GibilGibil

How It Works

The lifecycle of a Gibil box — forge, use, burn

Five thousand years ago, the Sumerians named a god after the thing that built civilization — fire. It forges, it burns, it leaves nothing behind. That's the lifecycle of every Gibil box.

The three phases

Every server follows the same path: forge → use → burn.

   FORGE               USE                 BURN
  ┌──────┐          ┌──────┐            ┌──────┐
  │      │          │      │            │      │
  │ Born │   ──>    │ Work │    ──>     │ Gone │
  │      │          │      │            │      │
  └──────┘          └──────┘            └──────┘

  Fresh server       SSH in, run         Deleted. Keys
  in 30-90 seconds.  commands, let       cleaned up. No
  Repo cloned.       agents work.        trace left.

What happens during gibil create

The CLI orchestrates a sequence of API calls and local operations:

0s     CLI generates SSH key pair → ~/.gibil/keys/<name>/
       CLI uploads public key to your provider (Hetzner or Vultr)
       CLI creates server with cloud-init script

~10s   VM boots (Ubuntu 24.04)
       SSH port 22 becomes reachable
       CLI detects SSH ready → returns control to you

~30s   cloud-init installs base packages (git, curl, build-essential, gh)

~45s   Runtime installed (Node 20 + pnpm, or Python, or Go)

~60s   Docker installed (if services defined in .gibil.yml)
       Services started (Postgres, Redis, etc.)

~75s   Repo cloned to /root/project
       → .gibil-ready created ← server is usable

~90s   Tasks from .gibil.yml run in order:
       pnpm install → pnpm build → pnpm test

~120s  → .gibil-tasks-done created ← everything passed

You can SSH in or run commands as soon as the CLI returns (~10s). Cloud-init continues installing in the background. Poll for .gibil-ready or .gibil-tasks-done if you need to wait for full setup.

What happens during gibil destroy

1. CLI reads ~/.gibil/instances/<name>.json (includes provider name)
2. ProviderRegistry resolves the right cloud for this instance
3. DELETE server from that provider's API
4. DELETE SSH key from that provider's API
5. Remove local keys from ~/.gibil/keys/<name>/
6. Remove local metadata from ~/.gibil/instances/<name>.json

If you forget to destroy, the TTL handles it. The server has a scheduled shutdown that fires after your specified TTL expires.

Where data lives

Nothing leaves your machine except the SSH key and the cloud-init script.

~/.gibil/
  config.json              ← provider tokens (Hetzner, Vultr) under providers.*
  instances/
    my-app.json            ← { name, ip, serverId, sshKeyId, ttl, provider }
  keys/
    my-app/
      id_ed25519           ← private key (never uploaded)
      id_ed25519.pub       ← public key (uploaded to your provider, deleted on destroy)

Next steps

Debug a Failing Build

SSH into a fresh Gibil box to diagnose and fix build failures

Architecture

Design decisions and technical implementation

On this page

The three phasesWhat happens during gibil createWhat happens during gibil destroyWhere data livesNext steps