GibilGibil

How It Works

The lifecycle of an ephemeral server

Five thousand years ago, the Sumerians named a god after the thing that built civilization — fire. It forges, it burns, it leaves nothing behind. That's the lifecycle of every Gibil server.

The three phases

Every server follows the same path: forge → use → burn.

   FORGE               USE                 BURN
  ┌──────┐          ┌──────┐            ┌──────┐
  │      │          │      │            │      │
  │ Born │   ──>    │ Work │    ──>     │ Gone │
  │      │          │      │            │      │
  └──────┘          └──────┘            └──────┘

  Fresh server       SSH in, run         Deleted. Keys
  in ~30 seconds.    commands, let       cleaned up. No
  Repo cloned.       agents work.        trace left.

What happens during gibil create

The CLI orchestrates a sequence of API calls and local operations:

0s     CLI generates SSH key pair → ~/.gibil/keys/<name>/
       CLI uploads public key to Hetzner
       CLI creates server with cloud-init script

~10s   VM boots (Ubuntu 24.04)
       SSH port 22 becomes reachable
       CLI detects SSH ready → returns control to you

~30s   cloud-init installs base packages (git, curl, build-essential, gh)

~45s   Runtime installed (Node 20 + pnpm, or Python, or Go)

~60s   Docker installed (if services defined in .gibil.yml)
       Services started (Postgres, Redis, etc.)

~75s   Repo cloned to /root/project
       → .gibil-ready created ← server is usable

~90s   Tasks from .gibil.yml run in order:
       pnpm install → pnpm build → pnpm test

~120s  → .gibil-tasks-done created ← everything passed

You can SSH in or run commands as soon as the CLI returns (~10s). Cloud-init continues installing in the background. Poll for .gibil-ready or .gibil-tasks-done if you need to wait for full setup.

What happens during gibil destroy

1. CLI reads ~/.gibil/instances/<name>.json
2. DELETE server from Hetzner API
3. DELETE SSH key from Hetzner API
4. Remove local keys from ~/.gibil/keys/<name>/
5. Remove local metadata from ~/.gibil/instances/<name>.json

If you forget to destroy, the TTL handles it. The server has a scheduled shutdown that fires after your specified TTL expires.

Where data lives

Nothing leaves your machine except the SSH key and the cloud-init script.

~/.gibil/
  config.json              ← Hetzner token (from gibil auth setup)
  instances/
    my-app.json            ← { name, ip, serverId, sshKeyId, ttl }
  keys/
    my-app/
      id_ed25519           ← private key (never uploaded)
      id_ed25519.pub       ← public key (uploaded to Hetzner, deleted on destroy)

Next steps

Debug a Failing Build

SSH into an ephemeral VM to diagnose and fix build failures

Architecture

Design decisions and technical implementation

On this page

The three phasesWhat happens during gibil createWhat happens during gibil destroyWhere data livesNext steps