+			}
+
+			jobRequest = job
+			return nil
+		},
+	})
+
+	return jobRequest, err
+}
+
+func (p *JobProcessor) StopJob(jobID string) {
+	p.mutex.Lock()
+	defer p.mutex.Unlock()
+
+	// The job finished before the sync request returned a stop-job command.
+	// Here, we don't do anything since the job is already finished and
+	// a finished-job state will be reported in the next sync.
+	if p.State == selfhostedapi.AgentStateFinishedJob {
+		return
+	}
+
+	p.CurrentJobID = jobID
+	p.State = selfhostedapi.AgentStateStoppingJob
+
+	p.CurrentJob.Stop()
+}
+
+func (p *JobProcessor) JobFinished(result selfhostedapi.JobResult) {
+	p.mutex.Lock()
+	p.State = selfhostedapi.AgentStateFinishedJob
+	p.CurrentJobResult = result
+	p.forceSyncCh <- true
+	p.mutex.Unlock()
+}
+
+func (p *JobProcessor) WaitForJobs() {
+	p.CurrentJobID = ""
+	p.CurrentJob = nil
+	p.CurrentJobResult = ""
+	p.State = selfhostedapi.AgentStateWaitingForJobs
+}
+
+func (p *JobProcessor) SetupInterruptHandler() {
+	c := make(chan os.Signal)
+	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+	go func() {
+		<-c
+		log.Info("Termination signal received")
+
+		// When we receive an interruption signal
+		// we tell the API about it, and let it tell the agent when to shut down.
+		p.InterruptedAt = time.Now().Unix()
+		p.forceSyncCh <- true
+	}()
+}
+
+func (p *JobProcessor) disconnect() {
+	p.StopSync = true
+	log.Info("Disconnecting the Agent from Semaphore")
+
+	err := retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "Disconnect",
+		MaxAttempts:          p.DisconnectRetryAttempts,
+		DelayBetweenAttempts: time.Second,
+		Fn: func() error {
+			_, err := p.APIClient.Disconnect()
+			return err
+		},
+	})
+
+	if err != nil {
+		log.Errorf("Failed to disconnect from Semaphore even after %d tries: %v", p.DisconnectRetryAttempts, err)
+	} else {
+		log.Info("Disconnected.")
+	}
+}
+
+func (p *JobProcessor) Shutdown(reason ShutdownReason, code int) {
+	p.ShutdownReason = reason
+
+	p.disconnect()
+	p.executeShutdownHook(reason)
+	log.Infof("Agent shutting down due to: %s", reason)
+
+	if p.ExitOnShutdown {
+		os.Exit(code)
+	}
+}
+
+func (p *JobProcessor) executeShutdownHook(reason ShutdownReason) {
+	if p.ShutdownHookPath == "" {
+		return
+	}
+
+	var cmd *exec.Cmd
+	log.Infof("Executing shutdown hook from %s", p.ShutdownHookPath)
+
+	if runtime.GOOS == "windows" {
+		args := append(shell.Args(), p.ShutdownHookPath)
+		// #nosec
+		cmd = exec.Command(shell.Executable(), args...)
+	} else {
+		// #nosec
+		cmd = exec.Command("bash", p.ShutdownHookPath)
+	}
+
+	cmd.Env = append(os.Environ(), fmt.Sprintf("SEMAPHORE_AGENT_SHUTDOWN_REASON=%s", reason))
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Errorf("Error executing shutdown hook: %v", err)
+		log.Errorf("Output: %s", string(output))
+	} else {
+		log.Infof("Output: %s", string(output))
+	}
+}
diff --git a/pkg/listener/listener.go b/pkg/listener/listener.go
new file mode 100644
index 00000000..eba53e7a
--- /dev/null
+++ b/pkg/listener/listener.go
@@ -0,0 +1,169 @@
+package listener
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"time"
+
+	"github.com/semaphoreci/agent/pkg/config"
+	"github.com/semaphoreci/agent/pkg/eventlogger"
+	"github.com/semaphoreci/agent/pkg/kubernetes"
+	selfhostedapi "github.com/semaphoreci/agent/pkg/listener/selfhostedapi"
+	osinfo "github.com/semaphoreci/agent/pkg/osinfo"
+	"github.com/semaphoreci/agent/pkg/retry"
+	log "github.com/sirupsen/logrus"
+)
+
+type Listener struct {
+	JobProcessor *JobProcessor
+	Config       Config
+	Client       *selfhostedapi.API
+}
+
+type Config struct {
+	Endpoint                         string
+	RegisterRetryLimit               int
+	GetJobRetryLimit                 int
+	CallbackRetryLimit               int
+	Token                            string
+	Scheme                           string
+	ShutdownHookPath                 string
+	PreJobHookPath                   string
+	PostJobHookPath                  string
+	DisconnectAfterJob               bool
+	JobID                            string
+	DisconnectAfterIdleSeconds       int
+	InterruptionGracePeriod          int
+	EnvVars                          []config.HostEnvVar
+	FileInjections                   []config.FileInjection
+	FailOnMissingFiles               bool
+	UploadJobLogs                    string
+	FailOnPreJobHookError            bool
+	SourcePreJobHook                 bool
+	ExitOnShutdown                   bool
+	AgentVersion                     string
+	UserAgent                        string
+	AgentName                        string
+	KubernetesExecutor               bool
+	KubernetesPodSpec                string
+	KubernetesImageValidator         *kubernetes.ImageValidator
+	KubernetesPodStartTimeoutSeconds int
+	KubernetesLabels                 map[string]string
+	KubernetesDefaultImage           string
+}
+
+func Start(httpClient *http.Client, config Config) (*Listener, error) {
+	listener := &Listener{
+		Config: config,
+		Client: selfhostedapi.New(httpClient, config.Scheme, config.Endpoint, config.Token, config.UserAgent),
+	}
+
+	listener.DisplayHelloMessage()
+	setCustomLogFormatter(config.AgentName)
+
+	log.Info("Starting Agent")
+	log.Info("Registering Agent")
+	err := listener.Register(config.AgentName)
+	if err != nil {
+		return listener, err
+	}
+
+	// We re-set the agent name in the custom log formatter,
+	// to ensure that names assigned by the Semaphore control plane
+	// are also added to the agent's custom log formatter, after registration.
+	setCustomLogFormatter(listener.Config.AgentName)
+
+	log.Info("Starting to poll for jobs")
+	jobProcessor, err := StartJobProcessor(httpClient, listener.Client, listener.Config)
+	if err != nil {
+		return listener, err
+	}
+
+	listener.JobProcessor = jobProcessor
+
+	return listener, nil
+}
+
+func setCustomLogFormatter(agentName string) {
+	// If the name is a URL, which will be followed by the Semaphore control plane.
+	// The actual name used for the agent will be returned by the Semaphore
+	// control in the registration response. So, while the name is a URL,
+	// we initially the URL host in the log context until we get a name from the Semaphore control plane.
+	if u, err := url.ParseRequestURI(agentName); err == nil {
+		formatter := eventlogger.CustomFormatter{
+			AgentName: fmt.Sprintf("[%s]", u.Host),
+		}
+
+		log.SetFormatter(&formatter)
+		return
+	}
+
+	// If it's not a URL, just use the name itself.
+	formatter := eventlogger.CustomFormatter{AgentName: agentName}
+	log.SetFormatter(&formatter)
+}
+
+// only used during tests
+func (l *Listener) Stop() {
+	l.JobProcessor.Shutdown(ShutdownReasonRequested, 0)
+}
+
+// only used during tests
+func (l *Listener) Interrupt() {
+	l.JobProcessor.InterruptedAt = time.Now().Unix()
+}
+
+func (l *Listener) DisplayHelloMessage() {
+	fmt.Println("                                      ")
+	fmt.Println("                 00000000000          ")
+	fmt.Println("               0000000000000000       ")
+	fmt.Println("             00000000000000000000     ")
+	fmt.Println("          00000000000    0000000000   ")
+	fmt.Println("   11     00000000    11   000000000  ")
+	fmt.Println(" 111111   000000   1111111   000000   ")
+	fmt.Println("111111111   00   111111111     00     ")
+	fmt.Println("  111111111    1111111111             ")
+	fmt.Println("    1111111111111111111               ")
+	fmt.Println("      111111111111111                 ")
+	fmt.Println("         111111111                    ")
+	fmt.Println("                                      ")
+}
+
+func (l *Listener) Register(name string) error {
+	req := &selfhostedapi.RegisterRequest{
+		Version:                 l.Config.AgentVersion,
+		Name:                    name,
+		PID:                     os.Getpid(),
+		OS:                      osinfo.Name(),
+		Arch:                    osinfo.Arch(),
+		Hostname:                osinfo.Hostname(),
+		SingleJob:               l.Config.DisconnectAfterJob,
+		IdleTimeout:             l.Config.DisconnectAfterIdleSeconds,
+		InterruptionGracePeriod: l.Config.InterruptionGracePeriod,
+		JobID:                   l.Config.JobID,
+	}
+
+	err := retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "Register",
+		MaxAttempts:          l.Config.RegisterRetryLimit,
+		DelayBetweenAttempts: time.Second,
+		Fn: func() error {
+			resp, err := l.Client.Register(req)
+			if err != nil {
+				return err
+			}
+
+			l.Config.AgentName = resp.Name
+			l.Client.SetAccessToken(resp.Token)
+			return nil
+		},
+	})
+
+	if err != nil {
+		return fmt.Errorf("failed to register agent: %v", err)
+	}
+
+	return nil
+}
diff --git a/pkg/listener/listener_test.go b/pkg/listener/listener_test.go
new file mode 100644
index 00000000..0d64cdb6
--- /dev/null
+++ b/pkg/listener/listener_test.go
@@ -0,0 +1,914 @@
+package listener
+
+import (
+	"fmt"
+	"io/ioutil"
+	"math/rand"
+	"net/http"
+	"os"
+	"strings"
+	"testing"
+	"time"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
+	"github.com/semaphoreci/agent/pkg/eventlogger"
+	"github.com/semaphoreci/agent/pkg/listener/selfhostedapi"
+	testsupport "github.com/semaphoreci/agent/test/support"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__Register(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	if assert.Nil(t, hubMockServer.WaitUntilRegistered()) {
+		registerRequest := hubMockServer.GetRegisterRequest()
+		assert.NotEmpty(t, registerRequest.Arch)
+		assert.NotEmpty(t, registerRequest.Hostname)
+		assert.NotEmpty(t, registerRequest.Name)
+		assert.NotEmpty(t, registerRequest.OS)
+		assert.NotZero(t, registerRequest.PID)
+		assert.Equal(t, registerRequest.Version, testsupport.AgentVersionExpected)
+	}
+
+	listener.Stop()
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__RegisterRequestIsRetried(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+	hubMockServer.RejectRegisterAttempts(3)
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	if assert.Nil(t, hubMockServer.WaitUntilRegistered()) {
+		assert.Equal(t, 3, hubMockServer.RegisterAttempts)
+		registerRequest := hubMockServer.GetRegisterRequest()
+		assert.NotEmpty(t, registerRequest.Arch)
+		assert.NotEmpty(t, registerRequest.Hostname)
+		assert.NotEmpty(t, registerRequest.Name)
+		assert.NotEmpty(t, registerRequest.OS)
+		assert.NotZero(t, registerRequest.PID)
+		assert.Equal(t, registerRequest.Version, testsupport.AgentVersionExpected)
+	}
+
+	listener.Stop()
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__RegistrationFails(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+	hubMockServer.RejectRegisterAttempts(10)
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	_, err := Start(http.DefaultClient, config)
+	assert.NotNil(t, err)
+	assert.Equal(t, 4, hubMockServer.RegisterAttempts)
+
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ShutdownHookIsExecuted(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	hook, err := testsupport.TempFileWithExtension()
+	assert.Nil(t, err)
+
+	/*
+	 * To assert that the shutdown hook was executed,
+	 * we make it create a file with the same name + .done suffix.
+	 * If that file exists after the listener stopped,
+	 * it means the shutdown hook was executed.
+	 */
+	destination := fmt.Sprintf("%s.done", hook)
+	err = ioutil.WriteFile(hook, []byte(testsupport.CopyFile(hook, destination)), 0777)
+	assert.Nil(t, err)
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+		ShutdownHookPath:   hook,
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	// listener has not been stopped yet, so file created by shutdown hook does not exist yet
+	assert.NoFileExists(t, destination)
+
+	time.Sleep(time.Second)
+	listener.Stop()
+
+	// listener has been stopped, so file created by shutdown hook should exist
+	assert.FileExists(t, destination)
+
+	os.Remove(hook)
+	os.Remove(destination)
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ShutdownHookCanSeeShutdownReason(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	hook, err := testsupport.TempFileWithExtension()
+	assert.Nil(t, err)
+
+	/*
+	 * To assert that the shutdown hook has access to the SEMAPHORE_AGENT_SHUTDOWN_REASON
+	 * variable, we tell the shutdown hook script to write its value on a new file.
+	 */
+	destination := fmt.Sprintf("%s.done", hook)
+	err = ioutil.WriteFile(hook, []byte(testsupport.EchoEnvVarToFile("SEMAPHORE_AGENT_SHUTDOWN_REASON", destination)), 0777)
+	assert.Nil(t, err)
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+		ShutdownHookPath:   hook,
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	// listener has not been stopped yet, so file created by shutdown hook does not exist yet
+	assert.NoFileExists(t, destination)
+
+	time.Sleep(time.Second)
+	listener.Stop()
+
+	// listener has been stopped, so file created by shutdown hook should exist
+	assert.FileExists(t, destination)
+
+	bytes, err := ioutil.ReadFile(destination)
+	assert.Nil(t, err)
+	assert.Equal(t, ShutdownReasonRequested.String(), strings.Replace(string(bytes), "\r\n", "", -1))
+
+	os.Remove(hook)
+	os.Remove(destination)
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ShutdownAfterJobFinished(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		DisconnectAfterJob: true,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	hubMockServer.AssignJob(&api.JobRequest{
+		JobID: "Test__ShutdownAfterJobFinished",
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello world")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+			URL:    loghubMockServer.URL(),
+			Token:  "doesnotmatter",
+		},
+	})
+
+	assert.Nil(t, hubMockServer.WaitUntilDisconnected(30, 2*time.Second))
+	assert.Equal(t, listener.JobProcessor.ShutdownReason, ShutdownReasonJobFinished)
+
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ShutdownAfterIdleTimeout(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:                  fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:             false,
+		DisconnectAfterIdleSeconds: 15,
+		Endpoint:                   hubMockServer.Host(),
+		Token:                      "token",
+		RegisterRetryLimit:         5,
+		Scheme:                     "http",
+		EnvVars:                    []config.HostEnvVar{},
+		FileInjections:             []config.FileInjection{},
+		UploadJobLogs:              config.UploadJobLogsConditionNever,
+		AgentVersion:               testsupport.AgentVersionExpected,
+		UserAgent:                  fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+	assert.Nil(t, hubMockServer.WaitUntilDisconnected(15, 2*time.Second))
+	assert.Equal(t, listener.JobProcessor.ShutdownReason, ShutdownReasonIdle)
+
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ShutdownAfterInterruption(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	listener.Interrupt()
+	assert.Nil(t, hubMockServer.WaitUntilDisconnected(15, 2*time.Second))
+	assert.Equal(t, listener.JobProcessor.ShutdownReason, ShutdownReasonInterrupted)
+
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ShutdownAfterInterruptionNoGracePeriod(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		DisconnectAfterJob: true,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	// assigns job that sleeps for 60s
+	hubMockServer.AssignJob(&api.JobRequest{
+		JobID: "Test__ShutdownAfterJobFinished",
+		Commands: []api.Command{
+			{Directive: "sleep 60"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+			URL:    loghubMockServer.URL(),
+			Token:  "doesnotmatter",
+		},
+	})
+
+	// wait until job is running
+	assert.Nil(t, hubMockServer.WaitUntilRunningJob(10, time.Second))
+
+	// send interrupt signal and assert agents disconnected
+	// with interrupted reason and job is stopped immediately.
+	listener.Interrupt()
+	assert.Nil(t, hubMockServer.WaitUntilDisconnected(30, 2*time.Second))
+	assert.Equal(t, listener.JobProcessor.ShutdownReason, ShutdownReasonInterrupted)
+	assert.Equal(t, selfhostedapi.JobResult(selfhostedapi.JobResultStopped), hubMockServer.GetLastJobResult())
+
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ShutdownAfterInterruptionWithGracePeriod(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:               fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:          false,
+		DisconnectAfterJob:      true,
+		Endpoint:                hubMockServer.Host(),
+		Token:                   "token",
+		RegisterRetryLimit:      5,
+		Scheme:                  "http",
+		EnvVars:                 []config.HostEnvVar{},
+		FileInjections:          []config.FileInjection{},
+		AgentVersion:            testsupport.AgentVersionExpected,
+		UserAgent:               fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+		UploadJobLogs:           config.UploadJobLogsConditionNever,
+		InterruptionGracePeriod: 30,
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	// assigns job that sleeps for 10s
+	hubMockServer.AssignJob(&api.JobRequest{
+		JobID: "Test__ShutdownAfterJobFinished",
+		Commands: []api.Command{
+			{Directive: "sleep 15"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+			URL:    loghubMockServer.URL(),
+			Token:  "doesnotmatter",
+		},
+	})
+
+	// wait until job is running
+	assert.Nil(t, hubMockServer.WaitUntilRunningJob(10, time.Second))
+
+	// send interrupt signal and assert agents disconnected
+	// with interrupted reason and job finishes properly.
+	listener.Interrupt()
+	assert.Nil(t, hubMockServer.WaitUntilDisconnected(30, time.Second))
+	assert.Equal(t, listener.JobProcessor.ShutdownReason, ShutdownReasonInterrupted)
+	assert.Equal(t, selfhostedapi.JobResult(selfhostedapi.JobResultPassed), hubMockServer.GetLastJobResult())
+
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ShutdownFromUpstreamWhileWaiting(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	time.Sleep(time.Second)
+	hubMockServer.ScheduleShutdown()
+
+	assert.Nil(t, hubMockServer.WaitUntilDisconnected(5, 2*time.Second))
+	assert.Equal(t, listener.JobProcessor.ShutdownReason, ShutdownReasonRequested)
+
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ShutdownFromUpstreamWhileRunningJob(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	hubMockServer.AssignJob(&api.JobRequest{
+		JobID: "Test__ShutdownFromUpstreamWhileRunningJob",
+		Commands: []api.Command{
+			{Directive: "sleep 300"},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+			URL:    loghubMockServer.URL(),
+			Token:  "doesnotmatter",
+		},
+	})
+
+	assert.Nil(t, hubMockServer.WaitUntilRunningJob(5, 2*time.Second))
+	hubMockServer.ScheduleShutdown()
+
+	assert.Nil(t, hubMockServer.WaitUntilDisconnected(10, 2*time.Second))
+	assert.Equal(t, listener.JobProcessor.ShutdownReason, ShutdownReasonRequested)
+
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__HostEnvVarsAreExposedToJob(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars: []config.HostEnvVar{
+			{Name: "IMPORTANT_HOST_VAR_A", Value: "IMPORTANT_HOST_VAR_A_VALUE"},
+			{Name: "IMPORTANT_HOST_VAR_B", Value: "IMPORTANT_HOST_VAR_B_VALUE"},
+		},
+		FileInjections: []config.FileInjection{},
+		UploadJobLogs:  config.UploadJobLogsConditionNever,
+		AgentVersion:   testsupport.AgentVersionExpected,
+		UserAgent:      fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	hubMockServer.AssignJob(&api.JobRequest{
+		JobID: "Test__HostEnvVarsAreExposedToJob",
+		Commands: []api.Command{
+			{Directive: testsupport.Output("On regular commands")},
+			{Directive: testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_A")},
+			{Directive: testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_B")},
+			{Directive: testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_C")},
+		},
+		EpilogueAlwaysCommands: []api.Command{
+			{Directive: testsupport.Output("On epilogue always")},
+			{Directive: testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_A")},
+			{Directive: testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_B")},
+			{Directive: testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_C")},
+		},
+		EpilogueOnPassCommands: []api.Command{
+			{Directive: testsupport.Output("On epilogue on pass")},
+			{Directive: testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_A")},
+			{Directive: testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_B")},
+			{Directive: testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_C")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+			URL:    loghubMockServer.URL(),
+			Token:  "doesnotmatter",
+		},
+	})
+
+	assert.Nil(t, hubMockServer.WaitUntilFinishedJob(12, 5*time.Second))
+
+	eventObjects, err := eventlogger.TransformToObjects(loghubMockServer.GetLogs())
+	assert.Nil(t, err)
+
+	simplifiedEvents, err := eventlogger.SimplifyLogEvents(eventObjects, eventlogger.SimplifyOptions{IncludeOutput: true})
+	assert.Nil(t, err)
+
+	assert.Equal(t, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exporting IMPORTANT_HOST_VAR_A\n",
+		"Exporting IMPORTANT_HOST_VAR_B\n",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On regular commands")),
+		"On regular commands",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_A")),
+		"IMPORTANT_HOST_VAR_A_VALUE",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_B")),
+		"IMPORTANT_HOST_VAR_B_VALUE",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_C")),
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On epilogue always")),
+		"On epilogue always",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_A")),
+		"IMPORTANT_HOST_VAR_A_VALUE",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_B")),
+		"IMPORTANT_HOST_VAR_B_VALUE",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_C")),
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("On epilogue on pass")),
+		"On epilogue on pass",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_A")),
+		"IMPORTANT_HOST_VAR_A_VALUE",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_B")),
+		"IMPORTANT_HOST_VAR_B_VALUE",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.EchoEnvVar("IMPORTANT_HOST_VAR_C")),
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	}, simplifiedEvents)
+
+	listener.Stop()
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__LogTokenIsRefreshed(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+	assert.False(t, hubMockServer.TokenIsRefreshed)
+
+	hubMockServer.AssignJob(&api.JobRequest{
+		JobID: "Test__LogTokenIsRefreshed",
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+			URL:    loghubMockServer.URL(),
+			Token:  testsupport.ExpiredLogToken,
+		},
+	})
+
+	assert.Nil(t, hubMockServer.WaitUntilFinishedJob(12, 5*time.Second))
+	assert.True(t, hubMockServer.TokenIsRefreshed)
+
+	eventObjects, err := eventlogger.TransformToObjects(loghubMockServer.GetLogs())
+	assert.Nil(t, err)
+
+	simplifiedEvents, err := eventlogger.SimplifyLogEvents(eventObjects, eventlogger.SimplifyOptions{IncludeOutput: true})
+	assert.Nil(t, err)
+
+	assert.Equal(t, []string{
+		"job_started",
+
+		"directive: Exporting environment variables",
+		"Exit Code: 0",
+
+		"directive: Injecting Files",
+		"Exit Code: 0",
+
+		fmt.Sprintf("directive: %s", testsupport.Output("hello")),
+		"hello",
+		"Exit Code: 0",
+
+		"directive: Exporting environment variables",
+		"Exporting SEMAPHORE_JOB_RESULT\n",
+		"Exit Code: 0",
+
+		"job_finished: passed",
+	}, simplifiedEvents)
+
+	listener.Stop()
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__GetJobIsRetried(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+	hubMockServer.RejectGetJobAttempts(5)
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		DisconnectAfterJob: true,
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		GetJobRetryLimit:   10,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	hubMockServer.AssignJob(&api.JobRequest{
+		JobID: "Test__GetJobIsRetried",
+		Commands: []api.Command{
+			{Directive: testsupport.Output("hello")},
+		},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+			URL:    loghubMockServer.URL(),
+			Token:  "doesnotmatter",
+		},
+	})
+
+	assert.Nil(t, hubMockServer.WaitUntilDisconnected(20, 2*time.Second))
+	assert.Equal(t, listener.JobProcessor.ShutdownReason, ShutdownReasonJobFinished)
+	assert.Equal(t, hubMockServer.GetJobAttempts, 5)
+
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ReportsFailedToFetchJob(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+	hubMockServer.RejectGetJobAttempts(100)
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		DisconnectAfterJob: false,
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		GetJobRetryLimit:   2,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	hubMockServer.AssignJob(&api.JobRequest{
+		JobID:    "Test__ReportsFailedToFetchJob",
+		Commands: []api.Command{},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+			URL:    loghubMockServer.URL(),
+			Token:  "doesnotmatter",
+		},
+	})
+
+	assert.Nil(t, hubMockServer.WaitUntilFinishedJob(12, 5*time.Second))
+	assert.Equal(t, selfhostedapi.JobResult(selfhostedapi.JobResultFailed), hubMockServer.GetLastJobResult())
+
+	listener.Stop()
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
+
+func Test__ReportsFailedToConstructJob(t *testing.T) {
+	testsupport.SetupTestLogs()
+
+	loghubMockServer := testsupport.NewLoghubMockServer()
+	loghubMockServer.Init()
+
+	hubMockServer := testsupport.NewHubMockServer()
+	hubMockServer.Init()
+	hubMockServer.UseLogsURL(loghubMockServer.URL())
+
+	config := Config{
+		AgentName:          fmt.Sprintf("agent-name-%d", rand.Intn(10000000)),
+		DisconnectAfterJob: false,
+		ExitOnShutdown:     false,
+		Endpoint:           hubMockServer.Host(),
+		Token:              "token",
+		RegisterRetryLimit: 5,
+		GetJobRetryLimit:   2,
+		Scheme:             "http",
+		EnvVars:            []config.HostEnvVar{},
+		FileInjections:     []config.FileInjection{},
+		UploadJobLogs:      config.UploadJobLogsConditionNever,
+		AgentVersion:       testsupport.AgentVersionExpected,
+		UserAgent:          fmt.Sprintf("SemaphoreAgent/%s", testsupport.AgentVersionExpected),
+	}
+
+	listener, err := Start(http.DefaultClient, config)
+	assert.Nil(t, err)
+
+	hubMockServer.AssignJob(&api.JobRequest{
+		JobID:    "Test__ReportsFailedToConstructJob",
+		Executor: "doesnotexist",
+		Commands: []api.Command{},
+		Logger: api.Logger{
+			Method: eventlogger.LoggerMethodPush,
+			URL:    loghubMockServer.URL(),
+			Token:  "doesnotmatter",
+		},
+	})
+
+	assert.Nil(t, hubMockServer.WaitUntilFinishedJob(10, 2*time.Second))
+	assert.Equal(t, selfhostedapi.JobResult(selfhostedapi.JobResultFailed), hubMockServer.GetLastJobResult())
+
+	listener.Stop()
+	hubMockServer.Close()
+	loghubMockServer.Close()
+}
diff --git a/pkg/listener/selfhostedapi/api.go b/pkg/listener/selfhostedapi/api.go
new file mode 100644
index 00000000..bd54b3ab
--- /dev/null
+++ b/pkg/listener/selfhostedapi/api.go
@@ -0,0 +1,39 @@
+package selfhostedapi
+
+import (
+	"fmt"
+	"net/http"
+)
+
+type API struct {
+	Endpoint  string
+	Scheme    string
+	UserAgent string
+
+	RegisterToken string
+	AccessToken   string
+
+	client *http.Client
+}
+
+func New(httpClient *http.Client, scheme string, endpoint string, token string, userAgent string) *API {
+	return &API{
+		Endpoint:      endpoint,
+		RegisterToken: token,
+		Scheme:        scheme,
+		client:        httpClient,
+		UserAgent:     userAgent,
+	}
+}
+
+func (a *API) authorize(req *http.Request, token string) {
+	req.Header.Set("Authorization", "Token "+token)
+}
+
+func (a *API) SetAccessToken(token string) {
+	a.AccessToken = token
+}
+
+func (a *API) BasePath() string {
+	return fmt.Sprintf("%s://%s/api/v1/self_hosted_agents", a.Scheme, a.Endpoint)
+}
diff --git a/pkg/listener/selfhostedapi/disconnect.go b/pkg/listener/selfhostedapi/disconnect.go
new file mode 100644
index 00000000..136eef48
--- /dev/null
+++ b/pkg/listener/selfhostedapi/disconnect.go
@@ -0,0 +1,38 @@
+package selfhostedapi
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+func (a *API) DisconnectPath() string {
+	return a.BasePath() + "/disconnect"
+}
+
+func (a *API) Disconnect() (string, error) {
+	r, err := http.NewRequest("POST", a.DisconnectPath(), nil)
+	if err != nil {
+		return "", err
+	}
+
+	a.authorize(r, a.AccessToken)
+	r.Header.Set("User-Agent", a.UserAgent)
+
+	resp, err := a.client.Do(r)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+
+	if resp.StatusCode != 200 {
+		return "", fmt.Errorf("error while disconnecting, status: %d, body: %s", resp.StatusCode, string(body))
+	}
+
+	return string(body), nil
+}
diff --git a/pkg/listener/selfhostedapi/get_job.go b/pkg/listener/selfhostedapi/get_job.go
new file mode 100644
index 00000000..f0d68868
--- /dev/null
+++ b/pkg/listener/selfhostedapi/get_job.go
@@ -0,0 +1,46 @@
+package selfhostedapi
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+)
+
+func (a *API) GetJobPath(jobID string) string {
+	return a.BasePath() + fmt.Sprintf("/jobs/%s", jobID)
+}
+
+func (a *API) GetJob(jobID string) (*api.JobRequest, error) {
+	r, err := http.NewRequest("GET", a.GetJobPath(jobID), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	a.authorize(r, a.AccessToken)
+	r.Header.Set("User-Agent", a.UserAgent)
+
+	resp, err := a.client.Do(r)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("failed to describe job, got HTTP %d", resp.StatusCode)
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	response := &api.JobRequest{}
+	if err := json.Unmarshal(body, response); err != nil {
+		return nil, err
+	}
+
+	return response, nil
+}
diff --git a/pkg/listener/selfhostedapi/refresh_token.go b/pkg/listener/selfhostedapi/refresh_token.go
new file mode 100644
index 00000000..cd9371c2
--- /dev/null
+++ b/pkg/listener/selfhostedapi/refresh_token.go
@@ -0,0 +1,54 @@
+package selfhostedapi
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type RefreshTokenResponse struct {
+	Token string `json:"token"`
+}
+
+func (a *API) RefreshTokenPath() string {
+	return a.BasePath() + "/refresh"
+}
+
+func (a *API) RefreshToken() (string, error) {
+	r, err := http.NewRequest("POST", a.RefreshTokenPath(), nil)
+	if err != nil {
+		return "", err
+	}
+
+	log.Info("Refreshing token for current job logs...")
+
+	a.authorize(r, a.AccessToken)
+	r.Header.Set("User-Agent", a.UserAgent)
+
+	resp, err := a.client.Do(r)
+	if err != nil {
+		return "", err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("failed to refresh token, got HTTP %d", resp.StatusCode)
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+
+	defer resp.Body.Close()
+
+	response := &RefreshTokenResponse{}
+	if err := json.Unmarshal(body, response); err != nil {
+		return "", err
+	}
+
+	log.Infof("Successfully refreshed token for current job logs.")
+	return response.Token, nil
+}
diff --git a/pkg/listener/selfhostedapi/register.go b/pkg/listener/selfhostedapi/register.go
new file mode 100644
index 00000000..13f4c501
--- /dev/null
+++ b/pkg/listener/selfhostedapi/register.go
@@ -0,0 +1,72 @@
+package selfhostedapi
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+
+	httputils "github.com/semaphoreci/agent/pkg/httputils"
+	log "github.com/sirupsen/logrus"
+)
+
+type RegisterRequest struct {
+	Name                    string `json:"name"`
+	Version                 string `json:"version"`
+	PID                     int    `json:"pid"`
+	OS                      string `json:"os"`
+	Arch                    string `json:"arch"`
+	Hostname                string `json:"hostname"`
+	SingleJob               bool   `json:"single_job"`
+	IdleTimeout             int    `json:"idle_timeout"`
+	InterruptionGracePeriod int    `json:"interruption_grace_period"`
+	JobID                   string `json:"job_id"`
+}
+
+type RegisterResponse struct {
+	Name  string `json:"name"`
+	Token string `json:"token"`
+}
+
+func (a *API) RegisterPath() string {
+	return a.BasePath() + "/register"
+}
+
+func (a *API) Register(req *RegisterRequest) (*RegisterResponse, error) {
+	b, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	r, err := http.NewRequest("POST", a.RegisterPath(), bytes.NewBuffer(b))
+	if err != nil {
+		return nil, err
+	}
+
+	a.authorize(r, a.RegisterToken)
+	r.Header.Set("User-Agent", a.UserAgent)
+
+	resp, err := a.client.Do(r)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	if !httputils.IsSuccessfulCode(resp.StatusCode) {
+		return nil, fmt.Errorf("register request to %s got HTTP %d: %s", a.RegisterPath(), resp.StatusCode, body)
+	}
+
+	response := &RegisterResponse{}
+	if err := json.Unmarshal(body, response); err != nil {
+		log.Debug(string(body))
+		return nil, err
+	}
+
+	return response, nil
+}
diff --git a/pkg/listener/selfhostedapi/sync.go b/pkg/listener/selfhostedapi/sync.go
new file mode 100644
index 00000000..d708f693
--- /dev/null
+++ b/pkg/listener/selfhostedapi/sync.go
@@ -0,0 +1,120 @@
+package selfhostedapi
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type AgentState string
+type AgentAction string
+type JobResult string
+type ShutdownReason string
+
+const AgentStateWaitingForJobs = "waiting-for-jobs"
+const AgentStateStartingJob = "starting-job"
+const AgentStateRunningJob = "running-job"
+const AgentStateStoppingJob = "stopping-job"
+const AgentStateFinishedJob = "finished-job"
+
+const AgentActionWaitForJobs = "wait-for-jobs"
+const AgentActionRunJob = "run-job"
+const AgentActionStopJob = "stop-job"
+const AgentActionShutdown = "shutdown"
+const AgentActionContinue = "continue"
+
+const JobResultStopped = "stopped"
+const JobResultFailed = "failed"
+const JobResultPassed = "passed"
+
+const ShutdownReasonIdle = "idle"
+const ShutdownReasonJobFinished = "job-finished"
+const ShutdownReasonRequested = "requested"
+const ShutdownReasonInterrupted = "interrupted"
+
+type SyncRequest struct {
+	State         AgentState `json:"state"`
+	JobID         string     `json:"job_id"`
+	JobResult     JobResult  `json:"job_result"`
+	InterruptedAt int64      `json:"interrupted_at"`
+}
+
+type SyncResponse struct {
+	Action         AgentAction    `json:"action"`
+	JobID          string         `json:"job_id"`
+	ShutdownReason ShutdownReason `json:"shutdown_reason"`
+	NextSyncAfter  int            `json:"next_sync_after"`
+}
+
+func (a *API) SyncPath() string {
+	return a.BasePath() + "/sync"
+}
+
+func (a *API) Sync(req *SyncRequest) (*SyncResponse, error) {
+	b, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	a.logSyncRequest(req)
+	r, err := http.NewRequest("POST", a.SyncPath(), bytes.NewBuffer(b))
+	if err != nil {
+		return nil, err
+	}
+
+	a.authorize(r, a.AccessToken)
+	r.Header.Set("User-Agent", a.UserAgent)
+
+	resp, err := a.client.Do(r)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("failed to sync with upstream, got HTTP %d", resp.StatusCode)
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	response := &SyncResponse{}
+	if err := json.Unmarshal(body, response); err != nil {
+		return nil, err
+	}
+
+	a.logSyncResponse(response)
+	return response, nil
+}
+
+func (a *API) logSyncRequest(req *SyncRequest) {
+	switch req.State {
+	case AgentStateWaitingForJobs:
+		log.Infof("SYNC request (state: %s)", req.State)
+	case AgentStateStoppingJob, AgentStateStartingJob, AgentStateRunningJob:
+		log.Infof("SYNC request (state: %s, job: %s)", req.State, req.JobID)
+	case AgentStateFinishedJob:
+		log.Infof("SYNC request (state: %s, job: %s, result: %s)", req.State, req.JobID, req.JobResult)
+	default:
+		log.Infof("SYNC request: %v", req)
+	}
+}
+
+func (a *API) logSyncResponse(response *SyncResponse) {
+	switch response.Action {
+	case AgentActionContinue, AgentActionWaitForJobs:
+		log.Infof("SYNC response (action: %s)", response.Action)
+	case AgentActionRunJob, AgentActionStopJob:
+		log.Infof("SYNC response (action: %s, job: %s)", response.Action, response.JobID)
+	case AgentActionShutdown:
+		log.Infof("SYNC response (action: %s, reason: %s)", response.Action, response.ShutdownReason)
+	default:
+		log.Infof("SYNC response: %v", response)
+	}
+}
diff --git a/pkg/listener/shutdown_reason.go b/pkg/listener/shutdown_reason.go
new file mode 100644
index 00000000..29441279
--- /dev/null
+++ b/pkg/listener/shutdown_reason.go
@@ -0,0 +1,51 @@
+package listener
+
+import "github.com/semaphoreci/agent/pkg/listener/selfhostedapi"
+
+type ShutdownReason int64
+
+const (
+
+	// When the agent shuts down due to these reasons,
+	// the Semaphore API requested it to do so.
+	ShutdownReasonIdle ShutdownReason = iota
+	ShutdownReasonJobFinished
+	ShutdownReasonRequested
+	ShutdownReasonInterrupted
+	ShutdownReasonUnknown
+
+	// When the agent shuts down due to these reasons,
+	// the agent decides to do so.
+	ShutdownReasonUnableToSync
+)
+
+func ShutdownReasonFromAPI(reasonFromAPI selfhostedapi.ShutdownReason) ShutdownReason {
+	switch reasonFromAPI {
+	case selfhostedapi.ShutdownReasonIdle:
+		return ShutdownReasonIdle
+	case selfhostedapi.ShutdownReasonJobFinished:
+		return ShutdownReasonJobFinished
+	case selfhostedapi.ShutdownReasonRequested:
+		return ShutdownReasonRequested
+	case selfhostedapi.ShutdownReasonInterrupted:
+		return ShutdownReasonInterrupted
+	}
+
+	return ShutdownReasonUnknown
+}
+
+func (s ShutdownReason) String() string {
+	switch s {
+	case ShutdownReasonIdle:
+		return "IDLE"
+	case ShutdownReasonJobFinished:
+		return "JOB_FINISHED"
+	case ShutdownReasonUnableToSync:
+		return "UNABLE_TO_SYNC"
+	case ShutdownReasonRequested:
+		return "REQUESTED"
+	case ShutdownReasonInterrupted:
+		return "INTERRUPTED"
+	}
+	return "UNKNOWN"
+}
diff --git a/pkg/osinfo/name.go b/pkg/osinfo/name.go
new file mode 100644
index 00000000..e16e86ec
--- /dev/null
+++ b/pkg/osinfo/name.go
@@ -0,0 +1,17 @@
+// +build !windows
+
+package osinfo
+
+import "runtime"
+
+func Name() string {
+	switch runtime.GOOS {
+	case "linux":
+		return namelinux()
+	case "darwin":
+		return namemac()
+	default:
+		// TODO handle other OSes
+		return ""
+	}
+}
diff --git a/pkg/osinfo/name_test.go b/pkg/osinfo/name_test.go
new file mode 100644
index 00000000..fa97cdb2
--- /dev/null
+++ b/pkg/osinfo/name_test.go
@@ -0,0 +1,17 @@
+package osinfo
+
+import (
+	"testing"
+
+	require "github.com/stretchr/testify/require"
+)
+
+func Test__Name(t *testing.T) {
+	// TBH, it is hard to write a test for this that would work on
+	// all environments.
+	// The only test I can think of is that the returned string is not empty,
+	// and that it doesn't crash.
+
+	name := Name()
+	require.NotEmpty(t, name)
+}
diff --git a/pkg/osinfo/name_windows.go b/pkg/osinfo/name_windows.go
new file mode 100644
index 00000000..6cf0a258
--- /dev/null
+++ b/pkg/osinfo/name_windows.go
@@ -0,0 +1,16 @@
+package osinfo
+
+import (
+	"fmt"
+	"golang.org/x/sys/windows"
+)
+
+func Name() string {
+	info := windows.RtlGetVersion()
+	return fmt.Sprintf(
+		"Windows %d.%d - Build %d",
+		info.MajorVersion,
+		info.MinorVersion,
+		info.BuildNumber,
+	)
+}
diff --git a/pkg/osinfo/osinfo.go b/pkg/osinfo/osinfo.go
new file mode 100644
index 00000000..143c8b27
--- /dev/null
+++ b/pkg/osinfo/osinfo.go
@@ -0,0 +1,103 @@
+package osinfo
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"runtime"
+	"strings"
+)
+
+func Hostname() string {
+	hostname, err := os.Hostname()
+	if err != nil {
+		return ""
+	}
+
+	return hostname
+}
+
+func Arch() string {
+	switch runtime.GOARCH {
+	case "amd64":
+		return "x86_64"
+
+	case "386":
+		return "x86"
+
+	default:
+		return runtime.GOARCH
+	}
+}
+
+func namemac() string {
+	o1, err := exec.Command("sw_vers", "-productName").Output()
+	if err != nil {
+		return ""
+	}
+
+	o2, err := exec.Command("sw_vers", "-productVersion").Output()
+	if err != nil {
+		return ""
+	}
+
+	o3, err := exec.Command("sw_vers", "-buildVersion").Output()
+	if err != nil {
+		return ""
+	}
+
+	productName := strings.TrimSpace(string(o1))
+	productVersion := strings.TrimSpace(string(o2))
+	buildVersion := strings.TrimSpace(string(o3))
+
+	return fmt.Sprintf("%s %s %s", productName, productVersion, buildVersion)
+}
+
+func namelinux() string {
+	out, err := exec.Command("cat", "/etc/os-release", "/etc/lsb-release").Output()
+	if err != nil {
+		return ""
+	}
+
+	// The format of the file looks like this (example)
+	//
+	// NAME="Ubuntu"
+	// VERSION="14.04.5 LTS, Trusty Tahr"
+	// ID=ubuntu
+	// ID_LIKE=debian
+	// PRETTY_NAME="Ubuntu 14.04.5 LTS"
+	// VERSION_ID="14.04"
+	// HOME_URL="http://www.ubuntu.com/"
+	// SUPPORT_URL="http://help.ubuntu.com/"
+	// BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
+	//
+
+	lines := strings.Split(string(out), "\n")
+
+	findValue := func(key string) (string, bool) {
+		for _, line := range lines {
+			if strings.HasPrefix(line, key+"=") {
+				name := strings.Split(line, key+"=")[1]
+
+				if name[0] != '"' {
+					return name, true
+				}
+
+				// if the value is wrapped in quotes, remove the quotes
+				return strings.Split(name, "\"")[1], true
+			}
+		}
+
+		return "", false
+	}
+
+	if name, ok := findValue("PRETTY_NAME"); ok {
+		return name
+	}
+
+	if name, ok := findValue("NAME"); ok {
+		return name
+	}
+
+	return ""
+}
diff --git a/pkg/random/random.go b/pkg/random/random.go
new file mode 100644
index 00000000..87e549c6
--- /dev/null
+++ b/pkg/random/random.go
@@ -0,0 +1,22 @@
+package random
+
+import (
+	"fmt"
+	"math/rand"
+	"time"
+)
+
+func DurationInRange(minMillis, maxMillis int) (*time.Duration, error) {
+	if minMillis <= 0 {
+		return nil, fmt.Errorf("min cannot be less than or equal to zero")
+	}
+
+	if minMillis >= maxMillis {
+		return nil, fmt.Errorf("max cannot be greater than or equal to zero")
+	}
+
+	// #nosec
+	interval := rand.Intn(maxMillis-minMillis) + minMillis
+	duration := time.Duration(interval) * time.Millisecond
+	return &duration, nil
+}
diff --git a/pkg/random/random_test.go b/pkg/random/random_test.go
new file mode 100644
index 00000000..c0e3b918
--- /dev/null
+++ b/pkg/random/random_test.go
@@ -0,0 +1,29 @@
+package random
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__RandomDuration(t *testing.T) {
+	t.Run("min can't be zero or negative", func(t *testing.T) {
+		duration, err := DurationInRange(-1, 0)
+		assert.Nil(t, duration)
+		assert.ErrorContains(t, err, "min cannot be less than or equal to zero")
+	})
+
+	t.Run("max cannot be below or equal to min", func(t *testing.T) {
+		duration, err := DurationInRange(100, 50)
+		assert.Nil(t, duration)
+		assert.ErrorContains(t, err, "max cannot be greater than or equal to zero")
+	})
+
+	t.Run("duration is in range", func(t *testing.T) {
+		duration, err := DurationInRange(50, 100)
+		assert.Nil(t, err)
+		assert.GreaterOrEqual(t, int(*duration/time.Millisecond), 50)
+		assert.LessOrEqual(t, int(*duration/time.Millisecond), 100)
+	})
+}
diff --git a/pkg/retry/retry.go b/pkg/retry/retry.go
new file mode 100644
index 00000000..1071206e
--- /dev/null
+++ b/pkg/retry/retry.go
@@ -0,0 +1,56 @@
+package retry
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type RetryOptions struct {
+	Task                 string
+	MaxAttempts          int
+	DelayBetweenAttempts time.Duration
+	Fn                   func() error
+	HideError            bool
+}
+
+func RetryWithConstantWait(options RetryOptions) error {
+	return RetryWithConstantWaitAndContext(context.TODO(), options)
+}
+
+func RetryWithConstantWaitAndContext(ctx context.Context, options RetryOptions) error {
+	if options.Fn == nil {
+		return fmt.Errorf("options.Fn cannot be nil")
+	}
+
+	for attempt := 1; ; attempt++ {
+		if ctx.Err() != nil {
+			return ctx.Err()
+		}
+
+		err := options.Fn()
+		if err == nil {
+			return nil
+		}
+
+		if attempt >= options.MaxAttempts {
+			return fmt.Errorf("[%s] failed after [%d] attempts - giving up: %v", options.Task, attempt, err)
+		}
+
+		if !options.HideError {
+			log.Errorf(
+				"[%s] attempt [%d] failed with [%v] - retrying in %s",
+				options.Task,
+				attempt,
+				err,
+				options.DelayBetweenAttempts,
+			)
+		}
+
+		if options.DelayBetweenAttempts > 0 {
+			time.Sleep(options.DelayBetweenAttempts)
+		}
+	}
+}
diff --git a/pkg/retry/retry_test.go b/pkg/retry/retry_test.go
new file mode 100644
index 00000000..ea6f3c39
--- /dev/null
+++ b/pkg/retry/retry_test.go
@@ -0,0 +1,62 @@
+package retry
+
+import (
+	"context"
+	"errors"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__NoRetriesIfFirstAttemptIsSuccessful(t *testing.T) {
+	attempts := 0
+	err := RetryWithConstantWait(RetryOptions{
+		Task:                 "test",
+		MaxAttempts:          5,
+		DelayBetweenAttempts: 100 * time.Millisecond,
+		Fn: func() error {
+			attempts++
+			return nil
+		},
+	})
+
+	assert.Equal(t, attempts, 1)
+	assert.Nil(t, err)
+}
+
+func Test__GivesUpAfterMaxRetries(t *testing.T) {
+	attempts := 0
+	err := RetryWithConstantWait(RetryOptions{
+		Task:                 "test",
+		MaxAttempts:          5,
+		DelayBetweenAttempts: 100 * time.Millisecond,
+		Fn: func() error {
+			attempts++
+			return errors.New("bad error")
+		},
+	})
+
+	assert.Equal(t, attempts, 5)
+	assert.NotNil(t, err)
+}
+
+func Test__GivesUpIfContextIsCancelled(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.TODO())
+
+	go func() {
+		time.Sleep(200 * time.Millisecond)
+		cancel()
+	}()
+
+	err := RetryWithConstantWaitAndContext(ctx, RetryOptions{
+		Task:                 "test",
+		MaxAttempts:          10,
+		DelayBetweenAttempts: 100 * time.Millisecond,
+		Fn: func() error {
+			return errors.New("bad error")
+		},
+	})
+
+	assert.ErrorContains(t, err, "context canceled")
+}
diff --git a/pkg/server/auth_middleware.go b/pkg/server/auth_middleware.go
index 4f4c097b..768b1fc0 100644
--- a/pkg/server/auth_middleware.go
+++ b/pkg/server/auth_middleware.go
@@ -6,7 +6,7 @@ import (
 	"net/http"
 	"strings"
 
-	jwt "github.com/dgrijalva/jwt-go"
+	jwt "github.com/golang-jwt/jwt/v4"
 )
 
 //
@@ -24,7 +24,7 @@ func CreateJwtMiddleware(jwtSecret []byte) func(http.HandlerFunc) http.HandlerFu
 
 			if authorizationHeader == "" {
 				w.WriteHeader(401)
-				json.NewEncoder(w).Encode("An authorization header is required")
+				_ = json.NewEncoder(w).Encode("An authorization header is required")
 				return
 			}
 
@@ -32,13 +32,13 @@ func CreateJwtMiddleware(jwtSecret []byte) func(http.HandlerFunc) http.HandlerFu
 
 			if len(bearerToken) != 2 {
 				w.WriteHeader(401)
-				json.NewEncoder(w).Encode("Invalid authorization token")
+				_ = json.NewEncoder(w).Encode("Invalid authorization token")
 				return
 			}
 
 			token, err := jwt.Parse(bearerToken[1], func(token *jwt.Token) (interface{}, error) {
 				if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-					return nil, fmt.Errorf("Invalid authorization token")
+					return nil, fmt.Errorf("invalid authorization token")
 				}
 
 				return jwtSecret, nil
@@ -46,13 +46,14 @@ func CreateJwtMiddleware(jwtSecret []byte) func(http.HandlerFunc) http.HandlerFu
 
 			if err != nil {
 				w.WriteHeader(401)
-				json.NewEncoder(w).Encode(err.Error())
+				_ = json.NewEncoder(w).Encode(err.Error())
 				return
 			}
 
 			if !token.Valid {
 				w.WriteHeader(401)
-				json.NewEncoder(w).Encode("Invalid authorization token")
+				_ = json.NewEncoder(w).Encode("Invalid authorization token")
+				return
 			}
 
 			next(w, req)
diff --git a/pkg/server/server.go b/pkg/server/server.go
index 48be188b..55b6d318 100644
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -5,70 +5,90 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"log"
+	"math"
 	"net/http"
 	"os"
+	"path/filepath"
 	"strconv"
+	"sync"
+	"time"
 
 	handlers "github.com/gorilla/handlers"
 	mux "github.com/gorilla/mux"
 
 	api "github.com/semaphoreci/agent/pkg/api"
-	eventlogger "github.com/semaphoreci/agent/pkg/eventlogger"
+	"github.com/semaphoreci/agent/pkg/config"
 	jobs "github.com/semaphoreci/agent/pkg/jobs"
+	slices "github.com/semaphoreci/agent/pkg/slices"
+	log "github.com/sirupsen/logrus"
 )
 
+const DefaultCallbackRetryAttempts = 300
+
 type Server struct {
-	Host    string
-	Port    int
-	State   string
-	Version string
+	Logfile    io.Writer
+	ActiveJob  *jobs.Job
+	router     *mux.Router
+	HTTPClient *http.Client
+	Config     ServerConfig
 
-	TLSKeyPath  string
-	TLSCertPath string
+	activeJobLock sync.Mutex
+}
 
-	JwtSecret []byte
+type ServerConfig struct {
+	Host                  string
+	Port                  int
+	UserAgent             string
+	TLSCertPath           string
+	TLSKeyPath            string
+	Version               string
+	LogFile               io.Writer
+	JWTSecret             []byte
+	HTTPClient            *http.Client
+	PreJobHookPath        string
+	FileInjections        []config.FileInjection
+	CallbackRetryAttempts int
+	ExposeKvmDevice       bool
+
+	// A way to execute some code before handling a POST /jobs request.
+	// Currently, only used to make tests that assert race condition scenarios more reproducible.
+	BeforeRunJobFn func()
+}
 
-	Logfile io.Writer
+func (c *ServerConfig) GetCallbackRetryAttempts() int {
+	if c.CallbackRetryAttempts == 0 {
+		return DefaultCallbackRetryAttempts
+	}
 
-	ActiveJob *jobs.Job
-	router    *mux.Router
+	return c.CallbackRetryAttempts
 }
 
 const ServerStateWaitingForJob = "waiting-for-job"
 const ServerStateJobReceived = "job-received"
 
-func NewServer(host string, port int, tlsCertPath, tlsKeyPath, version string, logfile io.Writer, jwtSecret []byte) *Server {
+func NewServer(config ServerConfig) *Server {
 	router := mux.NewRouter().StrictSlash(true)
 
 	server := &Server{
-		Host:        host,
-		Port:        port,
-		State:       ServerStateWaitingForJob,
-		TLSKeyPath:  tlsKeyPath,
-		TLSCertPath: tlsCertPath,
-		JwtSecret:   jwtSecret,
-		Logfile:     logfile,
-		router:      router,
-		Version:     version,
+		Config:     config,
+		Logfile:    config.LogFile,
+		router:     router,
+		HTTPClient: config.HTTPClient,
 	}
 
-	jwtMiddleware := CreateJwtMiddleware(jwtSecret)
+	jwtMiddleware := CreateJwtMiddleware(config.JWTSecret)
 
 	// The path to check if agent is running
 	router.HandleFunc("/is_alive", server.isAlive).Methods("GET")
 
 	router.HandleFunc("/status", jwtMiddleware(server.Status)).Methods("GET")
 	router.HandleFunc("/jobs", jwtMiddleware(server.Run)).Methods("POST")
+	router.HandleFunc("/jobs/{job_id}/log", jwtMiddleware(server.JobLogs)).Methods("GET")
 
 	// The path /stop is the new standard, /jobs/terminate is here to support the legacy system.
 	router.HandleFunc("/stop", jwtMiddleware(server.Stop)).Methods("POST")
 	router.HandleFunc("/jobs/terminate", jwtMiddleware(server.Stop)).Methods("POST")
 
-	// The path /jobs/{job_id}/log is here to support the legacy systems.
-	router.HandleFunc("/job_logs", jwtMiddleware(server.JobLogs)).Methods("GET")
-	router.HandleFunc("/jobs/{job_id}/log", jwtMiddleware(server.JobLogs)).Methods("GET")
-
 	// Agent Logs
 	router.HandleFunc("/agent_logs", jwtMiddleware(server.AgentLogs)).Methods("GET")
 
@@ -76,30 +96,42 @@ func NewServer(host string, port int, tlsCertPath, tlsKeyPath, version string, l
 }
 
 func (s *Server) Serve() {
-	address := fmt.Sprintf("%s:%d", s.Host, s.Port)
+	address := fmt.Sprintf("%s:%d", s.Config.Host, s.Config.Port)
 
-	fmt.Printf("Agent %s listening on https://%s\n", s.Version, address)
+	log.Infof("Agent %s listening on https://%s\n", s.Config.Version, address)
 
 	loggedRouter := handlers.LoggingHandler(s.Logfile, s.router)
 
-	log.Fatal(http.ListenAndServeTLS(
-		address,
-		s.TLSCertPath,
-		s.TLSKeyPath,
-		loggedRouter,
-	))
+	server := &http.Server{
+		Addr:              address,
+		ReadHeaderTimeout: 5 * time.Second,
+		WriteTimeout:      5 * time.Second,
+		ReadTimeout:       10 * time.Second,
+		IdleTimeout:       30 * time.Second,
+		Handler:           loggedRouter,
+	}
+
+	err := server.ListenAndServeTLS(s.Config.TLSCertPath, s.Config.TLSKeyPath)
+	if err != nil {
+		panic(err)
+	}
 }
 
 func (s *Server) Status(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(200)
 	m := make(map[string]interface{})
 
-	m["state"] = s.State
-	m["version"] = s.Version
+	state := ServerStateWaitingForJob
+	if s.ActiveJob != nil {
+		state = ServerStateJobReceived
+	}
+
+	m["state"] = state
+	m["version"] = s.Config.Version
 
 	jsonString, _ := json.Marshal(m)
 
-	fmt.Fprintf(w, string(jsonString))
+	fmt.Fprint(w, string(jsonString))
 }
 
 func (s *Server) isAlive(w http.ResponseWriter, r *http.Request) {
@@ -111,22 +143,34 @@ func (s *Server) isAlive(w http.ResponseWriter, r *http.Request) {
 func (s *Server) JobLogs(w http.ResponseWriter, r *http.Request) {
 	w.Header().Add("Content-Type", "text/plain")
 
-	startFromLine, err := strconv.Atoi(r.URL.Query().Get("start_from"))
-	if err != nil {
-		startFromLine = 0
+	jobID := mux.Vars(r)["job_id"]
+
+	// If no jobs have been received yet, we have no logs.
+	if s.ActiveJob == nil {
+		log.Warnf("Attempt to fetch logs for '%s' before any job is received", jobID)
+		w.WriteHeader(http.StatusNotFound)
+		fmt.Fprintf(w, `{"message": "job %s is not running"}`, jobID)
+		return
 	}
 
-	logFile, ok := s.ActiveJob.Logger.Backend.(*eventlogger.FileBackend)
-	if !ok {
-		log.Printf("Failed to stream job logs")
+	// Here, we know that a job was scheduled.
+	// We need to ensure the ID in the request matches the one executing.
+	runningJobID := s.ActiveJob.Request.JobID
+	if runningJobID != jobID {
+		log.Warnf("Attempt to fetch logs for '%s', but job '%s' is the one running", jobID, runningJobID)
+		w.WriteHeader(http.StatusForbidden)
+		fmt.Fprintf(w, `{"message": "job %s is not running"}`, jobID)
+		return
+	}
 
-		http.Error(w, err.Error(), 500)
-		fmt.Fprintf(w, `{"message": "%s"}`, "Failed to open logfile")
+	startFromLine, err := strconv.Atoi(r.URL.Query().Get("start_from"))
+	if err != nil {
+		startFromLine = 0
 	}
 
-	err = logFile.Stream(startFromLine, w)
+	_, err = s.ActiveJob.Logger.Backend.Read(startFromLine, math.MaxInt32, w)
 	if err != nil {
-		log.Printf("Error while streaming logs")
+		log.Errorf("Error while streaming logs: %v", err)
 
 		http.Error(w, err.Error(), 500)
 		fmt.Fprintf(w, `{"message": "%s"}`, err)
@@ -140,77 +184,108 @@ func (s *Server) JobLogs(w http.ResponseWriter, r *http.Request) {
 func (s *Server) AgentLogs(w http.ResponseWriter, r *http.Request) {
 	w.Header().Add("Content-Type", "text/plain")
 
-	logfile, err := os.Open("/tmp/agent_log")
+	logsPath := filepath.Join(os.TempDir(), "agent_log")
+
+	// #nosec
+	logfile, err := os.Open(logsPath)
 
 	if err != nil {
 		w.WriteHeader(404)
 		return
 	}
-	defer logfile.Close()
 
-	io.Copy(w, logfile)
+	_, err = io.Copy(w, logfile)
+	if err != nil {
+		log.Errorf("Error writing agent logs: %v", err)
+	}
+
+	err = logfile.Close()
+	if err != nil {
+		log.Errorf("Error closing agent logs file: %v", err)
+	}
 }
 
 func (s *Server) Run(w http.ResponseWriter, r *http.Request) {
-	log.Printf("New job arrived. Agent version %s.", s.Version)
+	s.activeJobLock.Lock()
+	defer s.activeJobLock.Unlock()
+
+	log.Infof("New job arrived. Agent version %s.", s.Config.Version)
 
-	log.Printf("Reading content of the request")
+	if s.Config.BeforeRunJobFn != nil {
+		s.Config.BeforeRunJobFn()
+	}
+
+	log.Debug("Reading content of the request")
 	body, err := ioutil.ReadAll(r.Body)
 	defer r.Body.Close()
 	if err != nil {
 
-		log.Printf("Failed to read the content of the job, returning 500")
+		log.Errorf("Failed to read the content of the job, returning 500: %v", err)
 		http.Error(w, err.Error(), 500)
 		return
 	}
 
-	log.Printf("Parsing job request")
+	log.Debug("Parsing job request")
 	request, err := api.NewRequestFromJSON(body)
 
 	if err != nil {
-		log.Printf("Failed to parse job request, returning 422")
-		log.Printf("%+v", err)
+		log.Errorf("Failed to parse job request, returning 422: %v", err)
 
-		http.Error(w, err.Error(), 422)
+		http.Error(w, err.Error(), http.StatusUnprocessableEntity)
 		fmt.Fprintf(w, `{"message": "%s"}`, err)
 		return
 	}
 
-	if s.State != ServerStateWaitingForJob {
-		if s.ActiveJob != nil && s.ActiveJob.Request.ID == request.ID {
-			// idempotent call
-			fmt.Fprint(w, `{"message": "ok"}`)
-			return
-		} else {
-			log.Printf("A job is already running, returning 422")
-
-			w.WriteHeader(422)
-			fmt.Fprintf(w, `{"message": "a job is already running"}`)
+	// If there's an active job already, we check if the IDs match.
+	// If they do, we return a 200, but don't do anything (idempotency).
+	// If they don't, we return a 422, since only one job should be run at a time.
+	if s.ActiveJob != nil {
+		if s.ActiveJob.Request.JobID == request.JobID {
+			log.Infof("Job %s is already running - no need to run again", s.ActiveJob.Request.JobID)
+			fmt.Fprint(w, `{"message": "job is already running"}`)
 			return
 		}
+
+		log.Warnf("Another job %s is already running - rejecting %s", s.ActiveJob.Request.JobID, request.JobID)
+		w.WriteHeader(422)
+		fmt.Fprintf(w, `{"message": "another job is already running"}`)
+		return
 	}
 
-	log.Printf("Creating new job")
-	job, err := jobs.NewJob(request)
+	log.Infof("Creating new job for %s", request.JobID)
+	job, err := jobs.NewJobWithOptions(&jobs.JobOptions{
+		Request:         request,
+		Client:          s.HTTPClient,
+		ExposeKvmDevice: s.Config.ExposeKvmDevice,
+		FileInjections:  s.Config.FileInjections,
+		SelfHosted:      false,
+		RefreshTokenFn:  nil,
+		UploadJobLogs:   s.resolveUploadJobsConfig(request),
+		UserAgent:       s.Config.UserAgent,
+	})
 
 	if err != nil {
-		log.Printf("Failed to create a new job, returning 500")
+		log.Errorf("Failed to create a new job, returning 500: %v", err)
 
 		http.Error(w, err.Error(), 500)
 		fmt.Fprintf(w, `{"message": "%s"}`, err)
 		return
 	}
 
-	log.Printf("Setting up Active Job context")
+	log.Debug("Setting up Active Job context")
 	s.ActiveJob = job
 
-	log.Printf("Starting job execution")
-	go s.ActiveJob.Run()
+	log.Debug("Starting job execution")
+	go s.ActiveJob.RunWithOptions(jobs.RunOptions{
+		EnvVars:               []config.HostEnvVar{},
+		PreJobHookPath:        s.Config.PreJobHookPath,
+		FailOnPreJobHookError: true, // cloud jobs should always fail if the pre-job hook fails
+		SourcePreJobHook:      true, // cloud jobs should always source the pre-job hook
+		PostJobHookPath:       "",
+		OnJobFinished:         nil,
+		CallbackRetryAttempts: s.Config.GetCallbackRetryAttempts(),
+	})
 
-	log.Printf("Setting state to '%s'", ServerStateJobReceived)
-	s.State = ServerStateJobReceived
-
-	log.Printf("Respongind with OK")
 	fmt.Fprint(w, `{"message": "ok"}`)
 }
 
@@ -220,7 +295,24 @@ func (s *Server) Stop(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(200)
 }
 
-func (s *Server) unsuported(w http.ResponseWriter) {
-	w.WriteHeader(400)
-	fmt.Fprintf(w, `{"message": "not supported"}`)
+func (s *Server) resolveUploadJobsConfig(jobRequest *api.JobRequest) string {
+	value, err := jobRequest.FindEnvVar("SEMAPHORE_AGENT_UPLOAD_JOB_LOGS")
+
+	// We use config.UploadJobLogsConditionNever, by default.
+	if err != nil {
+		return config.UploadJobLogsConditionNever
+	}
+
+	// If the value specified is not a valid one, use the default.
+	if !slices.Contains(config.ValidUploadJobLogsCondition, value) {
+		log.Debugf(
+			"The value '%s' is not acceptable as SEMAPHORE_AGENT_UPLOAD_JOB_LOGS - using '%s'",
+			value, config.UploadJobLogsConditionNever,
+		)
+
+		return config.UploadJobLogsConditionNever
+	}
+
+	// Otherwise, use the value specified by job definition.
+	return value
 }
diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go
new file mode 100644
index 00000000..444d4246
--- /dev/null
+++ b/pkg/server/server_test.go
@@ -0,0 +1,267 @@
+package server
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/golang-jwt/jwt/v4"
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__JobLogs(t *testing.T) {
+	dummyKey := "dummykey"
+	testServer := NewServer(ServerConfig{
+		HTTPClient: http.DefaultClient,
+		JWTSecret:  []byte(dummyKey),
+	})
+
+	token, err := generateToken(dummyKey)
+	if !assert.NoError(t, err) {
+		return
+	}
+
+	callbackServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	defer callbackServer.Close()
+
+	t.Run("no active job -> 404", func(t *testing.T) {
+		code, _ := getLogs(t, testServer, "job-0", token)
+		assert.Equal(t, http.StatusNotFound, code)
+	})
+
+	t.Run("job running and job on request do not match -> 403", func(t *testing.T) {
+		// Start a job with ID 'job-0'
+		code, _ := postJob(t, testServer, nil, token, 0, callbackServer.URL)
+		assert.Equal(t, http.StatusOK, code)
+
+		code, _ = getLogs(t, testServer, "id-not-matching", token)
+		assert.Equal(t, http.StatusForbidden, code)
+	})
+
+	t.Run("job running and job on request match -> 200", func(t *testing.T) {
+		code, _ := getLogs(t, testServer, "job-0", token)
+		assert.Equal(t, http.StatusOK, code)
+	})
+}
+
+func Test__ServerStatus(t *testing.T) {
+	dummyKey := "dummykey"
+	testServer := NewServer(ServerConfig{
+		HTTPClient: http.DefaultClient,
+		JWTSecret:  []byte(dummyKey),
+	})
+
+	token, err := generateToken(dummyKey)
+	if !assert.NoError(t, err) {
+		return
+	}
+
+	callbackServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	defer callbackServer.Close()
+
+	// no job yet
+	assert.Equal(t, ServerStateWaitingForJob, getAgentStatus(t, testServer, token))
+
+	// run job and assert state changes
+	code, _ := postJob(t, testServer, nil, token, 0, callbackServer.URL)
+	assert.Equal(t, http.StatusOK, code)
+	assert.Equal(t, ServerStateJobReceived, getAgentStatus(t, testServer, token))
+}
+
+func Test__RunJobDoesNotAcceptMultipleJobs(t *testing.T) {
+	dummyKey := "dummykey"
+	testServer := NewServer(ServerConfig{
+		HTTPClient: http.DefaultClient,
+		JWTSecret:  []byte(dummyKey),
+
+		// We intentionally make our server slower
+		// to make these tests more reliable.
+		BeforeRunJobFn: func() { time.Sleep(100 * time.Millisecond) },
+	})
+
+	token, err := generateToken(dummyKey)
+	if !assert.NoError(t, err) {
+		return
+	}
+
+	callbackServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	defer callbackServer.Close()
+
+	// Run a bunch of requests concurrently,
+	// with a different job ID for each request,
+	// keeping track of their responses.
+	var totalReq = 20
+	var wg sync.WaitGroup
+	codes := make([]int, totalReq)
+	for i := 0; i < totalReq; i++ {
+		wg.Add(1)
+		go func(i int) {
+			defer wg.Done()
+			code, _ := postJob(t, testServer, nil, token, i, callbackServer.URL)
+			codes[i] = code
+		}(i)
+	}
+
+	wg.Wait()
+
+	// Assert that only 1 request gets a 200, and all the other ones get a 422.
+	assert.Equal(t, 1, countCodes(codes, http.StatusOK))
+	assert.Equal(t, totalReq-1, countCodes(codes, http.StatusUnprocessableEntity))
+}
+
+func Test__RunJobAcceptsSameJobAgain(t *testing.T) {
+	callbackServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	defer callbackServer.Close()
+
+	dummyKey := "dummykey"
+	testServer := NewServer(ServerConfig{
+		HTTPClient: http.DefaultClient,
+		JWTSecret:  []byte(dummyKey),
+
+		// We intentionally make our server slower
+		// to make these tests more reliable.
+		BeforeRunJobFn: func() { time.Sleep(100 * time.Millisecond) },
+	})
+
+	request := &api.JobRequest{
+		JobID: "same-job-id",
+		Callbacks: api.Callbacks{
+			Finished:         callbackServer.URL,
+			TeardownFinished: callbackServer.URL,
+		},
+	}
+
+	token, err := generateToken(dummyKey)
+	if !assert.NoError(t, err) {
+		return
+	}
+
+	// Run a bunch of requests concurrently,
+	// with the same job ID, keeping track of their responses.
+	var totalReq = 20
+	var wg sync.WaitGroup
+	codes := make([]int, totalReq)
+	bodies := make([]string, totalReq)
+	for i := 0; i < totalReq; i++ {
+		wg.Add(1)
+		go func(i int) {
+			defer wg.Done()
+			code, b := postJob(t, testServer, request, token, i, callbackServer.URL)
+			body := map[string]string{}
+			err := json.Unmarshal(b.Bytes(), &body)
+			if !assert.NoError(t, err) {
+				return
+			}
+
+			codes[i] = code
+			bodies[i] = body["message"]
+		}(i)
+	}
+
+	wg.Wait()
+
+	// Assert that all requests get a 200,
+	// but only one of them, receive a "ok" message.
+	// The other ones receives a "job is already running" message.
+	assert.Equal(t, totalReq, countCodes(codes, http.StatusOK))
+	assert.Equal(t, 1, countBodies(bodies, "ok"))
+	assert.Equal(t, totalReq-1, countBodies(bodies, "job is already running"))
+}
+
+func getAgentStatus(t *testing.T, testServer *Server, token string) string {
+	req, _ := http.NewRequest("GET", "/status", nil)
+	req.Header.Add("Authorization", "Token "+token)
+	rr := httptest.NewRecorder()
+	testServer.router.ServeHTTP(rr, req)
+
+	resp := map[string]string{}
+	err := json.Unmarshal(rr.Body.Bytes(), &resp)
+	if err != nil {
+		return ""
+	}
+
+	return resp["state"]
+}
+
+func getLogs(t *testing.T, testServer *Server, jobID, token string) (int, *bytes.Buffer) {
+	req, _ := http.NewRequest("GET", fmt.Sprintf("/jobs/%s/log", jobID), nil)
+	req.Header.Add("Authorization", "Token "+token)
+	rr := httptest.NewRecorder()
+	testServer.router.ServeHTTP(rr, req)
+	return rr.Code, rr.Body
+}
+
+func postJob(t *testing.T, testServer *Server, jobReq *api.JobRequest, token string, i int, callbackURL string) (int, *bytes.Buffer) {
+	jobRequest := jobReq
+	if jobRequest == nil {
+		jobRequest = &api.JobRequest{
+			JobID: fmt.Sprintf("job-%d", i),
+			Callbacks: api.Callbacks{
+				Finished:         callbackURL,
+				TeardownFinished: callbackURL,
+			},
+		}
+	}
+
+	body, err := json.Marshal(&jobRequest)
+	if !assert.NoError(t, err) {
+		return -1, nil
+	}
+
+	req, _ := http.NewRequest("POST", "/jobs", bytes.NewReader(body))
+	req.Header.Add("Authorization", "Token "+token)
+	rr := httptest.NewRecorder()
+	testServer.router.ServeHTTP(rr, req)
+	return rr.Code, rr.Body
+}
+
+func countCodes(codes []int, code int) int {
+	count := 0
+	for _, c := range codes {
+		if c == code {
+			count++
+		}
+	}
+
+	return count
+}
+
+func countBodies(bodies []string, body string) int {
+	count := 0
+	for _, b := range bodies {
+		if b == body {
+			count++
+		}
+	}
+
+	return count
+}
+
+func generateToken(key string) (string, error) {
+	now := time.Now()
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"iat": now.Unix(),
+		"nbf": now.Unix(),
+		"exp": now.Add(time.Hour).Unix(),
+	})
+
+	return token.SignedString([]byte(key))
+}
diff --git a/pkg/shell/env.go b/pkg/shell/env.go
new file mode 100644
index 00000000..4abb3e39
--- /dev/null
+++ b/pkg/shell/env.go
@@ -0,0 +1,165 @@
+package shell
+
+import (
+	"fmt"
+	"io/ioutil"
+	"regexp"
+	"runtime"
+	"sort"
+	"strings"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
+)
+
+type Environment struct {
+	env map[string]string
+}
+
+func CreateEnvironment(envVars []api.EnvVar, HostEnvVars []config.HostEnvVar) (*Environment, error) {
+	newEnv := Environment{}
+	for _, envVar := range envVars {
+		value, err := envVar.Decode()
+		if err != nil {
+			return nil, err
+		}
+
+		newEnv.Set(envVar.Name, string(value))
+	}
+
+	for _, envVar := range HostEnvVars {
+		newEnv.Set(envVar.Name, envVar.Value)
+	}
+
+	return &newEnv, nil
+}
+
+/*
+ * Create an environment by reading a file created with
+ * an environment dump in Windows.
+ */
+func CreateEnvironmentFromFile(fileName string) (*Environment, error) {
+	// #nosec
+	bytes, err := ioutil.ReadFile(fileName)
+	if err != nil {
+		return nil, err
+	}
+
+	contents := string(bytes)
+	contents = strings.TrimSpace(contents)
+	contents = strings.Replace(contents, "\r\n", "\n", -1)
+
+	lines := strings.Split(contents, "\n")
+	environment := Environment{env: map[string]string{}}
+
+	for _, line := range lines {
+		nameAndValue := strings.SplitN(line, "=", 2)
+		if len(nameAndValue) == 2 {
+			environment.Set(nameAndValue[0], nameAndValue[1])
+		}
+	}
+
+	return &environment, nil
+}
+
+func (e *Environment) Set(name, value string) {
+	if e.env == nil {
+		e.env = map[string]string{}
+	}
+
+	e.env[name] = value
+}
+
+func (e *Environment) Get(key string) (string, bool) {
+	v, ok := e.env[key]
+	return v, ok
+}
+
+func (e *Environment) Remove(key string) {
+	_, ok := e.Get(key)
+	if ok {
+		delete(e.env, key)
+	}
+}
+
+func (e *Environment) Keys() []string {
+	var keys []string
+	for k := range e.env {
+		keys = append(keys, k)
+	}
+
+	sort.Strings(keys)
+	return keys
+}
+
+func (e *Environment) Append(otherEnv *Environment, callback func(name, value string)) {
+	for _, name := range otherEnv.Keys() {
+		value, _ := otherEnv.Get(name)
+		e.Set(name, value)
+		if callback != nil {
+			callback(name, value)
+		}
+	}
+}
+
+func (e *Environment) ToSlice() []string {
+	arr := []string{}
+	for name, value := range e.env {
+		arr = append(arr, fmt.Sprintf("%s=%s", name, value))
+	}
+
+	return arr
+}
+
+func (e *Environment) ToCommands() []string {
+	commands := []string{}
+
+	for _, name := range e.Keys() {
+		value, _ := e.Get(name)
+		commands = append(commands, fmt.Sprintf("export %s=%s\n", name, shellQuote(value)))
+	}
+
+	return commands
+}
+
+func (e *Environment) ToFile(fileName string, callback func(name string)) error {
+	fileContent := ""
+	for _, name := range e.Keys() {
+		value, _ := e.Get(name)
+		if runtime.GOOS == "windows" {
+			fileContent += fmt.Sprintf("$env:%s = \"%s\"\n", name, escapePowershellQuotes(value))
+		} else {
+			fileContent += fmt.Sprintf("export %s=%s\n", name, shellQuote(value))
+		}
+
+		if callback != nil {
+			callback(name)
+		}
+	}
+
+	// #nosec
+	err := ioutil.WriteFile(fileName, []byte(fileContent), 0644)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func escapePowershellQuotes(s string) string {
+	r := strings.Replace(s, "`", "``", -1)
+	return strings.Replace(r, "\"", "`\"", -1)
+}
+
+func shellQuote(s string) string {
+	pattern := regexp.MustCompile(`[^\w@%+=:,./-]`)
+
+	if len(s) == 0 {
+		return "''"
+	}
+	if pattern.MatchString(s) {
+		return "'" + strings.Replace(s, "'", "'\"'\"'", -1) + "'"
+	}
+
+	return s
+}
diff --git a/pkg/shell/env_test.go b/pkg/shell/env_test.go
new file mode 100644
index 00000000..3c319f16
--- /dev/null
+++ b/pkg/shell/env_test.go
@@ -0,0 +1,203 @@
+package shell
+
+import (
+	"encoding/base64"
+	"io/ioutil"
+	"os"
+	"runtime"
+	"testing"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/config"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__CreateEnvironment(t *testing.T) {
+	t.Run("vars from job request are base64 decoded", func(t *testing.T) {
+		varsFromRequest := []api.EnvVar{
+			{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("AAA"))},
+			{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("BBB"))},
+		}
+
+		env, err := CreateEnvironment(varsFromRequest, []config.HostEnvVar{})
+		assert.Nil(t, err)
+		assert.NotNil(t, env)
+
+		assertValueExists(t, env, "A", "AAA")
+		assertValueExists(t, env, "B", "BBB")
+	})
+
+	t.Run("vars from host are not base64 decoded", func(t *testing.T) {
+		varsFromHost := []config.HostEnvVar{
+			{Name: "A", Value: "AAA"},
+			{Name: "B", Value: "BBB"},
+		}
+
+		env, err := CreateEnvironment([]api.EnvVar{}, varsFromHost)
+		assert.Nil(t, err)
+		assert.NotNil(t, env)
+		assertValueExists(t, env, "A", "AAA")
+		assertValueExists(t, env, "B", "BBB")
+	})
+
+	t.Run("var from job request not properly encoded => error", func(t *testing.T) {
+		varsFromRequest := []api.EnvVar{
+			{Name: "A", Value: "AAA"},
+		}
+
+		env, err := CreateEnvironment(varsFromRequest, []config.HostEnvVar{})
+		assert.NotNil(t, err)
+		assert.Nil(t, env)
+	})
+
+	t.Run("var is overwritten by subsequent var in request", func(t *testing.T) {
+		varsFromRequest := []api.EnvVar{
+			{Name: "FOO", Value: base64.StdEncoding.EncodeToString([]byte("FOO"))},
+			{Name: "FOO", Value: base64.StdEncoding.EncodeToString([]byte("BAR"))},
+		}
+
+		env, err := CreateEnvironment(varsFromRequest, []config.HostEnvVar{})
+		assert.Nil(t, err)
+		assertValueExists(t, env, "FOO", "BAR")
+	})
+
+	t.Run("var is overwritten by subsequent host var", func(t *testing.T) {
+		varsFromRequest := []api.EnvVar{
+			{Name: "FOO", Value: base64.StdEncoding.EncodeToString([]byte("FOO"))},
+			{Name: "FOO", Value: base64.StdEncoding.EncodeToString([]byte("BAR"))},
+		}
+
+		varsFromHost := []config.HostEnvVar{
+			{Name: "FOO", Value: "AAA"},
+		}
+
+		env, err := CreateEnvironment(varsFromRequest, varsFromHost)
+		assert.Nil(t, err)
+		assertValueExists(t, env, "FOO", "AAA")
+	})
+}
+
+func Test__CreateEnvironmentFromFile(t *testing.T) {
+	file, err := ioutil.TempFile("", "environment-dump")
+	assert.Nil(t, err)
+
+	content := `
+VAR_A=AAA
+VAR_B=BBB
+VAR_C=CCC
+	`
+
+	_ = ioutil.WriteFile(file.Name(), []byte(content), 0644)
+	env, err := CreateEnvironmentFromFile(file.Name())
+	assert.Nil(t, err)
+	assert.NotNil(t, env)
+
+	assert.Equal(t, env.Keys(), []string{"VAR_A", "VAR_B", "VAR_C"})
+	assertValueExists(t, env, "VAR_A", "AAA")
+	assertValueExists(t, env, "VAR_B", "BBB")
+	assertValueExists(t, env, "VAR_C", "CCC")
+
+	file.Close()
+	os.Remove(file.Name())
+}
+
+func Test__EnvironmentToFile(t *testing.T) {
+	vars := []api.EnvVar{
+		{Name: "Z", Value: base64.StdEncoding.EncodeToString([]byte("ZZZ"))},
+		{Name: "O", Value: base64.StdEncoding.EncodeToString([]byte("OOO"))},
+		{Name: "SPACES_ARE_SINGLE_QUOTED_ON_UNIX", Value: base64.StdEncoding.EncodeToString([]byte("This is going to get quoted"))},
+		{Name: "DOUBLE_QUOTES_ARE_ESCAPED_ON_POWERSHELL", Value: base64.StdEncoding.EncodeToString([]byte("\"This\" is going to get escaped"))},
+		{Name: "BACKTICKS_ARE_ESCAPED_ON_POWERSHELL", Value: base64.StdEncoding.EncodeToString([]byte("`This` is going to get escaped too"))},
+	}
+
+	env, err := CreateEnvironment(vars, []config.HostEnvVar{})
+	assert.Nil(t, err)
+	assert.NotNil(t, env)
+
+	file, err := ioutil.TempFile("", ".env")
+	assert.Nil(t, err)
+
+	err = env.ToFile(file.Name(), nil)
+	assert.Nil(t, err)
+
+	content, err := ioutil.ReadFile(file.Name())
+	assert.Nil(t, err)
+
+	var expected string
+	if runtime.GOOS == "windows" {
+		expected = `$env:BACKTICKS_ARE_ESCAPED_ON_POWERSHELL = "` + "``This``" + ` is going to get escaped too"
+$env:DOUBLE_QUOTES_ARE_ESCAPED_ON_POWERSHELL = "` + "`\"This`\"" + ` is going to get escaped"
+$env:O = "OOO"
+$env:SPACES_ARE_SINGLE_QUOTED_ON_UNIX = "This is going to get quoted"
+$env:Z = "ZZZ"
+`
+	} else {
+		expected = `export BACKTICKS_ARE_ESCAPED_ON_POWERSHELL='` + "`This`" + ` is going to get escaped too'
+export DOUBLE_QUOTES_ARE_ESCAPED_ON_POWERSHELL='"This" is going to get escaped'
+export O=OOO
+export SPACES_ARE_SINGLE_QUOTED_ON_UNIX='This is going to get quoted'
+export Z=ZZZ
+`
+	}
+
+	assert.Equal(t, expected, string(content))
+	file.Close()
+	os.Remove(file.Name())
+}
+
+func Test__EnvironmentToSlice(t *testing.T) {
+	varsFromRequest := []api.EnvVar{
+		{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("AAA"))},
+		{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("BBB"))},
+		{Name: "C", Value: base64.StdEncoding.EncodeToString([]byte("CCC"))},
+	}
+
+	env, err := CreateEnvironment(varsFromRequest, []config.HostEnvVar{})
+	assert.Nil(t, err)
+	assert.Contains(t, env.ToSlice(), "A=AAA")
+	assert.Contains(t, env.ToSlice(), "B=BBB")
+	assert.Contains(t, env.ToSlice(), "C=CCC")
+}
+
+func Test__EnvironmentToCommands(t *testing.T) {
+	varsFromRequest := []api.EnvVar{
+		{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("AAA"))},
+		{Name: "B", Value: base64.StdEncoding.EncodeToString([]byte("BBB"))},
+		{Name: "C", Value: base64.StdEncoding.EncodeToString([]byte("CCC"))},
+	}
+
+	env, err := CreateEnvironment(varsFromRequest, []config.HostEnvVar{})
+	assert.Nil(t, err)
+	assert.Equal(t, env.ToCommands(), []string{
+		"export A=AAA\n",
+		"export B=BBB\n",
+		"export C=CCC\n",
+	})
+}
+
+func Test__EnvironmentAppend(t *testing.T) {
+	vars := []api.EnvVar{
+		{Name: "C", Value: base64.StdEncoding.EncodeToString([]byte("CCC"))},
+		{Name: "D", Value: base64.StdEncoding.EncodeToString([]byte("DDD"))},
+		{Name: "A", Value: base64.StdEncoding.EncodeToString([]byte("AAA"))},
+	}
+
+	other, _ := CreateEnvironment(vars, []config.HostEnvVar{})
+	appended := []string{}
+
+	first := Environment{}
+	first.Append(other, func(name, value string) {
+		appended = append(appended, name)
+	})
+
+	assert.Equal(t, appended, []string{"A", "C", "D"})
+	assertValueExists(t, &first, "A", "AAA")
+	assertValueExists(t, &first, "C", "CCC")
+	assertValueExists(t, &first, "D", "DDD")
+}
+
+func assertValueExists(t *testing.T, env *Environment, key, expectedValue string) {
+	value, ok := env.Get(key)
+	assert.True(t, ok)
+	assert.Equal(t, value, expectedValue)
+}
diff --git a/pkg/shell/output_buffer.go b/pkg/shell/output_buffer.go
index 98c1b064..c09854a1 100644
--- a/pkg/shell/output_buffer.go
+++ b/pkg/shell/output_buffer.go
@@ -1,10 +1,17 @@
 package shell
 
 import (
-	"log"
+	"context"
+	"fmt"
+	"math"
 	"strings"
+	"sync"
 	"time"
 	"unicode/utf8"
+
+	backoff "github.com/cenkalti/backoff/v4"
+	"github.com/semaphoreci/agent/pkg/retry"
+	log "github.com/sirupsen/logrus"
 )
 
 //
@@ -18,9 +25,7 @@ import (
 // - If there is more than 100 characters in the buffer
 //
 // - If there is less than 100 characters in the buffer, but they were in
-//   the buffer for more than 100 milisecond. The reasoning here is that
-//   it should take no more than 100 milliseconds for the TTY to flush its
-//   output.
+//   the buffer for more than 100 milliseconds.
 //
 // - If the UTF-8 sequence is complete. Cutting the UTF-8 sequence in half
 //   leads to undefined (?) characters in the UI.
@@ -30,19 +35,40 @@ const OutputBufferMaxTimeSinceLastAppend = 100 * time.Millisecond
 const OutputBufferDefaultCutLength = 100
 
 type OutputBuffer struct {
-	bytes []byte
+	Consumer     func(string)
+	bytes        []byte
+	mu           sync.Mutex
+	done         bool
+	lastAppend   *time.Time
+	flushTimeout time.Duration
+}
 
-	lastAppend *time.Time
+func NewOutputBuffer(consumer func(string)) (*OutputBuffer, error) {
+	return NewOutputBufferWithFlushTimeout(consumer, time.Minute)
 }
 
-func NewOutputBuffer() *OutputBuffer {
-	return &OutputBuffer{bytes: []byte{}}
+func NewOutputBufferWithFlushTimeout(consumer func(string), flushTimeout time.Duration) (*OutputBuffer, error) {
+	if consumer == nil {
+		return nil, fmt.Errorf("output buffer requires a consumer")
+	}
+
+	b := &OutputBuffer{
+		Consumer:     consumer,
+		bytes:        []byte{},
+		flushTimeout: flushTimeout,
+	}
+
+	go b.Flush()
+
+	return b, nil
 }
 
 func (b *OutputBuffer) Append(bytes []byte) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
 	now := time.Now()
 	b.lastAppend = &now
-
 	b.bytes = append(b.bytes, bytes...)
 }
 
@@ -50,64 +76,88 @@ func (b *OutputBuffer) IsEmpty() bool {
 	return len(b.bytes) == 0
 }
 
-func (b *OutputBuffer) Flush() (string, bool) {
-	if b.IsEmpty() {
-		return "", false
-	}
+func (b *OutputBuffer) Flush() {
+	backoffStrategy := b.exponentialBackoff()
 
-	timeSinceLastAppend := 1 * time.Millisecond
-	if b.lastAppend != nil {
-		timeSinceLastAppend = time.Now().Sub(*b.lastAppend)
+	for {
+		if b.done {
+			log.Debugf("The output buffer was closed - stopping")
+			break
+		}
+
+		/*
+		 * The exponential backoff strategy for ticks is only used
+		 * when the buffer is empty, to make sure we don't continuously
+		 * check the buffer if it has been empty for a while.
+		 */
+		if b.IsEmpty() {
+			delay := backoffStrategy.NextBackOff()
+			log.Debugf("Empty buffer - waiting %v until next tick", delay)
+			time.Sleep(delay)
+			continue
+		}
+
+		b.flush()
+		backoffStrategy.Reset()
 	}
+}
 
-	log.Printf("Flushing. %d bytes in the buffer", len(b.bytes))
+func (b *OutputBuffer) flush() {
+	b.mu.Lock()
+	defer b.mu.Unlock()
 
-	// We don't want to flush too often.
-	//
-	// We either:
-	//
-	//   - wait till there is enough in the buffer
-	//   - wait till the dat sitting in the buffer is old enough
+	timeSinceLastAppend := b.timeSinceLastAppend()
+	chunkSize := b.chunkSize()
 
-	if len(b.bytes) < OutputBufferDefaultCutLength && timeSinceLastAppend < OutputBufferMaxTimeSinceLastAppend {
-		return "", false
+	/*
+	 * If there's recent, but not enough data in the buffer, we don't yet flush.
+	 * Here, we don't want to use the exponential backoff strategy while waiting,
+	 * because we should respect the maximum of 100ms for data in the buffer.
+	 */
+	if len(b.bytes) < chunkSize && timeSinceLastAppend < OutputBufferMaxTimeSinceLastAppend {
+		log.Debugf("The output buffer has only %d bytes and the flush was %v ago - waiting...", len(b.bytes), timeSinceLastAppend)
+		time.Sleep(10 * time.Millisecond)
+		return
 	}
 
-	//
-	// First we determine how much to cut.
-	//
-	// We don't want to flush too much in any iteration, but neither we want to
-	// flush too little.
-	//
-	// Starting from the default cut lenght, and decreasing the lenght until we
-	// are ready to flush.
-	//
+	log.Debugf("%d bytes in the buffer - flushing...", len(b.bytes))
 
-	cutLength := OutputBufferDefaultCutLength
+	/*
+	 * First we determine how much to cut.
+	 *
+	 * We don't want to flush too much in any iteration, but neither we want to
+	 * flush too little.
+	 *
+	 * Starting from the default cut lenght, and decreasing the lenght until we
+	 * are ready to flush.
+	 */
+	cutLength := chunkSize
 
-	//
 	// We can't cut more than we have in the buffer.
-	//
 	if len(b.bytes) < cutLength {
 		cutLength = len(b.bytes)
 	}
 
-	//
-	// Now comes the tricky part.
-	//
-	// We don't want to cut in the middle of an UTF-8 sequence.
-	//
-	// In the below loop, we are cutting of the last 3 charactes in case
-	// they are marked as the unicode continuation characters.
-	//
-	// An unicode sequence can't be longer than 4 bytes
-	//
-	//
-	// If there is only broken bytes in the buffer, we don't want to wait
-	// indefinetily. We only run this check if the last insert was recent enough.
-	//
-
-	if timeSinceLastAppend < OutputBufferMaxTimeSinceLastAppend {
+	/*
+	 * Now comes the tricky part.
+	 *
+	 * We don't want to cut in the middle of an UTF-8 sequence.
+	 *
+	 * In the loop below, we are cutting off the last 3 charactes in case
+	 * they are marked as the unicode continuation characters,
+	 * since an unicode sequence can't be longer than 4 bytes.
+	 *
+	 * We do this unicode-based adjustment in two scenarios:
+	 *   1 - The output buffer was not yet closed.
+	 *       In this case, we always check for incomplete UTF-8 sequences,
+	 *       because the buffer might not yet received them from the TTY.
+	 *   2 - The output buffer was closed, but the data in there doesn't fit
+	 *       in one chunk. Since in this case we know that no more bytes are coming
+	 *       from the TTY, the only reason we'd have an incomplete UTF-8 sequence
+	 *       is because we are cutting it here to fit it into the chunk.
+	 */
+
+	if !b.done || (b.done && cutLength == chunkSize) {
 		for i := 0; i < 4; i++ {
 			if utf8.Valid(b.bytes[0:cutLength]) {
 				break
@@ -117,11 +167,93 @@ func (b *OutputBuffer) Flush() (string, bool) {
 		}
 	}
 
-	// Flushing...
+	if cutLength <= 0 {
+		return
+	}
 
-	output := make([]byte, cutLength)
-	copy(output, b.bytes[0:cutLength])
+	// Avoid splitting \r\n newlines across chunks by keeping the carriage return
+	// for the next flush when the following byte is a line feed.
+	if cutLength < len(b.bytes) && cutLength > 0 && b.bytes[cutLength-1] == '\r' && b.bytes[cutLength] == '\n' {
+		cutLength--
+		if cutLength <= 0 {
+			return
+		}
+	}
+
+	bytes := make([]byte, cutLength)
+	copy(bytes, b.bytes[0:cutLength])
 	b.bytes = b.bytes[cutLength:]
 
-	return strings.Replace(string(output), "\r\n", "\n", -1), true
+	// Make sure we normalize newline sequences, and flush the output to the consumer.
+	output := strings.Replace(string(bytes), "\r\n", "\n", -1)
+	log.Debugf("%d bytes flushed: %s", len(bytes), output)
+	b.Consumer(output)
+}
+
+func (b *OutputBuffer) exponentialBackoff() *backoff.ExponentialBackOff {
+	e := backoff.NewExponentialBackOff()
+
+	/*
+	 * We start with a 10ms interval between ticks,
+	 * but if there’s nothing in the buffer for a while,
+	 * 10ms is too little an interval.
+	 */
+	e.InitialInterval = 10 * time.Millisecond
+
+	/*
+	 * If there's no data in the buffer, we increase the delay.
+	 * But, we also cap that delay to 1s, to make sure we don’t go too
+	 * long without checking if a command goes too long without producing any output.
+	 */
+	e.MaxInterval = time.Second
+
+	// We don't ever want the strategy to return backoff.Stop, so we don't set this.
+	e.MaxElapsedTime = 0
+
+	// We need to call Reset() before using it.
+	e.Reset()
+
+	return e
+}
+
+func (b *OutputBuffer) timeSinceLastAppend() time.Duration {
+	if b.lastAppend != nil {
+		return time.Since(*b.lastAppend)
+	}
+
+	return time.Millisecond
+}
+
+func (b *OutputBuffer) chunkSize() int {
+	// If the output buffer was already closed, we should
+	// use bigger chunks to make sure we can flush everything left in time.
+	if b.done {
+		return OutputBufferDefaultCutLength * 10
+	}
+
+	return OutputBufferDefaultCutLength
+}
+
+func (b *OutputBuffer) Close() error {
+	b.done = true
+
+	ctx, cancelFunc := context.WithTimeout(context.Background(), b.flushTimeout)
+	defer cancelFunc()
+
+	log.Debugf("Waiting for buffer to be completely flushed...")
+
+	return retry.RetryWithConstantWaitAndContext(ctx, retry.RetryOptions{
+		Task:                 "wait for all output to be flushed",
+		MaxAttempts:          math.MaxInt, // flush it until the the context reaches the deadline
+		DelayBetweenAttempts: 0,           // no need to sleep between flushes
+		HideError:            true,
+		Fn: func() error {
+			if b.IsEmpty() {
+				return nil
+			}
+
+			b.flush()
+			return fmt.Errorf("not fully flushed")
+		},
+	})
 }
diff --git a/pkg/shell/output_buffer_test.go b/pkg/shell/output_buffer_test.go
index a87978d5..1454c2dd 100644
--- a/pkg/shell/output_buffer_test.go
+++ b/pkg/shell/output_buffer_test.go
@@ -1,17 +1,27 @@
 package shell
 
 import (
+	"context"
+	"strings"
 	"testing"
 	"time"
 
 	assert "github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
+func Test__OutputBuffer__RequiresConsumer(t *testing.T) {
+	buffer, err := NewOutputBuffer(nil)
+	assert.Error(t, err)
+	assert.Nil(t, buffer)
+}
+
 func Test__OutputBuffer__SimpleAscii(t *testing.T) {
-	buffer := NewOutputBuffer()
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
 
 	//
-	// Making sure that the input is long enough to the flushed immidiately
+	// Making sure that the input is long enough to the flushed immediately
 	//
 	input := []byte{}
 	for i := 0; i < OutputBufferDefaultCutLength; i++ {
@@ -19,32 +29,29 @@ func Test__OutputBuffer__SimpleAscii(t *testing.T) {
 	}
 
 	buffer.Append(input)
-	flushed, ok := buffer.Flush()
-
-	assert.Equal(t, ok, true)
-	assert.Equal(t, flushed, string(input))
+	require.NoError(t, buffer.Close())
+	assert.Equal(t, strings.Join(output, ""), string(input))
 }
 
 func Test__OutputBuffer__SimpleAscii__ShorterThanMinimalCutLength(t *testing.T) {
-	buffer := NewOutputBuffer()
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
 
 	input := []byte("aaa")
-
 	buffer.Append(input)
-	flushed, ok := buffer.Flush()
 
-	// We need to wait a bit before flushing, the buffer is still too short
-	assert.Equal(t, ok, false)
-
-	time.Sleep(OutputBufferMaxTimeSinceLastAppend)
+	// output is too short, so it will only be flushed
+	// when the max delay is reached.
+	assert.Len(t, output, 0)
 
-	flushed, ok = buffer.Flush()
-	assert.Equal(t, ok, true)
-	assert.Equal(t, flushed, string(input))
+	// We need to wait a bit before flushing, the buffer is still too short
+	assert.Eventually(t, func() bool { return strings.Join(output, "") == string(input) }, time.Second, 100*time.Millisecond)
+	require.NoError(t, buffer.Close())
 }
 
 func Test__OutputBuffer__SimpleAscii__LongerThanMinimalCutLength(t *testing.T) {
-	buffer := NewOutputBuffer()
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
 
 	//
 	// Making sure that the input is long enough to have to be flushed two times.
@@ -56,20 +63,54 @@ func Test__OutputBuffer__SimpleAscii__LongerThanMinimalCutLength(t *testing.T) {
 
 	buffer.Append(input)
 
-	flushed1, ok := buffer.Flush()
-	assert.Equal(t, ok, true)
-	assert.Equal(t, flushed1, string(input[:OutputBufferDefaultCutLength]))
+	// wait for the output to be flushed
+	time.Sleep(time.Second)
 
-	// We need to wait a bit before flushing, the buffer is still too short
-	time.Sleep(OutputBufferMaxTimeSinceLastAppend)
+	require.NoError(t, buffer.Close())
+	if assert.Len(t, output, 2) {
+		assert.Equal(t, output[0], string(input[:OutputBufferDefaultCutLength]))
+		assert.Equal(t, output[1], string(input[OutputBufferDefaultCutLength:]))
+	}
+}
+
+func Test__OutputBuffer__DoesNotSplitCRLFNewlinesAcrossChunks(t *testing.T) {
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
+
+	input := strings.Repeat("a", OutputBufferDefaultCutLength-1) + "\r\nb"
 
-	flushed2, ok := buffer.Flush()
-	assert.Equal(t, ok, true)
-	assert.Equal(t, flushed2, string(input[OutputBufferDefaultCutLength:]))
+	buffer.Append([]byte(input))
+	time.Sleep(200 * time.Millisecond)
+	require.NoError(t, buffer.Close())
+
+	if assert.Len(t, output, 2) {
+		assert.Equal(t, strings.Repeat("a", OutputBufferDefaultCutLength-1), output[0])
+		assert.Equal(t, "\nb", output[1])
+	}
+
+	assert.Equal(t, strings.Join(output, ""), strings.ReplaceAll(input, "\r\n", "\n"))
+}
+
+func Test__OutputBuffer__SimpleAscii__ChunkIncreasesWhenClosed(t *testing.T) {
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
+	input := []byte{}
+	for i := 0; i < OutputBufferDefaultCutLength+50; i++ {
+		input = append(input, 'a')
+	}
+
+	buffer.Append(input)
+	require.NoError(t, buffer.Close())
+
+	// everything is flushed in one chunk
+	if assert.Len(t, output, 1) {
+		assert.Equal(t, output[0], string(input))
+	}
 }
 
 func Test__OutputBuffer__UTF8_Sequence__Simple(t *testing.T) {
-	buffer := NewOutputBuffer()
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
 
 	//
 	// Making sure that the input is long enough to the flushed immidiately
@@ -80,52 +121,26 @@ func Test__OutputBuffer__UTF8_Sequence__Simple(t *testing.T) {
 	}
 
 	buffer.Append(input)
-
-	out := ""
-
-	for !buffer.IsEmpty() {
-		flushed, ok := buffer.Flush()
-
-		if ok {
-			out += flushed
-		} else {
-			time.Sleep(OutputBufferMaxTimeSinceLastAppend)
-		}
-	}
-
-	assert.Equal(t, out, string(input))
+	require.NoError(t, buffer.Close())
+	assert.Equal(t, strings.Join(output, ""), string(input))
 }
 
 func Test__OutputBuffer__UTF8_Sequence__Short(t *testing.T) {
-	buffer := NewOutputBuffer()
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
 
-	//
-	// Making sure that the input is long enough to the flushed immidiately
-	//
 	input := []byte("特特特")
-
 	buffer.Append(input)
-
-	out := ""
-
-	for !buffer.IsEmpty() {
-		flushed, ok := buffer.Flush()
-
-		if ok {
-			out += flushed
-		} else {
-			time.Sleep(OutputBufferMaxTimeSinceLastAppend)
-		}
-	}
-
-	assert.Equal(t, out, string(input))
+	require.NoError(t, buffer.Close())
+	assert.Equal(t, strings.Join(output, ""), string(input))
 }
 
 func Test__OutputBuffer__InvalidUTF8_Sequence(t *testing.T) {
-	buffer := NewOutputBuffer()
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
 
 	//
-	// Making sure that the input is long enough to the flushed immidiately
+	// Making sure that the input is long enough to the flushed immediately
 	//
 	input := []byte{}
 	for len(input) <= OutputBufferDefaultCutLength {
@@ -133,20 +148,8 @@ func Test__OutputBuffer__InvalidUTF8_Sequence(t *testing.T) {
 	}
 
 	buffer.Append(input)
-
-	out := ""
-
-	for !buffer.IsEmpty() {
-		flushed, ok := buffer.Flush()
-
-		if ok {
-			out += flushed
-		} else {
-			time.Sleep(OutputBufferMaxTimeSinceLastAppend)
-		}
-	}
-
-	assert.Equal(t, out, string(input))
+	require.NoError(t, buffer.Close())
+	assert.Equal(t, strings.Join(output, ""), string(input))
 }
 
 func Test__OutputBuffer__FlushIgnoresCharactersThatAreNotUtf8Valid(t *testing.T) {
@@ -155,8 +158,8 @@ func Test__OutputBuffer__FlushIgnoresCharactersThatAreNotUtf8Valid(t *testing.T)
 	//
 	// The first 99 bytes will come from the 3-byte long kanji character, while
 	// the last byte will be a broken character
-
-	buffer := NewOutputBuffer()
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
 
 	input := ""
 	for i := 0; i < 33; i++ {
@@ -169,12 +172,10 @@ func Test__OutputBuffer__FlushIgnoresCharactersThatAreNotUtf8Valid(t *testing.T)
 	buffer.Append([]byte(input))
 	buffer.Append(nonUtf8Chars)
 
-	// In the output, we expect that the last broken byte is not returned.
-
-	out, ok := buffer.Flush()
-
-	assert.Equal(t, ok, true)
-	assert.Equal(t, out, input)
+	// In the output, we expect that the last broken byte is not returned initially.
+	time.Sleep(10 * time.Millisecond)
+	assert.Equal(t, strings.Join(output, ""), input)
+	require.NoError(t, buffer.Close())
 }
 
 func Test__OutputBuffer__FlushReturnsBytesThatAreBrokenAndSitInTheBufferForTooLong(t *testing.T) {
@@ -184,8 +185,8 @@ func Test__OutputBuffer__FlushReturnsBytesThatAreBrokenAndSitInTheBufferForTooLo
 	// The first 99 bytes will come from the 3-byte long kanji character, while
 	// the last byte will be a broken character
 	//
-
-	buffer := NewOutputBuffer()
+	output := []string{}
+	buffer, _ := NewOutputBuffer(func(s string) { output = append(output, s) })
 
 	input := []byte{}
 	for i := 0; i < 33; i++ {
@@ -194,12 +195,42 @@ func Test__OutputBuffer__FlushReturnsBytesThatAreBrokenAndSitInTheBufferForTooLo
 	input = append(input, []byte("特")[0])
 
 	buffer.Append(input)
+	require.NoError(t, buffer.Close())
+	assert.Equal(t, strings.Join(output, ""), string(input))
+}
 
-	// We wait for a while, and let the broken become bocome stale.
-	// Stale characters are forced out of the buffer, even if they are not valid.
-	time.Sleep(200 * time.Millisecond)
+func Test__OutputBuffer__DoesNotWaitForeverForOutputToBeFlushed(t *testing.T) {
+	input := []byte{}
+	for i := 0; i < OutputBufferDefaultCutLength*10; i++ {
+		input = append(input, 'a')
+	}
+
+	buffer, _ := NewOutputBufferWithFlushTimeout(func(s string) {}, time.Second)
+
+	// write a lot of data to the buffer
+	for i := 0; i < 1000; i++ {
+		buffer.Append(input)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// on a separate goroutine, we continuosly write
+	// to make sure the buffer is never empty
+	go func() {
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			default:
+				buffer.Append(input)
+			}
+		}
+	}()
 
-	out, ok := buffer.Flush()
-	assert.Equal(t, ok, true)
-	assert.Equal(t, out, string(input))
+	// here, we try to close, which will not work
+	// since we will attempt to flush while the buffer is being continuosly written.
+	err := buffer.Close()
+	assert.ErrorContains(t, err, "context deadline exceeded")
+	cancel()
 }
diff --git a/pkg/shell/process.go b/pkg/shell/process.go
index 955335f2..123e1f95 100644
--- a/pkg/shell/process.go
+++ b/pkg/shell/process.go
@@ -1,90 +1,93 @@
 package shell
 
 import (
-	"flag"
+	"encoding/base64"
 	"fmt"
-	"io/ioutil"
-	"log"
+	"io"
 	"math/rand"
+	"os"
+	"os/exec"
+	"path/filepath"
 	"regexp"
+	"runtime"
 	"strconv"
 	"strings"
+	"syscall"
 	"time"
-)
-
-type Process struct {
-	Command string
-	Shell   *Shell
-
-	StartedAt  int
-	FinishedAt int
-	ExitCode   int
 
-	OnStdoutCallback func(string)
-
-	startMark       string
-	endMark         string
-	commandEndRegex *regexp.Regexp
+	log "github.com/sirupsen/logrus"
+)
 
-	tempStoragePath string
-	cmdFilePath     string
+/*
+ * Windows does not support a PTY yet. To allow changing directories,
+ * and setting/unsetting environment variables, we need to keep track
+ * of the environment on every command executed. We do that by
+ * getting the whole environment after a command is executed and
+ * updating our shell with it.
+ */
+const WindowsPwshScript = `
+$ErrorActionPreference = "STOP"
+%s
+if ($LASTEXITCODE -eq $null) {$Env:SEMAPHORE_AGENT_CURRENT_CMD_EXIT_STATUS = 0} else {$Env:SEMAPHORE_AGENT_CURRENT_CMD_EXIT_STATUS = $LASTEXITCODE}
+$Env:SEMAPHORE_AGENT_CURRENT_DIR = $PWD | Select-Object -ExpandProperty Path
+Get-ChildItem Env: | Foreach-Object {"$($_.Name)=$($_.Value)"} | Set-Content "%s.env.after"
+exit $Env:SEMAPHORE_AGENT_CURRENT_CMD_EXIT_STATUS
+`
+
+type Config struct {
+	Shell             *Shell
+	StoragePath       string
+	Command           string
+	OnOutput          func(string)
+	UseBase64Encoding bool
+}
 
-	inputBuffer  []byte
-	outputBuffer *OutputBuffer
+type Process struct {
+	Command           string
+	Shell             *Shell
+	StoragePath       string
+	StartedAt         int
+	FinishedAt        int
+	ExitCode          int
+	Pid               int
+	startMark         string
+	endMark           string
+	commandEndRegex   *regexp.Regexp
+	inputBuffer       []byte
+	outputBuffer      *OutputBuffer
+	SysProcAttr       *syscall.SysProcAttr
+	UseBase64Encoding bool
 }
 
 func randomMagicMark() string {
 	return fmt.Sprintf("949556c7-%d", time.Now().Unix())
 }
 
-func NewProcess(cmd string, tempStoragePath string, shell *Shell) *Process {
+func NewProcess(config Config) *Process {
 	startMark := randomMagicMark() + "-start"
 	endMark := randomMagicMark() + "-end"
-
 	commandEndRegex := regexp.MustCompile(endMark + " " + `(\d+)` + "[\r\n]+")
+	outputBuffer, _ := NewOutputBuffer(config.OnOutput)
 
 	return &Process{
-		Command:  cmd,
-		ExitCode: 1,
-
-		Shell: shell,
-
-		startMark: startMark,
-		endMark:   endMark,
-
-		commandEndRegex: commandEndRegex,
-		tempStoragePath: tempStoragePath,
-		cmdFilePath:     tempStoragePath + "/current-agent-cmd",
-
-		outputBuffer: NewOutputBuffer(),
+		Shell:             config.Shell,
+		StoragePath:       config.StoragePath,
+		Command:           config.Command,
+		ExitCode:          1,
+		startMark:         startMark,
+		endMark:           endMark,
+		commandEndRegex:   commandEndRegex,
+		outputBuffer:      outputBuffer,
+		UseBase64Encoding: config.UseBase64Encoding,
 	}
 }
 
-func (p *Process) OnStdout(callback func(string)) {
-	p.OnStdoutCallback = callback
+func (p *Process) CmdFilePath() string {
+	return filepath.Join(p.StoragePath, "current-agent-cmd")
 }
 
-func (p *Process) StreamToStdout() {
-	for {
-		data, ok := p.outputBuffer.Flush()
-		if !ok {
-			break
-		}
-
-		log.Printf("Stream to stdout: %#v", data)
-
-		p.OnStdoutCallback(data)
-	}
-}
-
-func (p *Process) flushOutputBuffer() {
-	for !p.outputBuffer.IsEmpty() {
-		p.StreamToStdout()
-
-		if !p.outputBuffer.IsEmpty() {
-			time.Sleep(10 * time.Millisecond)
-		}
-	}
+func (p *Process) EnvironmentFilePath() string {
+	return fmt.Sprintf("%s.env.after", p.CmdFilePath())
 }
 
 func (p *Process) flushInputAll() {
@@ -103,24 +106,180 @@ func (p *Process) flushInputBufferTill(index int) {
 }
 
 func (p *Process) Run() {
-	instruction := p.constructShellInstruction()
+	err := p.loadCommand()
+	if err != nil {
+		log.Errorf("Err: %v", err)
+		return
+	}
 
+	instruction := p.constructShellInstruction()
 	p.StartedAt = int(time.Now().Unix())
 	defer func() {
 		p.FinishedAt = int(time.Now().Unix())
 	}()
 
-	err := p.loadCommand()
+	/*
+	 * If the agent is running in an non-windows environment,
+	 * we use a PTY session to run commands.
+	 */
+	if runtime.GOOS != "windows" {
+		p.runWithPTY(instruction)
+		return
+	}
+
+	// In windows, so no PTY support.
+	p.setup()
+	p.runWithoutPTY(instruction)
+
+	/*
+	 * If we are not using a PTY, we need to keep track of shell "state" ourselves.
+	 * We use a file with all the environment variables available after the command
+	 * is executed. From that file, we can update our shell "state".
+	 */
+	after, err := CreateEnvironmentFromFile(p.EnvironmentFilePath())
+	if err != nil {
+		log.Errorf("Error creating environment from file %s: %v\n", p.EnvironmentFilePath(), err)
+		return
+	}
+
+	/*
+	 * CMD.exe does not have an environment variable such as $PWD,
+	 * so we use a custom one to get the current working directory
+	 * after a command is executed.
+	 */
+	newCwd, exists := after.Get("SEMAPHORE_AGENT_CURRENT_DIR")
+	if exists {
+		p.Shell.Chdir(newCwd)
+	}
+
+	/*
+	 * We use two custom environment variables to track
+	 * things we need, but we don't want to mess the environment
+	 * so we remove them before updating our shell state.
+	 */
+	after.Remove("SEMAPHORE_AGENT_CURRENT_DIR")
+	after.Remove("SEMAPHORE_AGENT_CURRENT_CMD_EXIT_STATUS")
+	p.Shell.UpdateEnvironment(after)
+}
+
+func (p *Process) runWithoutPTY(instruction string) {
+	cmd, reader, writer := p.buildNonPTYCommand(instruction)
+	err := cmd.Start()
+	if err != nil {
+		log.Errorf("Error starting command: %v\n", err)
+		p.ExitCode = 1
+		return
+	}
+
+	/*
+	 * In Windows, we need to assign the process created by the command
+	 * with the job object handle we created for it earlier,
+	 * for process termination purposes.
+	 */
+	p.Pid = cmd.Process.Pid
+	err = p.afterCreation(p.Shell.windowsJobObject)
+	if err != nil {
+		log.Errorf("Process after creation procedure failed: %v", err)
+	}
+
+	/*
+	 * Start reading the command's output and wait until it finishes.
+	 */
+	done := make(chan bool, 1)
+	go p.readNonPTY(reader, done)
+	waitResult := cmd.Wait()
+
+	/*
+	 * Command is done, We close our output writer
+	 * so our output reader knows the command is over.
+	 */
+	err = writer.Close()
+	if err != nil {
+		log.Errorf("Error closing writer: %v", err)
+	}
+
+	/*
+	 * Let's wait for the reader to finish, just to make sure
+	 * we don't leave any goroutines hanging around.
+	 */
+	log.Debug("Waiting for reading to finish")
+	<-done
+
+	/*
+	 * The command was successful, so we just return.
+	 */
+	if waitResult == nil {
+		p.ExitCode = 0
+		return
+	}
+
+	/*
+	 * The command returned an error, so we need to figure out the exit code from it.
+	 * If we can't figure it out, we just use 1 and carry on.
+	 */
+	if err, ok := waitResult.(*exec.ExitError); ok {
+		if s, ok := err.Sys().(syscall.WaitStatus); ok {
+			p.ExitCode = s.ExitStatus()
+		} else {
+			log.Errorf("Could not cast *exec.ExitError to syscall.WaitStatus: %v\n", err)
+			p.ExitCode = 1
+		}
+	} else {
+		log.Errorf("Unexpected %T returned after Wait(): %v", waitResult, waitResult)
+		p.ExitCode = 1
+	}
+}
+
+func (p *Process) buildNonPTYCommand(instruction string) (*exec.Cmd, *io.PipeReader, *io.PipeWriter) {
+	args := append(p.Shell.Args, instruction)
+
+	// #nosec
+	cmd := exec.Command(p.Shell.Executable, args...)
+	cmd.Dir = p.Shell.Cwd
+	cmd.SysProcAttr = p.SysProcAttr
+
+	if p.Shell.Env != nil {
+		cmd.Env = append(os.Environ(), p.Shell.Env.ToSlice()...)
+	}
+
+	reader, writer := io.Pipe()
+	cmd.Stdout = writer
+	cmd.Stderr = writer
+	return cmd, reader, writer
+}
+
+func (p *Process) runWithPTY(instruction string) {
+	_, err := p.Shell.Write(instruction)
 	if err != nil {
-		log.Printf("err: %v", err)
+		log.Errorf("Error writing instruction: %v", err)
 		return
 	}
 
-	p.Shell.Write(instruction)
-	p.scan()
+	_ = p.scan()
 }
 
 func (p *Process) constructShellInstruction() string {
+	/*
+	 * When the agent and the PTY executing the commands can't share
+	 * a folder, we need to execute the command without the aid of a temporary file.
+	 * To handle that, we make the agent encode the command here,
+	 * and make the PTY decode it before executing it. That allows us to handle
+	 * multiline commands and commands with quotes without going into escaping character hell.
+	 */
+	if p.UseBase64Encoding {
+		base64EncodedCommand := base64.StdEncoding.EncodeToString([]byte(p.Command))
+		return fmt.Sprintf(
+			`echo -e "\001 %s"; source <(echo %s | base64 -d); AGENT_CMD_RESULT=$?; echo -e "\001 %s $AGENT_CMD_RESULT"; echo "exit $AGENT_CMD_RESULT" | sh`,
+			p.startMark,
+			base64EncodedCommand,
+			p.endMark,
+		)
+	}
+
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf(`%s.ps1`, p.CmdFilePath())
+	}
+
 	//
 	// A process is sending a complex instruction to the shell. The instruction
 	// does the following:
@@ -133,65 +292,118 @@ func (p *Process) constructShellInstruction() string {
 	//
 	template := `echo -e "\001 %s"; source %s; AGENT_CMD_RESULT=$?; echo -e "\001 %s $AGENT_CMD_RESULT"; echo "exit $AGENT_CMD_RESULT" | sh`
 
-	return fmt.Sprintf(template, p.startMark, p.cmdFilePath, p.endMark)
+	return fmt.Sprintf(template, p.startMark, p.CmdFilePath(), p.endMark)
 }
 
+/*
+ * Multiline commands don't work very well with the start/finish marker.
+ * scheme. To circumvent this, we are storing the command in a file.
+ */
 func (p *Process) loadCommand() error {
-	//
-	// Multiline commands don't work very well with the start/finish marker
-	// scheme.  To circumvent this, we are storing the command in a file
-	//
 
-	err := ioutil.WriteFile(p.cmdFilePath, []byte(p.Command), 0644)
+	// If we are using base64 encoding when executing the command,
+	// we don't need a temporary file for storing it, so we don't create it.
+	if p.UseBase64Encoding {
+		return nil
+	}
+
+	if runtime.GOOS != "windows" {
+		return p.writeCommandToFile(p.CmdFilePath(), p.Command)
+	}
+
+	cmdFilePath := fmt.Sprintf("%s.ps1", p.CmdFilePath())
+	command := fmt.Sprintf(WindowsPwshScript, p.Command, p.CmdFilePath())
+	return p.writeCommandToFile(cmdFilePath, command)
+}
+
+func (p *Process) writeCommandToFile(cmdFilePath, command string) error {
+	// #nosec
+	file, err := os.OpenFile(cmdFilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
 	if err != nil {
-		// TODO: log something
-		// e.Logger.LogCommandStarted(command)
-		// e.Logger.LogCommandOutput(fmt.Sprintf("Failed to run command: %+v\n", err))
+		return err
+	}
 
+	/*
+	 * UTF8 files without a BOM containing non-ASCII characters may break in Windows PowerShell,
+	 * since it misinterprets it as being encoded in the legacy "ANSI" codepage.
+	 * Since we need to support non-ASCII characters, we need a UTF-8 file with a BOM.
+	 * See: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_character_encoding
+	 */
+	if runtime.GOOS == "windows" {
+		_, err = file.Write([]byte{0xEF, 0xBB, 0xBF})
+		if err != nil {
+			_ = file.Close()
+			return err
+		}
+	}
+
+	_, err = file.Write([]byte(command))
+	if err != nil {
+		_ = file.Close()
 		return err
 	}
 
-	return nil
+	return file.Close()
 }
 
+// Determines the buffer size used when reading command output from the TTY.
+// Note: the TTY read does not block until this buffer is completely filled,
+// so there's no need to use a small buffer here. 1-4k proved to be a good choice.
 func (p *Process) readBufferSize() int {
-	if flag.Lookup("test.v") == nil {
-		return 100
-	} else {
-		// simulating the worst kind of baud rate
-		// random in size, and possibly very short
+	rand.Seed(time.Now().UnixNano())
+
+	min := 1024
+	max := 4096
 
-		// The implementation needs to handle everything.
-		rand.Seed(time.Now().UnixNano())
+	// #nosec
+	return rand.Intn(max-min) + min
+}
+
+func (p *Process) readNonPTY(reader *io.PipeReader, done chan bool) {
+	for {
+		log.Debug("Reading started")
+		buffer := make([]byte, p.readBufferSize())
+		n, err := reader.Read(buffer)
+		if err != nil && err != io.EOF {
+			log.Errorf("Error while reading. Error: %v", err)
+		}
 
-		min := 1
-		max := 20
+		p.inputBuffer = append(p.inputBuffer, buffer[0:n]...)
+		log.Debugf("reading data from command. Input buffer: %#v", string(p.inputBuffer))
+		p.flushInputAll()
 
-		return rand.Intn(max-min) + min
+		if err == io.EOF {
+			log.Debug("Finished reading")
+			if err := p.outputBuffer.Close(); err != nil {
+				log.Error("Could not flush all the output in the buffer")
+			}
+
+			break
+		}
 	}
+
+	done <- true
 }
 
-//
 // Read state from shell into the inputBuffer
-//
 func (p *Process) read() error {
 	buffer := make([]byte, p.readBufferSize())
 
-	log.Println("Reading started")
+	log.Debug("Reading started")
 	n, err := p.Shell.Read(&buffer)
 	if err != nil {
-		log.Printf("Error while reading from the tty. Error: '%s'.", err.Error())
+		log.Errorf("Error while reading from the tty. Error: '%s'.", err.Error())
 		return err
 	}
 
 	p.inputBuffer = append(p.inputBuffer, buffer[0:n]...)
-	log.Printf("reading data from shell. Input buffer: %#v", string(p.inputBuffer))
+	log.Debugf("reading data (%d bytes) from shell. Input buffer: %#v", n, string(p.inputBuffer))
 
 	return nil
 }
 
 func (p *Process) waitForStartMarker() error {
-	log.Println("Waiting for start marker", p.startMark)
+	log.Debugf("Waiting for start marker %s", p.startMark)
 
 	//
 	// Fill the output buffer, until the start marker appears
@@ -222,7 +434,7 @@ func (p *Process) waitForStartMarker() error {
 		}
 	}
 
-	log.Println("Start marker found", p.startMark)
+	log.Debugf("Start marker found %s", p.startMark)
 
 	return nil
 }
@@ -232,7 +444,7 @@ func (p *Process) endMarkerHeaderIndex() int {
 }
 
 func (p *Process) scan() error {
-	log.Println("Scan started")
+	log.Debug("Scan started")
 
 	err := p.waitForStartMarker()
 	if err != nil {
@@ -248,10 +460,10 @@ func (p *Process) scan() error {
 				p.flushInputBufferTill(index)
 			}
 
-			log.Println("Start of end marker detected, entering buffering mode.")
+			log.Debug("Start of end marker detected, entering buffering mode.")
 
 			if match := p.commandEndRegex.FindStringSubmatch(string(p.inputBuffer)); len(match) == 2 {
-				log.Println("End marker detected. Exit code: ", match[1])
+				log.Debug("End marker detected. Exit code: ", match[1])
 
 				exitCode = match[1]
 				break
@@ -270,33 +482,34 @@ func (p *Process) scan() error {
 			p.flushInputAll()
 		}
 
-		p.StreamToStdout()
-
 		err := p.read()
 		if err != nil {
 			// Reading failed. The most likely cause is that the bash process
 			// died. For example, running an `exit 1` command has killed it.
-
 			// Flushing all remaining data in the buffer and exiting.
-			p.flushOutputBuffer()
+			if err := p.outputBuffer.Close(); err != nil {
+				log.Error("Could not flush all the output in the buffer")
+			}
 
 			return err
 		}
 	}
 
-	p.flushOutputBuffer()
+	if err := p.outputBuffer.Close(); err != nil {
+		log.Error("Could not flush all the output in the buffer")
+	}
 
-	log.Println("Command output finished")
-	log.Println("Parsing exit code", exitCode)
+	log.Debug("Command output finished")
+	log.Debugf("Parsing exit code %s", exitCode)
 
 	code, err := strconv.Atoi(exitCode)
 	if err != nil {
-		log.Printf("Error while parsing exit code, err: %v", err)
+		log.Errorf("Error while parsing exit code, err: %v", err)
 
 		return err
 	}
 
-	log.Printf("Parsing exit code fininished %d", code)
+	log.Debugf("Parsing exit code finished %d", code)
 	p.ExitCode = code
 
 	return nil
diff --git a/pkg/shell/process_setup.go b/pkg/shell/process_setup.go
new file mode 100644
index 00000000..1cdbfe83
--- /dev/null
+++ b/pkg/shell/process_setup.go
@@ -0,0 +1,17 @@
+// +build !windows
+
+package shell
+
+/*
+ * For non-windows agents, we handle job termination
+ * by closing the TTY associated with the job.
+ * Therefore, no special handling here is necessary.
+ */
+
+func (p *Process) setup() {
+
+}
+
+func (p *Process) afterCreation(jobObject uintptr) error {
+	return nil
+}
diff --git a/pkg/shell/process_setup_windows.go b/pkg/shell/process_setup_windows.go
new file mode 100644
index 00000000..553a2c22
--- /dev/null
+++ b/pkg/shell/process_setup_windows.go
@@ -0,0 +1,30 @@
+// +build windows
+
+package shell
+
+import (
+	"golang.org/x/sys/windows"
+)
+
+func (p *Process) setup() {
+	p.SysProcAttr = &windows.SysProcAttr{
+		CreationFlags: windows.CREATE_UNICODE_ENVIRONMENT | windows.CREATE_NEW_PROCESS_GROUP,
+	}
+}
+
+func (p *Process) afterCreation(jobObject uintptr) error {
+	permissions := uint32(windows.PROCESS_QUERY_LIMITED_INFORMATION | windows.PROCESS_SET_QUOTA | windows.PROCESS_TERMINATE)
+	processHandle, err := windows.OpenProcess(permissions, false, uint32(p.Pid))
+	if err != nil {
+		return err
+	}
+
+	defer windows.CloseHandle(processHandle)
+
+	err = windows.AssignProcessToJobObject(windows.Handle(jobObject), processHandle)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/shell/process_test.go b/pkg/shell/process_test.go
new file mode 100644
index 00000000..b4757eb4
--- /dev/null
+++ b/pkg/shell/process_test.go
@@ -0,0 +1,83 @@
+package shell
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+)
+
+func Benchmark__CommandOutput_128Bytes(b *testing.B) {
+	p := createProcess(b, fmt.Sprintf("echo '%s'", strings.Repeat("x", 128)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		p.Run()
+	}
+}
+
+func Benchmark__CommandOutput_1K(b *testing.B) {
+	p := createProcess(b, fmt.Sprintf("echo '%s'", strings.Repeat("x", 1024)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		p.Run()
+	}
+}
+
+func Benchmark__CommandOutput_10K(b *testing.B) {
+	p := createProcess(b, fmt.Sprintf("for i in {0..10}; do echo '%s'; done", strings.Repeat("x", 1024)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		p.Run()
+	}
+}
+
+func Benchmark__CommandOutput_100K(b *testing.B) {
+	p := createProcess(b, fmt.Sprintf("for i in {0..100}; do echo '%s'; done", strings.Repeat("x", 1024)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		p.Run()
+	}
+}
+
+func Benchmark__CommandOutput_250K(b *testing.B) {
+	p := createProcess(b, fmt.Sprintf("for i in {0..250}; do echo '%s'; done", strings.Repeat("x", 1024)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		p.Run()
+	}
+}
+
+func Benchmark__CommandOutput_500K(b *testing.B) {
+	p := createProcess(b, fmt.Sprintf("for i in {0..500}; do echo '%s'; done", strings.Repeat("x", 1024)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		p.Run()
+	}
+}
+
+func Benchmark__CommandOutput_1M(b *testing.B) {
+	p := createProcess(b, fmt.Sprintf("for i in {0..1000}; do echo '%s'; done", strings.Repeat("x", 1024)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		p.Run()
+	}
+}
+
+func createProcess(b *testing.B, command string) *Process {
+	s, err := NewShell(os.TempDir())
+	if err != nil {
+		b.Fatalf("error creating shell: %v", err)
+	}
+
+	err = s.Start()
+	if err != nil {
+		b.Fatalf("error creating shell: %v", err)
+	}
+
+	return NewProcess(Config{
+		Shell:       s,
+		StoragePath: os.TempDir(),
+		Command:     command,
+		OnOutput:    func(string) { /* discard output */ },
+	})
+}
diff --git a/pkg/shell/pty.go b/pkg/shell/pty.go
new file mode 100644
index 00000000..4538a9cd
--- /dev/null
+++ b/pkg/shell/pty.go
@@ -0,0 +1,14 @@
+// +build !windows
+
+package shell
+
+import (
+	"os"
+	"os/exec"
+
+	pty "github.com/creack/pty"
+)
+
+func StartPTY(command *exec.Cmd) (*os.File, error) {
+	return pty.Start(command)
+}
diff --git a/pkg/shell/pty_test.go b/pkg/shell/pty_test.go
new file mode 100644
index 00000000..663682c4
--- /dev/null
+++ b/pkg/shell/pty_test.go
@@ -0,0 +1,28 @@
+package shell
+
+import (
+	"os/exec"
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test__PTYIsNotSupportedOnWindows(t *testing.T) {
+	if runtime.GOOS != "windows" {
+		t.Skip()
+	}
+
+	_, err := StartPTY(exec.Command("powershell"))
+	assert.NotNil(t, err)
+}
+
+func Test__PTYIsSupportedOnNonWindows(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	tty, err := StartPTY(exec.Command("bash", "--login"))
+	assert.Nil(t, err)
+	tty.Close()
+}
diff --git a/pkg/shell/pty_windows.go b/pkg/shell/pty_windows.go
new file mode 100644
index 00000000..c7b8fa1c
--- /dev/null
+++ b/pkg/shell/pty_windows.go
@@ -0,0 +1,13 @@
+// +build windows
+
+package shell
+
+import (
+	"errors"
+	"os"
+	"os/exec"
+)
+
+func StartPTY(c *exec.Cmd) (*os.File, error) {
+	return nil, errors.New("PTY is not supported on Windows")
+}
diff --git a/pkg/shell/shell.go b/pkg/shell/shell.go
index af861885..e2e826ea 100644
--- a/pkg/shell/shell.go
+++ b/pkg/shell/shell.go
@@ -2,39 +2,74 @@ package shell
 
 import (
 	"bufio"
+	"errors"
 	"fmt"
-	"log"
 	"os"
 	"os/exec"
+	"runtime"
 	"strings"
 	"time"
 
-	pty "github.com/kr/pty"
+	log "github.com/sirupsen/logrus"
 )
 
 type Shell struct {
+	Executable  string
+	Args        []string
 	BootCommand *exec.Cmd
 	StoragePath string
 	TTY         *os.File
 	ExitSignal  chan string
+	Env         *Environment
+	Cwd         string
+
+	/*
+	 * A job object handle used to interrupt the command
+	 * process in case of a stop request.
+	 */
+	windowsJobObject uintptr
 }
 
-func NewShell(bootCommand *exec.Cmd, storagePath string) (*Shell, error) {
+func NewShell(storagePath string) (*Shell, error) {
+	return NewShellFromExecAndArgs(Executable(), Args(), storagePath)
+}
+
+func NewShellFromExecAndArgs(executable string, args []string, storagePath string) (*Shell, error) {
 	exitChannel := make(chan string, 1)
 
+	cwd, err := os.Getwd()
+	if err != nil {
+		return nil, fmt.Errorf("error finding current working directory: %v", err)
+	}
+
 	return &Shell{
-		BootCommand: bootCommand,
+		Executable:  executable,
+		Args:        args,
 		StoragePath: storagePath,
 		ExitSignal:  exitChannel,
+		Env:         &Environment{},
+		Cwd:         cwd,
 	}, nil
 }
 
 func (s *Shell) Start() error {
-	log.Printf("Starting stateful shell")
 
-	tty, err := pty.Start(s.BootCommand)
+	/*
+	 * In windows, we don't use a PTY, so we need to create a job object
+	 * to assign the processes started by the user.
+	 */
+	if runtime.GOOS == "windows" {
+		s.Setup()
+		return nil
+	}
+
+	log.Debug("Starting stateful shell")
+
+	// #nosec
+	s.BootCommand = exec.Command(s.Executable, s.Args...)
+	tty, err := StartPTY(s.BootCommand)
 	if err != nil {
-		log.Printf("Failed to start stateful shell")
+		log.Errorf("Failed to start stateful shell: %v", err)
 		return err
 	}
 
@@ -67,10 +102,10 @@ func (s *Shell) handleAbruptShellCloses() {
 			msg = err.Error()
 		}
 
-		log.Printf("Shell unexpectedly closed with %s. Closing associated TTY.", msg)
-		s.TTY.Close()
+		log.Debugf("Shell closed with %s. Closing associated TTY", msg)
+		_ = s.TTY.Close()
 
-		log.Printf("Publishing an exit signal.")
+		log.Debugf("Publishing an exit signal: %s", msg)
 		s.ExitSignal <- msg
 	}()
 }
@@ -95,7 +130,7 @@ func (s *Shell) Read(buffer *([]byte)) (int, error) {
 }
 
 func (s *Shell) Write(instruction string) (int, error) {
-	log.Printf("Sending Instruction: %s", instruction)
+	log.Debugf("Sending Instruction: %s", instruction)
 
 	done := make(chan bool, 1)
 
@@ -118,11 +153,30 @@ func (s *Shell) Write(instruction string) (int, error) {
 func (s *Shell) silencePromptAndDisablePS1() error {
 	everythingIsReadyMark := "87d140552e404df69f6472729d2b2c3"
 
-	s.TTY.Write([]byte("export PS1=''\n"))
-	s.TTY.Write([]byte("stty -echo\n"))
-	s.TTY.Write([]byte("echo stty `stty -g` > /tmp/restore-tty\n"))
-	s.TTY.Write([]byte("cd ~\n"))
-	s.TTY.Write([]byte("echo '" + everythingIsReadyMark + "'\n"))
+	_, err := s.TTY.Write([]byte("export PS1=''\n"))
+	if err != nil {
+		return err
+	}
+
+	_, err = s.TTY.Write([]byte("stty -echo\n"))
+	if err != nil {
+		return err
+	}
+
+	_, err = s.TTY.Write([]byte("echo stty `stty -g` > /tmp/restore-tty\n"))
+	if err != nil {
+		return err
+	}
+
+	_, err = s.TTY.Write([]byte("cd ~\n"))
+	if err != nil {
+		return err
+	}
+
+	_, err = s.TTY.Write([]byte("echo '" + everythingIsReadyMark + "'\n"))
+	if err != nil {
+		return err
+	}
 
 	stdoutScanner := bufio.NewScanner(s.TTY)
 
@@ -142,17 +196,21 @@ func (s *Shell) silencePromptAndDisablePS1() error {
 
 	// We wait until marker is displayed in the output
 
-	log.Println("Waiting for initialization")
+	log.Debug("Waiting for initialization")
 
 	for stdoutScanner.Scan() {
 		text := stdoutScanner.Text()
 
-		log.Printf("(tty) %s\n", text)
+		log.Debugf("(tty) %s\n", text)
 
 		if strings.Contains(text, "executable file not found") {
 			return fmt.Errorf(text)
 		}
 
+		if strings.Contains(text, "The container name \"/main\" is already in use") {
+			return fmt.Errorf(text)
+		}
+
 		if !strings.Contains(text, "echo") && strings.Contains(text, everythingIsReadyMark) {
 			break
 		}
@@ -162,21 +220,70 @@ func (s *Shell) silencePromptAndDisablePS1() error {
 }
 
 func (s *Shell) NewProcess(command string) *Process {
-	return NewProcess(command, s.StoragePath, s)
+	return NewProcess(
+		Config{
+			Command:     command,
+			Shell:       s,
+			StoragePath: s.StoragePath,
+		})
+}
+
+func (s *Shell) NewProcessWithOutput(command string, outputConsumer func(string)) *Process {
+	return NewProcess(
+		Config{
+			Command:     command,
+			Shell:       s,
+			StoragePath: s.StoragePath,
+			OnOutput:    outputConsumer,
+		})
+}
+
+func (s *Shell) NewProcessWithConfig(config Config) *Process {
+	return NewProcess(config)
 }
 
 func (s *Shell) Close() error {
-	err := s.TTY.Close()
-	if err != nil {
-		log.Printf("Closing the TTY returned an error")
-		return err
+	if s.TTY != nil {
+		err := s.TTY.Close()
+		if err != nil {
+			log.Errorf("Closing the TTY returned an error: %v", err)
+			return err
+		}
 	}
 
-	err = s.BootCommand.Process.Kill()
-	if err != nil {
-		log.Printf("Process killing procedure returned an erorr %+v\n", err)
-		return err
+	if s.BootCommand != nil && s.BootCommand.Process != nil {
+		err := s.BootCommand.Process.Kill()
+		if err != nil && !errors.Is(err, os.ErrProcessDone) {
+			log.Errorf("Process killing procedure returned an error %+v", err)
+			return err
+		}
 	}
 
 	return nil
 }
+
+func (s *Shell) Chdir(newCwd string) {
+	if newCwd != s.Cwd {
+		s.Cwd = newCwd
+	}
+}
+
+func (s *Shell) UpdateEnvironment(newEnvironment *Environment) {
+	s.Env = newEnvironment
+}
+
+func Executable() string {
+	if runtime.GOOS == "windows" {
+		return "powershell"
+	}
+
+	return "bash"
+}
+
+func Args() []string {
+	if runtime.GOOS == "windows" {
+		return []string{"-NoProfile", "-NonInteractive"}
+	}
+
+	return []string{"--login"}
+}
diff --git a/pkg/shell/shell_setup.go b/pkg/shell/shell_setup.go
new file mode 100644
index 00000000..d6f67c23
--- /dev/null
+++ b/pkg/shell/shell_setup.go
@@ -0,0 +1,17 @@
+// +build !windows
+
+package shell
+
+/*
+ * For non-windows agents, we handle job termination
+ * by closing the TTY associated with the job.
+ * Therefore, no special handling here is necessary.
+ */
+
+func (s *Shell) Setup() {
+
+}
+
+func (s *Shell) Terminate() error {
+	return nil
+}
diff --git a/pkg/shell/shell_setup_windows.go b/pkg/shell/shell_setup_windows.go
new file mode 100644
index 00000000..6f04edcf
--- /dev/null
+++ b/pkg/shell/shell_setup_windows.go
@@ -0,0 +1,44 @@
+// +build windows
+
+package shell
+
+import (
+	"unsafe"
+
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/sys/windows"
+)
+
+func (s *Shell) Setup() {
+	jobObject, err := windows.CreateJobObject(nil, nil)
+	if err != nil {
+		log.Errorf("Error creating job object: %v", err)
+		return
+	}
+
+	info := windows.JOBOBJECT_EXTENDED_LIMIT_INFORMATION{
+		BasicLimitInformation: windows.JOBOBJECT_BASIC_LIMIT_INFORMATION{
+			LimitFlags: windows.JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE,
+		},
+	}
+
+	_, err = windows.SetInformationJobObject(
+		jobObject,
+		windows.JobObjectExtendedLimitInformation,
+		uintptr(unsafe.Pointer(&info)),
+		uint32(unsafe.Sizeof(info)),
+	)
+
+	if err != nil {
+		log.Errorf("Error setting job object information: %v", err)
+		return
+	}
+
+	log.Debugf("Successfully created job object: %v", jobObject)
+	s.windowsJobObject = uintptr(jobObject)
+}
+
+func (s *Shell) Terminate() error {
+	log.Debugf("Terminating all processes assigned to job object %v", s.windowsJobObject)
+	return windows.CloseHandle(windows.Handle(s.windowsJobObject))
+}
diff --git a/pkg/shell/shell_test.go b/pkg/shell/shell_test.go
index f63ace0c..fe4631f9 100644
--- a/pkg/shell/shell_test.go
+++ b/pkg/shell/shell_test.go
@@ -2,43 +2,121 @@ package shell
 
 import (
 	"bytes"
-	"io/ioutil"
-	"log"
-	"os/exec"
+	"os"
+	"runtime"
 	"testing"
 
 	assert "github.com/stretchr/testify/assert"
 )
 
+func Test__Shell__NewShell(t *testing.T) {
+	shell, err := NewShell(os.TempDir())
+	assert.Nil(t, err)
+	assert.NotNil(t, shell.Cwd)
+
+	if runtime.GOOS == "windows" {
+		assert.Equal(t, shell.Executable, "powershell")
+	} else {
+		assert.Equal(t, shell.Executable, "bash")
+	}
+
+	if runtime.GOOS == "windows" {
+		assert.Equal(t, shell.Args, []string{"-NoProfile", "-NonInteractive"})
+	} else {
+		assert.Equal(t, shell.Args, []string{"--login"})
+	}
+
+	assert.NoError(t, shell.Close())
+}
+
+func Test__Shell__Start(t *testing.T) {
+	shell, err := NewShell(os.TempDir())
+	assert.Nil(t, err)
+
+	err = shell.Start()
+	assert.Nil(t, err)
+
+	if runtime.GOOS == "windows" {
+		assert.Nil(t, shell.BootCommand)
+		assert.Nil(t, shell.TTY)
+	} else {
+		assert.NotNil(t, shell.BootCommand)
+		assert.NotNil(t, shell.TTY)
+	}
+
+	assert.NoError(t, shell.Close())
+}
+
 func Test__Shell__SimpleHelloWorld(t *testing.T) {
 	var output bytes.Buffer
 
-	shell := bashShell()
+	shell, _ := NewShell(os.TempDir())
+	shell.Start()
 
-	p1 := shell.NewProcess("echo Hello")
-	p1.OnStdout(func(line string) {
+	p1 := shell.NewProcessWithOutput("echo Hello", func(line string) {
 		output.WriteString(line)
 	})
+
 	p1.Run()
+	assert.Equal(t, output.String(), "Hello\n")
+	assert.NoError(t, shell.Close())
+}
+
+func Test__Shell__SimpleHelloWorldUsingBase64Encoding(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
+	var output bytes.Buffer
 
+	shell, _ := NewShell(os.TempDir())
+	shell.Start()
+
+	p1 := shell.NewProcessWithConfig(Config{
+		Command:           "echo Hello",
+		UseBase64Encoding: true,
+		Shell:             shell,
+		OnOutput: func(line string) {
+			output.WriteString(line)
+		},
+	})
+
+	p1.Run()
 	assert.Equal(t, output.String(), "Hello\n")
+	assert.NoError(t, shell.Close())
 }
 
 func Test__Shell__HandlingBashProcessKill(t *testing.T) {
 	var output bytes.Buffer
 
-	shell := bashShell()
+	shell, _ := NewShell(os.TempDir())
+	shell.Start()
+
+	var cmd string
+	if runtime.GOOS == "windows" {
+		cmd = `
+			echo Hello
+			if ($?) {
+				Exit 1
+			}
+		`
+	} else {
+		cmd = "echo Hello && exit 1"
+	}
 
-	p1 := shell.NewProcess("echo 'Hello' && exit 1")
-	p1.OnStdout(func(line string) {
+	p1 := shell.NewProcessWithOutput(cmd, func(line string) {
 		output.WriteString(line)
 	})
-	p1.Run()
 
+	p1.Run()
 	assert.Equal(t, output.String(), "Hello\n")
 }
 
 func Test__Shell__HandlingBashProcessKillThatHasBackgroundJobs(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
 	var output bytes.Buffer
 
 	//
@@ -52,38 +130,14 @@ func Test__Shell__HandlingBashProcessKillThatHasBackgroundJobs(t *testing.T) {
 	// it stops the read procedure.
 	//
 
-	shell := bashShell()
+	shell, _ := NewShell(os.TempDir())
+	shell.Start()
 
-	p1 := shell.NewProcess("sleep infinity &")
-	p1.OnStdout(func(line string) {
-		output.WriteString(line)
-	})
+	p1 := shell.NewProcessWithOutput("sleep infinity &", func(line string) { output.WriteString(line) })
 	p1.Run()
 
-	p2 := shell.NewProcess("echo 'Hello' && exit 1")
-	p2.OnStdout(func(line string) {
-		output.WriteString(line)
-	})
+	p2 := shell.NewProcessWithOutput("echo 'Hello' && sleep 1 && exit 1", func(line string) { output.WriteString(line) })
 	p2.Run()
 
 	assert.Equal(t, output.String(), "Hello\n")
 }
-
-func tempStorageFolder() string {
-	dir, err := ioutil.TempDir("", "agent-test")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	return dir
-}
-
-func bashShell() *Shell {
-	dir := tempStorageFolder()
-	cmd := exec.Command("bash", "--login")
-
-	shell, _ := NewShell(cmd, dir)
-	shell.Start()
-
-	return shell
-}
diff --git a/pkg/slices/slices.go b/pkg/slices/slices.go
new file mode 100644
index 00000000..ddaa4be6
--- /dev/null
+++ b/pkg/slices/slices.go
@@ -0,0 +1,11 @@
+package slices
+
+func Contains(slice []string, item string) bool {
+	for _, x := range slice {
+		if x == item {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/scripts/provision-windows-box.ps1 b/scripts/provision-windows-box.ps1
new file mode 100644
index 00000000..9216465c
--- /dev/null
+++ b/scripts/provision-windows-box.ps1
@@ -0,0 +1,43 @@
+$ErrorActionPreference = "Stop"
+
+function Add-To-Path {
+  param (
+    $Path
+  )
+
+  $Content = "if (-not (`$env:Path.Split(';').Contains('$Path'))) { `$env:Path = '$Path;' + `$env:Path }"
+  $ProfilePath = $profile.AllUsersAllHosts
+  Write-Output "Adding $Path to `$env:Path, using profile $ProfilePath..."
+
+  if (-not (Test-Path $profilePath)) {
+    Write-Output "$ProfilePath does not exist. Creating it..."
+    New-Item $ProfilePath > $null
+    Set-Content $ProfilePath $Content
+  } else {
+    Add-Content -Path $ProfilePath -Value $Content
+  }
+}
+
+Write-Output "Installing golang..."
+choco install -y golang
+If ($lastexitcode -ne 0) { Exit $lastexitcode }
+
+Write-Output "Installing Git for Windows"
+choco install -y git --version 2.31.0
+If ($lastexitcode -ne 0) { Exit $lastexitcode }
+
+Add-To-Path -Path "C:\Program Files\Go\bin"
+Add-To-Path -Path "C:\Program Files\Git\bin"
+
+Write-Output "Importing the choco profile module..."
+$ChocolateyInstall = Convert-Path "$((Get-Command choco).path)\..\.."
+Import-Module "$ChocolateyInstall\helpers\chocolateyProfile.psm1"
+Write-Output "Refreshing the current session environment..."
+Update-SessionEnvironment
+
+go version
+If ($lastexitcode -ne 0) { Exit $lastexitcode }
+
+# no mismatched line endings
+git config --system core.autocrlf false
+If ($lastexitcode -ne 0) { Exit $lastexitcode }
diff --git a/test/e2e.rb b/test/e2e.rb
index 6c1d4b43..d25396ea 100644
--- a/test/e2e.rb
+++ b/test/e2e.rb
@@ -4,160 +4,140 @@
 
 require 'tempfile'
 require 'json'
+require 'yaml'
 require 'timeout'
 require 'base64'
 
-$JOB_ID = `uuidgen`.strip
+require_relative "./e2e_support/api_mode"
+require_relative "./e2e_support/listener_mode"
 
-# based on secret passed to the running server
-$TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.gLEycyHdyRRzUpauBxdDFmxT5KoOApFO5MHuvWPgFtY"
+$JOB_ID = `uuidgen`.strip
+$LOGGER = ""
+
+$strategy = nil
+
+case ENV["TEST_MODE"]
+when "api" then
+  $strategy = ApiMode.new
+  $LOGGER = '{ "method": "pull" }'
+when "listen" then
+  $strategy = ListenerMode.new
+
+  $LOGGER = <<-JSON
+  {
+    "method": "push",
+    "url": "http://localhost:4567/api/v1/logs/#{$JOB_ID}",
+    "token": "jwtToken"
+  }
+  JSON
+
+  if !$AGENT_CONFIG
+    $AGENT_CONFIG = {
+      "endpoint" => "localhost:4567",
+      "token" => "321h1l2jkh1jk42341",
+      "no-https" => true,
+      "shutdown-hook-path" => "",
+      "disconnect-after-job" => false,
+      "env-vars" => [],
+      "files" => [],
+      "fail-on-missing-files" => false
+    }
+  end
+else
+  raise "Testing Mode not set"
+end
 
-$AGENT_PORT_IN_TESTS = 30000
+$strategy.boot_up_agent
 
 def start_job(request)
-  r = Tempfile.new
-  r.write(request)
-  r.close
+  $strategy.start_job(request)
+end
 
-  puts "============================"
-  puts "Sending job request to Agent"
+def stop_job
+  $strategy.stop_job()
+end
 
-  output = `curl -H "Authorization: Bearer #{$TOKEN}" --fail -X POST -k "https://0.0.0.0:30000/jobs" --data @#{r.path}`
+def wait_for_command_to_start(cmd)
+  $strategy.wait_for_command_to_start(cmd)
+end
 
-  abort "Failed to send: #{output}" if $?.exitstatus != 0
+def wait_for_job_to_finish
+  $strategy.wait_for_job_to_finish()
 end
 
-def stop_job
-  puts "============================"
-  puts "Stopping job..."
+def assert_job_log(expected_log)
+  $strategy.assert_job_log(expected_log)
+end
 
-  output = `curl -H "Authorization: Bearer #{$TOKEN}" --fail -X POST -k "https://0.0.0.0:30000/jobs/terminate"`
+def finished_callback_url
+  $strategy.finished_callback_url
+end
 
-  abort "Failed to stob job: #{output}" if $?.exitstatus != 0
+def teardown_callback_url
+  $strategy.teardown_callback_url
 end
 
-def wait_for_command_to_start(cmd)
-  puts "========================="
-  puts "Waiting for command to start '#{cmd}'"
+def shutdown_agent
+  $strategy.shutdown_agent
+end
 
-  Timeout.timeout(60 * 2) do
-    loop do
-      `curl -H "Authorization: Bearer #{$TOKEN}" --fail -k "https://0.0.0.0:30000/job_logs" | grep "#{cmd}"`
+def wait_for_agent_to_shutdown
+  $strategy.wait_for_agent_to_shutdown
+end
+
+def assert_artifact_is_compressed
+  puts "Checking if artifact is available and compressed"
 
+  # We give 20s for the artifact to appear here, to give the agent enough time
+  # to realize the "archivator" has reached out for the logs, and can close the logger.
+  Timeout.timeout(20) do
+    loop do
+      `artifact pull job agent/job_logs.txt.gz -f -d job_logs.gz && (gunzip -c job_logs.gz | tail -n1 | grep -q "Exporting SEMAPHORE_JOB_RESULT")`
       if $?.exitstatus == 0
+        puts "sucess: agent/job_logs.txt.gz exists and is compressed!"
         break
       else
-        sleep 1
+        print "."
+        sleep 2
       end
     end
   end
 end
 
-def wait_for_job_to_finish
-  puts "========================="
-  puts "Waiting for job to finish"
+def assert_artifact_is_available
+  puts "Checking if artifact is available"
 
-  Timeout.timeout(60 * 2) do
+  # We give 20s for the artifact to appear here, to give the agent enough time
+  # to realize the "archivator" has reached out for the logs, and can close the logger.
+  Timeout.timeout(20) do
     loop do
-      `curl -H "Authorization: Bearer #{$TOKEN}" --fail -k "https://0.0.0.0:30000/job_logs" | grep "job_finished"`
-
+      `artifact pull job agent/job_logs.txt`
       if $?.exitstatus == 0
+        puts "sucess: agent/job_logs.txt exists!"
         break
       else
-        sleep 1
+        print "."
+        sleep 2
       end
     end
   end
 end
 
-def assert_job_log(expected_log)
-  puts "========================="
-  puts "Asserting Job Logs"
-
-  actual_log = `curl -H "Authorization: Bearer #{$TOKEN}" -k "https://0.0.0.0:30000/jobs/#{$JOB_ID}/log"`
-
-  puts "-----------------------------------"
-  puts actual_log
-  puts "-----------------------------------"
+def assert_artifact_is_not_available
 
-  abort "Failed to fetch logs: #{actual_log}" if $?.exitstatus != 0
+  # We sleep here to make sure the agent has enough time to realize
+  # the "archivator" has reached out for the logs, and can close the logger.
+  puts "Waiting 20s to check if artifact exists..."
+  sleep 20
 
-  actual_log   = actual_log.split("\n").map(&:strip).reject(&:empty?)
-  expected_log = expected_log.split("\n").map(&:strip).reject(&:empty?)
-
-  index_in_actual_logs = 0
-  index_in_expected_logs = 0
-
-  while index_in_actual_logs < actual_log.length && index_in_expected_logs < expected_log.length
-    begin
-      puts "Comparing log lines Actual=#{index_in_actual_logs} Expected=#{index_in_expected_logs}"
-
-      expected_log_line = expected_log[index_in_expected_logs]
-      actual_log_line   = actual_log[index_in_actual_logs]
-
-      puts "  actual:   #{actual_log_line}"
-      puts "  expected: #{expected_log_line}"
-
-      actual_log_line_json = Hash[JSON.parse(actual_log_line).sort]
-
-      if expected_log_line =~ /\*\*\* LONG_OUTPUT \*\*\*/
-        if actual_log_line_json["event"] == "cmd_output"
-          # if we have a *** LONG_OUTPUT *** marker
-
-          # we go to next actual log line
-          # but we stay on the same expected log line
-
-          index_in_actual_logs += 1
-
-          next
-        else
-          # end of the LONG_OUTPUT marker, we increase the expected log line
-          # and in the next iteration we will compare regularly again
-          index_in_expected_logs += 1
-
-          next
-        end
-      else
-        # if there is no marker, we compare the JSONs
-        # we ignore the timestamps because they change every time
-
-        expected_log_line_json = Hash[JSON.parse(expected_log_line).sort]
-
-        if expected_log_line_json.keys != actual_log_line_json.keys
-          abort "(fail) JSON keys are different."
-        end
-
-        expected_log_line_json.keys.each do |key|
-          # Special case when we want to ignore only the output
-          # ignore expected entries with '*'
-
-          next if expected_log_line_json[key] == "*"
-
-          if expected_log_line_json[key] != actual_log_line_json[key]
-            abort "(fail) Values for '#{key}' are not equal."
-          end
-        end
-
-        index_in_actual_logs += 1
-        index_in_expected_logs += 1
-      end
-
-      puts "success"
-    rescue
-      puts ""
-      puts "Line Number: Actual=#{index_in_actual_logs} Expected=#{index_in_expected_logs}"
-      puts "Expected: '#{expected_log_line}'"
-      puts "Actual:   '#{actual_log_line}'"
-
-      abort "(fail) Failed to parse log line"
-    end
-  end
-
-  if index_in_actual_logs != actual_log.length
-    abort "(fail) There are unchecked log lines from the actual log"
+  `artifact pull job agent/job_logs.txt`
+  if $?.exitstatus == 0
+    abort "agent/job_logs.txt artifact exists, but shouldn't!"
+  else
+    puts "sucess: agent/job_logs.txt does not exist"
   end
+end
 
-  if index_in_expected_logs != expected_log.length
-    abort "(fail) There are unchecked log lines from the expected log"
-  end
+def bad_callback_url
+  "https://httpbingo.org/status/500"
 end
diff --git a/test/e2e/docker/broken_unicode.rb b/test/e2e/docker/broken_unicode.rb
index 798ffb09..44e0a65e 100644
--- a/test/e2e/docker/broken_unicode.rb
+++ b/test/e2e/docker/broken_unicode.rb
@@ -8,7 +8,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -16,7 +16,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -31,9 +31,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -59,8 +60,9 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"\ufffd\ufffd\ufffd\ufffd\ufffd"}
   {"event":"cmd_finished", "timestamp":"*", "directive": "echo | awk '{ printf(\\\"%c%c%c%c%c\\\", 150, 150, 150, 150, 150) }'","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
 
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/check_dev_kvm.rb b/test/e2e/docker/check_dev_kvm.rb
index adda9d36..f8cdf431 100644
--- a/test/e2e/docker/check_dev_kvm.rb
+++ b/test/e2e/docker/check_dev_kvm.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "semaphoreci/ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -29,36 +29,68 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
 wait_for_job_to_finish
 
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
-  *** LONG_OUTPUT ***
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"ls /dev | grep kvm"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"kvm\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"ls /dev | grep kvm","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
- 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"passed"}
-
-LOG
+case ENV["TEST_MODE"]
+when "api" then
+  assert_job_log <<-LOG
+    {"event":"job_started",  "timestamp":"*"}
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+    *** LONG_OUTPUT ***
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+    {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+    {"event":"cmd_started",  "timestamp":"*", "directive":"ls /dev | grep kvm"}
+    {"event":"cmd_output",   "timestamp":"*", "output":"kvm\\n"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"ls /dev | grep kvm","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+  
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+    {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+    {"event":"job_finished", "timestamp":"*", "result":"passed"}
+  LOG
+when "listen" then
+  assert_job_log <<-LOG
+    {"event":"job_started",  "timestamp":"*"}
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+    *** LONG_OUTPUT ***
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+    {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+    {"event":"cmd_started",  "timestamp":"*", "directive":"ls /dev | grep kvm"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"ls /dev | grep kvm","event":"cmd_finished","exit_code":1,"finished_at":"*","started_at":"*","timestamp":"*"}
+  
+    {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+    {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+    {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+  
+    {"event":"job_finished", "timestamp":"*", "result":"failed"}
+  LOG
+
+else
+  raise "Testing Mode not set"
+end
diff --git a/test/e2e/docker/command_aliases.rb b/test/e2e/docker/command_aliases.rb
index 5dbbcdb8..fd0d3ec3 100644
--- a/test/e2e/docker/command_aliases.rb
+++ b/test/e2e/docker/command_aliases.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -29,9 +29,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -55,7 +56,8 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"Running: echo Hello World\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"Display Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/compose_v1.rb b/test/e2e/docker/compose_v1.rb
new file mode 100644
index 00000000..a51e03c4
--- /dev/null
+++ b/test/e2e/docker/compose_v1.rb
@@ -0,0 +1,66 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:2.6"
+        }
+      ],
+      "host_setup_commands": [
+        { "directive": "apt purge -y docker-compose-plugin && rm -rf ~/.docker/cli-plugins/docker-compose" },
+        { "directive": "curl -sL 'https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64' -o /usr/local/bin/docker-compose" },
+        { "directive": "chmod +x /usr/local/bin/docker-compose" }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/docker/container_custom_name.rb b/test/e2e/docker/container_custom_name.rb
index b2f1c14c..66ceda59 100644
--- a/test/e2e/docker/container_custom_name.rb
+++ b/test/e2e/docker/container_custom_name.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,16 +13,16 @@
       "containers": [
         {
           "name": "myFavouriteContainer",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
 
     "env_vars": [
-      { "name": "A", "value": "#{`echo "hello" | base64`}" },
-      { "name": "B", "value": "#{`echo "how are you?" | base64`}" },
-      { "name": "C", "value": "#{`echo "quotes ' quotes" | base64`}" },
-      { "name": "D", "value": "#{`echo '$PATH:/etc/a' | base64`}" }
+      { "name": "A", "value": "#{`echo "hello" | base64 | tr -d '\n'`}" },
+      { "name": "B", "value": "#{`echo "how are you?" | base64 | tr -d '\n'`}" },
+      { "name": "C", "value": "#{`echo "quotes ' quotes" | base64 | tr -d '\n'`}" },
+      { "name": "D", "value": "#{`echo '$PATH:/etc/a' | base64 | tr -d '\n'`}" }
     ],
 
     "files": [],
@@ -37,9 +37,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -82,7 +83,9 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"$PATH:/etc/a\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo $D","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/container_env_vars.rb b/test/e2e/docker/container_env_vars.rb
index 31dfa32c..75ef22a8 100644
--- a/test/e2e/docker/container_env_vars.rb
+++ b/test/e2e/docker/container_env_vars.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,9 +13,9 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6",
+          "image": "registry.semaphoreci.com/ruby:2.6",
           "env_vars": [
-            { "name": "FOO", "value": "#{`echo "bar" | base64`}" }
+            { "name": "FOO", "value": "#{`echo "bar" | base64 | tr -d '\n'`}" }
           ]
         }
       ]
@@ -30,9 +30,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -59,7 +60,9 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"bar\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo $FOO","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/container_options.rb b/test/e2e/docker/container_options.rb
index 0d04a6e0..3774d8c3 100644
--- a/test/e2e/docker/container_options.rb
+++ b/test/e2e/docker/container_options.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,13 +13,13 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         },
         {
-            "name": "db",
-            "image": "postgres:9.6",
-            "user": "postgres",
-            "entrypoint": "/docker-entrypoint.sh"
+          "name": "db",
+          "image": "registry.semaphoreci.com/postgres:9.6",
+          "user": "postgres",
+          "entrypoint": "/docker-entrypoint.sh"
         }
       ]
     },
@@ -35,9 +35,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -60,7 +61,9 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/docker_in_docker.rb b/test/e2e/docker/docker_in_docker.rb
index 7723d3ef..adc3160d 100644
--- a/test/e2e/docker/docker_in_docker.rb
+++ b/test/e2e/docker/docker_in_docker.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "semaphoreci/ruby:2.6.2"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -29,9 +29,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -54,7 +55,9 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"docker run alpine uname 2>/dev/null | grep Linux"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Linux\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"docker run alpine uname 2>/dev/null | grep Linux","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/docker_private_image_ecr.rb b/test/e2e/docker/docker_private_image_ecr.rb
index 85bb18ea..92258afc 100644
--- a/test/e2e/docker/docker_private_image_ecr.rb
+++ b/test/e2e/docker/docker_private_image_ecr.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -20,10 +20,10 @@
       "image_pull_credentials": [
         {
           "env_vars": [
-            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.encode64("AWS_ECR")}" },
-            { "name": "AWS_REGION", "value": "#{Base64.encode64(ENV['AWS_REGION'])}" },
-            { "name": "AWS_ACCESS_KEY_ID", "value": "#{Base64.encode64(ENV['AWS_ACCESS_KEY_ID'])}" },
-            { "name": "AWS_SECRET_ACCESS_KEY", "value": "#{Base64.encode64(ENV['AWS_SECRET_ACCESS_KEY'])}" }
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("AWS_ECR")}" },
+            { "name": "AWS_REGION", "value": "#{Base64.strict_encode64(ENV['AWS_REGION'])}" },
+            { "name": "AWS_ACCESS_KEY_ID", "value": "#{Base64.strict_encode64(ENV['AWS_ACCESS_KEY_ID'])}" },
+            { "name": "AWS_SECRET_ACCESS_KEY", "value": "#{Base64.strict_encode64(ENV['AWS_SECRET_ACCESS_KEY'])}" }
           ]
         }
       ]
@@ -40,9 +40,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -54,13 +55,7 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"Setting up image pull credentials"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Setting up credentials for ECR\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"$(aws ecr get-login --no-include-email --region $AWS_REGION)\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"WARNING! Using --password via the CLI is insecure. Use --password-stdin.\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"WARNING! Your password will be stored unencrypted in /root/.docker/config.json.\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Configure a credential helper to remove this warning. See\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"https://docs.docker.com/engine/reference/commandline/login/#credentials-store\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Login Succeeded\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"\\n"}
+  *** LONG_OUTPUT ***
   {"event":"cmd_finished", "timestamp":"*", "directive":"Setting up image pull credentials", "exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
   {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
   *** LONG_OUTPUT ***
@@ -77,7 +72,8 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/docker_private_image_ecr_account_id.rb b/test/e2e/docker/docker_private_image_ecr_account_id.rb
new file mode 100644
index 00000000..89388218
--- /dev/null
+++ b/test/e2e/docker/docker_private_image_ecr_account_id.rb
@@ -0,0 +1,82 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+aws_account_id = ENV['AWS_ACCOUNT_ID']
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "#{ENV['AWS_IMAGE']}"
+        }
+      ],
+
+      "image_pull_credentials": [
+        {
+          "env_vars": [
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("AWS_ECR")}" },
+            { "name": "AWS_REGION", "value": "#{Base64.strict_encode64(ENV['AWS_REGION'])}" },
+            { "name": "AWS_ACCESS_KEY_ID", "value": "#{Base64.strict_encode64(ENV['AWS_ACCESS_KEY_ID'])}" },
+            { "name": "AWS_SECRET_ACCESS_KEY", "value": "#{Base64.strict_encode64(ENV['AWS_SECRET_ACCESS_KEY'])}" },
+            { "name": "AWS_ACCOUNT_ID", "value": "#{Base64.strict_encode64(aws_account_id)}" }
+          ]
+        }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Setting up image pull credentials"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Setting up credentials for ECR\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"$(aws ecr get-login --no-include-email --region $AWS_REGION --registry-ids #{aws_account_id})\\n"}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Setting up image pull credentials", "exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...", "exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/docker/docker_private_image_ecr_account_id_v2.rb b/test/e2e/docker/docker_private_image_ecr_account_id_v2.rb
new file mode 100644
index 00000000..d25f2ef8
--- /dev/null
+++ b/test/e2e/docker/docker_private_image_ecr_account_id_v2.rb
@@ -0,0 +1,87 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+aws_account_id = ENV['AWS_ACCOUNT_ID']
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "#{ENV['AWS_IMAGE']}"
+        }
+      ],
+
+      "image_pull_credentials": [
+        {
+          "env_vars": [
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("AWS_ECR")}" },
+            { "name": "AWS_REGION", "value": "#{Base64.strict_encode64(ENV['AWS_REGION'])}" },
+            { "name": "AWS_ACCESS_KEY_ID", "value": "#{Base64.strict_encode64(ENV['AWS_ACCESS_KEY_ID'])}" },
+            { "name": "AWS_SECRET_ACCESS_KEY", "value": "#{Base64.strict_encode64(ENV['AWS_SECRET_ACCESS_KEY'])}" },
+            { "name": "AWS_ACCOUNT_ID", "value": "#{Base64.strict_encode64(aws_account_id)}" }
+          ]
+        }
+      ],
+      "host_setup_commands": [
+        { "directive": "curl 'https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip' -o 'awscliv2.zip'" },
+        { "directive": "unzip awscliv2.zip" },
+        { "directive": "./aws/install" }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Setting up image pull credentials"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Setting up credentials for ECR\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin #{aws_account_id}.dkr.ecr.$AWS_REGION.amazonaws.com\\n"}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Setting up image pull credentials", "exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...", "exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/docker/docker_private_image_ecr_bad_creds.rb b/test/e2e/docker/docker_private_image_ecr_bad_creds.rb
index a4f729a1..7ac2f0ce 100644
--- a/test/e2e/docker/docker_private_image_ecr_bad_creds.rb
+++ b/test/e2e/docker/docker_private_image_ecr_bad_creds.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -20,10 +20,10 @@
       "image_pull_credentials": [
         {
           "env_vars": [
-            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.encode64("AWS_ECR")}" },
-            { "name": "AWS_REGION", "value": "#{Base64.encode64(ENV['AWS_REGION'])}" },
-            { "name": "AWS_ACCESS_KEY_ID", "value": "#{Base64.encode64("AAABBBCCCDDDEEEFFF")}" },
-            { "name": "AWS_SECRET_ACCESS_KEY", "value": "#{Base64.encode64('abcdefghijklmnop')}" }
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("AWS_ECR")}" },
+            { "name": "AWS_REGION", "value": "#{Base64.strict_encode64(ENV['AWS_REGION'])}" },
+            { "name": "AWS_ACCESS_KEY_ID", "value": "#{Base64.strict_encode64("AAABBBCCCDDDEEEFFF")}" },
+            { "name": "AWS_SECRET_ACCESS_KEY", "value": "#{Base64.strict_encode64('abcdefghijklmnop')}" }
           ]
         }
       ]
@@ -40,9 +40,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
diff --git a/test/e2e/docker/docker_private_image_ecr_v2.rb b/test/e2e/docker/docker_private_image_ecr_v2.rb
new file mode 100644
index 00000000..e431a850
--- /dev/null
+++ b/test/e2e/docker/docker_private_image_ecr_v2.rb
@@ -0,0 +1,86 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+aws_account_id = ENV['AWS_ACCOUNT_ID']
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "#{ENV['AWS_IMAGE']}"
+        }
+      ],
+
+      "image_pull_credentials": [
+        {
+          "env_vars": [
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("AWS_ECR")}" },
+            { "name": "AWS_REGION", "value": "#{Base64.strict_encode64(ENV['AWS_REGION'])}" },
+            { "name": "AWS_ACCESS_KEY_ID", "value": "#{Base64.strict_encode64(ENV['AWS_ACCESS_KEY_ID'])}" },
+            { "name": "AWS_SECRET_ACCESS_KEY", "value": "#{Base64.strict_encode64(ENV['AWS_SECRET_ACCESS_KEY'])}" }
+          ]
+        }
+      ],
+      "host_setup_commands": [
+        { "directive": "curl 'https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip' -o 'awscliv2.zip'" },
+        { "directive": "unzip awscliv2.zip" },
+        { "directive": "./aws/install" }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Setting up image pull credentials"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Setting up credentials for ECR\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin #{aws_account_id}.dkr.ecr.$AWS_REGION.amazonaws.com\\n"}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Setting up image pull credentials", "exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...", "exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/docker/docker_private_image_gcr.rb b/test/e2e/docker/docker_private_image_gcr.rb
index 105cb05f..7986f8d6 100644
--- a/test/e2e/docker/docker_private_image_gcr.rb
+++ b/test/e2e/docker/docker_private_image_gcr.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -20,8 +20,8 @@
       "image_pull_credentials": [
         {
           "env_vars": [
-            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.encode64("GCR")}" },
-            { "name": "GCR_HOSTNAME", "value": "#{Base64.encode64(ENV['GCR_HOSTNAME'])}" }
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("GCR")}" },
+            { "name": "GCR_HOSTNAME", "value": "#{Base64.strict_encode64(ENV['GCR_HOSTNAME'])}" }
           ],
           "files": [
             { "path": "/tmp/gcr/keyfile.json", "content": "#{ENV['GCR_KEYFILE']}", "mode": "0755" }
@@ -41,9 +41,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -54,12 +55,7 @@
   {"directive":"Setting up image pull credentials","event":"cmd_started","timestamp":"*"}
   {"event":"cmd_output","output":"Setting up credentials for GCR\\n","timestamp":"*"}
   {"event":"cmd_output","output":"cat /tmp/gcr/keyfile.json | docker login -u _json_key --password-stdin https://$GCR_HOSTNAME\\n","timestamp":"*"}
-  {"event":"cmd_output","output":"WARNING! Your password will be stored unencrypted in /root/.docker/config.json.\\n","timestamp":"*"}
-  {"event":"cmd_output","output":"Configure a credential helper to remove this warning. See\\n","timestamp":"*"}
-  {"event":"cmd_output","output":"https://docs.docker.com/engine/reference/commandline/login/#credentials-store\\n","timestamp":"*"}
-  {"event":"cmd_output","output":"\\n","timestamp":"*"}
-  {"event":"cmd_output","output":"Login Succeeded\\n","timestamp":"*"}
-  {"event":"cmd_output","output":"\\n","timestamp":"*"}
+  *** LONG_OUTPUT ***
   {"directive":"Setting up image pull credentials","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
   {"directive":"Pulling docker images...","event":"cmd_started","timestamp":"*"}
   *** LONG_OUTPUT ***
@@ -76,7 +72,9 @@
   {"directive":"echo Hello World","event":"cmd_started","timestamp":"*"}
   {"event":"cmd_output","output":"Hello World\\n","timestamp":"*"}
   {"directive":"echo Hello World","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
-  {"directive":"export SEMAPHORE_JOB_RESULT=passed","event":"cmd_started","timestamp":"*"}
-  {"directive":"export SEMAPHORE_JOB_RESULT=passed","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished","result":"passed","timestamp":"*"}
 LOG
diff --git a/test/e2e/docker/docker_private_image_gcr_bad_creds.rb b/test/e2e/docker/docker_private_image_gcr_bad_creds.rb
index a67d86b2..fc6b9a5f 100644
--- a/test/e2e/docker/docker_private_image_gcr_bad_creds.rb
+++ b/test/e2e/docker/docker_private_image_gcr_bad_creds.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -20,8 +20,8 @@
       "image_pull_credentials": [
         {
           "env_vars": [
-            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.encode64("GCR")}" },
-            { "name": "GCR_HOSTNAME", "value": "#{Base64.encode64(ENV['GCR_HOSTNAME'])}" }
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("GCR")}" },
+            { "name": "GCR_HOSTNAME", "value": "#{Base64.strict_encode64(ENV['GCR_HOSTNAME'])}" }
           ],
           "files": [
             { "path": "/tmp/gcr/keyfile.json", "content": "#{ENV['GCR_KEYFILE_BAD']}", "mode": "0755" }
@@ -41,9 +41,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -54,7 +55,7 @@
   {"directive":"Setting up image pull credentials","event":"cmd_started","timestamp":"*"}
   {"event":"cmd_output","output":"Setting up credentials for GCR\\n","timestamp":"*"}
   {"event":"cmd_output","output":"cat /tmp/gcr/keyfile.json | docker login -u _json_key --password-stdin https://$GCR_HOSTNAME\\n","timestamp":"*"}
-  {"event":"cmd_output","output":"Error response from daemon: Get https://gcr.io/v2/: unauthorized: GCR login failed. You may have invalid credentials. To login successfully, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication\\n","timestamp":"*"}
+  {"event":"cmd_output","output":"Error response from daemon: Get \\"https://us-east4-docker.pkg.dev/v2/\\": unauthorized: authentication failed\\n","timestamp":"*"}
   {"event":"cmd_output","output":"\\n","timestamp":"*"}
   {"directive":"Setting up image pull credentials","event":"cmd_finished","exit_code":1,"finished_at":"*","started_at":"*","timestamp":"*"}
   {"event":"job_finished","result":"failed","timestamp":"*"}
diff --git a/test/e2e/docker/docker_registry_private_image.rb b/test/e2e/docker/docker_registry_private_image.rb
index 12b8471c..4e5c9f9a 100644
--- a/test/e2e/docker/docker_registry_private_image.rb
+++ b/test/e2e/docker/docker_registry_private_image.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -20,10 +20,10 @@
       "image_pull_credentials": [
         {
           "env_vars": [
-            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.encode64("GenericDocker")}" },
-            { "name": "DOCKER_URL", "value": "#{Base64.encode64(ENV['DOCKER_URL'])}" },
-            { "name": "DOCKER_USERNAME", "value": "#{Base64.encode64(ENV['DOCKER_USERNAME'])}" },
-            { "name": "DOCKER_PASSWORD", "value": "#{Base64.encode64(ENV['DOCKER_PASSWORD'])}" }
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("GenericDocker")}" },
+            { "name": "DOCKER_URL", "value": "#{Base64.strict_encode64(ENV['DOCKER_URL'])}" },
+            { "name": "DOCKER_USERNAME", "value": "#{Base64.strict_encode64(ENV['DOCKER_USERNAME'])}" },
+            { "name": "DOCKER_PASSWORD", "value": "#{Base64.strict_encode64(ENV['DOCKER_PASSWORD'])}" }
           ]
         }
       ]
@@ -40,9 +40,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -54,10 +55,11 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"Setting up image pull credentials"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Setting up credentials for Docker\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"docker login -u \\"$DOCKER_USERNAME\\" -p \\"$DOCKER_PASSWORD\\" $DOCKER_URL\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"WARNING! Using --password via the CLI is insecure. Use --password-stdin.\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"WARNING! Your password will be stored unencrypted in /root/.docker/config.json.\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"WARNING! Using --password via the CLI is insecure. Use --password-stdin.\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"WARNING! Your credentials are stored unencrypted in /root/.docker/config.json.\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Configure a credential helper to remove this warning. See\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"https://docs.docker.com/engine/reference/commandline/login/#credentials-store\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"https://docs.docker.com/go/credential-store/\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Login Succeeded\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"\\n"}
@@ -79,7 +81,9 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/docker_registry_private_image_bad_creds.rb b/test/e2e/docker/docker_registry_private_image_bad_creds.rb
index 6a25857a..d2270ac2 100644
--- a/test/e2e/docker/docker_registry_private_image_bad_creds.rb
+++ b/test/e2e/docker/docker_registry_private_image_bad_creds.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -20,10 +20,10 @@
       "image_pull_credentials": [
         {
           "env_vars": [
-            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.encode64("GenericDocker")}" },
-            { "name": "DOCKER_URL", "value": "#{Base64.encode64(ENV['DOCKER_URL'])}" },
-            { "name": "DOCKER_USERNAME", "value": "#{Base64.encode64("lasagna")}" },
-            { "name": "DOCKER_PASSWORD", "value": "#{Base64.encode64("spaghetti")}" }
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("GenericDocker")}" },
+            { "name": "DOCKER_URL", "value": "#{Base64.strict_encode64(ENV['DOCKER_URL'])}" },
+            { "name": "DOCKER_USERNAME", "value": "#{Base64.strict_encode64("lasagna")}" },
+            { "name": "DOCKER_PASSWORD", "value": "#{Base64.strict_encode64("spaghetti")}" }
           ]
         }
       ]
@@ -40,9 +40,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
diff --git a/test/e2e/docker/dockerhub_private_image.rb b/test/e2e/docker/dockerhub_private_image.rb
index 16721ffb..6f0b5b06 100644
--- a/test/e2e/docker/dockerhub_private_image.rb
+++ b/test/e2e/docker/dockerhub_private_image.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -20,9 +20,9 @@
       "image_pull_credentials": [
         {
           "env_vars": [
-            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.encode64("DockerHub")}" },
-            { "name": "DOCKERHUB_USERNAME", "value": "#{Base64.encode64("semaphoreagentprivatepuller")}" },
-            { "name": "DOCKERHUB_PASSWORD", "value": "#{Base64.encode64("semaphoreagentprivatepullerpassword")}" }
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("DockerHub")}" },
+            { "name": "DOCKERHUB_USERNAME", "value": "#{Base64.strict_encode64(ENV['DOCKERHUB_USERNAME'])}" },
+            { "name": "DOCKERHUB_PASSWORD", "value": "#{Base64.strict_encode64(ENV['DOCKERHUB_TOKEN'])}" }
           ]
         }
       ]
@@ -39,9 +39,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -53,12 +54,7 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"Setting up image pull credentials"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Setting up credentials for DockerHub\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"echo $DOCKERHUB_PASSWORD | docker login --username $DOCKERHUB_USERNAME --password-stdin\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"WARNING! Your password will be stored unencrypted in /root/.docker/config.json.\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Configure a credential helper to remove this warning. See\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"https://docs.docker.com/engine/reference/commandline/login/#credentials-store\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Login Succeeded\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"\\n"}
+  *** LONG_OUTPUT ***
 
   {"event":"cmd_finished", "timestamp":"*", "directive":"Setting up image pull credentials", "event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
 
@@ -77,7 +73,9 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/dockerhub_private_image_bad_creds.rb b/test/e2e/docker/dockerhub_private_image_bad_creds.rb
index bf12f812..4e655ac5 100644
--- a/test/e2e/docker/dockerhub_private_image_bad_creds.rb
+++ b/test/e2e/docker/dockerhub_private_image_bad_creds.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -20,9 +20,9 @@
       "image_pull_credentials": [
         {
           "env_vars": [
-            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.encode64("DockerHub")}" },
-            { "name": "DOCKERHUB_USERNAME", "value": "#{Base64.encode64("lasagna")}" },
-            { "name": "DOCKERHUB_PASSWORD", "value": "#{Base64.encode64("spaghetti")}" }
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("DockerHub")}" },
+            { "name": "DOCKERHUB_USERNAME", "value": "#{Base64.strict_encode64("lasagna")}" },
+            { "name": "DOCKERHUB_PASSWORD", "value": "#{Base64.strict_encode64("spaghetti")}" }
           ]
         }
       ]
@@ -39,9 +39,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -53,7 +54,7 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"Setting up image pull credentials"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Setting up credentials for DockerHub\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"echo $DOCKERHUB_PASSWORD | docker login --username $DOCKERHUB_USERNAME --password-stdin\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Error response from daemon: Get \\"https://registry-1.docker.io/v2/\\": unauthorized: incorrect username or password\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"\\n"}
 
   {"event":"cmd_finished", "timestamp":"*", "directive":"Setting up image pull credentials", "event":"cmd_finished","exit_code":1,"finished_at":"*","started_at":"*","timestamp":"*"}
diff --git a/test/e2e/docker/env_vars.rb b/test/e2e/docker/env_vars.rb
index 63e02dea..21b7af17 100644
--- a/test/e2e/docker/env_vars.rb
+++ b/test/e2e/docker/env_vars.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,16 +13,16 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
 
     "env_vars": [
-      { "name": "A", "value": "#{`echo "hello" | base64`}" },
-      { "name": "B", "value": "#{`echo "how are you?" | base64`}" },
-      { "name": "C", "value": "#{`echo "quotes ' quotes" | base64`}" },
-      { "name": "D", "value": "#{`echo '$PATH:/etc/a' | base64`}" }
+      { "name": "A", "value": "#{`echo "hello" | base64 | tr -d '\n'`}" },
+      { "name": "B", "value": "#{`echo "how are you?" | base64 | tr -d '\n'`}" },
+      { "name": "C", "value": "#{`echo "quotes ' quotes" | base64 | tr -d '\n'`}" },
+      { "name": "D", "value": "#{`echo '$PATH:/etc/a' | base64 | tr -d '\n'`}" }
     ],
 
     "files": [],
@@ -37,9 +37,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -82,7 +83,9 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"$PATH:/etc/a\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo $D","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/epilogue_on_fail.rb b/test/e2e/docker/epilogue_on_fail.rb
index b6c64e59..5080a5b3 100644
--- a/test/e2e/docker/epilogue_on_fail.rb
+++ b/test/e2e/docker/epilogue_on_fail.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -27,21 +27,22 @@
     ],
 
     "epilogue_always_commands": [
-      { "directive": "echo Hello Epilogue" }
+      { "directive": "echo Hello Epilogue $SEMAPHORE_JOB_RESULT" }
     ],
 
     "epilogue_on_pass_commands": [
-      { "directive": "echo Hello On Pass Epilogue" }
+      { "directive": "echo Hello On Pass Epilogue $SEMAPHORE_JOB_RESULT" }
     ],
 
     "epilogue_on_fail_commands": [
-      { "directive": "echo Hello On Fail Epilogue" }
+      { "directive": "echo Hello On Fail Epilogue $SEMAPHORE_JOB_RESULT" }
     ],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -66,16 +67,17 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"false"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"false","exit_code":1,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello Epilogue"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello Epilogue\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello Epilogue","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello Epilogue $SEMAPHORE_JOB_RESULT"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello Epilogue failed\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello Epilogue $SEMAPHORE_JOB_RESULT","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello On Fail Epilogue"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello On Fail Epilogue\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello On Fail Epilogue","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello On Fail Epilogue $SEMAPHORE_JOB_RESULT"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello On Fail Epilogue failed\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello On Fail Epilogue $SEMAPHORE_JOB_RESULT","exit_code":0,"finished_at":"*","started_at":"*"}
 
   {"event":"job_finished", "timestamp":"*", "result":"failed"}
 LOG
diff --git a/test/e2e/docker/epilogue_on_pass.rb b/test/e2e/docker/epilogue_on_pass.rb
index 1d2ac0c8..9969efa3 100644
--- a/test/e2e/docker/epilogue_on_pass.rb
+++ b/test/e2e/docker/epilogue_on_pass.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -27,21 +27,22 @@
     ],
 
     "epilogue_always_commands": [
-      { "directive": "echo Hello Epilogue" }
+      { "directive": "echo Hello Epilogue $SEMAPHORE_JOB_RESULT" }
     ],
 
     "epilogue_on_pass_commands": [
-      { "directive": "echo Hello On Pass Epilogue" }
+      { "directive": "echo Hello On Pass Epilogue $SEMAPHORE_JOB_RESULT" }
     ],
 
     "epilogue_on_fail_commands": [
-      { "directive": "echo Hello On Fail Epilogue" }
+      { "directive": "echo Hello On Fail Epilogue $SEMAPHORE_JOB_RESULT" }
     ],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -67,16 +68,17 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello Epilogue"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello Epilogue\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello Epilogue","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello Epilogue $SEMAPHORE_JOB_RESULT"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello Epilogue passed\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello Epilogue $SEMAPHORE_JOB_RESULT","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello On Pass Epilogue"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello On Pass Epilogue\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello On Pass Epilogue","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello On Pass Epilogue $SEMAPHORE_JOB_RESULT"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello On Pass Epilogue passed\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello On Pass Epilogue $SEMAPHORE_JOB_RESULT","exit_code":0,"finished_at":"*","started_at":"*"}
 
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/failed_job.rb b/test/e2e/docker/failed_job.rb
index 6c828e8a..61fc5616 100644
--- a/test/e2e/docker/failed_job.rb
+++ b/test/e2e/docker/failed_job.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -29,9 +29,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -53,7 +54,9 @@
   {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
   {"event":"cmd_started",  "timestamp":"*", "directive":"false"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"false","exit_code":1,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"failed"}
 LOG
diff --git a/test/e2e/docker/file_injection.rb b/test/e2e/docker/file_injection.rb
index bc6c0553..da28006c 100644
--- a/test/e2e/docker/file_injection.rb
+++ b/test/e2e/docker/file_injection.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -21,9 +21,9 @@
     "env_vars": [],
 
     "files": [
-      { "path": "test.txt", "content": "#{`echo "hello" | base64`}", "mode": "0644" },
-      { "path": "/a/b/c",   "content": "#{`echo "hello" | base64`}", "mode": "0644" },
-      { "path": "/tmp/a",   "content": "#{`echo "hello" | base64`}", "mode": "+x" }
+      { "path": "test.txt", "content": "#{`echo "hello" | base64 | tr -d '\n'`}", "mode": "0644" },
+      { "path": "/a/b/c",   "content": "#{`echo "hello" | base64 | tr -d '\n'`}", "mode": "0644" },
+      { "path": "/tmp/a",   "content": "#{`echo "hello" | base64 | tr -d '\n'`}", "mode": "0600" }
     ],
 
     "commands": [
@@ -35,9 +35,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -60,7 +61,7 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Injecting test.txt with file mode 0644\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Injecting /a/b/c with file mode 0644\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Injecting /tmp/a with file mode +x\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Injecting /tmp/a with file mode 0600\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
 
   {"event":"cmd_started",  "timestamp":"*", "directive":"cat test.txt"}
@@ -72,10 +73,12 @@
   {"event":"cmd_finished", "timestamp":"*", "directive":"cat /a/b/c","exit_code":0,"finished_at":"*","started_at":"*"}
 
   {"event":"cmd_started",  "timestamp":"*", "directive":"stat -c '%a' /tmp/a"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"755\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"600\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"stat -c '%a' /tmp/a","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/file_injection_broken_file_mode.rb b/test/e2e/docker/file_injection_broken_file_mode.rb
index c22c0b16..82f78d4b 100644
--- a/test/e2e/docker/file_injection_broken_file_mode.rb
+++ b/test/e2e/docker/file_injection_broken_file_mode.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -21,7 +21,7 @@
     "env_vars": [],
 
     "files": [
-      { "path": "test.txt", "content": "#{`echo "hello" | base64`}", "mode": "obviously broken" }
+      { "path": "test.txt", "content": "#{`echo "hello" | base64 | tr -d '\n'`}", "mode": "obviously broken" }
     ],
 
     "commands": [
@@ -33,9 +33,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -60,7 +61,9 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"Failed to set file mode to obviously broken\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":1,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"failed"}
 LOG
diff --git a/test/e2e/docker/hello_world.rb b/test/e2e/docker/hello_world.rb
index 4a845a61..4afb9d57 100644
--- a/test/e2e/docker/hello_world.rb
+++ b/test/e2e/docker/hello_world.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -29,9 +29,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -54,7 +55,9 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/host_setup_commands.rb b/test/e2e/docker/host_setup_commands.rb
index f34259a2..fb874518 100644
--- a/test/e2e/docker/host_setup_commands.rb
+++ b/test/e2e/docker/host_setup_commands.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ],
       "host_setup_commands": [
@@ -32,9 +32,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -57,7 +58,9 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/job_logs_as_artifact.rb b/test/e2e/docker/job_logs_as_artifact.rb
new file mode 100644
index 00000000..e0716375
--- /dev/null
+++ b/test/e2e/docker/job_logs_as_artifact.rb
@@ -0,0 +1,98 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "upload-job-logs" => "always"
+}
+
+
+require_relative '../../e2e'
+
+# Here, we use the SEMAPHORE_JOB_ID as the job ID for this test.
+$JOB_ID = ENV["SEMAPHORE_JOB_ID"]
+
+# Additionally, we pass the artifact related environment variables
+# to the job, so that it can upload the job logs as an artifact after the job is done.
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "dockercompose",
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:2.6"
+        }
+      ]
+    },
+    "env_vars": [
+      { "name": "SEMAPHORE_JOB_ID", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_JOB_ID"])}" },
+      { "name": "SEMAPHORE_ORGANIZATION_URL", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ORGANIZATION_URL"])}" },
+      { "name": "SEMAPHORE_ARTIFACT_TOKEN", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ARTIFACT_TOKEN"])}" },
+      { "name": "SEMAPHORE_AGENT_UPLOAD_JOB_LOGS", "value": "#{Base64.strict_encode64("always")}" }
+    ],
+    "files": [],
+    "commands": [
+      { "directive": "for i in {1..10}; do echo \\\"[$i] this is some output, just for testing purposes\\\" && sleep 1; done" }
+    ],
+    "epilogue_always_commands": [],
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_AGENT_UPLOAD_JOB_LOGS\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ARTIFACT_TOKEN\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_ID\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ORGANIZATION_URL\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[1] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[2] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[3] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[4] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[5] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[6] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[7] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[8] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[9] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[10] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
+
+assert_artifact_is_available
\ No newline at end of file
diff --git a/test/e2e/docker/job_stopping.rb b/test/e2e/docker/job_stopping.rb
index 5cc72a70..ef763262 100644
--- a/test/e2e/docker/job_stopping.rb
+++ b/test/e2e/docker/job_stopping.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -30,9 +30,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -61,6 +62,7 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
   {"event":"cmd_started",  "timestamp":"*", "directive":"sleep infinity"}
+  *** LONG_OUTPUT ***
   {"event":"cmd_finished", "timestamp":"*", "directive":"sleep infinity","exit_code":1,"finished_at":"*","started_at":"*"}
   {"event":"job_finished", "timestamp":"*", "result":"stopped"}
 LOG
diff --git a/test/e2e/shell/job_stopping.rb b/test/e2e/docker/job_stopping_on_epilogue.rb
similarity index 56%
rename from test/e2e/shell/job_stopping.rb
rename to test/e2e/docker/job_stopping_on_epilogue.rb
index 99f28735..325b0aac 100644
--- a/test/e2e/shell/job_stopping.rb
+++ b/test/e2e/docker/job_stopping_on_epilogue.rb
@@ -5,23 +5,25 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "env_vars": [],
 
     "files": [],
 
     "commands": [
-      { "directive": "sleep infinity" },
       { "directive": "echo 'here'" }
     ],
 
-    "epilogue_always_commands": [],
+    "epilogue_always_commands": [
+      { "directive": "sleep infinity" }
+    ],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -39,6 +41,13 @@
   {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
   {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo 'here'"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"here\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo 'here'","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"cmd_started",  "timestamp":"*", "directive":"sleep infinity"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"sleep infinity","exit_code":1,"finished_at":"*","started_at":"*"}
   {"event":"job_finished", "timestamp":"*", "result":"stopped"}
diff --git a/test/e2e/docker/multiple_containers.rb b/test/e2e/docker/multiple_containers.rb
index 090fc7bd..5aa16370 100644
--- a/test/e2e/docker/multiple_containers.rb
+++ b/test/e2e/docker/multiple_containers.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,11 +13,11 @@
       "containers": [
         {
           "name": "main",
-          "image": "semaphoreci/ubuntu:18.04"
+          "image": "registry.semaphoreci.com/ubuntu:20.04"
         },
         {
           "name": "db",
-          "image": "postgres:9.6"
+          "image": "registry.semaphoreci.com/postgres:9.6"
         }
       ]
     },
@@ -27,15 +27,16 @@
     "files": [],
 
     "commands": [
-      { "directive": "docker ps -a | grep db | wc -l" }
+      { "directive": "docker ps -a | grep postgres | wc -l" }
     ],
 
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -55,10 +56,12 @@
   {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
   {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"docker ps -a | grep db | wc -l"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"docker ps -a | grep postgres | wc -l"}
   {"event":"cmd_output",   "timestamp":"*", "output":"1\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"docker ps -a | grep db | wc -l","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"docker ps -a | grep postgres | wc -l","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/no_bash.rb b/test/e2e/docker/no_bash.rb
index b0723a5c..db909172 100644
--- a/test/e2e/docker/no_bash.rb
+++ b/test/e2e/docker/no_bash.rb
@@ -14,7 +14,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -38,9 +38,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
diff --git a/test/e2e/docker/non_existing_image.rb b/test/e2e/docker/non_existing_image.rb
index c3488db3..13009782 100644
--- a/test/e2e/docker/non_existing_image.rb
+++ b/test/e2e/docker/non_existing_image.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -29,9 +29,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
diff --git a/test/e2e/docker/ssh_jump_points.rb b/test/e2e/docker/ssh_jump_points.rb
index 4fecb840..91fe1ce9 100644
--- a/test/e2e/docker/ssh_jump_points.rb
+++ b/test/e2e/docker/ssh_jump_points.rb
@@ -37,7 +37,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "ssh_public_keys": [
       "#{public_key}"
@@ -49,7 +49,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -65,9 +65,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
diff --git a/test/e2e/docker/stty_restoration.rb b/test/e2e/docker/stty_restoration.rb
index 3e1fe237..57c067f0 100644
--- a/test/e2e/docker/stty_restoration.rb
+++ b/test/e2e/docker/stty_restoration.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -30,9 +30,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -62,8 +63,9 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
 
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/unicode.rb b/test/e2e/docker/unicode.rb
index 575db2c7..81ef049c 100644
--- a/test/e2e/docker/unicode.rb
+++ b/test/e2e/docker/unicode.rb
@@ -8,7 +8,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -16,7 +16,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -32,9 +32,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -55,13 +56,11 @@
   {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
   {"event":"cmd_started",  "timestamp":"*", "directive":"echo 特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。"}
-
-  {"event":"cmd_output",   "timestamp":"*", "output":"特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"語の由来については諸説存在し。特定の伝説に拠る物語の由来については"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"諸説存在し。\\n"}
-
+  {"event":"cmd_output",   "timestamp":"*", "output":"特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo 特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/docker/unknown_command.rb b/test/e2e/docker/unknown_command.rb
index f52f63e1..6fed1fd4 100644
--- a/test/e2e/docker/unknown_command.rb
+++ b/test/e2e/docker/unknown_command.rb
@@ -5,7 +5,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "executor": "dockercompose",
 
@@ -13,7 +13,7 @@
       "containers": [
         {
           "name": "main",
-          "image": "ruby:2.6"
+          "image": "registry.semaphoreci.com/ruby:2.6"
         }
       ]
     },
@@ -29,9 +29,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -56,7 +57,9 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"bash: echhhho: command not found\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echhhho Hello World","exit_code":127,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"failed"}
 LOG
diff --git a/test/e2e/hosted/job_logs_as_artifact_always.rb b/test/e2e/hosted/job_logs_as_artifact_always.rb
new file mode 100644
index 00000000..1cd412f6
--- /dev/null
+++ b/test/e2e/hosted/job_logs_as_artifact_always.rb
@@ -0,0 +1,71 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+# Here, we use the SEMAPHORE_JOB_ID as the job ID for this test.
+$JOB_ID = ENV["SEMAPHORE_JOB_ID"]
+
+# Additionally, we pass the artifact related environment variables
+# to the job, so that it can upload the job logs as an artifact after the job is done.
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "shell",
+    "env_vars": [
+      { "name": "SEMAPHORE_JOB_ID", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_JOB_ID"])}" },
+      { "name": "SEMAPHORE_ORGANIZATION_URL", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ORGANIZATION_URL"])}" },
+      { "name": "SEMAPHORE_ARTIFACT_TOKEN", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ARTIFACT_TOKEN"])}" },
+      { "name": "SEMAPHORE_AGENT_UPLOAD_JOB_LOGS", "value": "#{Base64.strict_encode64("always")}" }
+    ],
+    "files": [],
+    "commands": [
+      { "directive": "for i in {1..10}; do echo \\\"[$i] this is some output, just for testing purposes\\\" && sleep 1; done" }
+    ],
+    "epilogue_always_commands": [],
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": {
+      "method": "pull"
+    }
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_AGENT_UPLOAD_JOB_LOGS\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ARTIFACT_TOKEN\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_ID\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ORGANIZATION_URL\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[1] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[2] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[3] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[4] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[5] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[6] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[7] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[8] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[9] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[10] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
+
+assert_artifact_is_available
\ No newline at end of file
diff --git a/test/e2e/hosted/job_logs_as_artifact_compressed.rb b/test/e2e/hosted/job_logs_as_artifact_compressed.rb
new file mode 100644
index 00000000..d864d10d
--- /dev/null
+++ b/test/e2e/hosted/job_logs_as_artifact_compressed.rb
@@ -0,0 +1,62 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+# Here, we use the SEMAPHORE_JOB_ID as the job ID for this test.
+$JOB_ID = ENV["SEMAPHORE_JOB_ID"]
+
+# Additionally, we pass the artifact related environment variables
+# to the job, so that it can upload the job logs as an artifact after the job is done.
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "shell",
+    "env_vars": [
+      { "name": "SEMAPHORE_JOB_ID", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_JOB_ID"])}" },
+      { "name": "SEMAPHORE_ORGANIZATION_URL", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ORGANIZATION_URL"])}" },
+      { "name": "SEMAPHORE_ARTIFACT_TOKEN", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ARTIFACT_TOKEN"])}" },
+      { "name": "SEMAPHORE_AGENT_UPLOAD_JOB_LOGS", "value": "#{Base64.strict_encode64("always")}" }
+    ],
+    "files": [],
+    "commands": [
+      { "directive": "for i in $(seq 1 5000); do echo \\\"${i} $(LC_ALL=C tr -dc 'A-Za-z0-9!#$%&()*+,-./:;<=>?@^_{|}~' </dev/urandom | head -c 256)\\\"; done" }
+    ],
+    "epilogue_always_commands": [],
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": {
+      "method": "pull"
+    }
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_AGENT_UPLOAD_JOB_LOGS\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ARTIFACT_TOKEN\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_ID\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ORGANIZATION_URL\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"for i in $(seq 1 5000); do echo \\\"${i} $(LC_ALL=C tr -dc 'A-Za-z0-9!#$%&()*+,-./:;<=>?@^_{|}~' </dev/urandom | head -c 256)\\\"; done"}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"for i in $(seq 1 5000); do echo \\\"${i} $(LC_ALL=C tr -dc 'A-Za-z0-9!#$%&()*+,-./:;<=>?@^_{|}~' </dev/urandom | head -c 256)\\\"; done","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
+
+assert_artifact_is_compressed
diff --git a/test/e2e/hosted/job_logs_as_artifact_default.rb b/test/e2e/hosted/job_logs_as_artifact_default.rb
new file mode 100644
index 00000000..5281c5db
--- /dev/null
+++ b/test/e2e/hosted/job_logs_as_artifact_default.rb
@@ -0,0 +1,70 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+# Here, we use the SEMAPHORE_JOB_ID as the job ID for this test.
+$JOB_ID = ENV["SEMAPHORE_JOB_ID"]
+
+# Additionally, we pass the artifact related environment variables
+# to the job, so that it can upload the job logs as an artifact after the job is done.
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "shell",
+    "env_vars": [
+      { "name": "SEMAPHORE_JOB_ID", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_JOB_ID"])}" },
+      { "name": "SEMAPHORE_ORGANIZATION_URL", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ORGANIZATION_URL"])}" },
+      { "name": "SEMAPHORE_ARTIFACT_TOKEN", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ARTIFACT_TOKEN"])}" }
+    ],
+    "files": [],
+    "commands": [
+      { "directive": "for i in {1..10}; do echo \\\"[$i] this is some output, just for testing purposes\\\" && sleep 1; done" }
+    ],
+    "epilogue_always_commands": [],
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": {
+      "method": "pull",
+      "max_size_in_bytes": 100
+    }
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ARTIFACT_TOKEN\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_ID\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ORGANIZATION_URL\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[1] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[2] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[3] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[4] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[5] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[6] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[7] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[8] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[9] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[10] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
+
+assert_artifact_is_not_available
\ No newline at end of file
diff --git a/test/e2e/hosted/job_logs_as_artifact_never.rb b/test/e2e/hosted/job_logs_as_artifact_never.rb
new file mode 100644
index 00000000..de1cef35
--- /dev/null
+++ b/test/e2e/hosted/job_logs_as_artifact_never.rb
@@ -0,0 +1,72 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+# Here, we use the SEMAPHORE_JOB_ID as the job ID for this test.
+$JOB_ID = ENV["SEMAPHORE_JOB_ID"]
+
+# Additionally, we pass the artifact related environment variables
+# to the job, so that it can upload the job logs as an artifact after the job is done.
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "shell",
+    "env_vars": [
+      { "name": "SEMAPHORE_JOB_ID", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_JOB_ID"])}" },
+      { "name": "SEMAPHORE_ORGANIZATION_URL", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ORGANIZATION_URL"])}" },
+      { "name": "SEMAPHORE_ARTIFACT_TOKEN", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ARTIFACT_TOKEN"])}" },
+      { "name": "SEMAPHORE_AGENT_UPLOAD_JOB_LOGS", "value": "#{Base64.strict_encode64("never")}" }
+    ],
+    "files": [],
+    "commands": [
+      { "directive": "for i in {1..10}; do echo \\\"[$i] this is some output, just for testing purposes\\\" && sleep 1; done" }
+    ],
+    "epilogue_always_commands": [],
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": {
+      "method": "pull",
+      "max_size_in_bytes": 100
+    }
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_AGENT_UPLOAD_JOB_LOGS\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ARTIFACT_TOKEN\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_ID\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ORGANIZATION_URL\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[1] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[2] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[3] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[4] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[5] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[6] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[7] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[8] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[9] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[10] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
+
+assert_artifact_is_not_available
\ No newline at end of file
diff --git a/test/e2e/hosted/job_logs_as_artifact_not_trimmed.rb b/test/e2e/hosted/job_logs_as_artifact_not_trimmed.rb
new file mode 100644
index 00000000..08ffcb01
--- /dev/null
+++ b/test/e2e/hosted/job_logs_as_artifact_not_trimmed.rb
@@ -0,0 +1,72 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+# Here, we use the SEMAPHORE_JOB_ID as the job ID for this test.
+$JOB_ID = ENV["SEMAPHORE_JOB_ID"]
+
+# Additionally, we pass the artifact related environment variables
+# to the job, so that it can upload the job logs as an artifact after the job is done.
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "shell",
+    "env_vars": [
+      { "name": "SEMAPHORE_JOB_ID", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_JOB_ID"])}" },
+      { "name": "SEMAPHORE_ORGANIZATION_URL", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ORGANIZATION_URL"])}" },
+      { "name": "SEMAPHORE_ARTIFACT_TOKEN", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ARTIFACT_TOKEN"])}" },
+      { "name": "SEMAPHORE_AGENT_UPLOAD_JOB_LOGS", "value": "#{Base64.strict_encode64("when-trimmed")}" }
+    ],
+    "files": [],
+    "commands": [
+      { "directive": "for i in {1..10}; do echo \\\"[$i] this is some output, just for testing purposes\\\" && sleep 1; done" }
+    ],
+    "epilogue_always_commands": [],
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": {
+      "method": "pull",
+      "max_size_in_bytes": 1048576
+    }
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_AGENT_UPLOAD_JOB_LOGS\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ARTIFACT_TOKEN\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_ID\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ORGANIZATION_URL\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[1] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[2] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[3] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[4] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[5] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[6] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[7] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[8] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[9] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[10] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
+
+assert_artifact_is_not_available
\ No newline at end of file
diff --git a/test/e2e/hosted/job_logs_as_artifact_trimmed.rb b/test/e2e/hosted/job_logs_as_artifact_trimmed.rb
new file mode 100644
index 00000000..2003fafc
--- /dev/null
+++ b/test/e2e/hosted/job_logs_as_artifact_trimmed.rb
@@ -0,0 +1,72 @@
+#!/bin/ruby
+# rubocop:disable all
+
+require_relative '../../e2e'
+
+# Here, we use the SEMAPHORE_JOB_ID as the job ID for this test.
+$JOB_ID = ENV["SEMAPHORE_JOB_ID"]
+
+# Additionally, we pass the artifact related environment variables
+# to the job, so that it can upload the job logs as an artifact after the job is done.
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "shell",
+    "env_vars": [
+      { "name": "SEMAPHORE_JOB_ID", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_JOB_ID"])}" },
+      { "name": "SEMAPHORE_ORGANIZATION_URL", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ORGANIZATION_URL"])}" },
+      { "name": "SEMAPHORE_ARTIFACT_TOKEN", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ARTIFACT_TOKEN"])}" },
+      { "name": "SEMAPHORE_AGENT_UPLOAD_JOB_LOGS", "value": "#{Base64.strict_encode64("when-trimmed")}" }
+    ],
+    "files": [],
+    "commands": [
+      { "directive": "for i in {1..10}; do echo \\\"[$i] this is some output, just for testing purposes\\\" && sleep 1; done" }
+    ],
+    "epilogue_always_commands": [],
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": {
+      "method": "pull",
+      "max_size_in_bytes": 100
+    }
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_AGENT_UPLOAD_JOB_LOGS\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ARTIFACT_TOKEN\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_ID\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ORGANIZATION_URL\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[1] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[2] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[3] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[4] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[5] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[6] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[7] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[8] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[9] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[10] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
+
+assert_artifact_is_available
\ No newline at end of file
diff --git a/test/e2e/shell/ssh_jump_points.rb b/test/e2e/hosted/ssh_jump_points.rb
similarity index 94%
rename from test/e2e/shell/ssh_jump_points.rb
rename to test/e2e/hosted/ssh_jump_points.rb
index c99fc181..8d4944d1 100644
--- a/test/e2e/shell/ssh_jump_points.rb
+++ b/test/e2e/hosted/ssh_jump_points.rb
@@ -37,7 +37,7 @@
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
     "ssh_public_keys": [
       "#{public_key}"
@@ -54,9 +54,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
diff --git a/test/e2e/kubernetes/docker_compose__env-vars.rb b/test/e2e/kubernetes/docker_compose__env-vars.rb
new file mode 100644
index 00000000..718433ec
--- /dev/null
+++ b/test/e2e/kubernetes/docker_compose__env-vars.rb
@@ -0,0 +1,110 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:3.0",
+          "env_vars": [
+            { "name": "FOO", "value": "#{`echo "bar" | base64 | tr -d '\n'`}" }
+          ]
+        }
+      ]
+    },
+
+    "env_vars": [
+      { "name": "A", "value": "#{`echo "hello" | base64 | tr -d '\n'`}" },
+      { "name": "B", "value": "#{`echo "how are you?" | base64 | tr -d '\n'`}" },
+      { "name": "C", "value": "#{`echo "quotes ' quotes" | base64 | tr -d '\n'`}" },
+      { "name": "D", "value": "#{`echo '$PATH:/etc/a' | base64 | tr -d '\n'`}" }
+    ],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "echo $A" },
+      { "directive": "echo $B" },
+      { "directive": "echo $C" },
+      { "directive": "echo $D" },
+      { "directive": "echo $FOO" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting A\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting B\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting C\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting D\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo $A"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"hello\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo $A","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo $B"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"how are you?\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo $B","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo $C"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"quotes ' quotes\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo $C","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo $D"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"$PATH:/etc/a\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo $D","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo $FOO"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"bar\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo $FOO","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/kubernetes/docker_compose__epilogue.rb b/test/e2e/kubernetes/docker_compose__epilogue.rb
new file mode 100644
index 00000000..ad960686
--- /dev/null
+++ b/test/e2e/kubernetes/docker_compose__epilogue.rb
@@ -0,0 +1,76 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "dockercompose",
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:3.0"
+        }
+      ]
+    },
+    "env_vars": [],
+    "files": [],
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+    "epilogue_always_commands": [
+      { "directive": "echo Hello Epilogue $SEMAPHORE_JOB_RESULT" }
+    ],
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello Epilogue $SEMAPHORE_JOB_RESULT"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello Epilogue passed\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello Epilogue $SEMAPHORE_JOB_RESULT","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/shell/file_injection.rb b/test/e2e/kubernetes/docker_compose__file-injection.rb
similarity index 55%
rename from test/e2e/shell/file_injection.rb
rename to test/e2e/kubernetes/docker_compose__file-injection.rb
index 1036e6ba..3785eb20 100644
--- a/test/e2e/shell/file_injection.rb
+++ b/test/e2e/kubernetes/docker_compose__file-injection.rb
@@ -1,20 +1,38 @@
 #!/bin/ruby
 # rubocop:disable all
 
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true
+}
+
 require_relative '../../e2e'
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
-
+    "job_id": "#{$JOB_ID}",
+    "executor": "dockercompose",
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:3.0"
+        }
+      ]
+    },
     "env_vars": [],
-
     "files": [
-      { "path": "test.txt", "content": "#{`echo "hello" | base64`}", "mode": "0644" },
-      { "path": "/a/b/c",   "content": "#{`echo "hello" | base64`}", "mode": "0644" },
-      { "path": "/tmp/a",   "content": "#{`echo "hello" | base64`}", "mode": "+x" }
+      { "path": "test.txt", "content": "#{`echo "hello" | base64 | tr -d '\n'`}", "mode": "0644" },
+      { "path": "/a/b/c",   "content": "#{`echo "hello" | base64 | tr -d '\n'`}", "mode": "0644" },
+      { "path": "/tmp/a",   "content": "#{`echo "hello" | base64 | tr -d '\n'`}", "mode": "0600" }
     ],
-
     "commands": [
       { "directive": "cat test.txt" },
       { "directive": "cat /a/b/c" },
@@ -22,11 +40,11 @@
     ],
 
     "epilogue_always_commands": [],
-
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -35,13 +53,20 @@
 assert_job_log <<-LOG
   {"event":"job_started",  "timestamp":"*"}
 
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
   {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
 
   {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Injecting test.txt with file mode 0644\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Injecting /a/b/c with file mode 0644\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Injecting /tmp/a with file mode +x\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Injecting /tmp/a with file mode 0600\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
 
   {"event":"cmd_started",  "timestamp":"*", "directive":"cat test.txt"}
@@ -53,10 +78,12 @@
   {"event":"cmd_finished", "timestamp":"*", "directive":"cat /a/b/c","exit_code":0,"finished_at":"*","started_at":"*"}
 
   {"event":"cmd_started",  "timestamp":"*", "directive":"stat -c '%a' /tmp/a"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"755\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"600\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"stat -c '%a' /tmp/a","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/kubernetes/docker_compose__multiple-containers.rb b/test/e2e/kubernetes/docker_compose__multiple-containers.rb
new file mode 100644
index 00000000..694a719c
--- /dev/null
+++ b/test/e2e/kubernetes/docker_compose__multiple-containers.rb
@@ -0,0 +1,86 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:3.0"
+        },
+        {
+          "name": "redis",
+          "image": "registry.semaphoreci.com/redis:6.2"
+        }
+      ]
+    },
+
+    "env_vars": [],
+    "files": [],
+
+    "commands": [
+      { "directive": "apt update && apt install redis-tools -y" },
+      { "directive": "redis-cli ping" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"apt update && apt install redis-tools -y"}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"apt update && apt install redis-tools -y","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"redis-cli ping"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"PONG\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"redis-cli ping","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/kubernetes/job_logs_as_artifact.rb b/test/e2e/kubernetes/job_logs_as_artifact.rb
new file mode 100644
index 00000000..87340c21
--- /dev/null
+++ b/test/e2e/kubernetes/job_logs_as_artifact.rb
@@ -0,0 +1,103 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true,
+  "upload-job-logs" => "always"
+}
+
+require_relative '../../e2e'
+
+# Here, we use the SEMAPHORE_JOB_ID as the job ID for this test.
+$JOB_ID = ENV["SEMAPHORE_JOB_ID"]
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:3.0",
+          "env_vars": [
+            { "name": "FOO", "value": "#{`echo "bar" | base64 | tr -d '\n'`}" }
+          ]
+        }
+      ]
+    },
+
+    "env_vars": [
+      { "name": "SEMAPHORE_AGENT_UPLOAD_JOB_LOGS", "value": "#{Base64.strict_encode64("always")}" },
+      { "name": "SEMAPHORE_ARTIFACT_TOKEN", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ARTIFACT_TOKEN"])}" },
+      { "name": "SEMAPHORE_JOB_ID", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_JOB_ID"])}" },
+      { "name": "SEMAPHORE_ORGANIZATION_URL", "value": "#{Base64.strict_encode64(ENV["SEMAPHORE_ORGANIZATION_URL"])}" }
+    ],
+    "files": [],
+    "commands": [
+      { "directive": "for i in {1..10}; do echo \\\"[$i] this is some output, just for testing purposes\\\" && sleep 1; done" }
+    ],
+
+    "files": [],
+    "epilogue_always_commands": [],
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_AGENT_UPLOAD_JOB_LOGS\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ARTIFACT_TOKEN\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_ID\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_ORGANIZATION_URL\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[1] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[2] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[3] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[4] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[5] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[6] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[7] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[8] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[9] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"[10] this is some output, just for testing purposes\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"for i in {1..10}; do echo \\"[$i] this is some output, just for testing purposes\\" && sleep 1; done","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
+
+assert_artifact_is_available
diff --git a/test/e2e/kubernetes/private_image_ecr_no_account_id.rb b/test/e2e/kubernetes/private_image_ecr_no_account_id.rb
new file mode 100644
index 00000000..2833b54c
--- /dev/null
+++ b/test/e2e/kubernetes/private_image_ecr_no_account_id.rb
@@ -0,0 +1,85 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "#{ENV['AWS_IMAGE']}"
+        }
+      ],
+
+      "image_pull_credentials": [
+        {
+          "env_vars": [
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("AWS_ECR")}" },
+            { "name": "AWS_REGION", "value": "#{Base64.strict_encode64(ENV['AWS_REGION'])}" },
+            { "name": "AWS_ACCESS_KEY_ID", "value": "#{Base64.strict_encode64(ENV['AWS_ACCESS_KEY_ID'])}" },
+            { "name": "AWS_SECRET_ACCESS_KEY", "value": "#{Base64.strict_encode64(ENV['AWS_SECRET_ACCESS_KEY'])}" }
+          ]
+        }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/kubernetes/private_image_ecr_with_account_id.rb b/test/e2e/kubernetes/private_image_ecr_with_account_id.rb
new file mode 100644
index 00000000..ec5926a7
--- /dev/null
+++ b/test/e2e/kubernetes/private_image_ecr_with_account_id.rb
@@ -0,0 +1,88 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true
+}
+
+require_relative '../../e2e'
+
+aws_account_id = ENV['AWS_ACCOUNT_ID']
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "#{ENV['AWS_IMAGE']}"
+        }
+      ],
+
+      "image_pull_credentials": [
+        {
+          "env_vars": [
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("AWS_ECR")}" },
+            { "name": "AWS_REGION", "value": "#{Base64.strict_encode64(ENV['AWS_REGION'])}" },
+            { "name": "AWS_ACCESS_KEY_ID", "value": "#{Base64.strict_encode64(ENV['AWS_ACCESS_KEY_ID'])}" },
+            { "name": "AWS_SECRET_ACCESS_KEY", "value": "#{Base64.strict_encode64(ENV['AWS_SECRET_ACCESS_KEY'])}" },
+            { "name": "AWS_ACCOUNT_ID", "value": "#{Base64.strict_encode64(aws_account_id)}" }
+          ]
+        }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/kubernetes/private_image_gcr.rb b/test/e2e/kubernetes/private_image_gcr.rb
new file mode 100644
index 00000000..11aca559
--- /dev/null
+++ b/test/e2e/kubernetes/private_image_gcr.rb
@@ -0,0 +1,87 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "#{ENV['GCR_IMAGE']}"
+        }
+      ],
+
+      "image_pull_credentials": [
+        {
+          "env_vars": [
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("GCR")}" },
+            { "name": "GCR_HOSTNAME", "value": "#{Base64.strict_encode64(ENV['GCR_HOSTNAME'])}" }
+          ],
+          "files": [
+            { "path": "/tmp/gcr/keyfile.json", "content": "#{ENV['GCR_KEYFILE']}", "mode": "0755" }
+          ]
+        }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"directive":"Exporting environment variables","event":"cmd_started","timestamp":"*"}
+  {"directive":"Exporting environment variables","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+  {"directive":"Injecting Files","event":"cmd_started","timestamp":"*"}
+  {"directive":"Injecting Files","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+  {"directive":"echo Hello World","event":"cmd_started","timestamp":"*"}
+  {"event":"cmd_output","output":"Hello World\\n","timestamp":"*"}
+  {"directive":"echo Hello World","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished","result":"passed","timestamp":"*"}
+LOG
diff --git a/test/e2e/kubernetes/private_image_generic.rb b/test/e2e/kubernetes/private_image_generic.rb
new file mode 100644
index 00000000..28ba7f4e
--- /dev/null
+++ b/test/e2e/kubernetes/private_image_generic.rb
@@ -0,0 +1,86 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "#{ENV['DOCKER_REGISTRY_IMAGE']}"
+        }
+      ],
+
+      "image_pull_credentials": [
+        {
+          "env_vars": [
+            { "name": "DOCKER_CREDENTIAL_TYPE", "value": "#{Base64.strict_encode64("GenericDocker")}" },
+            { "name": "DOCKER_URL", "value": "#{Base64.strict_encode64(ENV['DOCKER_URL'])}" },
+            { "name": "DOCKER_USERNAME", "value": "#{Base64.strict_encode64(ENV['DOCKER_USERNAME'])}" },
+            { "name": "DOCKER_PASSWORD", "value": "#{Base64.strict_encode64(ENV['DOCKER_PASSWORD'])}" }
+          ]
+        }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/kubernetes/shell__default-image.rb b/test/e2e/kubernetes/shell__default-image.rb
new file mode 100644
index 00000000..2f94454e
--- /dev/null
+++ b/test/e2e/kubernetes/shell__default-image.rb
@@ -0,0 +1,65 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true,
+  "kubernetes-default-image" => "ruby:3-slim"
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "shell",
+    "env_vars": [],
+    "files": [],
+    "commands": [
+      { "directive": "echo Hello World" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting shell session..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting shell session...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/kubernetes/shell__not-allowed.rb b/test/e2e/kubernetes/shell__not-allowed.rb
new file mode 100644
index 00000000..06ae99a7
--- /dev/null
+++ b/test/e2e/kubernetes/shell__not-allowed.rb
@@ -0,0 +1,48 @@
+#!/bin/ruby
+# rubocop:disable all
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [],
+  "fail-on-missing-files" => false,
+  "kubernetes-executor" => true
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+    "executor": "shell",
+    "env_vars": [],
+    "files": [],
+    "commands": [
+      { "directive": "echo hello" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Creating Kubernetes resources for job..."}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Failed to create pod: error building pod spec: error building containers for pod spec: no containers specified in Semaphore YAML, and no default container is provided\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Creating Kubernetes resources for job...","event":"cmd_finished","exit_code":1,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"failed"}
+LOG
diff --git a/test/e2e/self-hosted/docker_compose_fail_on_missing_host_files.rb b/test/e2e/self-hosted/docker_compose_fail_on_missing_host_files.rb
new file mode 100644
index 00000000..a610fab2
--- /dev/null
+++ b/test/e2e/self-hosted/docker_compose_fail_on_missing_host_files.rb
@@ -0,0 +1,64 @@
+#!/bin/ruby
+# rubocop:disable all
+
+File.write("/tmp/agent/file1.txt", "Hello from file1.txt")
+File.write("/tmp/agent/file2.txt", "Hello from file2.txt")
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [
+    "/tmp/agent/file1.txt:/tmp/agent/file1.txt",
+    "/tmp/agent/file2.txt:/tmp/agent/file2.txt",
+    "/tmp/agent/notfound.txt:/tmp/agent/notfound.txt"
+  ],
+  "fail-on-missing-files" => true
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:2.6"
+        }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "cat /tmp/agent/file1.txt" },
+      { "directive": "cat /tmp/agent/file2.txt" },
+      { "directive": "cat /tmp/agent/notfound.txt" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+  {"event":"job_finished", "timestamp":"*", "result":"failed"}
+LOG
diff --git a/test/e2e/shell/env_vars.rb b/test/e2e/self-hosted/docker_compose_host_env_vars.rb
similarity index 57%
rename from test/e2e/shell/env_vars.rb
rename to test/e2e/self-hosted/docker_compose_host_env_vars.rb
index 095e3630..c21280b4 100644
--- a/test/e2e/shell/env_vars.rb
+++ b/test/e2e/self-hosted/docker_compose_host_env_vars.rb
@@ -1,18 +1,40 @@
 #!/bin/ruby
 # rubocop:disable all
 
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [
+    "A=hello",
+    "B=how are you?",
+    "C=quotes ' quotes",
+    "D=$PATH:/etc/a"
+  ],
+  "files" => [],
+  "fail-on-missing-files" => false
+}
+
 require_relative '../../e2e'
 
 start_job <<-JSON
   {
-    "id": "#{$JOB_ID}",
+    "job_id": "#{$JOB_ID}",
 
-    "env_vars": [
-      { "name": "A", "value": "#{`echo "hello" | base64`}" },
-      { "name": "B", "value": "#{`echo "how are you?" | base64`}" },
-      { "name": "C", "value": "#{`echo "quotes ' quotes" | base64`}" },
-      { "name": "D", "value": "#{`echo '$PATH:/etc/a' | base64`}" }
-    ],
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:2.6"
+        }
+      ]
+    },
+
+    "env_vars": [],
 
     "files": [],
 
@@ -26,9 +48,10 @@
     "epilogue_always_commands": [],
 
     "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
   }
 JSON
 
@@ -37,6 +60,14 @@
 assert_job_log <<-LOG
   {"event":"job_started",  "timestamp":"*"}
 
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
   {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Exporting A\\n"}
   {"event":"cmd_output",   "timestamp":"*", "output":"Exporting B\\n"}
@@ -63,7 +94,9 @@
   {"event":"cmd_output",   "timestamp":"*", "output":"$PATH:/etc/a\\n"}
   {"event":"cmd_finished", "timestamp":"*", "directive":"echo $D","exit_code":0,"finished_at":"*","started_at":"*"}
 
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
   {"event":"job_finished", "timestamp":"*", "result":"passed"}
 LOG
diff --git a/test/e2e/self-hosted/docker_compose_host_files.rb b/test/e2e/self-hosted/docker_compose_host_files.rb
new file mode 100644
index 00000000..828c943a
--- /dev/null
+++ b/test/e2e/self-hosted/docker_compose_host_files.rb
@@ -0,0 +1,89 @@
+#!/bin/ruby
+# rubocop:disable all
+
+File.write("/tmp/agent/file1.txt", "Hello from file1.txt")
+File.write("/tmp/agent/file2.txt", "Hello from file2.txt")
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [
+    "/tmp/agent/file1.txt:/tmp/agent/file1.txt",
+    "/tmp/agent/file2.txt:/tmp/agent/file2.txt"
+  ],
+  "fail-on-missing-files" => false
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:2.6"
+        }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "cat /tmp/agent/file1.txt" },
+      { "directive": "cat /tmp/agent/file2.txt" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"cat /tmp/agent/file1.txt"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello from file1.txt"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"cat /tmp/agent/file1.txt","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"cat /tmp/agent/file2.txt"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello from file2.txt"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"cat /tmp/agent/file2.txt","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"passed"}
+LOG
diff --git a/test/e2e/self-hosted/docker_compose_missing_host_files.rb b/test/e2e/self-hosted/docker_compose_missing_host_files.rb
new file mode 100644
index 00000000..e88b1151
--- /dev/null
+++ b/test/e2e/self-hosted/docker_compose_missing_host_files.rb
@@ -0,0 +1,95 @@
+#!/bin/ruby
+# rubocop:disable all
+
+File.write("/tmp/agent/file1.txt", "Hello from file1.txt")
+File.write("/tmp/agent/file2.txt", "Hello from file2.txt")
+
+$AGENT_CONFIG = {
+  "endpoint" => "localhost:4567",
+  "token" => "321h1l2jkh1jk42341",
+  "no-https" => true,
+  "shutdown-hook-path" => "",
+  "disconnect-after-job" => false,
+  "env-vars" => [],
+  "files" => [
+    "/tmp/agent/file1.txt:/tmp/agent/file1.txt",
+    "/tmp/agent/file2.txt:/tmp/agent/file2.txt",
+    "/tmp/agent/notfound.txt:/tmp/agent/notfound.txt"
+  ],
+  "fail-on-missing-files" => false
+}
+
+require_relative '../../e2e'
+
+start_job <<-JSON
+  {
+    "job_id": "#{$JOB_ID}",
+
+    "executor": "dockercompose",
+
+    "compose": {
+      "containers": [
+        {
+          "name": "main",
+          "image": "registry.semaphoreci.com/ruby:2.6"
+        }
+      ]
+    },
+
+    "env_vars": [],
+
+    "files": [],
+
+    "commands": [
+      { "directive": "cat /tmp/agent/file1.txt" },
+      { "directive": "cat /tmp/agent/file2.txt" },
+      { "directive": "cat /tmp/agent/notfound.txt" }
+    ],
+
+    "epilogue_always_commands": [],
+
+    "callbacks": {
+      "finished": "#{finished_callback_url}",
+      "teardown_finished": "#{teardown_callback_url}"
+    },
+    "logger": #{$LOGGER}
+  }
+JSON
+
+wait_for_job_to_finish
+
+assert_job_log <<-LOG
+  {"event":"job_started",  "timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Pulling docker images..."}
+  *** LONG_OUTPUT ***
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Pulling docker images...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Starting the docker image..."}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Starting a new bash session.\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Starting the docker image...","event":"cmd_finished","exit_code":0,"finished_at":"*","started_at":"*","timestamp":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"cat /tmp/agent/file1.txt"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello from file1.txt"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"cat /tmp/agent/file1.txt","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"cat /tmp/agent/file2.txt"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Hello from file2.txt"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"cat /tmp/agent/file2.txt","exit_code":0,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"cat /tmp/agent/notfound.txt"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"cat: /tmp/agent/notfound.txt: No such file or directory\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"cat /tmp/agent/notfound.txt","exit_code":1,"finished_at":"*","started_at":"*"}
+
+  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
+  {"event":"cmd_output",   "timestamp":"*", "output":"Exporting SEMAPHORE_JOB_RESULT\\n"}
+  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"started_at":"*","finished_at":"*"}
+
+  {"event":"job_finished", "timestamp":"*", "result":"failed"}
+LOG
diff --git a/test/e2e/shell/broken_unicode.rb b/test/e2e/shell/broken_unicode.rb
deleted file mode 100644
index 72698164..00000000
--- a/test/e2e/shell/broken_unicode.rb
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/ruby
-
-Encoding.default_external = Encoding::UTF_8
-
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-    "files": [],
-
-    "commands": [
-      { "directive": "echo | awk '{ printf(\\\"%c%c%c%c%c\\\", 150, 150, 150, 150, 150) }'"}
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive": "echo | awk '{ printf(\\\"%c%c%c%c%c\\\", 150, 150, 150, 150, 150) }'"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"\ufffd\ufffd\ufffd\ufffd\ufffd"}
-  {"event":"cmd_finished", "timestamp":"*", "directive": "echo | awk '{ printf(\\\"%c%c%c%c%c\\\", 150, 150, 150, 150, 150) }'","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"job_finished", "timestamp":"*", "result":"passed"}
-LOG
diff --git a/test/e2e/shell/command_aliases.rb b/test/e2e/shell/command_aliases.rb
deleted file mode 100644
index 719f89df..00000000
--- a/test/e2e/shell/command_aliases.rb
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "echo Hello World", "alias": "Display Hello World" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Display Hello World"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Running: echo Hello World\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Display Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"passed"}
-LOG
diff --git a/test/e2e/shell/epilogue_on_fail.rb b/test/e2e/shell/epilogue_on_fail.rb
deleted file mode 100644
index 244c4450..00000000
--- a/test/e2e/shell/epilogue_on_fail.rb
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "false" }
-    ],
-
-    "epilogue_always_commands": [
-      { "directive": "echo Hello Epilogue" }
-    ],
-
-    "epilogue_on_pass_commands": [
-      { "directive": "echo Hello On Pass Epilogue" }
-    ],
-
-    "epilogue_on_fail_commands": [
-      { "directive": "echo Hello On Fail Epilogue" }
-    ],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"false"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"false","exit_code":1,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello Epilogue"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello Epilogue\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello Epilogue","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello On Fail Epilogue"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello On Fail Epilogue\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello On Fail Epilogue","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"job_finished", "timestamp":"*", "result":"failed"}
-LOG
diff --git a/test/e2e/shell/epilogue_on_pass.rb b/test/e2e/shell/epilogue_on_pass.rb
deleted file mode 100644
index ee0c7404..00000000
--- a/test/e2e/shell/epilogue_on_pass.rb
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "echo Hello World" }
-    ],
-
-    "epilogue_always_commands": [
-      { "directive": "echo Hello Epilogue" }
-    ],
-
-    "epilogue_on_pass_commands": [
-      { "directive": "echo Hello On Pass Epilogue" }
-    ],
-
-    "epilogue_on_fail_commands": [
-      { "directive": "echo Hello On Fail Epilogue" }
-    ],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello Epilogue"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello Epilogue\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello Epilogue","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello On Pass Epilogue"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello On Pass Epilogue\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello On Pass Epilogue","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"job_finished", "timestamp":"*", "result":"passed"}
-LOG
diff --git a/test/e2e/shell/failed_job.rb b/test/e2e/shell/failed_job.rb
deleted file mode 100644
index 459428a3..00000000
--- a/test/e2e/shell/failed_job.rb
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "false" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"false"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"false","exit_code":1,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"failed"}
-LOG
diff --git a/test/e2e/shell/file_injection_broken_file_mode.rb b/test/e2e/shell/file_injection_broken_file_mode.rb
deleted file mode 100644
index 69b60eaf..00000000
--- a/test/e2e/shell/file_injection_broken_file_mode.rb
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [
-      { "path": "test.txt", "content": "#{`echo "hello" | base64`}", "mode": "obviously broken" }
-    ],
-
-    "commands": [
-      { "directive": "cat test.txt" },
-      { "directive": "cat /a/b/c" },
-      { "directive": "stat -c '%a' /tmp/a" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Injecting test.txt with file mode obviously broken\\n"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Failed to set file mode to obviously broken\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":1,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"failed"}
-LOG
diff --git a/test/e2e/shell/hello_world.rb b/test/e2e/shell/hello_world.rb
deleted file mode 100644
index 4b49b7fa..00000000
--- a/test/e2e/shell/hello_world.rb
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "echo Hello World" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"passed"}
-LOG
diff --git a/test/e2e/shell/killing_root_bash.rb b/test/e2e/shell/killing_root_bash.rb
deleted file mode 100644
index 7f3719bf..00000000
--- a/test/e2e/shell/killing_root_bash.rb
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-#
-# Running the following set of commands caused the Agent to freeze up.
-#
-#   sleep infinity &
-#   exit 1
-#
-# These are regressions tests that verify that this is no longer a problem.
-#
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "sleep infinity &" },
-      { "directive": "exit 1" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"sleep infinity &"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"sleep infinity &","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"exit 1"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"exit 1","exit_code":1,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":1,"started_at":"*","finished_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"failed"}
-LOG
diff --git a/test/e2e/shell/set_e.rb b/test/e2e/shell/set_e.rb
deleted file mode 100644
index 513783f1..00000000
--- a/test/e2e/shell/set_e.rb
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-#
-# Running the following set of commands caused the Agent to freeze up.
-#
-#   sleep infinity &
-#   set -e
-#   false
-#
-# These are regressions tests that verify that this is no longer a problem.
-#
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "sleep infinity &" },
-      { "directive": "set -e" },
-      { "directive": "false" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"sleep infinity &"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"sleep infinity &","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"set -e"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"set -e","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"false"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"false","exit_code":1,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":1,"started_at":"*","finished_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"failed"}
-LOG
diff --git a/test/e2e/shell/set_pipefail.rb b/test/e2e/shell/set_pipefail.rb
deleted file mode 100644
index fb6608e8..00000000
--- a/test/e2e/shell/set_pipefail.rb
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-#
-# Running the following set of commands caused the Agent to freeze up.
-#
-#   sleep infinity &
-#   set -eo pipefail
-#   cat non_existant | sort
-#
-# These are regressions tests that verify that this is no longer a problem.
-#
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "sleep infinity &" },
-      { "directive": "set -eo pipefail" },
-      { "directive": "cat non_existant | sort" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"sleep infinity &"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"sleep infinity &","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"set -eo pipefail"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"set -eo pipefail","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"cat non_existant | sort"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"cat: non_existant: No such file or directory\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"cat non_existant | sort","exit_code":1,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":1,"started_at":"*","finished_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"failed"}
-LOG
diff --git a/test/e2e/shell/stty_restoration.rb b/test/e2e/shell/stty_restoration.rb
deleted file mode 100644
index ae9f04df..00000000
--- a/test/e2e/shell/stty_restoration.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "stty echo" },
-      { "directive": "echo Hello World" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"stty echo"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"stty echo","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo Hello World"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"Hello World\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo Hello World","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"passed"}
-LOG
diff --git a/test/e2e/shell/unicode.rb b/test/e2e/shell/unicode.rb
deleted file mode 100644
index 189bd279..00000000
--- a/test/e2e/shell/unicode.rb
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/ruby
-
-Encoding.default_external = Encoding::UTF_8
-
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-#
-# This is regression test that verifies that we are correctly processing outgoing
-# bytes from the shell.
-#
-# In case the byte processing is incorrect, the output can contain question mark
-# characters instead of valid UTF-8 characters.
-#
-# Initially, this test only contined Japanese characters to verify that the issue
-# has been fixed. However, a sub-case of this issue still caused an issue for a
-# customer who is displaying box drawing characters in their tests.
-#
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-    "files": [],
-
-    "commands": [
-      { "directive": "echo 特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。" },
-      { "directive": "echo ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo 特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"語の由来については諸説存在し。特定の伝説に拠る物語の由来については"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"諸説存在し。\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo 特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。特定の伝説に拠る物語の由来については諸説存在し。","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echo ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"━━━━━━━━━━━━━━━━━━━━━━\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echo ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=passed","exit_code":0,"finished_at":"*","started_at":"*"}
-
-  {"event":"job_finished", "timestamp":"*", "result":"passed"}
-LOG
diff --git a/test/e2e/shell/unknown_command.rb b/test/e2e/shell/unknown_command.rb
deleted file mode 100644
index 3faea64e..00000000
--- a/test/e2e/shell/unknown_command.rb
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/ruby
-# rubocop:disable all
-
-require_relative '../../e2e'
-
-start_job <<-JSON
-  {
-    "id": "#{$JOB_ID}",
-
-    "env_vars": [],
-
-    "files": [],
-
-    "commands": [
-      { "directive": "echhhho Hello World" }
-    ],
-
-    "epilogue_always_commands": [],
-
-    "callbacks": {
-      "finished": "https://httpbin.org/status/200",
-      "teardown_finished": "https://httpbin.org/status/200"
-    }
-  }
-JSON
-
-wait_for_job_to_finish
-
-assert_job_log <<-LOG
-  {"event":"job_started",  "timestamp":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Exporting environment variables"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Exporting environment variables","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"Injecting Files"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"Injecting Files","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"echhhho Hello World"}
-  {"event":"cmd_output",   "timestamp":"*", "output":"bash: echhhho: command not found\\n"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"echhhho Hello World","exit_code":127,"finished_at":"*","started_at":"*"}
-  {"event":"cmd_started",  "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed"}
-  {"event":"cmd_finished", "timestamp":"*", "directive":"export SEMAPHORE_JOB_RESULT=failed","exit_code":0,"finished_at":"*","started_at":"*"}
-  {"event":"job_finished", "timestamp":"*", "result":"failed"}
-LOG
diff --git a/test/e2e_support/api_mode.rb b/test/e2e_support/api_mode.rb
new file mode 100644
index 00000000..46855adf
--- /dev/null
+++ b/test/e2e_support/api_mode.rb
@@ -0,0 +1,182 @@
+# rubocop:disable all
+
+$AGENT_PORT_IN_TESTS = 30000
+$AGENT_SSH_PORT_IN_TESTS = 2222
+
+# based on secret passed to the running server
+$TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.gLEycyHdyRRzUpauBxdDFmxT5KoOApFO5MHuvWPgFtY"
+
+class ApiMode
+  def boot_up_agent
+    system "docker stop $(docker ps -q)"
+    system "docker rm $(docker ps -qa)"
+    system "docker build -t agent -f Dockerfile.test ."
+    system "docker run --privileged --device /dev/ptmx --network=host -v /tmp/agent-temp-directory/:/tmp/agent-temp-directory -v /var/run/docker.sock:/var/run/docker.sock --name agent -tdi agent bash -c \"service ssh restart && export SEMAPHORE_AGENT_LOG_LEVEL=debug SEMAPHORE_AGENT_LOGS_COMPRESSION_SIZE=1048576 && nohup ./agent serve --port 30000 --auth-token-secret 'TzRVcspTmxhM9fUkdi1T/0kVXNETCi8UdZ8dLM8va4E' & sleep infinity\""
+
+    pingable = nil
+    until pingable
+      puts "Waiting for agent to start"
+
+      `curl -s -H "Authorization: Bearer #{$TOKEN}" --fail -X GET -k "https://0.0.0.0:30000/is_alive"`
+
+      pingable = ($?.exitstatus == 0)
+    end
+  end
+
+  def start_job(request)
+    r = Tempfile.new
+    r.write(request)
+    r.close
+
+    puts "============================"
+    puts "Sending job request to Agent"
+
+    output = `curl -s -H "Authorization: Bearer #{$TOKEN}" --fail -X POST -k "https://0.0.0.0:30000/jobs" --data @#{r.path}`
+
+    abort "Failed to send: #{output}" if $?.exitstatus != 0
+  end
+
+  def stop_job
+    puts "============================"
+    puts "Stopping job..."
+
+    output = `curl -s -H "Authorization: Bearer #{$TOKEN}" --fail -X POST -k "https://0.0.0.0:30000/jobs/terminate"`
+
+    abort "Failed to stob job: #{output}" if $?.exitstatus != 0
+  end
+
+  def wait_for_command_to_start(cmd)
+    puts "========================="
+    puts "Waiting for command to start '#{cmd}'"
+
+    Timeout.timeout(60 * 2) do
+      loop do
+        `curl -s -H "Authorization: Bearer #{$TOKEN}" --fail -k "https://0.0.0.0:30000/jobs/#{$JOB_ID}/log" | grep "#{cmd}"`
+
+        if $?.exitstatus == 0
+          break
+        else
+          sleep 1
+        end
+      end
+    end
+  end
+
+  def wait_for_job_to_finish
+    puts "========================="
+    puts "Waiting for job to finish"
+
+    Timeout.timeout(60 * 5) do
+      loop do
+        last_log_line = `curl -s -H "Authorization: Bearer #{$TOKEN}" --fail -k "https://0.0.0.0:30000/jobs/#{$JOB_ID}/log" | tail -n 1`
+
+        if last_log_line.include?("job_finished")
+      	break
+        else
+          puts(last_log_line)
+          sleep 1
+        end
+      end
+    end
+  end
+
+  def finished_callback_url
+    "https://httpbingo.org/status/200"
+  end
+
+  def teardown_callback_url
+    "https://httpbingo.org/status/200"
+  end
+
+  def assert_job_log(expected_log)
+    puts "========================="
+    puts "Asserting Job Logs"
+
+    actual_log = `curl -s -H "X-Client-Name: archivator" -H "Authorization: Bearer #{$TOKEN}" -k "https://0.0.0.0:30000/jobs/#{$JOB_ID}/log"`
+
+    puts "-----------------------------------"
+    puts actual_log
+    puts "-----------------------------------"
+
+    abort "Failed to fetch logs: #{actual_log}" if $?.exitstatus != 0
+
+    actual_log   = actual_log.split("\n").map(&:strip).reject(&:empty?)
+    expected_log = expected_log.split("\n").map(&:strip).reject(&:empty?)
+
+    index_in_actual_logs = 0
+    index_in_expected_logs = 0
+
+    while index_in_actual_logs < actual_log.length && index_in_expected_logs < expected_log.length
+      begin
+        puts "Comparing log lines Actual=#{index_in_actual_logs} Expected=#{index_in_expected_logs}"
+
+        expected_log_line = expected_log[index_in_expected_logs]
+        actual_log_line   = actual_log[index_in_actual_logs]
+
+        puts "  actual:   #{actual_log_line}"
+        puts "  expected: #{expected_log_line}"
+
+        actual_log_line_json = Hash[JSON.parse(actual_log_line).sort]
+
+        if expected_log_line =~ /\*\*\* LONG_OUTPUT \*\*\*/
+          if actual_log_line_json["event"] == "cmd_output"
+            # if we have a *** LONG_OUTPUT *** marker
+
+            # we go to next actual log line
+            # but we stay on the same expected log line
+
+            index_in_actual_logs += 1
+
+            next
+          else
+            # end of the LONG_OUTPUT marker, we increase the expected log line
+            # and in the next iteration we will compare regularly again
+            index_in_expected_logs += 1
+
+            next
+          end
+        else
+          # if there is no marker, we compare the JSONs
+          # we ignore the timestamps because they change every time
+
+          expected_log_line_json = Hash[JSON.parse(expected_log_line).sort]
+
+          if expected_log_line_json.keys != actual_log_line_json.keys
+            abort "(fail) JSON keys are different."
+          end
+
+          expected_log_line_json.keys.each do |key|
+            # Special case when we want to ignore only the output
+            # ignore expected entries with '*'
+
+            next if expected_log_line_json[key] == "*"
+
+            if expected_log_line_json[key] != actual_log_line_json[key]
+              abort "(fail) Values for '#{key}' are not equal."
+            end
+          end
+
+          index_in_actual_logs += 1
+          index_in_expected_logs += 1
+        end
+
+        puts "success"
+      rescue
+        puts ""
+        puts "Line Number: Actual=#{index_in_actual_logs} Expected=#{index_in_expected_logs}"
+        puts "Expected: '#{expected_log_line}'"
+        puts "Actual:   '#{actual_log_line}'"
+
+        abort "(fail) Failed to parse log line"
+      end
+    end
+
+    if index_in_actual_logs != actual_log.length
+      abort "(fail) There are unchecked log lines from the actual log"
+    end
+
+    if index_in_expected_logs != expected_log.length
+      abort "(fail) There are unchecked log lines from the expected log"
+    end
+  end
+end
diff --git a/test/e2e_support/docker-compose-listen.yml b/test/e2e_support/docker-compose-listen.yml
new file mode 100644
index 00000000..d8e1efeb
--- /dev/null
+++ b/test/e2e_support/docker-compose-listen.yml
@@ -0,0 +1,23 @@
+version: '3.0'
+services:
+  agent:
+    network_mode: host
+    build:
+      context: ../..
+      dockerfile: Dockerfile.test
+    command: 'bash -c "service ssh restart && SEMAPHORE_AGENT_LOG_LEVEL=DEBUG ./agent start --config-file /tmp/agent/config.yaml"'
+    devices:
+      - /dev/ptmx
+    volumes:
+      - /tmp/agent:/tmp/agent
+      - /tmp/agent-temp-directory:/tmp/agent-temp-directory
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ~/.kube:/root/.kube
+      - ~/.minikube:/root/.minikube
+  hub:
+    network_mode: host
+    build:
+      context: ../hub_reference
+      dockerfile: Dockerfile
+    volumes:
+      - ../hub_reference:/app
diff --git a/test/e2e_support/listener_mode.rb b/test/e2e_support/listener_mode.rb
new file mode 100644
index 00000000..42e56858
--- /dev/null
+++ b/test/e2e_support/listener_mode.rb
@@ -0,0 +1,218 @@
+# rubocop:disable all
+
+class ListenerMode
+
+  HUB_ENDPOINT = "http://localhost:4567"
+
+  def boot_up_agent
+    File.write("/tmp/agent/config.yaml", $AGENT_CONFIG.to_yaml)
+    system "docker compose -f test/e2e_support/docker-compose-listen.yml stop"
+    system "docker compose -f test/e2e_support/docker-compose-listen.yml build"
+    system "docker compose -f test/e2e_support/docker-compose-listen.yml up -d"
+
+    wait_for_agent_to_register_in_the_hub
+  end
+
+  def start_job(request)
+    File.write("/tmp/j1", request.to_json)
+
+    system "curl -X POST -H 'Content-Type: application/json' -d @/tmp/j1 #{HUB_ENDPOINT}/private/schedule_job"
+  end
+
+  def shutdown_agent
+    system "curl -X POST #{HUB_ENDPOINT}/private/schedule_shutdown"
+  end
+
+  def wait_for_command_to_start(cmd)
+    puts "========================="
+    puts "Waiting for command to start '#{cmd}'"
+
+    Timeout.timeout(60 * 2) do
+      loop do
+        `curl -s #{HUB_ENDPOINT}/private/jobs/#{$JOB_ID}/logs | grep "#{cmd}"`
+
+        if $?.exitstatus == 0
+          break
+        else
+          sleep 1
+        end
+      end
+    end
+  end
+
+  def wait_for_agent_to_shutdown
+    puts ""
+    puts "Waiting for agent to shutdown"
+
+    loop do
+      response = `curl -s --fail -X GET -k "#{HUB_ENDPOINT}/api/v1/self_hosted_agents/is_shutdown"`.strip
+      puts "Agent is shutdown: #{response}"
+
+      if response == "true"
+        return
+      else
+        sleep 1
+      end
+    end
+
+    sleep 5
+
+    puts
+  end
+
+  def wait_for_job_to_finish
+    puts ""
+    puts "Waiting for job to finish"
+    attempts = 0
+
+    loop do
+      response = `curl -s --fail -X GET -k "#{HUB_ENDPOINT}/api/v1/self_hosted_agents/jobs/#{$JOB_ID}/status"`.strip
+      puts "Job state #{response}"
+
+      if response == "finished"
+        return
+      else
+        attempts += 1
+        if attempts > 600
+          abort "Job did not finish in 10 minutes - giving up"
+        end
+        sleep 1
+      end
+    end
+
+    sleep 5
+
+    puts
+  end
+
+  def stop_job
+    puts "Stopping job"
+
+    system "curl -H --fail -X POST -k --data '' #{HUB_ENDPOINT}/private/schedule_stop/#{$JOB_ID}"
+
+    puts 5
+  end
+
+  def assert_job_log(expected_log)
+    puts "========================="
+    puts "Asserting Job Logs"
+
+    sleep 10
+
+    actual_log = `curl --fail -s #{HUB_ENDPOINT}/private/jobs/#{$JOB_ID}/logs`
+
+    puts "-----------------------------------"
+    puts actual_log
+    puts "-----------------------------------"
+
+    abort "Failed to fetch logs: #{actual_log}" if $?.exitstatus != 0
+
+    actual_log   = actual_log.split("\n").map(&:strip).reject(&:empty?)
+    expected_log = expected_log.split("\n").map(&:strip).reject(&:empty?)
+
+    index_in_actual_logs = 0
+    index_in_expected_logs = 0
+
+    while index_in_actual_logs < actual_log.length && index_in_expected_logs < expected_log.length
+      begin
+        puts "Comparing log lines Actual=#{index_in_actual_logs} Expected=#{index_in_expected_logs}"
+
+        expected_log_line = expected_log[index_in_expected_logs]
+        actual_log_line   = actual_log[index_in_actual_logs]
+
+        puts "  actual:   #{actual_log_line}"
+        puts "  expected: #{expected_log_line}"
+
+        actual_log_line_json = Hash[JSON.parse(actual_log_line).sort]
+
+        if expected_log_line =~ /\*\*\* LONG_OUTPUT \*\*\*/
+          if actual_log_line_json["event"] == "cmd_output"
+            # if we have a *** LONG_OUTPUT *** marker
+
+            # we go to next actual log line
+            # but we stay on the same expected log line
+
+            index_in_actual_logs += 1
+
+            next
+          else
+            # end of the LONG_OUTPUT marker, we increase the expected log line
+            # and in the next iteration we will compare regularly again
+            index_in_expected_logs += 1
+
+            next
+          end
+        else
+          # if there is no marker, we compare the JSONs
+          # we ignore the timestamps because they change every time
+
+          expected_log_line_json = Hash[JSON.parse(expected_log_line).sort]
+
+          if expected_log_line_json.keys != actual_log_line_json.keys
+            abort "(fail) JSON keys are different."
+          end
+
+          expected_log_line_json.keys.each do |key|
+            # Special case when we want to ignore only the output
+            # ignore expected entries with '*'
+
+            next if expected_log_line_json[key] == "*"
+
+            if expected_log_line_json[key] != actual_log_line_json[key]
+              abort "(fail) Values for '#{key}' are not equal."
+            end
+          end
+
+          index_in_actual_logs += 1
+          index_in_expected_logs += 1
+        end
+
+        puts "success"
+      rescue
+        puts ""
+        puts "Line Number: Actual=#{index_in_actual_logs} Expected=#{index_in_expected_logs}"
+        puts "Expected: '#{expected_log_line}'"
+        puts "Actual:   '#{actual_log_line}'"
+
+        abort "(fail) Failed to parse log line"
+      end
+    end
+
+    if index_in_actual_logs != actual_log.length
+      abort "(fail) There are unchecked log lines from the actual log"
+    end
+
+    if index_in_expected_logs != expected_log.length
+      abort "(fail) There are unchecked log lines from the expected log"
+    end
+  end
+
+  def finished_callback_url
+    ""
+  end
+
+  def teardown_callback_url
+    ""
+  end
+
+  private
+
+  def wait_for_agent_to_register_in_the_hub
+    puts "Waiting for agent to register in the hub "
+
+    loop do
+      print "."
+
+      response = `curl -s --fail -X GET -k "#{HUB_ENDPOINT}/private/is_registered"`
+
+      if response == "yes"
+        break
+      else
+        sleep 1
+      end
+    end
+
+    puts
+  end
+
+end
diff --git a/test/hub_reference/.gitignore b/test/hub_reference/.gitignore
new file mode 100644
index 00000000..627b10ec
--- /dev/null
+++ b/test/hub_reference/.gitignore
@@ -0,0 +1 @@
+vendor/bundle
diff --git a/test/hub_reference/Dockerfile b/test/hub_reference/Dockerfile
new file mode 100644
index 00000000..1519a0ec
--- /dev/null
+++ b/test/hub_reference/Dockerfile
@@ -0,0 +1,5 @@
+FROM ruby:3.3
+
+WORKDIR /app
+
+CMD bundle config set path 'vendor/bundle' && bundle install && bundle exec ruby app.rb
diff --git a/test/hub_reference/Gemfile b/test/hub_reference/Gemfile
new file mode 100644
index 00000000..9eae7f58
--- /dev/null
+++ b/test/hub_reference/Gemfile
@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gem 'sinatra', '>= 4.2.0'
+gem 'thin'
+gem 'rackup'
+gem 'puma'
diff --git a/test/hub_reference/Gemfile.lock b/test/hub_reference/Gemfile.lock
new file mode 100644
index 00000000..3348f4b3
--- /dev/null
+++ b/test/hub_reference/Gemfile.lock
@@ -0,0 +1,41 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    base64 (0.3.0)
+    daemons (1.4.1)
+    eventmachine (1.2.7)
+    logger (1.7.0)
+    mustermann (3.0.4)
+      ruby2_keywords (~> 0.0.1)
+    rack (3.2.4)
+    rack-protection (4.2.1)
+      base64 (>= 0.1.0)
+      logger (>= 1.6.0)
+      rack (>= 3.0.0, < 4)
+    rack-session (2.1.1)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0)
+    ruby2_keywords (0.0.5)
+    sinatra (4.2.1)
+      logger (>= 1.6.0)
+      mustermann (~> 3.0)
+      rack (>= 3.0.0, < 4)
+      rack-protection (= 4.2.1)
+      rack-session (>= 2.0.0, < 3)
+      tilt (~> 2.0)
+    thin (2.0.1)
+      daemons (~> 1.0, >= 1.0.9)
+      eventmachine (~> 1.0, >= 1.0.4)
+      logger
+      rack (>= 1, < 4)
+    tilt (2.6.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  sinatra (>= 4.2.0)
+  thin
+
+BUNDLED WITH
+   2.4.22
diff --git a/test/hub_reference/app.rb b/test/hub_reference/app.rb
new file mode 100644
index 00000000..6a5e2cd6
--- /dev/null
+++ b/test/hub_reference/app.rb
@@ -0,0 +1,161 @@
+# rubocop:disable all
+
+require "sinatra"
+require "json"
+
+$stdout.sync = true
+
+set :bind, "0.0.0.0"
+set :logging, false
+
+$registered = false
+$disconnected = false
+$should_shutdown = false
+$jobs = []
+$payloads = {}
+$job_states = {}
+$finished = {}
+$logs = []
+
+before do
+  logger.level = 0
+
+  begin
+    request.body.rewind
+
+    @json_request = JSON.parse(request.body.read)
+  rescue StandardError => e
+  end
+end
+
+#
+# The official API that is used by the agent to
+# connect to Semaphore 2.0
+#
+
+post "/api/v1/self_hosted_agents/register" do
+  puts "[SYNC] Registration received"
+  $registered = true
+
+  {
+    "access_token" => "dsjfaklsd123412341",
+  }.to_json
+end
+
+post "/api/v1/self_hosted_agents/disconnect" do
+  puts "[SYNC] Disconnect received"
+  $disconnected = true
+end
+
+post "/api/v1/self_hosted_agents/sync" do
+  puts "[SYNC] Request #{@json_request.to_json}"
+
+  response = case @json_request["state"]
+            when "waiting-for-jobs"
+              if $should_shutdown
+                {"action" => "shutdown"}
+              elsif $jobs.size > 0
+                job = $jobs.shift
+
+                {"action" => "run-job", "job_id" => job["job_id"]}
+              else
+                {"action" => "continue"}
+              end
+            when "running-job"
+              job_id = @json_request["job_id"]
+              if $should_shutdown || $job_states[job_id] == "stopping"
+                {"action" => "stop-job", "job_id" => job_id}
+              else
+                {"action" => "continue"}
+              end
+            when "stopping-job"
+              {"action" => "continue"}
+            when "finished-job"
+              $job_states[@json_request["job_id"]] = "finished"
+              if $should_shutdown
+                {"action" => "shutdown"}
+              else
+                {"action" => "wait-for-jobs"}
+              end
+            when "starting-job"
+              {"action" => "continue"}
+            else
+              raise "unknown state"
+            end
+
+  puts "[SYNC] Response #{response.to_json}"
+  response.to_json
+end
+
+get "/api/v1/self_hosted_agents/jobs/:id" do
+  job_id = params["id"]
+
+  if job_id == "bad-job-id"
+    halt 500, "error"
+  else
+    $payloads[params["id"]].to_json
+  end
+end
+
+get "/api/v1/self_hosted_agents/jobs/:id/status" do
+  $job_states[params["id"]]
+end
+
+get "/api/v1/self_hosted_agents/is_shutdown" do
+  "#{$disconnected}"
+end
+
+post "/api/v1/logs/:id" do
+  request.body.rewind
+  events = request.body.read.split("\n")
+
+  puts "Received #{events.length()} log events"
+  $logs += events
+  status 200
+end
+
+post "/jobs/:id/callbacks/finished" do
+  puts "[CALLBACK] Finished job #{params["id"]}"
+  $job_states[params["id"]] = "finished"
+end
+
+#
+# Private APIs. Only needed to contoll the flow
+# of e2e tests in the Agent.
+#
+
+get "/is_alive" do
+  "yes"
+end
+
+get "/private/is_registered" do
+  $registered ? "yes" : "no"
+end
+
+get "/private/jobs/:id/logs" do
+  puts "Fetching logs"
+  puts $logs.join("\n")
+  $logs.join("\n")
+end
+
+post "/private/schedule_job" do
+  job = JSON.parse(@json_request)
+  puts "[PRIVATE] Scheduling job #{job["job_id"]}"
+
+  puts "Scheduled job #{job["job_id"]}"
+
+  $jobs << job
+  $payloads[job["job_id"]] = job
+  $job_states[job["job_id"]] = "running"
+end
+
+post "/private/schedule_stop/:id" do
+  puts "Scheduled stop #{params["id"]}"
+
+  $job_states[params["id"]] = "stopping"
+end
+
+post "/private/schedule_shutdown" do
+  puts "Scheduled shutdown"
+  $should_shutdown = true
+end
diff --git a/test/support/commands.go b/test/support/commands.go
new file mode 100644
index 00000000..e8608b4a
--- /dev/null
+++ b/test/support/commands.go
@@ -0,0 +1,164 @@
+package testsupport
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func AssertSimplifiedJobLogs(t *testing.T, actual, expected []string) {
+	actualIndex := 0
+	expectedIndex := 0
+
+	for actualIndex < len(actual)-1 && expectedIndex < len(expected)-1 {
+		actualLine := actual[actualIndex]
+		expectedLine := expected[expectedIndex]
+
+		if expectedLine == "*** OUTPUT ***" || expectedLine == "*** IGNORE LINES UNTIL EXIT CODE ***" {
+			if strings.HasPrefix(actualLine, "Exit Code: ") {
+				expectedIndex++
+			} else {
+				actualIndex++
+			}
+		} else if expectedLine == "*** IGNORE SINGLE LINE ***" {
+			actualIndex++
+			expectedIndex++
+		} else {
+			if !assert.Equal(t, actualLine, expectedLine) {
+				break
+			} else {
+				actualIndex++
+				expectedIndex++
+			}
+		}
+	}
+}
+
+func Cat(fileName string) string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf("Get-Content %s", filepath.FromSlash(fileName))
+	}
+
+	return fmt.Sprintf("cat %s", fileName)
+}
+
+func Multiline() string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf(`
+			if (Test-Path %s) {
+				echo "etc exists, multiline huzzahh!"
+			}
+		`, os.TempDir())
+	}
+
+	return `
+		if [ -d /etc ]; then
+			echo 'etc exists, multiline huzzahh!'
+		fi
+	`
+}
+
+func Output(line string) string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf("Write-Host \"%s\" -NoNewLine", line)
+	}
+
+	return fmt.Sprintf("echo -n '%s'", line)
+}
+
+func EchoEnvVar(envVar string) string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf("Write-Host \"$env:%s\" -NoNewLine", envVar)
+	}
+
+	return fmt.Sprintf("echo -n $%s", envVar)
+}
+
+func EchoEnvVarToFile(envVar, fileName string) string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf("Set-Content -Path %s -Value \"$env:%s\"", fileName, envVar)
+	}
+
+	return fmt.Sprintf("echo -n $%s > %s", envVar, fileName)
+}
+
+func SetEnvVar(name, value string) string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf("$env:%s = '%s'", name, value)
+	}
+
+	return fmt.Sprintf("export %s=%s", name, value)
+}
+
+func UnsetEnvVar(name string) string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf("Remove-Item -Path env:%s", name)
+	}
+
+	return fmt.Sprintf("unset %s", name)
+}
+
+func LargeOutputCommand() string {
+	if runtime.GOOS == "windows" {
+		return "foreach ($i in 1..100) { Write-Host \"hello\" -NoNewLine }"
+	}
+
+	return "for i in {1..100}; { printf 'hello'; }"
+}
+
+func Chdir(dirName string) string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf("Set-Location %s", dirName)
+	}
+
+	return fmt.Sprintf("cd %s", dirName)
+}
+
+func UnknownCommandExitCode() int {
+	if runtime.GOOS == "windows" {
+		return 1
+	}
+
+	return 127
+}
+
+func StoppedCommandExitCode() int {
+	if runtime.GOOS == "windows" {
+		return 0
+	}
+
+	return 1
+}
+
+func ReturnExitCodeCommand(exitCode int) string {
+	return "echo 'exit 130' | sh"
+}
+
+func ManuallyStoppedCommandExitCode() int {
+	return 130
+}
+
+func CopyFile(src, dest string) string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf("Copy-Item %s -Destination %s", src, dest)
+	}
+
+	return fmt.Sprintf("cp %s %s", src, dest)
+}
+
+func NestedEnvVarValue(name, rest string) string {
+	if runtime.GOOS == "windows" {
+		return fmt.Sprintf("$env:%s%s", name, rest)
+	}
+
+	return fmt.Sprintf("$%s%s", name, rest)
+}
+
+func EchoBrokenUnicode() string {
+	return "echo | awk '{ printf(\"%c%c%c%c%c\", 150, 150, 150, 150, 150) }'"
+}
diff --git a/test/support/files.go b/test/support/files.go
new file mode 100644
index 00000000..b88dc456
--- /dev/null
+++ b/test/support/files.go
@@ -0,0 +1,25 @@
+package testsupport
+
+import (
+	"fmt"
+	"io/ioutil"
+	"runtime"
+)
+
+func TempFileWithExtension() (string, error) {
+	tmpFile, err := ioutil.TempFile("", fmt.Sprintf("file*.%s", extension()))
+	if err != nil {
+		return "", err
+	}
+
+	_ = tmpFile.Close()
+	return tmpFile.Name(), nil
+}
+
+func extension() string {
+	if runtime.GOOS == "windows" {
+		return "ps1"
+	}
+
+	return "sh"
+}
diff --git a/test/support/hub.go b/test/support/hub.go
new file mode 100644
index 00000000..f7ba44ee
--- /dev/null
+++ b/test/support/hub.go
@@ -0,0 +1,353 @@
+package testsupport
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"time"
+
+	api "github.com/semaphoreci/agent/pkg/api"
+	"github.com/semaphoreci/agent/pkg/listener/selfhostedapi"
+	"github.com/semaphoreci/agent/pkg/retry"
+)
+
+var AgentVersionExpected = "v1.0.2"
+
+type HubMockServer struct {
+	Server                    *httptest.Server
+	Handler                   http.Handler
+	JobRequest                *api.JobRequest
+	LogsURL                   string
+	ExpectedUserAgent         string
+	RegisterRequest           *selfhostedapi.RegisterRequest
+	RegisterAttemptRejections int
+	RegisterAttempts          int
+	GetJobAttemptRejections   int
+	GetJobAttempts            int
+	ShouldShutdown            bool
+	Disconnected              bool
+	RunningJob                bool
+	FinishedJob               bool
+	TokenIsRefreshed          bool
+	JobResult                 selfhostedapi.JobResult
+	LastState                 selfhostedapi.AgentState
+	LastStateChange           *time.Time
+}
+
+func NewHubMockServer() *HubMockServer {
+	now := time.Now()
+	return &HubMockServer{
+		RegisterAttempts:  -1,
+		LastStateChange:   &now,
+		ExpectedUserAgent: fmt.Sprintf("SemaphoreAgent/%s", AgentVersionExpected),
+	}
+}
+
+func (m *HubMockServer) Init() {
+	mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Header.Get("User-Agent") != m.ExpectedUserAgent {
+			w.WriteHeader(500)
+			return
+		}
+
+		switch path := r.URL.Path; {
+		case strings.Contains(path, "/register"):
+			m.handleRegisterRequest(w, r)
+		case strings.Contains(path, "/sync"):
+			m.handleSyncRequest(w, r)
+		case strings.Contains(path, "/disconnect"):
+			fmt.Printf("[HUB MOCK] Received disconnect request\n")
+			m.Disconnected = true
+			w.WriteHeader(200)
+		case strings.Contains(path, "/jobs/"):
+			m.handleGetJobRequest(w, r)
+		case strings.Contains(path, "/refresh"):
+			m.handleRefreshRequest(w, r)
+		}
+	}))
+
+	m.Server = mockServer
+}
+
+func (m *HubMockServer) handleRefreshRequest(w http.ResponseWriter, r *http.Request) {
+	fmt.Printf("[HUB MOCK] Received refresh request.\n")
+	refreshTokenResponse := &selfhostedapi.RefreshTokenResponse{
+		Token: "new-token",
+	}
+
+	response, err := json.Marshal(refreshTokenResponse)
+	if err != nil {
+		fmt.Printf("[HUB MOCK] Error marshaling refresh response: %v\n", err)
+		w.WriteHeader(500)
+		return
+	}
+
+	m.TokenIsRefreshed = true
+	_, _ = w.Write(response)
+}
+
+func (m *HubMockServer) handleRegisterRequest(w http.ResponseWriter, r *http.Request) {
+	m.RegisterAttempts++
+	if m.RegisterAttempts < m.RegisterAttemptRejections {
+		fmt.Printf("[HUB MOCK] Attempts: %d, Rejections: %d, rejecting...\n", m.RegisterAttempts, m.RegisterAttemptRejections)
+		w.WriteHeader(500)
+	}
+
+	request := selfhostedapi.RegisterRequest{}
+	bytes, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		fmt.Printf("[HUB MOCK] Error reading register request body: %v\n", err)
+		w.WriteHeader(500)
+		return
+	}
+
+	err = json.Unmarshal(bytes, &request)
+	if err != nil {
+		fmt.Printf("[HUB MOCK] Error unmarshaling register request: %v\n", err)
+		w.WriteHeader(500)
+		return
+	}
+
+	fmt.Printf("[HUB MOCK] Received register request: %v\n", request)
+	m.RegisterRequest = &request
+
+	registerResponse := &selfhostedapi.RegisterResponse{
+		Name:  request.Name,
+		Token: "token",
+	}
+
+	response, err := json.Marshal(registerResponse)
+	if err != nil {
+		fmt.Printf("[HUB MOCK] Error marshaling register response: %v\n", err)
+		w.WriteHeader(500)
+		return
+	}
+
+	m.LastState = selfhostedapi.AgentActionWaitForJobs
+	_, _ = w.Write(response)
+}
+
+func (m *HubMockServer) handleSyncRequest(w http.ResponseWriter, r *http.Request) {
+	request := selfhostedapi.SyncRequest{}
+	bytes, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		fmt.Printf("[HUB MOCK] Error reading sync request body: %v\n", err)
+		w.WriteHeader(500)
+		return
+	}
+
+	err = json.Unmarshal(bytes, &request)
+	if err != nil {
+		fmt.Printf("[HUB MOCK] Error unmarshaling sync request: %v\n", err)
+		w.WriteHeader(500)
+		return
+	}
+
+	fmt.Printf("[HUB MOCK] Received sync request: %v\n", request)
+
+	syncResponse := selfhostedapi.SyncResponse{
+		Action:        selfhostedapi.AgentActionContinue,
+		NextSyncAfter: 1000,
+	}
+
+	switch request.State {
+	case selfhostedapi.AgentStateWaitingForJobs:
+		if request.InterruptedAt > 0 {
+			syncResponse.Action = selfhostedapi.AgentActionShutdown
+			syncResponse.ShutdownReason = selfhostedapi.ShutdownReasonInterrupted
+		}
+
+		if m.ShouldShutdown {
+			syncResponse.Action = selfhostedapi.AgentActionShutdown
+			syncResponse.ShutdownReason = selfhostedapi.ShutdownReasonRequested
+		}
+
+		if m.RegisterRequest.IdleTimeout > 0 {
+			lastStateChange := int(time.Since(*m.LastStateChange) / time.Second)
+			if lastStateChange > m.RegisterRequest.IdleTimeout {
+				syncResponse.Action = selfhostedapi.AgentActionShutdown
+				syncResponse.ShutdownReason = selfhostedapi.ShutdownReasonIdle
+			}
+		}
+
+		if m.JobRequest != nil {
+			syncResponse.Action = selfhostedapi.AgentActionRunJob
+			syncResponse.JobID = m.JobRequest.JobID
+		}
+
+	case selfhostedapi.AgentStateRunningJob:
+		m.RunningJob = true
+
+		if request.InterruptedAt > 0 {
+			gracePeriodEnd := time.Unix(request.InterruptedAt, 0).Add(time.Duration(m.RegisterRequest.InterruptionGracePeriod) * time.Second)
+			if time.Now().After(gracePeriodEnd) {
+				syncResponse.Action = selfhostedapi.AgentActionStopJob
+				syncResponse.JobID = m.JobRequest.JobID
+			}
+		}
+
+		if m.ShouldShutdown {
+			syncResponse.Action = selfhostedapi.AgentActionStopJob
+			syncResponse.JobID = m.JobRequest.JobID
+		}
+
+	case selfhostedapi.AgentStateFinishedJob:
+		m.JobRequest = nil
+		m.FinishedJob = true
+		m.JobResult = request.JobResult
+
+		if m.ShouldShutdown {
+			syncResponse.Action = selfhostedapi.AgentActionShutdown
+			syncResponse.ShutdownReason = selfhostedapi.ShutdownReasonRequested
+		} else if request.InterruptedAt > 0 {
+			syncResponse.Action = selfhostedapi.AgentActionShutdown
+			syncResponse.ShutdownReason = selfhostedapi.ShutdownReasonInterrupted
+		} else if m.RegisterRequest.SingleJob {
+			syncResponse.Action = selfhostedapi.AgentActionShutdown
+			syncResponse.ShutdownReason = selfhostedapi.ShutdownReasonJobFinished
+		} else {
+			syncResponse.Action = selfhostedapi.AgentActionWaitForJobs
+		}
+	}
+
+	response, err := json.Marshal(syncResponse)
+	if err != nil {
+		fmt.Printf("[HUB MOCK] Error marshaling sync response: %v\n", err)
+		w.WriteHeader(500)
+		return
+	}
+
+	if request.State != m.LastState {
+		now := time.Now()
+		m.LastStateChange = &now
+	}
+
+	m.LastState = request.State
+	_, _ = w.Write(response)
+}
+
+func (m *HubMockServer) handleGetJobRequest(w http.ResponseWriter, r *http.Request) {
+	m.GetJobAttempts++
+	if m.GetJobAttempts < m.GetJobAttemptRejections {
+		fmt.Printf("[HUB MOCK] Get job, Attempts: %d, Rejections: %d, rejecting...\n", m.GetJobAttempts, m.GetJobAttemptRejections)
+		w.WriteHeader(500)
+	}
+
+	if m.JobRequest == nil {
+		fmt.Printf("[HUB MOCK] No jobRequest in use\n")
+		w.WriteHeader(404)
+		return
+	}
+
+	response, err := json.Marshal(m.JobRequest)
+	if err != nil {
+		fmt.Printf("[HUB MOCK] Error marshaling job request: %v\n", err)
+		w.WriteHeader(500)
+		return
+	}
+
+	_, _ = w.Write(response)
+}
+
+func (m *HubMockServer) UseLogsURL(URL string) {
+	m.LogsURL = URL
+}
+
+func (m *HubMockServer) AssignJob(jobRequest *api.JobRequest) {
+	m.JobRequest = jobRequest
+}
+
+func (m *HubMockServer) RejectRegisterAttempts(times int) {
+	m.RegisterAttemptRejections = times
+}
+
+func (m *HubMockServer) RejectGetJobAttempts(times int) {
+	m.GetJobAttemptRejections = times
+}
+
+func (m *HubMockServer) URL() string {
+	return m.Server.URL
+}
+
+func (m *HubMockServer) Host() string {
+	return m.Server.Listener.Addr().String()
+}
+
+func (m *HubMockServer) WaitUntilRunningJob(attempts int, wait time.Duration) error {
+	return retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "WaitUntilRunningJob",
+		MaxAttempts:          attempts,
+		DelayBetweenAttempts: wait,
+		Fn: func() error {
+			if !m.RunningJob {
+				return fmt.Errorf("still not running job")
+			}
+
+			return nil
+		},
+	})
+}
+
+func (m *HubMockServer) WaitUntilFinishedJob(attempts int, wait time.Duration) error {
+	return retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "WaitUntilFinishedJob",
+		MaxAttempts:          attempts,
+		DelayBetweenAttempts: wait,
+		Fn: func() error {
+			if !m.FinishedJob {
+				return fmt.Errorf("still not finished job")
+			}
+
+			return nil
+		},
+	})
+}
+
+func (m *HubMockServer) WaitUntilDisconnected(attempts int, wait time.Duration) error {
+	return retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "WaitUntilDisconnected",
+		MaxAttempts:          attempts,
+		DelayBetweenAttempts: wait,
+		Fn: func() error {
+			if !m.Disconnected {
+				return fmt.Errorf("still not disconnected")
+			}
+
+			return nil
+		},
+	})
+}
+
+func (m *HubMockServer) WaitUntilRegistered() error {
+	return retry.RetryWithConstantWait(retry.RetryOptions{
+		Task:                 "WaitUntilRegistered",
+		MaxAttempts:          10,
+		DelayBetweenAttempts: time.Second,
+		Fn: func() error {
+			if m.RegisterRequest == nil {
+				return fmt.Errorf("still not registered")
+			}
+
+			return nil
+		},
+	})
+}
+
+func (m *HubMockServer) GetLastJobResult() selfhostedapi.JobResult {
+	return m.JobResult
+}
+
+func (m *HubMockServer) GetRegisterRequest() *selfhostedapi.RegisterRequest {
+	return m.RegisterRequest
+}
+
+func (m *HubMockServer) ScheduleShutdown() {
+	m.ShouldShutdown = true
+}
+
+func (m *HubMockServer) Close() {
+	m.Server.Close()
+}
diff --git a/test/support/loghub.go b/test/support/loghub.go
new file mode 100644
index 00000000..7fd71c32
--- /dev/null
+++ b/test/support/loghub.go
@@ -0,0 +1,115 @@
+package testsupport
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+)
+
+const ExpiredLogToken = "expired-token"
+
+type LoghubMockServer struct {
+	Logs              []string
+	BatchSizesUsed    []int
+	MaxSizeForLogs    int
+	Server            *httptest.Server
+	Handler           http.Handler
+	ExpectedUserAgent string
+}
+
+func NewLoghubMockServer() *LoghubMockServer {
+	return &LoghubMockServer{
+		ExpectedUserAgent: fmt.Sprintf("SemaphoreAgent/%s", AgentVersionExpected),
+		Logs:              []string{},
+	}
+}
+
+func (m *LoghubMockServer) Init() {
+	mockServer := httptest.NewServer(http.HandlerFunc(m.handler))
+	m.Server = mockServer
+}
+
+func (m *LoghubMockServer) SetMaxSizeForLogs(maxSize int) {
+	m.MaxSizeForLogs = maxSize
+}
+
+func (m *LoghubMockServer) handler(w http.ResponseWriter, r *http.Request) {
+	if r.Header.Get("User-Agent") != m.ExpectedUserAgent {
+		w.WriteHeader(500)
+		return
+	}
+
+	if r.Method != http.MethodPost {
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		return
+	}
+
+	// if max size is set, and is big enough, send 422.
+	if m.MaxSizeForLogs > 0 && len(m.Logs) >= m.MaxSizeForLogs {
+		w.WriteHeader(http.StatusUnprocessableEntity)
+		return
+	}
+
+	// just an easy way to mock the expired token scenario
+	token, err := m.findToken(r)
+	if err != nil || token == ExpiredLogToken {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		fmt.Printf("[LOGHUB MOCK] Error reading body: %v\n", err)
+	}
+
+	logs := FilterEmpty(strings.Split(string(body), "\n"))
+	fmt.Printf("[LOGHUB MOCK] Received %d log events\n", len(logs))
+
+	m.BatchSizesUsed = append(m.BatchSizesUsed, len(logs))
+	m.Logs = append(m.Logs, logs...)
+
+	w.WriteHeader(200)
+}
+
+func (m *LoghubMockServer) findToken(r *http.Request) (string, error) {
+	reqToken := r.Header.Get("Authorization")
+	if reqToken == "" {
+		return "", fmt.Errorf("no token found")
+	}
+
+	splitToken := strings.Split(reqToken, "Bearer ")
+	if len(splitToken) != 2 {
+		return "", fmt.Errorf("malformed token")
+	}
+
+	return splitToken[1], nil
+}
+
+func (m *LoghubMockServer) GetLogs() []string {
+	return m.Logs
+}
+
+func (m *LoghubMockServer) GetBatchSizesUsed() []int {
+	return m.BatchSizesUsed
+}
+
+func (m *LoghubMockServer) URL() string {
+	return m.Server.URL
+}
+
+func (m *LoghubMockServer) Close() {
+	m.Server.Close()
+}
+
+func FilterEmpty(logs []string) []string {
+	filtered := []string{}
+	for _, log := range logs {
+		if log != "" {
+			filtered = append(filtered, log)
+		}
+	}
+
+	return filtered
+}
diff --git a/test/support/test_logger.go b/test/support/test_logger.go
index 7e8dba1e..e8b87419 100644
--- a/test/support/test_logger.go
+++ b/test/support/test_logger.go
@@ -5,10 +5,14 @@ import (
 	"io"
 	"log"
 	"os"
+	"path/filepath"
 )
 
 func SetupTestLogs() {
-	f, err := os.OpenFile("/tmp/test.log", os.O_RDWR|os.O_CREATE|os.O_APPEND, 0777)
+	path := filepath.Join(os.TempDir(), "test.log")
+
+	// #nosec
+	f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0777)
 	if err != nil {
 		fmt.Printf("error opening file: %v", err)
 		panic("can't open log file")