npm - gibil - Versions diffs - 0.2.0 → 0.3.0 - Mend

gibil 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +31 -31
package/dist/cli/index.js +33 -0
package/dist/utils/telemetry-send.js +2 -0
package/package.json +1 -1
package/dist/index.js +0 -30

package/README.md CHANGED Viewed

@@ -15,8 +15,8 @@
 </p>
 <p align="center">
-  Don't switch branches. Spin up a server.<br/>
-  Run any branch on a clean Linux machine. SSH in if it breaks. Destroy when done.
+  Ephemeral machines for developers and AI agents.<br/>
+  Docker, root, SSH, your repo — ready in one command.
 </p>
 ---
@@ -74,22 +74,22 @@ gibil destroy my-app
 ## Commands
-| Command | Description |
-|---------|-------------|
-| `gibil init` | Set up gibil — Hetzner token, MCP config, agent skill |
-| `gibil create` | Forge an ephemeral server |
-| `gibil branch <branch>` | Spin up a branch on a clean server (auto-detects repo) |
-| `gibil checkout <branch>` | Alias for `gibil branch` |
-| `gibil ssh <name>` | SSH into a running server |
-| `gibil run <name> <cmd>` | Execute a command remotely (`--background` for async) |
-| `gibil job <cmd>` | Manage background jobs (status, list, cancel, logs) |
-| `gibil exec <name>` | Upload and run a local script |
-| `gibil mcp [name]` | Start MCP server for AI agents (`--print-config` for setup) |
-| `gibil list` | List all active servers |
-| `gibil extend <name>` | Extend a server's TTL |
-| `gibil destroy [name]` | Burn down a server |
-| `gibil auth` | Manage authentication |
-| `gibil usage` | View usage and plan limits |
+| Command                   | Description                                                 |
+| ------------------------- | ----------------------------------------------------------- |
+| `gibil init`              | Set up gibil — Hetzner token, MCP config, agent skill       |
+| `gibil create`            | Forge an ephemeral server                                   |
+| `gibil branch <branch>`   | Spin up a branch on a clean server (auto-detects repo)      |
+| `gibil checkout <branch>` | Alias for `gibil branch`                                    |
+| `gibil ssh <name>`        | SSH into a running server                                   |
+| `gibil run <name> <cmd>`  | Execute a command remotely (`--background` for async)       |
+| `gibil job <cmd>`         | Manage background jobs (status, list, cancel, logs)         |
+| `gibil exec <name>`       | Upload and run a local script                               |
+| `gibil mcp [name]`        | Start MCP server for AI agents (`--print-config` for setup) |
+| `gibil list`              | List all active servers                                     |
+| `gibil extend <name>`     | Extend a server's TTL                                       |
+| `gibil destroy [name]`    | Burn down a server                                          |
+| `gibil auth`              | Manage authentication                                       |
+| `gibil usage`             | View usage and plan limits                                  |
 ## Two Ways to Use Agents
@@ -102,11 +102,11 @@ gibil create --name my-app --repo github.com/you/project
 gibil mcp     # Claude Code gets vm_bash, vm_read, vm_write tools
 ```
-| Pros | Cons |
-|------|------|
-| See everything the agent does | Every file/command is a network round-trip |
-| Agent uses your local config | Your laptop stays busy (fans, battery) |
-| Works with any MCP-compatible agent | Long commands block with no streaming |
+| Pros                                | Cons                                       |
+| ----------------------------------- | ------------------------------------------ |
+| See everything the agent does       | Every file/command is a network round-trip |
+| Agent uses your local config        | Your laptop stays busy (fans, battery)     |
+| Works with any MCP-compatible agent | Long commands block with no streaming      |
 ### Option B: Agent on the server (--agent)
@@ -125,12 +125,12 @@ gibil branch feat/payments --agent aider     # then: export ANTHROPIC_API_KEY=..
 gibil branch feat/payments --agent codex     # then: export OPENAI_API_KEY=...
 ```
-| Pros | Cons |
-|------|------|
-| Direct filesystem — no MCP latency | Need to SSH in to interact |
-| Full Docker, real Linux tools | Set API key manually after SSH |
-| Your laptop is free | Need tmux to persist sessions |
-| Works with claude, aider, codex | |
+| Pros                               | Cons                           |
+| ---------------------------------- | ------------------------------ |
+| Direct filesystem — no MCP latency | Need to SSH in to interact     |
+| Full Docker, real Linux tools      | Set API key manually after SSH |
+| Your laptop is free                | Need tmux to persist sessions  |
+| Works with claude, aider, codex    |                                |
 > **Security note:** Don't pass API keys via `--env` — they end up on disk in `/etc/environment`. Instead, SSH in and `export` the key. It stays in memory and vanishes when the server is destroyed.
@@ -150,9 +150,9 @@ gibil branch feat/payments --run "pnpm dev" --port 3000
 Or with an interactive SSH session and port forwarding:
 ```bash
-gibil ssh feat-payments --port 3000 --port 5432
+gibil ssh feat-payments --port 3000 --port 8080
 # → Forwarding localhost:3000 → feat-payments:3000
-# → Forwarding localhost:5432 → feat-payments:5432
+# → Forwarding localhost:8080 → feat-payments:8080
 # → Tunnel active while SSH session is open
 ```

package/dist/cli/index.js ADDED Viewed

@@ -0,0 +1,33 @@
+#!/usr/bin/env node
+var Dn=Object.defineProperty;var se=(t,e)=>()=>(t&&(e=t(t=0)),e);var st=(t,e)=>{for(var n in e)Dn(t,n,{get:e[n],enumerable:!0})};import pe from"picocolors";function Fe(t,e){let n=Math.max(t.length+4,...e.map(l=>at(l).length+4)),o=`${f("\u256D")}${f("\u2500".repeat(n))}${f("\u256E")}`,i=`${f("\u2570")}${f("\u2500".repeat(n))}${f("\u256F")}`,a=`${f("\u2502")} ${j} ${y(t)}${" ".repeat(n-at(t).length-4)}${f("\u2502")}`,s=`${f("\u251C")}${f("\u2500".repeat(n))}${f("\u2524")}`,c=e.map(l=>{let u=n-at(l).length-2;return`${f("\u2502")} ${l}${" ".repeat(Math.max(0,u))}${f("\u2502")}`});return[o,a,s,...c,i].join(`
+`)}function at(t){return t.replace(/\x1b\[[0-9;]*m/g,"")}var X,Kn,Q,Ln,f,y,j,G,Ee,Ct,Le,Tt,jt,Et,ke,k,O=se(()=>{"use strict";X=t=>pe.red(t),Kn=t=>pe.yellow(t),Q=t=>pe.green(t),Ln=t=>pe.red(t),f=t=>pe.dim(t),y=t=>pe.bold(t),j="\u{1F98E}",G=Q("\u2713"),Ee=Ln("\u2716"),Ct=Kn("\u26A0"),Le="\u{12248}",Tt=`
+  ${X("       /\\")}
+  ${X("      /  \\")}
+  ${X("     / \u{1F525} \\")}
+  ${X("    /      \\")}
+  ${f("    ~~~~~~~~")}
+  ${y("    g i b i l")}  ${f(Le)}
+`,jt=`${j} ${y("gibil")} ${f(Le)}`,Et=["\u280B","\u2819","\u2839","\u2838","\u283C","\u2834","\u2826","\u2827","\u2807","\u280F"],ke=class{timer=null;frame=0;text;constructor(e){this.text=e}start(){return process.stderr.isTTY?(this.timer=setInterval(()=>{let e=X(Et[this.frame%Et.length]);process.stderr.write(`\r  ${e} ${this.text}`),this.frame++},80),this):(process.stderr.write(`  ${this.text}
+`),this)}update(e){this.text=e,process.stderr.isTTY||process.stderr.write(`  ${e}
+`)}succeed(e){this.stop(),process.stderr.write(`\r  ${G} ${e??this.text}
+`)}fail(e){this.stop(),process.stderr.write(`\r  ${Ee} ${e??this.text}
+`)}stop(){this.timer&&(clearInterval(this.timer),this.timer=null,process.stderr.isTTY&&process.stderr.write("\r\x1B[K"))}};k={welcome:`${j} Your first fire. Welcome to Gibil.`,noInstances:`${j} No fires burning. Gibil sleeps.`,destroyAll:`${j} All fires extinguished. Gibil moves on.`,destroySingle:t=>`${j} "${t}" \u2014 fire out.`,authSuccess:`${j} Logged in. The forge is yours.`,authLogout:`${j} Logged out. The forge cools.`,createReady:(t,e)=>`${j} "${t}" forged ${f(`(${e}s)`)}`,fleetReady:(t,e)=>`${j} Fleet forged \u2014 ${t}/${e} fires lit.`,ttlWarning:(t,e)=>`${j} ${t} \u2014 flame is low (${e}m remaining)`,initComplete:`${j} The forge is ready. Run ${y("gibil create")} to light your first fire.`,setupNeeded:`${j} No forge configured. Run ${y("gibil init")} to get started.`}});function _(t){ct=t}function ee(t){return ct&&t!=="error"?!1:Pt[t]>=Pt[Fn]}var Fn,ct,Pt,r,I=se(()=>{"use strict";O();Fn="info",ct=!1,Pt={debug:0,info:1,warn:2,error:3,silent:4};r={debug(t,...e){ee("debug")&&console.debug(`${f("[debug]")} ${t}`,...e)},info(t,...e){ee("info")&&console.log(t,...e)},warn(t,...e){ee("warn")&&console.warn(`${Ct} ${t}`,...e)},error(t,...e){ee("error")&&console.error(`${Ee} ${t}`,...e)},success(t){ee("info")&&console.log(`${G} ${t}`)},step(t){ee("info")&&console.log(`  ${f("\u203A")} ${t}`)},flame(t){ee("info")&&console.log(t)},detail(t,e){ee("info")&&console.log(`  ${f(t+":")} ${e}`)},spin(t){return ct?new ke(t):new ke(t).start()},json(t){console.log(JSON.stringify(t,null,2))}}});import{homedir as Gn}from"os";import{join as ne,resolve as Un}from"path";import{existsSync as Jn}from"fs";function Ge(){let t=process.argv[1];if(t){let e=Un(t);if(Jn(e))return{command:process.execPath,args:[e,"mcp"]}}return{command:"gibil",args:["mcp"]}}var te,S,D=se(()=>{"use strict";te=ne(Gn(),".gibil"),S={root:te,instances:ne(te,"instances"),keys:ne(te,"keys"),jobs:ne(te,"jobs"),instanceFile:t=>ne(te,"instances",`${t}.json`),keyDir:t=>ne(te,"keys",t),privateKey:t=>ne(te,"keys",t,"id_ed25519"),publicKey:t=>ne(te,"keys",t,"id_ed25519.pub")}});var ze={};st(ze,{clearApiKey:()=>dt,fetchUsage:()=>pt,getApiKey:()=>P,getApiUrl:()=>Vn,getApiUrlFromConfig:()=>Ue,getDefaultAgent:()=>je,getHetznerToken:()=>mt,getServerDefaults:()=>Zn,saveApiKey:()=>ut,saveDefaultAgent:()=>Je,saveHetznerToken:()=>Te,saveServerDefaults:()=>ft,trackUsage:()=>Y,verifyApiKey:()=>oe});import{readFile as zn,writeFile as Bn,mkdir as qn}from"fs/promises";import{existsSync as Wn}from"fs";import{join as Yn}from"path";async function U(){if(!Wn(lt))return{};let t=await zn(lt,"utf-8");return JSON.parse(t)}async function Ce(t){await qn(S.root,{recursive:!0,mode:448}),await Bn(lt,JSON.stringify(t,null,2),{mode:384})}async function ut(t){let e=await U();e.api_key=t,await Ce(e)}async function P(){return process.env.GIBIL_API_KEY?process.env.GIBIL_API_KEY:(await U()).api_key??null}async function dt(){let t=await U();delete t.api_key,await Ce(t)}function Vn(){return process.env.GIBIL_API_URL??Nt}async function Ue(){return process.env.GIBIL_API_URL?process.env.GIBIL_API_URL:(await U()).api_url??Nt}async function Te(t){let e=await U();e.hetzner_token=t,await Ce(e)}async function mt(){return process.env.HETZNER_API_TOKEN?process.env.HETZNER_API_TOKEN:(await U()).hetzner_token??null}async function ft(t,e){let n=await U();n.default_server_type=t,n.default_location=e,await Ce(n)}async function Zn(){let t=await U();return{serverType:t.default_server_type??"cax11",location:t.default_location??"fsn1"}}async function Je(t){let e=await U();t?e.default_agent=t:delete e.default_agent,await Ce(e)}async function je(){return(await U()).default_agent??null}async function oe(t){let e=await Ue(),n=await fetch(`${e}/auth-verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({api_key:t})});if(n.status===401)throw new Error("Invalid API key. Get one at https://gibil.dev");if(!n.ok){let o=await n.text();throw new Error(`API error (${n.status}): ${o}`)}return await n.json()}async function Y(t,e,n,o){let i=await Ue(),a=await fetch(`${i}/usage-track`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({api_key:t,event:e,instance_name:n,server_type:o})});if(a.status===429)throw new Error("Usage limit reached. Please try again later or contact support.");if(!a.ok){let s=await a.text();throw new Error(`Usage tracking failed (${a.status}): ${s}`)}}async function pt(t){let e=await Ue(),n=await fetch(`${e}/usage-get`,{headers:{Authorization:`Bearer ${t}`}});if(!n.ok){let o=await n.text();throw new Error(`Failed to fetch usage (${n.status}): ${o}`)}return await n.json()}var lt,Nt,J=se(()=>{"use strict";D();lt=Yn(S.root,"config.json"),Nt="https://zopdxjruwktjyjunitrv.supabase.co/functions/v1"});var At={};st(At,{HetznerProvider:()=>N});function gt(t){return{id:t.id,name:t.name,status:t.status,ipv4:t.public_net.ipv4.ip,ipv6:t.public_net.ipv6.ip,serverType:t.server_type?.name??"unknown",location:t.datacenter?.location?.name??"unknown",labels:t.labels,created:t.created}}function Qn(t){return{id:t.id,name:t.name,fingerprint:t.fingerprint??""}}var Xn,N,ge=se(()=>{"use strict";I();Xn="https://api.hetzner.cloud/v1";N=class t{token;constructor(e){this.token=e}static async create(e){let{getHetznerToken:n}=await Promise.resolve().then(()=>(J(),ze)),o=e??await n();if(!o)throw new Error("HETZNER_API_TOKEN is required. Run 'gibil init' or set it in your environment.");return new t(o)}async request(e,n,o){let i=`${Xn}${n}`;r.debug(`${e} ${i}`);let a=await fetch(i,{method:e,headers:{Authorization:`Bearer ${this.token}`,"Content-Type":"application/json"},body:o?JSON.stringify(o):void 0,signal:AbortSignal.timeout(3e4)});if(!a.ok){let s=await a.text(),c;try{c=JSON.parse(s).error?.message??s}catch{c=s}let l="";throw a.status===401||a.status===403?l=`
+  Your Hetzner token may be invalid or expired. Run: gibil init --force`:a.status===409&&c.includes("name")?l=`
+  A server with this name already exists. Try a different --name or run: gibil destroy <name>`:a.status===422&&(c.includes("location")||c.includes("server_type"))?l=`
+  This server type may not be available in your region. Run: gibil init --force`:a.status===429&&(l=`
+  Rate limited by Hetzner. Wait a moment and retry your command.`),new Error(`Hetzner API error (${a.status}): ${c}${l}`)}return a.status===204?{}:await a.json()}async createServer(e,n,o,i,a){if(!i||!a){let{getServerDefaults:d}=await Promise.resolve().then(()=>(J(),ze)),m=await d();i=i??m.serverType,a=a??m.location}if(i.startsWith("cax")&&!["fsn1","nbg1"].includes(a))throw new Error(`ARM server type "${i}" is not available in "${a}". Use --location fsn1 or --location nbg1, or switch to an x86 type (cpx11, cpx21, etc.).`);let l=typeof n=="string"?parseInt(n,10):n,u={name:e,server_type:i,image:"ubuntu-24.04",ssh_keys:[l],labels:{gibil:"true","gibil-name":e},location:a};r.debug(`createServer payload: ${JSON.stringify({name:e,server_type:i,image:"ubuntu-24.04",location:a})}`),o&&(u.user_data=o);try{let d=await this.request("POST","/servers",u);return gt(d.server)}catch(d){let m=`(server_type=${i}, location=${a}). Try a different --server-type or --location.`;throw d instanceof Error?new Error(`${d.message} ${m}`):d}}async destroyServer(e){await this.request("DELETE",`/servers/${e}`)}async getServer(e){let n=await this.request("GET",`/servers/${e}`);return gt(n.server)}async listServers(e="gibil=true"){return(await this.request("GET",`/servers?label_selector=${encodeURIComponent(e)}&per_page=50`)).servers.map(gt)}async waitForReady(e,n=12e4){let o=Date.now(),i=3e3;for(;Date.now()-o<n;){let a=await this.getServer(e);if(a.status==="running"&&a.ipv4!=="0.0.0.0")return a;r.debug(`Server ${e} status: ${a.status}, waiting...`),await new Promise(s=>setTimeout(s,i))}throw new Error(`Server ${e} did not become ready within ${n/1e3}s`)}async createSSHKey(e,n){let o=await this.request("POST","/ssh_keys",{name:e,public_key:n});return Qn(o.ssh_key)}async deleteSSHKey(e){await this.request("DELETE",`/ssh_keys/${e}`)}}});import{readFile as ho,writeFile as yo,mkdir as Jt,rm as Bt,readdir as vo,rename as wo}from"fs/promises";import{existsSync as zt}from"fs";import{join as ht}from"path";async function vt(t,e,n){let o=`${t}.tmp`;await yo(o,e,n);try{await wo(o,t)}catch(i){throw await Bt(o,{force:!0}).catch(a=>{console.warn(`Warning: failed to clean up temp file ${o}: ${a}`)}),i}}var yt,Pe,ce,We,E,we,B,A=se(()=>{"use strict";D();yt=class{instancesDir;keysDir;constructor(e){let n=e??S.root;this.instancesDir=ht(n,"instances"),this.keysDir=ht(n,"keys")}async ensureDirectories(){await Jt(this.instancesDir,{recursive:!0,mode:448}),await Jt(this.keysDir,{recursive:!0,mode:448})}instanceFile(e){return ht(this.instancesDir,`${e}.json`)}async save(e){await this.ensureDirectories(),await vt(this.instanceFile(e.name),JSON.stringify(e,null,2),{mode:384})}async load(e){let n=this.instanceFile(e);if(!zt(n))return null;let o=await ho(n,"utf-8");return JSON.parse(o)}async loadOrThrow(e){let n=await this.load(e);if(!n)throw new Error(`Instance "${e}" not found. Run "gibil list" to see active instances.`);return n}async loadActiveOrThrow(e){let n=await this.loadOrThrow(e);if(new Date>new Date(n.expiresAt))throw new Error(`Instance "${e}" has expired (TTL was ${n.ttlMinutes}m). Run "gibil destroy ${e}" to clean up.`);return n}async delete(e){let n=this.instanceFile(e);zt(n)&&await Bt(n)}async list(){await this.ensureDirectories();let e=await vo(this.instancesDir),n=[];for(let o of e){if(!o.endsWith(".json"))continue;let i=o.replace(".json",""),a=await this.load(i);a&&n.push(a)}return n}},Pe=new yt,ce=t=>Pe.save(t),We=t=>Pe.loadOrThrow(t),E=t=>Pe.loadActiveOrThrow(t),we=t=>Pe.delete(t),B=()=>Pe.list()});var en={};st(en,{JobStore:()=>Qe,deleteJob:()=>jo,deleteJobsByInstance:()=>Re,listJobs:()=>be,listJobsByInstance:()=>Po,loadJob:()=>To,loadJobOrThrow:()=>ie,saveJob:()=>K});import{readFile as ko,mkdir as Zt,rm as Eo,readdir as Co}from"fs/promises";import{existsSync as Xt}from"fs";import{join as Qt}from"path";var Qe,ue,K,To,ie,jo,be,Po,Re,de=se(()=>{"use strict";D();A();Qe=class{jobsDir;constructor(e){let n=e??S.root;this.jobsDir=Qt(n,"jobs")}jobFile(e){if(!/^[a-zA-Z0-9_-]+$/.test(e))throw new Error(`Invalid job ID: "${e}"`);return Qt(this.jobsDir,`${e}.json`)}async save(e){await Zt(this.jobsDir,{recursive:!0,mode:448}),await vt(this.jobFile(e.id),JSON.stringify(e,null,2),{mode:384})}async load(e){let n=this.jobFile(e);if(!Xt(n))return null;let o=await ko(n,"utf-8");return JSON.parse(o)}async loadOrThrow(e){let n=await this.load(e);if(!n)throw new Error(`Job "${e}" not found. Run "gibil job list" to see active jobs.`);return n}async delete(e){let n=this.jobFile(e);Xt(n)&&await Eo(n)}async list(){await Zt(this.jobsDir,{recursive:!0,mode:448});let e=await Co(this.jobsDir),n=[];for(let o of e){if(!o.endsWith(".json"))continue;let i=o.replace(".json",""),a=await this.load(i);a&&n.push(a)}return n}async listByInstance(e){return(await this.list()).filter(o=>o.instance===e)}async deleteByInstance(e){let n=await this.listByInstance(e);for(let o of n)await this.delete(o.id)}},ue=new Qe,K=t=>ue.save(t),To=t=>ue.load(t),ie=t=>ue.loadOrThrow(t),jo=t=>ue.delete(t),be=()=>ue.list(),Po=t=>ue.listByInstance(t),Re=t=>ue.deleteByInstance(t)});import{Command as pr}from"commander";import{readFileSync as gr}from"fs";import{fileURLToPath as hr}from"url";import{dirname as yr,join as vr}from"path";ge();D();import{mkdir as eo,rm as Ot,readFile as to,chmod as no}from"fs/promises";import{existsSync as Rt}from"fs";import{execFile as oo}from"child_process";import{promisify as ro}from"util";var io=ro(oo);async function Be(t){let e=S.keyDir(t);Rt(e)&&await Ot(e,{recursive:!0}),await eo(e,{recursive:!0});let n=S.privateKey(t),o=S.publicKey(t);await io("ssh-keygen",["-t","ed25519","-f",n,"-N","","-C",`gibil-${t}`]),await no(n,384);let i=await to(o,"utf-8");return{privateKeyPath:n,publicKeyPath:o,publicKey:i.trim()}}async function re(t){let e=S.keyDir(t);Rt(e)&&await Ot(e,{recursive:!0})}D();I();O();import{Client as Mt}from"ssh2";import{readFile as Ht}from"fs/promises";async function $(t){let{instanceName:e,ip:n,command:o,stream:i=!1,timeoutMs:a=3e4}=t,s=await Ht(S.privateKey(e),"utf-8");return new Promise((c,l)=>{let u=new Mt,d="",m="";u.on("ready",()=>{r.debug(`SSH connected to ${n}`),u.exec(o,(p,g)=>{if(p)return u.end(),l(p);g.on("data",h=>{let w=h.toString();d+=w,i&&process.stdout.write(w)}),g.stderr.on("data",h=>{let w=h.toString();m+=w,i&&process.stderr.write(w)}),g.on("close",h=>{u.end(),c({stdout:d,stderr:m,exitCode:h??0})})})}).on("error",p=>{let g="";p.code==="ECONNREFUSED"?g=" (instance may have been destroyed or is still booting)":p.code==="EHOSTUNREACH"?g=" (IP unreachable \u2014 instance may not be running)":p.code==="ETIMEDOUT"&&(g=" (connection timed out \u2014 check if instance is running with 'gibil list')"),l(new Error(`SSH connection to ${n} failed: ${p.message}${g}`))}).connect({host:n,port:22,username:"root",privateKey:s,readyTimeout:a,hostVerifier:()=>!0,agent:process.env.SSH_AUTH_SOCK,agentForward:!0})})}function Dt(t){let{instanceName:e,ip:n,filePath:o,timeoutMs:i=3e4}=t,a=null,s=!1;return(async()=>{try{let c=await Ht(S.privateKey(e),"utf-8");a=new Mt,await new Promise((l,u)=>{a.on("ready",()=>{a.exec(`tail -f ${o} 2>/dev/null`,(d,m)=>{if(d)return a.end(),u(d);m.on("data",p=>{s||process.stdout.write(f(p.toString()))}),m.stderr.on("data",p=>{s||process.stderr.write(f(p.toString()))}),m.on("close",()=>{a.end(),l()})})}).on("error",d=>{s||r.debug(`Verbose log tail failed: ${d.message}`),u(d)}).connect({host:n,port:22,username:"root",privateKey:c,readyTimeout:i,hostVerifier:()=>!0})})}catch{}})(),{abort(){if(s=!0,a)try{a.end()}catch{}}}}async function qe(t,e,n=12e4){let o=Date.now(),i=5e3;for(;Date.now()-o<n;)try{await $({instanceName:t,ip:e,command:"echo ready",timeoutMs:1e4});return}catch{r.debug(`SSH not ready on ${e}, retrying...`),await new Promise(a=>setTimeout(a,i))}throw new Error(`SSH did not become available on ${e} within ${n/1e3}s`)}function ae(t){let{repo:e,config:n,ttlMinutes:o,githubToken:i,gitIdentity:a}=t,s=["#!/bin/bash","set -euo pipefail","","# \u2500\u2500 Gibil cloud-init \u2500\u2500","export HOME=/root","export DEBIAN_FRONTEND=noninteractive"];i&&s.push(`export GITHUB_TOKEN=${R(i)}`),s.push("","# Base packages","apt-get update -qq","apt-get install -y -qq git curl wget build-essential unzip > /dev/null 2>&1","","# Install GitHub CLI","if ! type gh > /dev/null 2>&1; then","  curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg 2>/dev/null","  chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg","  ARCH=$(dpkg --print-architecture)",'  echo "deb [arch=${ARCH} signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" > /etc/apt/sources.list.d/github-cli.list',"  apt-get update -qq && apt-get install -y -qq gh > /dev/null 2>&1","fi","");let c=n?.image??"node:20";if(s.push(...so(c)),t.agent){let l=lo(t.agent);l&&(s.push(`# Install ${t.agent} + tmux`),t.agent==="aider"&&s.push("apt-get install -y -qq python3-pip > /dev/null 2>&1"),s.push(`${l} > /dev/null 2>&1`,"apt-get install -y -qq tmux > /dev/null 2>&1",""))}if(n?.services&&n.services.length>0){s.push(...ao()),s.push("");for(let l of n.services)s.push(...co(l))}if(n?.env){s.push("# Environment variables");for(let[l,u]of Object.entries(n.env))s.push(`export ${l}=${R(u)}`),s.push(`echo ${R(`${l}=${u}`)} >> /etc/environment`);s.push("")}if(s.push("# Configure git"),a?(s.push(`git config --global user.email ${R(a.email)}`),s.push(`git config --global user.name ${R(a.name)}`),a.signingKey&&(s.push("git config --global gpg.format ssh"),s.push(`git config --global user.signingkey ${R("key::"+a.signingKey)}`),s.push("git config --global commit.gpgsign true"),s.push("git config --global tag.gpgsign true"),s.push("mkdir -p /root/.ssh"),s.push(`echo ${R(a.email+" "+a.signingKey)} > /root/.ssh/allowed_signers`),s.push("git config --global gpg.ssh.allowedSignersFile /root/.ssh/allowed_signers"))):(s.push("git config --global user.email 'gibil@bot.dev'"),s.push("git config --global user.name 'Gibil Bot'")),s.push(""),e){let l=e.match(/github\.com\/([^/]+\/[^/.]+)/);if(s.push("# Clone repository"),s.push("cd /root"),l){let u=l[1];s.push('if [ -n "${GITHUB_TOKEN:-}" ]; then'),s.push(`  CLONE_URL="https://x-access-token:\${GITHUB_TOKEN}@github.com/${u}.git"`),s.push("else"),s.push(`  CLONE_URL='https://github.com/${u}.git'`),s.push("fi"),s.push('timeout 300 git clone "$CLONE_URL" /root/project || { echo "Git clone failed or timed out"; exit 1; }')}else s.push(`timeout 300 git clone ${R(e)} /root/project || { echo "Git clone failed or timed out"; exit 1; }`);s.push("cd /root/project"),s.push(""),s.push('if [ -n "${GITHUB_TOKEN:-}" ]; then'),s.push('  echo "${GITHUB_TOKEN}" | gh auth login --with-token 2>/dev/null || true'),l&&s.push(`  git -C /root/project remote set-url origin "https://x-access-token:\${GITHUB_TOKEN}@github.com/${l[1]}.git"`),s.push("fi"),s.push("")}if(o&&o>0&&(s.push("# Auto-destroy after TTL"),s.push(`echo "shutdown -h now" | at now + ${o} minutes 2>/dev/null || true`),s.push(`(sleep ${o*60} && shutdown -h now) &`),s.push("")),s.push("# Clean up cloud-init secrets"),s.push("rm -f /var/lib/cloud/instance/user-data.txt"),s.push(""),s.push("# Signal that infrastructure is ready"),s.push("touch /root/.gibil-ready"),s.push('echo "Gibil infrastructure ready"'),s.push(""),e&&n?.tasks&&n.tasks.length>0){s.push("# Run project tasks"),s.push("cd /root/project");for(let l of n.tasks)s.push(`echo '\u25B6 Running task: '${R(l.name)}`),s.push(`if ! ${l.command}; then`),s.push(`  echo '\u2717 Task failed: '${R(l.name)}`),s.push("  touch /root/.gibil-tasks-failed"),s.push("fi");s.push(""),s.push("# Signal tasks complete"),s.push("if [ ! -f /root/.gibil-tasks-failed ]; then"),s.push("  touch /root/.gibil-tasks-done"),s.push('  echo "Gibil tasks complete"'),s.push("else"),s.push('  echo "Gibil tasks finished with errors"'),s.push("fi")}return s.join(`
+`)}function so(t){let e=[];if(t.startsWith("node:")){let n=t.split(":")[1]??"20";e.push("# Install Node.js"),e.push(`curl -fsSL https://deb.nodesource.com/setup_${n}.x | bash - > /dev/null 2>&1`),e.push("apt-get install -y -qq nodejs > /dev/null 2>&1"),e.push("npm install -g pnpm@latest > /dev/null 2>&1"),e.push("")}else if(t.startsWith("python:")){let n=t.split(":")[1]??"3.12";e.push("# Install Python"),e.push(`apt-get install -y -qq python${n} python3-pip python3-venv > /dev/null 2>&1`),e.push("")}else if(t.startsWith("go:")){let n=t.split(":")[1]??"1.22";e.push("# Install Go"),e.push('GO_ARCH=$(uname -m | sed "s/x86_64/amd64/" | sed "s/aarch64/arm64/")'),e.push(`wget -q https://go.dev/dl/go${n}.linux-\${GO_ARCH}.tar.gz -O /tmp/go.tar.gz`),e.push("tar -C /usr/local -xzf /tmp/go.tar.gz"),e.push("export PATH=$PATH:/usr/local/go/bin"),e.push('echo "export PATH=\\$PATH:/usr/local/go/bin" >> /root/.bashrc'),e.push("")}else e.push("# Install Node.js (default)"),e.push("curl -fsSL https://deb.nodesource.com/setup_20.x | bash - > /dev/null 2>&1"),e.push("apt-get install -y -qq nodejs > /dev/null 2>&1"),e.push("npm install -g pnpm@latest > /dev/null 2>&1"),e.push("");return e}function ao(){return["# Install Docker","curl -fsSL https://get.docker.com | sh > /dev/null 2>&1","systemctl enable docker --now"]}function co(t){let e=[];e.push(`# Start service: ${t.name.replace(/[^a-zA-Z0-9_-]/g,"")}`);let o=`docker run -d --name ${t.name.replace(/[^a-zA-Z0-9_-]/g,"")}`;if(t.port&&(o+=` -p ${t.port}:${t.port}`),t.env)for(let[i,a]of Object.entries(t.env))o+=` -e ${i}=${R(a)}`;return o+=` ${R(t.image)}`,e.push(o),e.push(""),e}var Kt={claude:"npm install -g @anthropic-ai/claude-code",aider:"pip install --break-system-packages aider-chat",codex:"npm install -g @openai/codex"},he={claude:["ANTHROPIC_API_KEY"],aider:["ANTHROPIC_API_KEY","OPENAI_API_KEY"],codex:["OPENAI_API_KEY"]},z=Object.keys(Kt);function lo(t){return Kt[t]??null}function R(t){return`'${t.replace(/'/g,"'\\''")}'`}import{readFile as uo}from"fs/promises";import{existsSync as Lt,statSync as mo}from"fs";import{join as fo}from"path";import{parse as Gt}from"yaml";async function ye(t){let e=t.match(/github\.com\/([^/]+)\/([^/.]+)/);if(!e)return null;let[,n,o]=e,i=`https://raw.githubusercontent.com/${n}/${o}/HEAD/.gibil.yml`;try{let a={};process.env.GITHUB_TOKEN&&(a.Authorization=`token ${process.env.GITHUB_TOKEN}`);let s=await fetch(i,{signal:AbortSignal.timeout(1e4),headers:a});if(!s.ok)return null;let c=await s.text();return go(c)}catch{return null}}var po=".gibil.yml";async function ve(t){let e;if(Lt(t)&&mo(t).isFile()?e=t:e=fo(t,po),!Lt(e))return null;let n=await uo(e,"utf-8"),o=Gt(n);return Ut(o)}function go(t){let e=Gt(t);return Ut(e)}function Ut(t){if(!t||typeof t!="object")throw new Error("Invalid .gibil.yml: must be a YAML object");let e=t,n={};return typeof e.name=="string"&&(n.name=e.name),typeof e.image=="string"&&(n.image=e.image),typeof e.server_type=="string"&&(n.server_type=e.server_type),typeof e.location=="string"&&(n.location=e.location),Array.isArray(e.services)&&(n.services=e.services.map(o=>{let i=o;if(typeof i.name!="string"||typeof i.image!="string")throw new Error("Each service must have a 'name' and 'image' field");return{name:i.name,image:i.image,port:typeof i.port=="number"?i.port:void 0,env:Ft(i.env,`service "${i.name}"`)}})),Array.isArray(e.tasks)&&(n.tasks=e.tasks.map(o=>{let i=o;if(typeof i.name!="string"||typeof i.command!="string")throw new Error("Each task must have a 'name' and 'command' field");return{name:i.name,command:i.command}})),e.env!==void 0&&(n.env=Ft(e.env,"top-level")),n}function Ft(t,e){if(t==null)return;if(typeof t!="object"||Array.isArray(t))throw new Error(`env in ${e} must be a key-value object`);let n={};for(let[o,i]of Object.entries(t))if(typeof i=="string")n[o]=i;else if(typeof i=="number"||typeof i=="boolean")n[o]=String(i);else throw new Error(`env.${o} in ${e} must be a string, number, or boolean \u2014 got ${typeof i}`);return Object.keys(n).length>0?n:void 0}A();import{randomBytes as bo}from"crypto";function le(t=6){return bo(Math.ceil(t/2)).toString("hex").slice(0,t)}function Ne(){return`gibil-${le()}`}function qt(){return`fleet-${le(8)}`}function Ye(){return`j-${le(8)}`}D();I();var $o=/^[a-zA-Z0-9][a-zA-Z0-9_-]{0,62}$/;function Ve(t){if(!$o.test(t))throw new Error(`Invalid instance name "${t}". Names must be 1-63 chars, start with alphanumeric, and contain only [a-zA-Z0-9_-].`);return t}function Ae(t,e){let n=parseInt(t,10);if(isNaN(n)||n<=0)throw new Error(`${e} must be a positive integer, got "${t}"`);return n}J();O();import{execSync as Ze}from"child_process";import{readFileSync as xo}from"fs";var wt="key::";function So(){try{let t=Ze("git config user.name",{encoding:"utf-8"}).trim(),e=Ze("git config user.email",{encoding:"utf-8"}).trim();if(!t||!e)return;let n;try{if(Ze("git config gpg.format",{encoding:"utf-8"}).trim()==="ssh"){let i=Ze("git config user.signingkey",{encoding:"utf-8"}).trim();if(i)try{n=xo(i,"utf-8").trim()}catch{(i.startsWith("ssh-")||i.startsWith(wt))&&(n=i.startsWith(wt)?i.slice(wt.length):i)}}}catch{}return{name:t,email:e,signingKey:n}}catch{return}}async function Xe(t,e,n){r.step("Generating SSH keys...");let o=await Be(e),i,a;try{r.step("Uploading SSH key..."),i=await t.createSSHKey(`gibil-${e}-${le(4)}`,o.publicKey),n.repo&&n.repo.includes("github.com")&&!process.env.GITHUB_TOKEN&&r.debug("No GITHUB_TOKEN set \u2014 private repos will fail to clone. Set GITHUB_TOKEN to enable private repo access.");let s=So(),c=ae({repo:n.repo,config:n.config??void 0,ttlMinutes:n.ttlMinutes,githubToken:process.env.GITHUB_TOKEN,gitIdentity:s,agent:n.agent}),l=r.spin("Creating server on Hetzner..."),u=await t.createServer(e,i.id,c,n.serverType??n.config?.server_type,n.location??n.config?.location);a=u.id,l.succeed("Server created");let d=r.spin("VM booting..."),p=(await t.waitForReady(u.id)).ipv4;d.succeed(`VM running at ${p}`);let g=new Date,h={name:e,serverId:u.id,ip:p,sshKeyId:i.id,keyPath:S.privateKey(e),status:"running",createdAt:g.toISOString(),ttlMinutes:n.ttlMinutes,expiresAt:new Date(g.getTime()+n.ttlMinutes*6e4).toISOString(),repo:n.repo,fleetId:n.fleetId,gitIdentity:s};await ce(h);let w=r.spin("Waiting for SSH...");if(await qe(e,p),w.succeed("SSH ready"),n.repo||n.config){let C=r.spin("Provisioning (runtime, repo, deps)..."),b;n.verbose&&!n.json&&(b=Dt({instanceName:e,ip:p,filePath:"/var/log/cloud-init-output.log"}));let v=36e4,Z=5e3,q=Date.now(),fe=!1;for(;Date.now()-q<v;){try{if((await $({instanceName:e,ip:p,command:"test -f /root/.gibil-ready && echo ready || echo waiting",timeoutMs:1e4})).stdout.trim()==="ready"){fe=!0;break}}catch{}await new Promise(W=>setTimeout(W,Z))}if(b?.abort(),fe)C.succeed("Provisioning complete");else{C.fail("Provisioning may have failed");try{let W=await $({instanceName:e,ip:p,command:"tail -20 /var/log/cloud-init-output.log 2>/dev/null || echo 'No cloud-init log found'",timeoutMs:1e4});r.info(W.stdout)}catch{r.warn("Could not read cloud-init log.")}}}return h}catch(s){throw r.error(`Failed to create instance "${e}", cleaning up...`),a&&await t.destroyServer(a).catch(c=>r.warn(`Could not destroy Hetzner server ${a}: ${c instanceof Error?c.message:String(c)}`)),i&&await t.deleteSSHKey(i.id).catch(c=>r.warn(`Could not delete Hetzner SSH key ${i.id}: ${c instanceof Error?c.message:String(c)}`)),await re(e).catch(c=>r.warn(`Could not clean up local SSH keys: ${c instanceof Error?c.message:String(c)}`)),s}}function Wt(t){let e=Math.max(0,Math.floor((new Date(t.expiresAt).getTime()-Date.now())/1e3));return{name:t.name,ip:t.ip,ssh:`ssh -i ${t.keyPath} -o StrictHostKeyChecking=no root@${t.ip}`,status:t.status,ttl_remaining:e,created_at:t.createdAt,fleet_id:t.fleetId}}function Yt(t){t.command("create").description("Spin up one or more ephemeral dev machines").option("-n, --name <name>","Instance name").option("-f, --fleet <count>","Number of instances to create in parallel").option("-r, --repo <git-url>","Git repository to clone on startup").option("--json","Output instance info as JSON").option("--ttl <minutes>","Auto-destroy after N minutes","60").option("-c, --config <path>","Path to .gibil.yml config").option("--server-type <type>","Hetzner server type (e.g. cpx11, cpx21)").option("--location <loc>","Hetzner location (e.g. fsn1, nbg1)").option("-q, --quiet","Suppress non-essential output").option("-e, --env <KEY=VALUE...>","Environment variables to set on the server").option("--agent <name>","Install a coding agent (claude, aider, codex)").option("-V, --verbose","Stream cloud-init logs during provisioning").option("--dry-run","Print config summary and cloud-init script without deploying").action(async e=>{e.json&&_(!0);let n=Ae(e.ttl??"60","TTL");if(n>10080)throw new Error("TTL cannot exceed 7 days (10080 minutes).");let o=Ae(e.fleet??"1","Fleet count");if(o>20)throw new Error("Fleet size cannot exceed 20. Contact support for higher limits.");if(e.name&&Ve(e.name),!e.agent){let l=await je();l&&(e.agent=l)}if(e.agent&&!z.includes(e.agent))throw new Error(`Unknown agent "${e.agent}". Supported: ${z.join(", ")}`);let i={};if(e.env)for(let l of e.env){let u=l.indexOf("=");if(u<=0)throw new Error(`Invalid --env format: "${l}". Use KEY=VALUE.`);i[l.slice(0,u)]=l.slice(u+1)}i.GITHUB_TOKEN&&!process.env.GITHUB_TOKEN&&(process.env.GITHUB_TOKEN=i.GITHUB_TOKEN);let a=null;if(e.config?a=await ve(e.config):e.repo?a=await ye(e.repo)??await ve(process.cwd()):a=await ve(process.cwd()),Object.keys(i).length>0&&(a||(a={}),a.env={...a.env,...i}),e.dryRun){let l=e.name??Ne(),u=e.serverType??a?.server_type??"cx22",d=e.location??a?.location??"nbg1",m=a?.image??"node:20",p=ae({repo:e.repo,config:a??void 0,ttlMinutes:n,githubToken:process.env.GITHUB_TOKEN,gitIdentity:void 0,agent:e.agent}),g={name:l,serverType:u,location:d,image:m,ttlMinutes:n,repo:e.repo,agent:e.agent,cloudInitScript:p};e.json?r.json(g):(r.info(""),r.info(y("Dry run \u2014 no server will be created")),r.info(""),r.info(`  ${f("Name:")}         ${l}`),r.info(`  ${f("Server type:")}  ${u}`),r.info(`  ${f("Location:")}     ${d}`),r.info(`  ${f("Image:")}        ${m}`),r.info(`  ${f("TTL:")}          ${n} minutes`),e.repo&&r.info(`  ${f("Repo:")}         ${e.repo}`),e.agent&&r.info(`  ${f("Agent:")}        ${e.agent}`),r.info(""),r.info("Cloud-init script:"),r.info("\u2500".repeat(17)),r.info(p));return}let s=await P();if(s){r.info("Verifying API key...");let l=await oe(s);r.info(`  Authenticated as ${l.user.email} (${l.user.plan})`)}if(e.agent&&!he[e.agent]?.some(u=>a?.env?.[u]||i[u])){let u=he[e.agent]?.join(" or ")??"";r.warn(`${e.agent} needs ${u}. SSH in and export it (recommended) or pass with --env.`)}let c=await N.create();if(o===1){let l=e.name??Ne(),u=Date.now(),d=r.spin(`Forging "${l}"...`),m=await Xe(c,l,{repo:e.repo,ttlMinutes:n,config:a,serverType:e.serverType,location:e.location,agent:e.agent,verbose:e.verbose}),p=((Date.now()-u)/1e3).toFixed(1);d.succeed(k.createReady(l,p)),s&&await Y(s,"create",m.name,e.serverType).catch(g=>r.debug(`Usage tracking failed: ${g instanceof Error?g.message:String(g)}`)),e.json?r.json(Wt(m)):(r.info(""),r.info(Fe("Server ready",[`${f("Name:")}  ${y(m.name)}`,`${f("IP:")}    ${m.ip}`,`${f("TTL:")}   ${n} minutes`,`${f("SSH:")}   ${y(`gibil ssh ${m.name}`)}`])),r.info(""),r.info(f("  Try:")),r.info(`    ${y(`gibil run ${m.name} "<your test command>"`)}`),r.info(`    ${y(`gibil ssh ${m.name}`)}`),r.info(`    ${y(`gibil destroy ${m.name}`)}`),r.info(""))}else{let l=qt(),u=e.name??"gibil",d=Date.now(),m=r.spin(`Forging fleet "${l}" \u2014 ${o} servers...`),p=Array.from({length:o},(b,v)=>`${u}-${v+1}-${l.slice(6)}`),g=await Promise.allSettled(p.map(b=>Xe(c,b,{repo:e.repo,ttlMinutes:n,config:a,serverType:e.serverType,location:e.location,fleetId:l,agent:e.agent,verbose:e.verbose}))),h=[],w=[];for(let b=0;b<g.length;b++){let v=g[b];v.status==="fulfilled"?h.push(v.value):w.push(`${p[b]}: ${v.reason instanceof Error?v.reason.message:String(v.reason)}`)}let C=((Date.now()-d)/1e3).toFixed(1);if(m.succeed(k.fleetReady(h.length,o)+` ${f(`(${C}s)`)}`),s&&await Promise.all(h.map(b=>Y(s,"create",b.name,e.serverType).catch(v=>r.debug(`Usage tracking failed for ${b.name}: ${v instanceof Error?v.message:String(v)}`)))),e.json)r.json({fleet_id:l,instances:h.map(Wt),errors:w});else{r.info("");for(let b of h)r.info(`  ${G} ${y(b.name)} ${f("\u2192")} ${b.ip}`);for(let b of w)r.info(`  ${Ee} ${b}`);r.info("")}}})}A();import{spawn as Ao}from"child_process";import{spawn as _o}from"child_process";import{existsSync as Io}from"fs";function Oe(t){if(t.includes(":")){let e=t.split(":");if(e.length!==3)throw new Error(`Invalid port mapping "${t}". Use PORT or LOCAL:HOST:REMOTE.`);let[n,,o]=e;bt(n,t),bt(o,t)}else bt(t,t)}function bt(t,e){let n=parseInt(t,10);if(isNaN(n)||n<1||n>65535||String(n)!==t)throw new Error(`Invalid port number in "${e}". Must be 1-65535.`)}function Vt(t,e){if(!Io(t.keyPath))throw new Error(`SSH key not found: ${t.keyPath}. The instance may have been destroyed.`);let n=[];for(let o of e){Oe(o);let i=o.includes(":")?o:`${o}:localhost:${o}`,a=o.includes(":")?o.split(":")[0]:o;n.push(a),_o("ssh",["-f","-N","-L",i,"-i",t.keyPath,"-o","StrictHostKeyChecking=no","-o","UserKnownHostsFile=/dev/null","-o","LogLevel=ERROR","-o","ExitOnForwardFailure=yes",`root@${t.ip}`],{stdio:"ignore",detached:!0}).unref()}return n}I();O();I();A();de();var No=["ECONNREFUSED","EHOSTUNREACH","ETIMEDOUT"];function me(t){if(!(t instanceof Error))return!1;let e=t.message;return No.some(n=>e.includes(n))}async function L(t){try{let{HetznerProvider:e}=await Promise.resolve().then(()=>(ge(),At)),{getHetznerToken:n}=await Promise.resolve().then(()=>(J(),ze)),o=await n();return o?(await(await e.create(o)).getServer(t.serverId),"still_exists"):"api_error"}catch(e){return e instanceof Error&&e.message.includes("(404)")?(await re(t.name),await Re(t.name),await we(t.name),r.warn(`Instance "${t.name}" no longer exists on Hetzner \u2014 cleaned up local metadata`),"cleaned"):"api_error"}}function tn(t){t.command("ssh <name>").description("SSH into a running ephemeral machine").option("-p, --port <ports...>","Forward local port(s) to server (e.g. --port 3000 --port 5432)").action(async(e,n)=>{let o=await E(e),i=["-A","-i",o.keyPath,"-o","StrictHostKeyChecking=no","-o","UserKnownHostsFile=/dev/null","-o","LogLevel=ERROR"];if(n.port&&n.port.length>0){for(let s of n.port){Oe(s);let c=s.includes(":")?s:`${s}:localhost:${s}`;i.push("-L",c)}r.info("");for(let s of n.port){let c=s.includes(":")?s.split(":")[0]:s;r.info(`  Forwarding ${y(`localhost:${c}`)} \u2192 ${e}:${s}`)}r.info(""),r.info(f("  Tunnel active while SSH session is open. Ctrl+C to stop.")),r.info("")}i.push(`root@${o.ip}`),Ao("ssh",i,{stdio:"inherit"}).on("exit",s=>{let c=()=>process.exit(s??0);s===255?L(o).then(c,c):c()})})}A();de();I();function nn(t){t.command("run <name> <command...>").description("Execute a command on a running instance").option("--json","Output result as JSON").option("--timeout <seconds>","Command timeout in seconds (default: 30)").option("-b, --background","Run in background, return job ID immediately").action(async(e,n,o)=>{o.json&&_(!0);let i=await E(e),a=n.join(" "),s=o.timeout?Ae(o.timeout,"Timeout")*1e3:3e4;if(o.background){let l=Ye(),u="/root/.gibil-jobs",d=`${u}/${l}.log`,m=`${u}/${l}.exit`,p=`${u}/${l}.pid`,g=`${u}/${l}.sh`,h=["#!/bin/bash",`nohup bash -c '${a.replace(/'/g,"'\\''")}' > ${d} 2>&1 &`,"BGPID=$!",`echo $BGPID > ${p}`,`(wait $BGPID 2>/dev/null; echo $? > ${m}) &`,"echo $BGPID"].join(`
+`),w=Buffer.from(h).toString("base64"),C=`mkdir -p ${u} && echo '${w}' | base64 -d > ${g} && chmod +x ${g} && bash ${g}`,b;try{b=await $({instanceName:e,ip:i.ip,command:C,timeoutMs:1e4})}catch(Z){throw me(Z)&&await L(i)==="cleaned"&&process.exit(1),Z}let v=parseInt(b.stdout.trim(),10);isNaN(v)&&(r.error("Failed to start background job \u2014 could not capture PID"),process.exit(1)),await K({id:l,instance:e,command:a,pid:v,status:"running",startedAt:new Date().toISOString()}),o.json?r.json({job_id:l,instance:e,status:"running",pid:v}):(r.info(`Background job started: ${l} (PID ${v})`),r.info(`  Poll: gibil job ${l}`));return}r.info(`Running on "${e}" (${i.ip}): ${a}`);let c;try{c=await $({instanceName:e,ip:i.ip,command:a,stream:!o.json,timeoutMs:s})}catch(l){throw me(l)&&await L(i)==="cleaned"&&process.exit(1),l}o.json?r.json({instance:e,command:a,stdout:c.stdout,stderr:c.stderr,exit_code:c.exitCode}):c.exitCode!==0&&r.error(`Command exited with code ${c.exitCode}`),process.exit(c.exitCode??1)})}ge();A();de();I();J();O();D();import{createHash as on}from"crypto";import{readFile as cn,writeFile as Oo,mkdir as Ro}from"fs/promises";import{existsSync as tt,readFileSync as Mo}from"fs";import{hostname as rn,userInfo as Ho,platform as Do,arch as Ko}from"os";import{join as Se,dirname as ln}from"path";import{fork as Lo}from"child_process";import{fileURLToPath as un}from"url";var et=Se(S.root,"device_id"),sn=Se(S.root,"config.json"),Fo=process.env.GIBIL_TELEMETRY_URL??"https://zopdxjruwktjyjunitrv.supabase.co/functions/v1/telemetry-ingest",Go="tk_alpha_09a93302e0f3e73417a9e9dbfc500a61",Me=null,$e=null;function Uo(){try{let t=Ho(),e=`${rn()}:${t.username}:${t.homedir}`;return on("sha256").update(e).digest("hex").slice(0,16)}catch{return on("sha256").update(`${rn()}:${Date.now()}`).digest("hex").slice(0,16)}}async function dn(){if(Me)return Me;if(tt(et)){let e=(await cn(et,"utf-8")).trim();if(e.length>0)return Me=e,Me}let t=Uo();return await Ro(S.root,{recursive:!0,mode:448}),await Oo(et,t,{mode:384}),Me=t,t}async function $t(){if($e!==null)return $e;let t=process.env.GIBIL_TELEMETRY;if(t!==void 0)return $e=!["0","false","off","no"].includes(t.toLowerCase()),$e;try{if(tt(sn)&&JSON.parse(await cn(sn,"utf-8")).telemetry===!1)return $e=!1,!1}catch{}return $e=!0,!0}async function mn(){return tt(et)?!1:(await dn(),!0)}var xe=null;function Jo(){if(xe)return xe;let t=ln(un(import.meta.url));for(let e of["../package.json","../../package.json"])try{return xe=JSON.parse(Mo(Se(t,e),"utf-8")).version??"0.0.0",xe}catch{}return xe="0.0.0",xe}async function He(t){if(!await $t())return;let e=await dn();if(!e)return;let n={...t,device_id:e,cli_version:Jo(),timestamp:new Date().toISOString(),os:Do(),arch:Ko(),node_version:process.version},o=ln(un(import.meta.url)),a=[Se(o,"telemetry-send.js"),Se(o,"..","utils","telemetry-send.js"),Se(o,"telemetry-send.ts")].find(s=>tt(s));if(a)try{Lo(a,{detached:!0,stdio:"ignore",...a.endsWith(".ts")?{execArgv:["--import","tsx"]}:{},env:{...process.env,TELEMETRY_PAYLOAD:JSON.stringify(n),TELEMETRY_ENDPOINT:Fo,TELEMETRY_INGEST_KEY:Go}}).unref()}catch{}}var an=new Map,zo=5e3;async function fn(t){let e=Date.now(),n=an.get(t)??0;e-n<zo||(an.set(t,e),await He({event:"mcp_tool",tool:t}))}function pn(t){return t.slice(3).filter(e=>e.startsWith("-")).map(e=>e.replace(/=.*$/,""))}async function gn(t,e){let n=await We(e);r.info(`Destroying instance "${e}" (server ${n.serverId})...`);try{await t.destroyServer(n.serverId)}catch(a){r.warn(`Could not delete server ${n.serverId}: ${a instanceof Error?a.message:String(a)}`)}try{await t.deleteSSHKey(n.sshKeyId)}catch(a){r.warn(`Could not delete SSH key ${n.sshKeyId}: ${a instanceof Error?a.message:String(a)}`)}await re(e),await Re(e),await we(e);let o=await P();o&&await Y(o,"destroy",e).catch(a=>r.warn(`Usage tracking failed (billing may be inaccurate): ${a instanceof Error?a.message:String(a)}`));let i=Math.round((Date.now()-new Date(n.createdAt).getTime())/6e4);await He({event:"lifecycle",duration_minutes:i}),r.info(`  ${G} ${k.destroySingle(e)}`)}function hn(t){t.command("destroy [name]").description("Destroy a running ephemeral machine").option("-a, --all","Destroy all gibil instances").option("--json","Output result as JSON").action(async(e,n)=>{if(n.json&&_(!0),n.all){let o=await B();if(o.length===0){n.json?r.json({destroyed:[],failed:[]}):r.info(k.noInstances);return}let i=await N.create();r.info(`Destroying ${o.length} instance(s)...`);let a=await Promise.allSettled(o.map(l=>gn(i,l.name))),s=[],c=[];for(let l=0;l<a.length;l++)if(a[l].status==="fulfilled")s.push(o[l].name);else{let u=a[l].reason;c.push(`${o[l].name}: ${u instanceof Error?u.message:String(u)}`)}n.json?r.json({destroyed:s,failed:c}):c.length===0?r.info(`
+${k.destroyAll}`):r.info(`
+${s.length} destroyed, ${c.length} failed`)}else{e||(r.error('Specify an instance name or use --all. Run "gibil list" to see instances.'),process.exit(1));let o=await N.create();await gn(o,e),n.json&&r.json({destroyed:[e]})}})}A();I();O();function yn(t){t.command("list").alias("ls").description("List all active gibil instances").option("--json","Output as JSON").action(async e=>{e.json&&_(!0);let n=await B();if(n.length===0){e.json?r.json({instances:[]}):r.info(k.noInstances);return}let o=n.map(i=>{let a=Math.max(0,Math.floor((new Date(i.expiresAt).getTime()-Date.now())/1e3));return{name:i.name,ip:i.ip,ssh:`ssh -i ${i.keyPath} -o StrictHostKeyChecking=no root@${i.ip}`,status:i.status,ttl_remaining:a,created_at:i.createdAt,fleet_id:i.fleetId}});if(e.json){r.json({instances:o});return}r.info(f(`${"NAME".padEnd(30)} ${"IP".padEnd(18)} ${"STATUS".padEnd(12)} ${"TTL".padEnd(10)} ${"AGE".padEnd(10)}`)),r.info(f("\u2500".repeat(80)));for(let i of o){let a=vn(i.ttl_remaining),s=Bo(i.created_at),c=i.name.padEnd(30),l=i.status.padEnd(12),u=a.padEnd(10),d=s.padEnd(10),m=i.status==="running"?Q(l):X(l),p=i.ttl_remaining<=300?X(u):u;r.info(`${y(c)} ${i.ip.padEnd(18)} ${m} ${p} ${f(d)}`)}r.info(`
+${f(`${o.length} server(s)`)}`)})}function vn(t){if(t<=0)return"expired";let e=Math.floor(t/60),n=t%60;return e>=60?`${Math.floor(e/60)}h ${e%60}m`:`${e}m ${n}s`}function Bo(t){let e=Date.now()-new Date(t).getTime(),n=Math.floor(e/1e3);return vn(n)}A();I();function wn(t){t.command("extend <name>").description("Extend the TTL of a running instance").requiredOption("--ttl <minutes>","New TTL in minutes from now").option("--json","Output result as JSON").action(async(e,n)=>{n.json&&_(!0);let o=await E(e),i=parseInt(n.ttl,10);(isNaN(i)||i<=0)&&(r.error("TTL must be a positive number of minutes"),process.exit(1));try{await $({instanceName:e,ip:o.ip,command:["pkill -f 'sleep.*shutdown' || true",`(sleep ${i*60} && shutdown -h now) &`].join(" && ")})}catch(s){throw me(s)&&await L(o)==="cleaned"&&process.exit(1),s}let a=new Date(Date.now()+i*6e4).toISOString();o.ttlMinutes=i,o.expiresAt=a,await ce(o),n.json?r.json({name:o.name,ttl_minutes:i,expires_at:a}):r.info(`\u2713 Extended "${e}" TTL to ${i} minutes (expires ${a})`)})}import{readFile as qo}from"fs/promises";import{randomBytes as Wo}from"crypto";A();I();function bn(t){t.command("exec <name>").description("Upload and run a local script on an instance").requiredOption("-s, --script <path>","Path to local script").option("--json","Output result as JSON").action(async(e,n)=>{n.json&&_(!0);let o=await E(e),i=await qo(n.script,"utf-8");r.info(`Uploading and running script "${n.script}" on "${e}"...`);let a=Buffer.from(i).toString("base64"),s=`/tmp/gibil-script-${Wo(4).toString("hex")}.sh`,c;try{c=await $({instanceName:e,ip:o.ip,command:`echo '${a}' | base64 -d > ${s} && chmod +x ${s} && ${s}; EXIT=$?; rm -f ${s}; exit $EXIT`,stream:!n.json})}catch(l){throw me(l)&&await L(o)==="cleaned"&&process.exit(1),l}n.json?r.json({instance:e,script:n.script,stdout:c.stdout,stderr:c.stderr,exit_code:c.exitCode}):c.exitCode!==0&&r.error(`Script exited with code ${c.exitCode}`),process.exit(c.exitCode??1)})}J();I();O();import{createInterface as Yo}from"readline";function $n(t){let e=Yo({input:process.stdin,output:process.stderr});return new Promise(n=>{e.question(t,o=>{e.close(),n(o.trim())})})}function xn(t){let e=t.command("auth").description("Manage authentication");e.command("login").description("Log in with your Gibil API key").option("--key <api-key>","API key (or enter interactively)").option("--json","Output result as JSON").action(async n=>{n.json&&_(!0);let o=n.key??process.env.GIBIL_API_KEY;o||(o=await $n("Enter your API key: ")),o||(r.error("No API key provided."),process.exit(1)),o.startsWith("pk_")||(r.error('Invalid key format. API keys start with "pk_".'),process.exit(1)),r.info("Verifying API key...");try{let i=await oe(o);await ut(o),n.json?r.json({authenticated:!0,email:i.user.email,plan:i.user.plan}):(r.info(k.authSuccess),r.detail("Email",i.user.email),r.detail("Plan","alpha (free)"))}catch(i){r.error(i instanceof Error?i.message:String(i)),process.exit(1)}}),e.command("setup").description("Configure Hetzner API token (stored in ~/.gibil/config.json)").option("--token <token>","Hetzner API token (or enter interactively)").action(async n=>{let o=n.token;o||(o=await $n("Enter your Hetzner API token: ")),o||(r.error("No token provided."),process.exit(1));try{let a=await(await fetch("https://api.hetzner.cloud/v1/servers",{headers:{Authorization:`Bearer ${o}`}})).json();a.error&&(r.error(`Invalid token: ${a.error.message}`),process.exit(1))}catch(i){r.error(`Could not verify token: ${i instanceof Error?i.message:"Check your network."}`),process.exit(1)}await Te(o),r.success("Hetzner token saved to ~/.gibil/config.json")}),e.command("logout").description("Clear stored API key").action(async()=>{await dt(),r.info(k.authLogout)}),e.command("status").description("Show current authentication status").option("--json","Output result as JSON").action(async n=>{n.json&&_(!0);let o=await P();if(!o){n.json?r.json({authenticated:!1}):r.info(`Not logged in. Run ${y("gibil auth login")} to authenticate.`);return}try{let i=await oe(o);n.json?r.json({authenticated:!0,email:i.user.email,plan:i.user.plan,limits:i.limits}):(r.success(`Authenticated as ${i.user.email}`),r.detail("Plan",i.user.plan),r.detail("Concurrent servers",String(i.limits.max_concurrent)),r.detail("Hours remaining",String(i.limits.remaining_hours)))}catch{n.json?r.json({authenticated:!1,error:"Key verification failed"}):r.error(`Stored API key is invalid. Run ${y("gibil auth login")} to re-authenticate.`)}})}J();I();function Sn(t){t.command("usage").description("Show current month's usage and plan limits").option("--json","Output as JSON").action(async e=>{e.json&&_(!0);let n=await P();n||(r.error('Not logged in. Run "gibil auth login" first.'),process.exit(1));try{let o=await pt(n);e.json?r.json(o):(r.info("Plan: alpha (free)"),r.info(`VM hours used: ${o.vm_hours_used.toFixed(1)}h`),r.info(`Active instances: ${o.active_instances}`))}catch(o){r.error(o instanceof Error?o.message:String(o)),process.exit(1)}})}import{McpServer as Vo}from"@modelcontextprotocol/sdk/server/mcp.js";import{StdioServerTransport as Zo}from"@modelcontextprotocol/sdk/server/stdio.js";import{z as x}from"zod";ge();A();D();import{execSync as nt}from"child_process";import{readFileSync as Xo}from"fs";de();A();de();I();async function xt(t){let e=await ie(t);if(e.status!=="running")return{status:e.status,exitCode:e.exitCode};let n=await E(e.instance),o="/root/.gibil-jobs",i=`${o}/${t}.exit`,a=`${o}/${t}.log`,c=(await $({instanceName:e.instance,ip:n.ip,command:`test -f ${i} && cat ${i} || echo RUNNING`,timeoutMs:1e4})).stdout.trim();if(c==="RUNNING"){try{if((await $({instanceName:e.instance,ip:n.ip,command:`kill -0 ${e.pid} 2>/dev/null && echo "alive" || echo "dead"`,timeoutMs:1e4})).stdout.trim()==="dead"){let h=new Date;e.status="orphaned",e.completedAt=h.toISOString(),await K(e);let w=Math.round((h.getTime()-new Date(e.startedAt).getTime())/1e3),C;try{C=(await $({instanceName:e.instance,ip:n.ip,command:`cat ${a} 2>/dev/null || echo ''`,timeoutMs:1e4})).stdout}catch{}return{status:"orphaned",durationS:w,stdout:C}}}catch{}return{status:"running"}}let l=parseInt(c,10),u=await $({instanceName:e.instance,ip:n.ip,command:`cat ${a} 2>/dev/null || echo ''`,timeoutMs:1e4}),d=l===0?"done":"failed",m=new Date,p=Math.round((m.getTime()-new Date(e.startedAt).getTime())/1e3);return e.status=d,e.exitCode=l,e.completedAt=m.toISOString(),await K(e),{status:d,exitCode:l,stdout:u.stdout,durationS:p}}function _n(t){let e=t.command("job").description("Manage background jobs");e.command("status <id>").description("Check status of a background job").option("--json","Output result as JSON").action(async(n,o)=>{o.json&&_(!0);let i=await ie(n),a=await xt(n);o.json?r.json({job_id:n,instance:i.instance,command:i.command,status:a.status,exit_code:a.exitCode,started_at:i.startedAt,duration_s:a.durationS,...a.stdout!==void 0?{stdout:a.stdout}:{}}):a.status==="running"?(r.info(`Job ${n} is still running on "${i.instance}"`),r.info(`  Command: ${i.command}`),r.info(`  Started: ${i.startedAt}`)):a.status==="orphaned"?(r.warn(`Job ${n} is orphaned \u2014 process died without writing exit code`),r.info(`  Instance: ${i.instance}`),r.info(`  Command: ${i.command}`),a.durationS!==void 0&&r.info(`  Duration: ${a.durationS}s`),a.stdout&&(r.info("  Output:"),process.stdout.write(a.stdout))):(r.info(`Job ${n}: ${a.status} (exit code ${a.exitCode}, ${a.durationS}s)`),a.stdout&&process.stdout.write(a.stdout))}),e.command("list").description("List all background jobs").option("--json","Output result as JSON").action(async n=>{n.json&&_(!0);let o=await be(),i=await B(),a=new Set(i.map(s=>s.name));for(let s of o)s.status==="running"&&!a.has(s.instance)&&(s.status="orphaned",s.completedAt=new Date().toISOString(),await K(s));if(o.length===0){n.json?r.json([]):r.info("No background jobs.");return}if(n.json)r.json(o.map(s=>({job_id:s.id,instance:s.instance,command:s.command,status:s.status,started_at:s.startedAt,exit_code:s.exitCode})));else for(let s of o){let c=s.status==="running"?"\u27F3 running":s.status==="done"?"\u2713 done":s.status==="orphaned"?"\u26A0 orphaned":`\u2717 ${s.status}`;r.info(`  ${s.id}  ${c}  ${s.instance}  ${s.command}`)}}),e.command("cancel <id>").description("Cancel a running background job").option("--json","Output result as JSON").action(async(n,o)=>{o.json&&_(!0);let i=await ie(n);if(i.status!=="running"){o.json?r.json({job_id:n,status:i.status,message:"Job is not running"}):r.info(`Job ${n} is not running (status: ${i.status})`);return}let a=await E(i.instance);await $({instanceName:i.instance,ip:a.ip,command:`kill -- -${i.pid} 2>/dev/null || kill ${i.pid} 2>/dev/null || true`,timeoutMs:1e4}),i.status="cancelled",i.completedAt=new Date().toISOString(),await K(i),o.json?r.json({job_id:n,status:"cancelled"}):r.info(`Job ${n} cancelled.`)}),e.command("logs <id>").description("Fetch output of a background job").option("--json","Output result as JSON").option("-f, --follow","Follow log output (tail -f)").action(async(n,o)=>{o.json&&_(!0);let i=await ie(n),a=await E(i.instance),s=`/root/.gibil-jobs/${n}.log`,c=o.follow?`tail -f ${s}`:`cat ${s} 2>/dev/null || echo '(no output yet)'`,l=o.follow?3e5:1e4,u=await $({instanceName:i.instance,ip:a.ip,command:c,stream:!o.json,timeoutMs:l});o.json&&r.json({job_id:n,stdout:u.stdout})})}function M(t,e,n){let o=`[${t}] ${e}`;return n&&(o+=`
+Suggestion: ${n}`),o}function De(t){let e=t instanceof Error?t.message:String(t);return/no active server|not found|no servers|does not exist/i.test(e)?"instance_not_found":/timeout|timed out|ETIMEDOUT/i.test(e)?"timeout":/ECONNREFUSED|EHOSTUNREACH|SSH connection|ssh2|handshake/i.test(e)?"ssh_connection":/hetzner|api|token|401|403|409|422|429|quota/i.test(e)?"provider_error":/invalid|must be|validation/i.test(e)?"validation":"provider_error"}var ot="key::";function Qo(){try{let t=nt("git config user.name",{encoding:"utf-8"}).trim(),e=nt("git config user.email",{encoding:"utf-8"}).trim();if(!t||!e)return;let n;try{if(nt("git config gpg.format",{encoding:"utf-8"}).trim()==="ssh"){let i=nt("git config user.signingkey",{encoding:"utf-8"}).trim();if(i)try{n=Xo(i,"utf-8").trim()}catch{(i.startsWith("ssh-")||i.startsWith(ot))&&(n=i.startsWith(ot)?i.slice(ot.length):i)}}}catch{}return{name:t,email:e,signingKey:n}}catch{return}}async function _e(t,e){if(t)return t;if(e)return E(e);let o=(await B()).filter(i=>new Date<new Date(i.expiresAt));if(o.length===0)throw new Error("No active servers. Use create_server first.");if(o.length===1)return o[0];throw new Error(`Multiple servers running: ${o.map(i=>i.name).join(", ")}. Pass the "server" parameter to specify which one.`)}function V(t,e,n=3e4){return $({instanceName:t.name,ip:t.ip,command:e,stream:!1,timeoutMs:n})}function H(t){return`'${t.replace(/'/g,"'\\''")}'`}function er(t){let e=t.trim(),n=e.split(",");if(n.length<5)throw new Error(`Unexpected vm_stats output (expected 5 comma-separated sections, got ${n.length}): ${e}`);let o=parseInt(n[0],10);if(isNaN(o))throw new Error(`Failed to parse CPU cores: ${n[0]}`);let i=n[1].trim().split(/\s+/),a=parseFloat(i[0]),s=parseFloat(i[1]),c=parseFloat(i[2]);if(isNaN(a)||isNaN(s)||isNaN(c))throw new Error(`Failed to parse load averages: ${n[1]}`);let l=n[2].trim().split(/\s+/),u=parseInt(l[0],10),d=parseInt(l[1],10),m=parseInt(l[2],10);if(isNaN(u)||isNaN(d)||isNaN(m))throw new Error(`Failed to parse memory: ${n[2]}`);let p=n[3].trim().split(/\s+/),g=v=>Math.round(parseFloat(v.replace(/G$/i,""))),h=g(p[0]),w=g(p[1]),C=g(p[2]);if(isNaN(h)||isNaN(w)||isNaN(C))throw new Error(`Failed to parse disk: ${n[3]}`);let b=parseInt(n[4].trim(),10);if(isNaN(b))throw new Error(`Failed to parse uptime: ${n[4]}`);return{cpu:{cores:o,load_1m:a,load_5m:s,load_15m:c},memory:{total_mb:u,used_mb:d,available_mb:m},disk:{total_gb:h,used_gb:w,available_gb:C},uptime_seconds:b}}async function In(t){let e=null;if(t&&(e=await E(t),e.gitIdentity)){let{name:c,email:l,signingKey:u}=e.gitIdentity,d=[`git config --global user.name ${H(c)}`,`git config --global user.email ${H(l)}`];u&&d.push("git config --global gpg.format ssh",`git config --global user.signingkey ${H(ot+u)}`,"git config --global commit.gpgsign true"),V(e,d.join(" && ")).catch(()=>{})}let n=t?`gibil-${t}`:"gibil",o=new Vo({name:n,version:"0.4.0"}),i=o.tool.bind(o);o.tool=((...c)=>{let l=c[0],u=c.length-1;if(typeof c[u]=="function"){let d=c[u];c[u]=async(...m)=>(fn(l).catch(()=>{}),d(...m))}return i(...c)}),e||(o.tool("create_server","Forge a new ephemeral server with a full Linux environment (Ubuntu 24.04, Node.js 20, pnpm). Clones the repo to /root/project and waits until fully provisioned. After creation, use vm_bash to run commands, vm_read/vm_write for files, vm_grep to search code. Destroy with destroy_server when done.",{name:x.string().optional().describe("Server name (auto-generated if omitted)"),repo:x.string().optional().describe("Git repo URL to clone on boot"),ttl:x.number().optional().describe("Auto-destroy after N minutes (default: 60)"),server_type:x.string().optional().describe("Hetzner server type (default: auto-detected)"),location:x.string().optional().describe("Hetzner datacenter (default: auto-detected)"),env:x.record(x.string(),x.string()).optional().describe("Environment variables to set on the server")},async({name:c,repo:l,ttl:u,server_type:d,location:m,env:p})=>{try{let g=c??Ne();c&&Ve(c);let h=await N.create(),w=await Be(g),C=await h.createSSHKey(`gibil-${g}-${le(4)}`,w.publicKey),b=Qo(),v=l?await ye(l):null;p&&Object.keys(p).length>0&&(v||(v={}),v.env={...v.env,...p});let Z=(v?.services?.length??0)>0,q=u??(Z?120:60),fe=ae({repo:l,config:v??void 0,ttlMinutes:q,githubToken:process.env.GITHUB_TOKEN,gitIdentity:b}),W=await h.createServer(g,C.id,fe,d,m),Ie=(await h.waitForReady(W.id)).ipv4,It=new Date,Mn={name:g,serverId:W.id,ip:Ie,sshKeyId:C.id,keyPath:S.privateKey(g),status:"running",createdAt:It.toISOString(),ttlMinutes:q,expiresAt:new Date(It.getTime()+q*6e4).toISOString(),repo:l,gitIdentity:b};await ce(Mn),await qe(g,Ie);let rt="ready";if(l||v){let Hn=Date.now(),kt=!1;for(;Date.now()-Hn<36e4;){try{if((await $({instanceName:g,ip:Ie,command:"test -f /root/.gibil-ready && echo ready || echo waiting",timeoutMs:1e4})).stdout.trim()==="ready"){kt=!0;break}}catch{}await new Promise(it=>setTimeout(it,5e3))}if(!kt){rt="timeout";try{rt=`timeout \u2014 cloud-init log:
+${(await $({instanceName:g,ip:Ie,command:"tail -20 /var/log/cloud-init-output.log 2>/dev/null || echo 'no log'",timeoutMs:1e4})).stdout}`}catch{}}}return{content:[{type:"text",text:JSON.stringify({name:g,ip:Ie,ttl_minutes:q,status:"running",provisioning:rt,working_directory:l?"/root/project":"/root",hint:l?'Server ready. Run commands with vm_bash, e.g.: vm_bash({ command: "pnpm test" })':"Server ready. Clone a repo or run commands with vm_bash."},null,2)}]}}catch(g){let h=g instanceof Error?g.message:String(g),w=De(g);return{content:[{type:"text",text:M(w,`Failed to create server: ${h}`,w==="provider_error"?"Check your HETZNER_API_TOKEN and plan limits":"Verify parameters and try again")}],isError:!0}}}),o.tool("destroy_server","Burn a server. Deletes the Hetzner VM, SSH keys, and local metadata. Always destroy servers when done to avoid costs. Works on expired instances too.",{name:x.string().describe("Name of the server to destroy")},async({name:c})=>{try{let l=await We(c),u=await N.create();await u.destroyServer(l.serverId).catch(()=>{}),await u.deleteSSHKey(l.sshKeyId).catch(()=>{}),await re(c).catch(()=>{});let{deleteJobsByInstance:d}=await Promise.resolve().then(()=>(de(),en));return await d(c).catch(()=>{}),await we(c),{content:[{type:"text",text:`Server "${c}" destroyed.`}]}}catch(l){let u=l instanceof Error?l.message:String(l),d=De(l);return{content:[{type:"text",text:M(d,`Failed to destroy server "${c}": ${u}`,d==="instance_not_found"?"Check server name with list_servers":"Check your HETZNER_API_TOKEN")}],isError:!0}}}),o.tool("list_servers","List all active gibil servers with their names, IPs, and remaining TTL.",{},async()=>{let c=await B();if(c.length===0)return{content:[{type:"text",text:"No servers running. Use create_server to forge one."}]};let l=c.map(u=>{let d=Math.max(0,Math.floor((new Date(u.expiresAt).getTime()-Date.now())/1e3));return{name:u.name,ip:u.ip,status:u.status,ttl_remaining_seconds:d,ttl_warning:d<300?"Less than 5 minutes left \u2014 extend with extend_server or finish up":void 0,repo:u.repo}});return{content:[{type:"text",text:JSON.stringify(l,null,2)}]}}),o.tool("extend_server","Extend a server's TTL. Resets the auto-destroy timer.",{name:x.string().describe("Server name"),ttl:x.number().describe("New TTL in minutes from now")},async({name:c,ttl:l})=>{try{if(l<1||l>1440)return{content:[{type:"text",text:M("validation","TTL must be between 1 and 1440 minutes (24 hours)","Pass a ttl value between 1 and 1440")}],isError:!0};let u=Math.floor(l),d=await E(c),m=await V(d,`pkill -f 'sleep.*shutdown' || true && (sleep ${u*60} && shutdown -h now) &`);return m.exitCode!==0?{content:[{type:"text",text:M("command_failed",`Failed to extend TTL: ${m.stderr}`,"The remote command failed \u2014 check instance status with list_servers")}],isError:!0}:(d.ttlMinutes=l,d.expiresAt=new Date(Date.now()+l*6e4).toISOString(),await ce(d),{content:[{type:"text",text:`Server "${c}" TTL extended to ${l} minutes.`}]})}catch(u){let d=u instanceof Error?u.message:String(u),m=De(u);return{content:[{type:"text",text:M(m,`Failed to extend server "${c}": ${d}`,m==="instance_not_found"?"Check server name with list_servers":"Instance may be unreachable \u2014 wait and retry")}],isError:!0}}}));let a=x.string().optional().describe("Server name (auto-selects if only one is running)");o.tool("vm_bash","Run a shell command on a remote server. Default working directory is /root/project. Use for: installing deps, running tests, git operations, builds. For commands over 2 minutes, set background=true to get a job_id you can poll with vm_job_status.",{command:x.string().describe("Shell command to execute"),working_dir:x.string().optional().describe("Working directory (default: /root/project)"),timeout_ms:x.number().optional().describe("Timeout in ms (default: 120000). Increase for long builds or test suites."),background:x.boolean().optional().describe("Run in background, return job ID for polling"),server:a},async c=>{let l=await _e(e,c.server),u=c.working_dir??"/root/project",d=`cd ${H(u)} 2>/dev/null || cd /root && ${c.command}`;if(c.background){let g=Ye(),h="/root/.gibil-jobs",w=`${h}/${g}.log`,C=`${h}/${g}.exit`,b=`${h}/${g}.pid`,v=`${h}/${g}.sh`,Z=["#!/bin/bash",`nohup bash -c '${d.replace(/'/g,"'\\''")}' > ${w} 2>&1 &`,"BGPID=$!",`echo $BGPID > ${b}`,`(wait $BGPID 2>/dev/null; echo $? > ${C}) &`,"echo $BGPID"].join(`
+`),q=Buffer.from(Z).toString("base64"),fe=`mkdir -p ${h} && echo '${q}' | base64 -d > ${v} && chmod +x ${v} && bash ${v}`,W=await V(l,fe,1e4),Ke=parseInt(W.stdout.trim(),10);return isNaN(Ke)?{content:[{type:"text",text:M("command_failed","Failed to start background job \u2014 could not capture PID","Check that the server is accessible and the command is valid")}],isError:!0}:(await K({id:g,instance:l.name,command:c.command,pid:Ke,status:"running",startedAt:new Date().toISOString()}),{content:[{type:"text",text:JSON.stringify({job_id:g,instance:l.name,status:"running",pid:Ke,hint:"Poll with vm_job_status({ job_id }) to check completion."},null,2)}]})}let m=await V(l,d,c.timeout_ms??12e4);return{content:[{type:"text",text:[m.stdout,m.stderr].filter(Boolean).join(`
+`)||"(no output)"}],isError:m.exitCode!==0}}),o.tool("vm_job_status","Check the status of a background job started with vm_bash(background=true). Returns status, exit code, and output when done.",{job_id:x.string().describe("Job ID returned by vm_bash with background=true")},async c=>{try{let l=await ie(c.job_id),u=await xt(c.job_id);return{content:[{type:"text",text:JSON.stringify({job_id:c.job_id,instance:l.instance,command:l.command,status:u.status,exit_code:u.exitCode,started_at:l.startedAt,duration_s:u.durationS,...u.stdout!==void 0?{stdout:u.stdout}:{}},null,2)}],isError:u.status==="failed"||u.status==="orphaned"}}catch(l){let u=l instanceof Error?l.message:String(l),d=De(l);return{content:[{type:"text",text:M(d,u,"Check job_id is correct \u2014 use vm_job_list to see all jobs")}],isError:!0}}}),o.tool("vm_job_list","List all background jobs across all servers. Read-only \u2014 does not modify job state. Use vm_sweep_orphans to mark dead jobs.",{},async()=>{let l=(await be()).map(u=>({job_id:u.id,instance:u.instance,command:u.command,status:u.status,started_at:u.startedAt,exit_code:u.exitCode}));return{content:[{type:"text",text:JSON.stringify(l,null,2)}]}}),o.tool("vm_sweep_orphans","Mark running jobs as orphaned if their server no longer exists. Use after destroy_server to clean up lingering job records.",{},async()=>{let c=await be(),l=await B(),u=new Set(l.map(m=>m.name)),d=[];for(let m of c)m.status==="running"&&!u.has(m.instance)&&(m.status="orphaned",m.completedAt=new Date().toISOString(),await K(m),d.push(m.id));return{content:[{type:"text",text:JSON.stringify({swept_count:d.length,swept_job_ids:d},null,2)}]}}),o.tool("vm_read","Read a file from a remote server. Returns the file contents with line numbers.",{path:x.string().describe("Absolute path on the server (e.g. /root/project/src/app.ts)"),offset:x.number().int().min(1).max(999999).optional().describe("Start at line N (1-based)"),limit:x.number().int().min(1).max(999999).optional().describe("Max lines to return"),server:a},async c=>{let l=await _e(e,c.server),u=H(c.path),d=`cat -n ${u}`;c.offset&&c.limit?d=`sed -n '${c.offset},${c.offset+c.limit-1}p' ${u} | cat -n`:c.offset?d=`tail -n +${c.offset} ${u} | cat -n`:c.limit&&(d=`head -n ${c.limit} ${u} | cat -n`);let m=await V(l,d);return m.exitCode!==0?{content:[{type:"text",text:M("command_failed",`Failed to read ${c.path}: ${m.stderr}`,"Check the file path exists on the server \u2014 use vm_ls to browse")}],isError:!0}:{content:[{type:"text",text:m.stdout}]}}),o.tool("vm_write","Write content to a file on a remote server. Creates parent directories if needed. Overwrites existing files.",{path:x.string().describe("Absolute path on the server"),content:x.string().describe("File content to write"),server:a},async c=>{let l=await _e(e,c.server),u=Buffer.from(c.content).toString("base64"),d=H(c.path),m=`mkdir -p "$(dirname ${d})" && echo '${u}' | base64 -d > ${d}`,p=await V(l,m);return p.exitCode!==0?{content:[{type:"text",text:M("command_failed",`Failed to write ${c.path}: ${p.stderr}`,"Check the path is valid and the disk is not full")}],isError:!0}:{content:[{type:"text",text:`Wrote ${c.path}`}]}}),o.tool("vm_ls","List files and directories on a remote server.",{path:x.string().optional().describe("Directory path (default: /root/project)"),glob:x.string().optional().describe("Glob pattern to filter (e.g. '**/*.ts')"),server:a},async c=>{let l=await _e(e,c.server),u=c.path??"/root/project",d;c.glob?d=`cd ${H(u)} && find . -path ${H("./"+c.glob)} -type f 2>/dev/null | sort | head -200`:d=`ls -la ${H(u)}`;let m=await V(l,d);return m.exitCode!==0?{content:[{type:"text",text:M("command_failed",`Failed to list ${u}: ${m.stderr}`,"Check the directory path exists on the server")}],isError:!0}:{content:[{type:"text",text:m.stdout}]}}),o.tool("vm_grep","Search for a pattern in files on a remote server. Uses ripgrep if available, falls back to grep.",{pattern:x.string().describe("Regex pattern to search for"),path:x.string().optional().describe("Directory or file to search (default: /root/project)"),include:x.string().optional().describe("File glob to include (e.g. '*.ts')"),server:a},async c=>{let l=await _e(e,c.server),u=c.path??"/root/project",d=H(c.pattern),m=H(u),p;if(c.include){let w=H(c.include);p=`cd ${m} && (rg -n --glob ${w} ${d} 2>/dev/null || grep -rn --include=${w} ${d} .) | head -100`}else p=`cd ${m} && (rg -n ${d} 2>/dev/null || grep -rn ${d} .) | head -100`;return{content:[{type:"text",text:(await V(l,p)).stdout||"(no matches)"}]}}),o.tool("vm_stats","Get server resource usage \u2014 CPU cores, load average, memory, disk, and uptime. Returns structured data for monitoring.",{server:a},async c=>{try{let l=await _e(e,c.server),d=await V(l,`echo "$(nproc),$(cat /proc/loadavg),$(free -m | awk '/Mem:/{print $2,$3,$7}'),$(df -BG / | awk 'NR==2{print $2,$3,$4}'),$(awk '{print int($1)}' /proc/uptime)"`);if(d.exitCode!==0)return{content:[{type:"text",text:M("command_failed",`Failed to collect stats: ${d.stderr}`,"Check the server is accessible with vm_bash")}],isError:!0};let m=er(d.stdout);return{content:[{type:"text",text:JSON.stringify(m,null,2)}]}}catch(l){let u=l instanceof Error?l.message:String(l),d=De(l);return{content:[{type:"text",text:M(d,`Failed to get stats: ${u}`,"Check the server is accessible with vm_bash")}],isError:!0}}});let s=new Zo;await o.connect(s)}I();D();function kn(t){t.command("mcp [name]").description("Start an MCP server (used by Claude Code, Cursor, and other agents)").option("--print-config","Print the MCP JSON config (with resolved binary path) and exit").action(async(e,n)=>{if(n.printConfig){let o={mcpServers:{gibil:Ge()}};console.log(JSON.stringify(o,null,2)),console.error(""),console.error("Copy this to one of:"),console.error("  ~/.claude/mcp.json        (Claude Code CLI)"),console.error("  .claude/mcp.json          (project-level)"),console.error("  Claude Code settings       (VS Code extension)");return}try{await In(e)}catch(o){r.error(o instanceof Error?o.message:String(o)),process.exit(1)}})}J();I();D();O();import{createInterface as tr}from"readline";import{existsSync as nr,readFileSync as or,writeFileSync as rr,mkdirSync as ir}from"fs";import{join as St}from"path";import{homedir as sr}from"os";function En(t){let e=tr({input:process.stdin,output:process.stderr});return new Promise(n=>{e.question(t,o=>{e.close(),n(o.trim())})})}async function ar(){let t=!!await mt(),e=!!await P();return{hetzner:t,apiKey:e}}function Cn(t){t.command("init").description("Set up gibil \u2014 configure your forge in 60 seconds").option("--force","Reconfigure even if already set up").action(async e=>{console.error(Tt);let n=await ar();if(n.hetzner&&!e.force){r.info(`${G} Already configured.`),n.apiKey?(r.detail("Hetzner",Q("connected")),r.detail("Gibil API",Q("connected"))):(r.detail("Hetzner",Q("connected")),r.detail("Gibil API",f("not configured (optional)"))),r.info(""),r.info(`  Run ${y("gibil init --force")} to reconfigure.`),r.info(`  Run ${y("gibil create")} to forge a server.`);return}r.info(""),r.info(y("Step 1: Hetzner API Token")),r.info(f("  Your servers run on Hetzner Cloud. You need an API token.")),r.info(f("  Get one at: https://console.hetzner.cloud \u2192 API Tokens")),r.info("");let o=await En("  Hetzner API token: ");o||(r.error("No token provided. Run gibil init again when ready."),process.exit(1));let i=r.spin("Verifying Hetzner token...");try{let g=await(await fetch("https://api.hetzner.cloud/v1/servers",{headers:{Authorization:`Bearer ${o}`}})).json();g.error&&(i.fail(`Invalid token: ${g.error.message}`),process.exit(1)),i.succeed("Hetzner token verified")}catch{i.fail("Could not reach Hetzner API. Check your network."),process.exit(1)}await Te(o);let a=r.spin("Detecting available server types..."),s="cax11",c="fsn1",l=[{type:"cax11",location:"fsn1"},{type:"cpx11",location:"fsn1"}];for(let p of l)try{let h=await(await fetch("https://api.hetzner.cloud/v1/servers",{method:"POST",headers:{Authorization:`Bearer ${o}`,"Content-Type":"application/json"},body:JSON.stringify({name:"gibil-probe",server_type:p.type,image:"ubuntu-24.04",location:p.location,start_after_create:!1})})).json();if(h.server){await fetch(`https://api.hetzner.cloud/v1/servers/${h.server.id}`,{method:"DELETE",headers:{Authorization:`Bearer ${o}`}}),s=p.type,c=p.location;break}}catch{}await ft(s,c),a.succeed(`Default server type: ${s} (${c})`);let u=r.spin("Configuring MCP for Claude Code...");try{let p=St(sr(),".claude"),g=St(p,".mcp.json");ir(p,{recursive:!0});let h={};try{h=JSON.parse(or(g,"utf-8"))}catch{}h.mcpServers||(h.mcpServers={}),h.mcpServers.gibil=Ge(),rr(g,JSON.stringify(h,null,2)+`
+`),u.succeed("MCP configured for Claude Code")}catch{u.fail("Could not auto-configure MCP"),r.info(f("  Run gibil mcp --print-config for manual setup"))}r.info(""),r.info(y("Default coding agent (optional)")),r.info(f(`  Install a coding agent on every server. Options: ${z.join(", ")}`)),r.info(f("  Press Enter to skip \u2014 you can always use --agent later.")),r.info("");let m=(await En("  Default agent [none]: ")).toLowerCase().trim();m&&z.includes(m)?(await Je(m),r.info(`  ${G} Default agent: ${Q(m)}`)):m?r.info(f(`  Unknown agent "${m}", skipping. Use --agent with: ${z.join(", ")}`)):(await Je(null),r.info(f("  No default agent. Use --agent claude (or aider, codex) when creating servers."))),r.info(""),r.info(k.initComplete),r.info(""),r.info(f("  Try it now:")),r.info(`    ${y('gibil branch feat/my-feature --run "pnpm test"')}`),r.info(`    ${y("gibil ssh feat-my-feature")}`),r.info(`    ${y("gibil destroy feat-my-feature")}`),r.info(""),r.info(f("  Or with full control:")),r.info(`    ${y("gibil create --name demo --repo https://github.com/lukeed/clsx --ttl 10")}`),r.info(`    ${y('gibil run demo "npm test"')}`),r.info(`    ${y("gibil destroy demo")}`),r.info(""),r.info(f("  Later:")),r.info(`    ${y("gibil auth login")}           ${f("Add a Gibil API key (optional)")}`),r.info(`    ${y("gibil mcp --print-config")}   ${f("MCP setup for other editors")}`),r.info("")})}async function Tn(){if(process.env.HETZNER_API_TOKEN)return!1;let t=St(S.root,"config.json");return!nr(t)}ge();import{execSync as cr}from"child_process";import{existsSync as F}from"fs";I();O();J();function lr(){try{let t=cr("git remote get-url origin",{encoding:"utf-8",stdio:["pipe","pipe","pipe"]}).trim();if(!t)throw new Error("empty");return t}catch{throw new Error("Not in a git repo, or no remote configured. Use --repo to specify.")}}function ur(t){if(!t||!t.trim())throw new Error("Branch name cannot be empty.");if(/[;&|$`(){}<>!;"'\s\\]/.test(t))throw new Error(`Invalid branch name "${t}". Contains shell-unsafe characters.`)}function _t(t){return t.replace(/\//g,"-").replace(/[^a-z0-9-]/gi,"-").replace(/-+/g,"-").replace(/^-|-$/g,"").toLowerCase().slice(0,40)}function dr(){return F("pnpm-lock.yaml")?"pnpm install":F("bun.lockb")||F("bun.lock")?"bun install":F("yarn.lock")?"yarn install":F("package-lock.json")?"npm install":F("Cargo.lock")?"cargo build":F("go.sum")?"go mod download":F("uv.lock")?"uv sync":F("poetry.lock")?"poetry install":F("requirements.txt")?"pip install -r requirements.txt":F("Gemfile.lock")?"bundle install":null}async function jn(t,e,n){let o=_t(e),i=Date.now(),a=r.spin(`Forging "${o}" for branch ${y(e)}...`),s=await Xe(t,o,{repo:n.repo,ttlMinutes:n.ttlMinutes,config:n.config,serverType:n.serverType,location:n.location,agent:n.agent,verbose:n.verbose}),c=r.spin(`Checking out ${y(e)}...`);if((await $({instanceName:o,ip:s.ip,command:"cd /root/project && git rev-parse --abbrev-ref HEAD",timeoutMs:1e4})).stdout.trim()===e)c.succeed(`Already on ${e}`);else{let d=await $({instanceName:o,ip:s.ip,command:`cd /root/project && git fetch origin '${e.replace(/'/g,"'\\''")}'  && git checkout '${e.replace(/'/g,"'\\''")}'`,timeoutMs:6e4});d.exitCode!==0?(c.fail(`Failed to checkout ${e}`),d.stderr&&r.info(f(d.stderr.trim()))):c.succeed(`Checked out ${e}`)}if(!(!n.noTasks&&n.config?.tasks&&n.config.tasks.length>0)){let d=dr();if(d){let m=r.spin(`Installing deps (${d})...`),p=await $({instanceName:o,ip:s.ip,command:`cd /root/project && ${d}`,timeoutMs:3e5});p.exitCode!==0?(m.fail("Dep install failed"),p.stderr&&r.info(f(p.stderr.trim().slice(-500)))):m.succeed("Deps installed")}}if(n.run)if(n.port&&n.port.length>0)r.info(`Starting: ${y(n.run)} (background)`),await $({instanceName:o,ip:s.ip,command:`cd /root/project && nohup ${n.run} > /tmp/gibil-run.log 2>&1 &`,timeoutMs:3e4}),await new Promise(d=>setTimeout(d,3e3));else{r.info(""),r.info(`Running: ${y(n.run)}`);let d=await $({instanceName:o,ip:s.ip,command:`cd /root/project && ${n.run}`,stream:!n.json,timeoutMs:3e5});n.json&&r.info(d.stdout),d.exitCode!==0&&r.info(f(`Exit code: ${d.exitCode}`))}if(n.port&&n.port.length>0){let d=Vt(s,n.port);r.info("");for(let m of d)r.info(`  ${y(`http://localhost:${m}`)} \u2192 ${o}:${m}`);r.info(""),r.info(f("  Tunnel running in background. Kill with: lsof -ti :PORT | xargs kill"))}let u=((Date.now()-i)/1e3).toFixed(1);return a.succeed(k.createReady(o,u)),n.json?console.log(JSON.stringify({name:o,branch:e,ip:s.ip,ttl_minutes:n.ttlMinutes,ssh:`gibil ssh ${o}`})):(r.info(""),r.info(Fe(`${e}`,[`Server:  ${o}`,`Branch:  ${e}`,`IP:      ${s.ip}`,`TTL:     ${n.ttlMinutes} minutes`,"",`SSH:     gibil ssh ${o}`,`Test:    gibil run ${o} "pnpm test"`,`Done:    gibil destroy ${o}`]))),s}function Pn(t){let e=t.command("branch <branches...>").description("Spin up a branch on a clean Linux server").option("-r, --repo <git-url>","Git repo URL (auto-detected from cwd)").option("--run <command>","Run a command after checkout").option("--ttl <minutes>","Auto-destroy after N minutes","30").option("--json","Output as JSON").option("--no-tasks","Skip .gibil.yml tasks").option("--server-type <type>","Hetzner server type").option("--location <loc>","Hetzner location").option("--agent <name>","Install a coding agent (claude, aider, codex)").option("-p, --port <ports...>","Forward local port(s) to server (e.g. --port 3000)").option("-V, --verbose","Stream cloud-init logs during provisioning").option("--dry-run","Print config summary and cloud-init script without deploying").action(async(n,o)=>{o.json&&_(!0);for(let u of n)ur(u);let i=parseInt(o.ttl,10);if(isNaN(i)||i<=0)throw new Error("TTL must be a positive number of minutes.");let a=o.repo??lr(),s=null;if(s=await ye(a)??await ve(process.cwd()),!o.agent){let u=await je();u&&(o.agent=u)}if(o.agent){if(!z.includes(o.agent))throw new Error(`Unknown agent "${o.agent}". Supported: ${z.join(", ")}`);if(!he[o.agent]?.some(d=>s?.env?.[d])){let d=he[o.agent]?.join(" or ")??"";r.warn(`${o.agent} needs ${d}. SSH in and export it (recommended) or pass with --env.`)}}if(o.dryRun){for(let u of n){let d=_t(u),m=o.serverType??s?.server_type??"cx22",p=o.location??s?.location??"nbg1",g=s?.image??"node:20",h=ae({repo:a,config:s??void 0,ttlMinutes:i,githubToken:process.env.GITHUB_TOKEN,gitIdentity:void 0,agent:o.agent}),w={name:d,serverType:m,location:p,image:g,ttlMinutes:i,repo:a,agent:o.agent,cloudInitScript:h};o.json?r.json(w):(r.info(""),r.info(y("Dry run \u2014 no server will be created")),r.info(""),r.info(`  ${f("Name:")}         ${d}`),r.info(`  ${f("Branch:")}       ${u}`),r.info(`  ${f("Server type:")}  ${m}`),r.info(`  ${f("Location:")}     ${p}`),r.info(`  ${f("Image:")}        ${g}`),r.info(`  ${f("TTL:")}          ${i} minutes`),r.info(`  ${f("Repo:")}         ${a}`),o.agent&&r.info(`  ${f("Agent:")}        ${o.agent}`),r.info(""),r.info("Cloud-init script:"),r.info("\u2500".repeat(17)),r.info(h))}return}let c=await P();if(c){let u=await oe(c);r.info(`Authenticated as ${u.user.email} (${u.user.plan})`)}let l=await N.create();if(n.length===1){let u=await jn(l,n[0],{repo:a,ttlMinutes:i,config:s,run:o.run,json:o.json,noTasks:o.noTasks,serverType:o.serverType,location:o.location,agent:o.agent,port:o.port,verbose:o.verbose});c&&await Y(c,"create",u.name).catch(()=>{})}else{r.info(`Forging ${y(String(n.length))} branches in parallel...`),r.info("");let u=await Promise.allSettled(n.map(p=>jn(l,p,{repo:a,ttlMinutes:i,config:s,run:o.run,json:o.json,noTasks:o.noTasks,serverType:o.serverType,location:o.location,agent:o.agent,port:o.port,verbose:o.verbose}))),d=u.filter(p=>p.status==="fulfilled"),m=u.filter(p=>p.status==="rejected");if(!o.json){if(r.info(""),r.info(`${d.length}/${n.length} branches ready.`),m.length>0)for(let p=0;p<u.length;p++){let g=u[p];g.status==="rejected"&&r.error(`  ${n[p]}: ${g.reason instanceof Error?g.reason.message:String(g.reason)}`)}r.info(""),r.info(f(`Destroy all: gibil destroy ${n.map(_t).join(" ")}`))}if(c)for(let p of u)p.status==="fulfilled"&&await Y(c,"create",p.value.name).catch(()=>{});m.length>0&&process.exit(1)}})}function Nn(){let t=process.argv.indexOf("checkout");t>=2&&t===2&&(process.argv[t]="branch")}A();import{spawn as mr}from"child_process";I();O();function An(t){if(t.includes(":")){let e=t.split(":");if(e.length===2)return{local:e[0],host:"localhost",remote:e[1]};if(e.length===3)return{local:e[0],host:e[1],remote:e[2]};throw new Error(`Invalid port spec "${t}". Use PORT, LOCAL:REMOTE, or LOCAL:HOST:REMOTE.`)}return{local:t,host:"localhost",remote:t}}function fr(t){let{local:e,host:n,remote:o}=An(t);return Oe(`${e}:${n}:${o}`),`${e}:${n}:${o}`}function On(t){t.command("forward <name> <ports...>").description("Forward local ports to a running ephemeral machine via SSH").action(async(e,n)=>{let o=await E(e),i=n.map(c=>({spec:c,mapping:fr(c),...An(c)})),a=["-N","-i",o.keyPath,"-o","StrictHostKeyChecking=no","-o","UserKnownHostsFile=/dev/null","-o","LogLevel=ERROR","-o","ExitOnForwardFailure=yes"];for(let{mapping:c}of i)a.push("-L",c);a.push(`root@${o.ip}`),r.info("");for(let{local:c,host:l,remote:u}of i)r.info(`  Forwarding ${y(`localhost:${c}`)} \u2192 ${e}:${l}:${u}`);r.info(""),r.info(f("  Tunnel active. Press Ctrl+C to stop.")),r.info(""),mr("ssh",a,{stdio:"inherit"}).on("exit",c=>{let l=()=>process.exit(c??0);c===255?(r.warn("  SSH connection failed \u2014 checking if server still exists..."),L(o).then(l,l)):(r.info("  Tunnel closed."),l())})})}I();O();try{await import("dotenv/config")}catch{}var wr=yr(hr(import.meta.url)),Rn={version:"0.0.0"};for(let t of["../package.json","../../package.json"])try{Rn=JSON.parse(gr(vr(wr,t),"utf-8"));break}catch{}var T=new pr;T.name("gibil").description("Ephemeral dev compute for humans and AI agents").version(`${Rn.version} ${Le}`,"-v, --version").addHelpText("before",`
+  ${jt}
+`).addHelpText("after",`
+  ${f("Docs:")} https://gibil.dev/docs
+`);Cn(T);Yt(T);tn(T);nn(T);hn(T);yn(T);wn(T);bn(T);xn(T);Sn(T);_n(T);kn(T);Pn(T);On(T);async function br(){Nn();let t=process.argv.slice(2);!(t.length===0||t.includes("init")||t.includes("auth")||t.includes("--help")||t.includes("-h")||t.includes("--version")||t.includes("-v")||t.includes("-V")||t.includes("mcp")||t.includes("ssh")||t.includes("run")||t.includes("exec")||t.includes("list")||t.includes("ls")||t.includes("forward"))&&await Tn()&&(r.info(""),r.info(k.setupNeeded),r.info(""),process.exit(1)),await mn()&&await $t()&&r.info(f("gibil collects anonymous usage stats to improve the CLI. To disable: GIBIL_TELEMETRY=0"));let o=t[0]??"help",i=pn(process.argv),a=Date.now(),s=0;try{await T.parseAsync(process.argv)}catch(l){s=1,l instanceof Error&&r.error(l.message)}["auth","config","--help","-h","--version","-v","help"].includes(o)||await He({event:"command",command:o,flags:i,exit_code:s,duration_ms:Date.now()-a}),s!==0&&process.exit(1)}br();

package/dist/utils/telemetry-send.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/env node
2	+ var t=process.env.TELEMETRY_PAYLOAD,n=process.env.TELEMETRY_ENDPOINT,e=process.env.TELEMETRY_INGEST_KEY;(!t\|\|!n)&&process.exit(0);try{await fetch(n,{method:"POST",headers:{"Content-Type":"application/json",...e?{Authorization:`Bearer ${e}`}:{}},body:JSON.stringify({events:[JSON.parse(t)]}),signal:AbortSignal.timeout(5e3)})}catch{}process.exit(0);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "gibil",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Ephemeral dev compute for humans and AI agents",
   "homepage": "https://gibil.dev",
   "type": "module",

package/dist/index.js DELETED Viewed

@@ -1,30 +0,0 @@
-#!/usr/bin/env node
-var Xt=Object.defineProperty;var Ke=(t,e)=>()=>(t&&(e=t(t=0)),e);var rt=(t,e)=>{for(var n in e)Xt(t,n,{get:e[n],enumerable:!0})};import{homedir as nn}from"os";import{join as B,resolve as on}from"path";import{existsSync as rn}from"fs";function xe(){let t=process.argv[1];if(t){let e=on(t);if(rn(e))return{command:process.execPath,args:[e,"mcp"]}}return{command:"gibil",args:["mcp"]}}var J,S,H=Ke(()=>{"use strict";J=B(nn(),".gibil"),S={root:J,instances:B(J,"instances"),keys:B(J,"keys"),jobs:B(J,"jobs"),instanceFile:t=>B(J,"instances",`${t}.json`),keyDir:t=>B(J,"keys",t),privateKey:t=>B(J,"keys",t,"id_ed25519"),publicKey:t=>B(J,"keys",t,"id_ed25519.pub")}});var We={};rt(We,{clearApiKey:()=>ze,fetchUsage:()=>qe,getApiKey:()=>E,getApiUrl:()=>dn,getApiUrlFromConfig:()=>Se,getDefaultAgent:()=>pe,getHetznerToken:()=>Je,getServerDefaults:()=>fn,saveApiKey:()=>Ue,saveDefaultAgent:()=>Ie,saveHetznerToken:()=>fe,saveServerDefaults:()=>Be,trackUsage:()=>K,verifyApiKey:()=>q});import{readFile as sn,writeFile as an,mkdir as cn}from"fs/promises";import{existsSync as ln}from"fs";import{join as un}from"path";async function R(){if(!ln(Fe))return{};let t=await sn(Fe,"utf-8");return JSON.parse(t)}async function de(t){await cn(S.root,{recursive:!0,mode:448}),await an(Fe,JSON.stringify(t,null,2),{mode:384})}async function Ue(t){let e=await R();e.api_key=t,await de(e)}async function E(){return process.env.GIBIL_API_KEY?process.env.GIBIL_API_KEY:(await R()).api_key??null}async function ze(){let t=await R();delete t.api_key,await de(t)}function dn(){return process.env.GIBIL_API_URL??ut}async function Se(){return process.env.GIBIL_API_URL?process.env.GIBIL_API_URL:(await R()).api_url??ut}async function fe(t){let e=await R();e.hetzner_token=t,await de(e)}async function Je(){return process.env.HETZNER_API_TOKEN?process.env.HETZNER_API_TOKEN:(await R()).hetzner_token??null}async function Be(t,e){let n=await R();n.default_server_type=t,n.default_location=e,await de(n)}async function fn(){let t=await R();return{serverType:t.default_server_type??"cax11",location:t.default_location??"fsn1"}}async function Ie(t){let e=await R();t?e.default_agent=t:delete e.default_agent,await de(e)}async function pe(){return(await R()).default_agent??null}async function q(t){let e=await Se(),n=await fetch(`${e}/auth-verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({api_key:t})});if(n.status===401)throw new Error("Invalid API key. Get one at https://gibil.dev");if(!n.ok){let o=await n.text();throw new Error(`API error (${n.status}): ${o}`)}return await n.json()}async function K(t,e,n,o){let r=await Se(),l=await fetch(`${r}/usage-track`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({api_key:t,event:e,instance_name:n,server_type:o})});if(l.status===429)throw new Error("Plan limit reached. Upgrade at https://gibil.dev/pricing");if(!l.ok){let s=await l.text();throw new Error(`Usage tracking failed (${l.status}): ${s}`)}}async function qe(t){let e=await Se(),n=await fetch(`${e}/usage-get`,{headers:{Authorization:`Bearer ${t}`}});if(!n.ok){let o=await n.text();throw new Error(`Failed to fetch usage (${n.status}): ${o}`)}return await n.json()}var Fe,ut,L=Ke(()=>{"use strict";H();Fe=un(S.root,"config.json"),ut="https://zopdxjruwktjyjunitrv.supabase.co/functions/v1"});var Ct={};rt(Ct,{JobStore:()=>He,deleteJob:()=>qn,deleteJobsByInstance:()=>Qe,listJobs:()=>he,listJobsByInstance:()=>Wn,loadJob:()=>Bn,loadJobOrThrow:()=>Y,saveJob:()=>W});import{readFile as Fn,writeFile as Un,mkdir as kt,rm as zn,readdir as Jn}from"fs/promises";import{existsSync as _t}from"fs";import{join as jt}from"path";var He,ee,W,Bn,Y,qn,he,Wn,Qe,ae=Ke(()=>{"use strict";H();He=class{jobsDir;constructor(e){let n=e??S.root;this.jobsDir=jt(n,"jobs")}jobFile(e){if(!/^[a-zA-Z0-9_-]+$/.test(e))throw new Error(`Invalid job ID: "${e}"`);return jt(this.jobsDir,`${e}.json`)}async save(e){await kt(this.jobsDir,{recursive:!0,mode:448}),await Un(this.jobFile(e.id),JSON.stringify(e,null,2),{mode:384})}async load(e){let n=this.jobFile(e);if(!_t(n))return null;let o=await Fn(n,"utf-8");return JSON.parse(o)}async loadOrThrow(e){let n=await this.load(e);if(!n)throw new Error(`Job "${e}" not found. Run "gibil job list" to see active jobs.`);return n}async delete(e){let n=this.jobFile(e);_t(n)&&await zn(n)}async list(){await kt(this.jobsDir,{recursive:!0,mode:448});let e=await Jn(this.jobsDir),n=[];for(let o of e){if(!o.endsWith(".json"))continue;let r=o.replace(".json",""),l=await this.load(r);l&&n.push(l)}return n}async listByInstance(e){return(await this.list()).filter(o=>o.instance===e)}async deleteByInstance(e){let n=await this.listByInstance(e);for(let o of n)await this.delete(o.id)}},ee=new He,W=t=>ee.save(t),Bn=t=>ee.load(t),Y=t=>ee.loadOrThrow(t),qn=t=>ee.delete(t),he=()=>ee.list(),Wn=t=>ee.listByInstance(t),Qe=t=>ee.deleteByInstance(t)});import{Command as mo}from"commander";import{readFileSync as ho}from"fs";import{fileURLToPath as yo}from"url";import{dirname as wo,join as vo}from"path";import ne from"picocolors";var F=t=>ne.red(t),Qt=t=>ne.yellow(t),U=t=>ne.green(t),en=t=>ne.red(t),p=t=>ne.dim(t),h=t=>ne.bold(t),C="\u{1F98E}";var O=U("\u2713"),ue=en("\u2716"),st=Qt("\u26A0"),be="\u{12248}",at=`
-  ${F("       /\\")}
-  ${F("      /  \\")}
-  ${F("     / \u{1F525} \\")}
-  ${F("    /      \\")}
-  ${p("    ~~~~~~~~")}
-  ${h("    g i b i l")}  ${p(be)}
-`,ct=`${C} ${h("gibil")} ${p(be)}`,it=["\u280B","\u2819","\u2839","\u2838","\u283C","\u2834","\u2826","\u2827","\u2807","\u280F"],le=class{timer=null;frame=0;text;constructor(e){this.text=e}start(){return process.stderr.isTTY?(this.timer=setInterval(()=>{let e=F(it[this.frame%it.length]);process.stderr.write(`\r  ${e} ${this.text}`),this.frame++},80),this):(process.stderr.write(`  ${this.text}
-`),this)}update(e){this.text=e,process.stderr.isTTY||process.stderr.write(`  ${e}
-`)}succeed(e){this.stop(),process.stderr.write(`\r  ${O} ${e??this.text}
-`)}fail(e){this.stop(),process.stderr.write(`\r  ${ue} ${e??this.text}
-`)}stop(){this.timer&&(clearInterval(this.timer),this.timer=null,process.stderr.isTTY&&process.stderr.write("\r\x1B[K"))}};function $e(t,e){let n=Math.max(t.length+4,...e.map(a=>Le(a).length+4)),o=`${p("\u256D")}${p("\u2500".repeat(n))}${p("\u256E")}`,r=`${p("\u2570")}${p("\u2500".repeat(n))}${p("\u256F")}`,l=`${p("\u2502")} ${C} ${h(t)}${" ".repeat(n-Le(t).length-4)}${p("\u2502")}`,s=`${p("\u251C")}${p("\u2500".repeat(n))}${p("\u2524")}`,c=e.map(a=>{let u=n-Le(a).length-2;return`${p("\u2502")} ${a}${" ".repeat(Math.max(0,u))}${p("\u2502")}`});return[o,l,s,...c,r].join(`
-`)}function Le(t){return t.replace(/\x1b\[[0-9;]*m/g,"")}var k={welcome:`${C} Your first fire. Welcome to Gibil.`,noInstances:`${C} No fires burning. Gibil sleeps.`,destroyAll:`${C} All fires extinguished. Gibil moves on.`,destroySingle:t=>`${C} "${t}" \u2014 fire out.`,authSuccess:`${C} Logged in. The forge is yours.`,authLogout:`${C} Logged out. The forge cools.`,createReady:(t,e)=>`${C} "${t}" forged ${p(`(${e}s)`)}`,fleetReady:(t,e)=>`${C} Fleet forged \u2014 ${t}/${e} fires lit.`,ttlWarning:(t,e)=>`${C} ${t} \u2014 flame is low (${e}m remaining)`,initComplete:`${C} The forge is ready. Run ${h("gibil create")} to light your first fire.`,setupNeeded:`${C} No forge configured. Run ${h("gibil init")} to get started.`};var tn="info",Ge=!1,lt={debug:0,info:1,warn:2,error:3,silent:4};function $(t){Ge=t}function z(t){return Ge&&t!=="error"?!1:lt[t]>=lt[tn]}var i={debug(t,...e){z("debug")&&console.debug(`${p("[debug]")} ${t}`,...e)},info(t,...e){z("info")&&console.log(t,...e)},warn(t,...e){z("warn")&&console.warn(`${st} ${t}`,...e)},error(t,...e){z("error")&&console.error(`${ue} ${t}`,...e)},success(t){z("info")&&console.log(`${O} ${t}`)},step(t){z("info")&&console.log(`  ${p("\u203A")} ${t}`)},flame(t){z("info")&&console.log(t)},detail(t,e){z("info")&&console.log(`  ${p(t+":")} ${e}`)},spin(t){return Ge?new le(t):new le(t).start()},json(t){console.log(JSON.stringify(t,null,2))}};var pn="https://api.hetzner.cloud/v1",T=class t{token;constructor(e){this.token=e}static async create(e){let{getHetznerToken:n}=await Promise.resolve().then(()=>(L(),We)),o=e??await n();if(!o)throw new Error("HETZNER_API_TOKEN is required. Run 'gibil init' or set it in your environment.");return new t(o)}async request(e,n,o){let r=`${pn}${n}`;i.debug(`${e} ${r}`);let l=await fetch(r,{method:e,headers:{Authorization:`Bearer ${this.token}`,"Content-Type":"application/json"},body:o?JSON.stringify(o):void 0,signal:AbortSignal.timeout(3e4)});if(!l.ok){let s=await l.text(),c;try{c=JSON.parse(s).error?.message??s}catch{c=s}let a="";throw l.status===401||l.status===403?a=`
-  Your Hetzner token may be invalid or expired. Run: gibil init --force`:l.status===409&&c.includes("name")?a=`
-  A server with this name already exists. Try a different --name or run: gibil destroy <name>`:l.status===422&&(c.includes("location")||c.includes("server_type"))&&(a=`
-  This server type may not be available in your region. Run: gibil init --force`),new Error(`Hetzner API error (${l.status}): ${c}${a}`)}return l.status===204?{}:await l.json()}async createServer(e,n,o,r,l){if(!r||!l){let{getServerDefaults:u}=await Promise.resolve().then(()=>(L(),We)),f=await u();r=r??f.serverType,l=l??f.location}if(r.startsWith("cax")&&!["fsn1","nbg1"].includes(l))throw new Error(`ARM server type "${r}" is not available in "${l}". Use --location fsn1 or --location nbg1, or switch to an x86 type (cpx11, cpx21, etc.).`);let a={name:e,server_type:r,image:"ubuntu-24.04",ssh_keys:[n],labels:{gibil:"true","gibil-name":e},location:l};i.debug(`createServer payload: ${JSON.stringify({name:e,server_type:r,image:"ubuntu-24.04",location:l})}`),o&&(a.user_data=o);try{return(await this.request("POST","/servers",a)).server}catch(u){let f=`(server_type=${r}, location=${l}). Try a different --server-type or --location.`;throw u instanceof Error?new Error(`${u.message} ${f}`):u}}async destroyServer(e){await this.request("DELETE",`/servers/${e}`)}async getServer(e){return(await this.request("GET",`/servers/${e}`)).server}async listServers(e="gibil=true"){return(await this.request("GET",`/servers?label_selector=${encodeURIComponent(e)}&per_page=50`)).servers}async waitForReady(e,n=12e4){let o=Date.now(),r=3e3;for(;Date.now()-o<n;){let l=await this.getServer(e);if(l.status==="running"&&l.public_net.ipv4.ip!=="0.0.0.0")return l;i.debug(`Server ${e} status: ${l.status}, waiting...`),await new Promise(s=>setTimeout(s,r))}throw new Error(`Server ${e} did not become ready within ${n/1e3}s`)}async createSSHKey(e,n){return(await this.request("POST","/ssh_keys",{name:e,public_key:n})).ssh_key}async deleteSSHKey(e){await this.request("DELETE",`/ssh_keys/${e}`)}};H();import{mkdir as gn,rm as dt,readFile as mn,chmod as hn}from"fs/promises";import{existsSync as ft}from"fs";import{execFile as yn}from"child_process";import{promisify as wn}from"util";var vn=wn(yn);async function ke(t){let e=S.keyDir(t);ft(e)&&await dt(e,{recursive:!0}),await gn(e,{recursive:!0});let n=S.privateKey(t),o=S.publicKey(t);await vn("ssh-keygen",["-t","ed25519","-f",n,"-N","","-C",`gibil-${t}`]),await hn(n,384);let r=await mn(o,"utf-8");return{privateKeyPath:n,publicKeyPath:o,publicKey:r.trim()}}async function oe(t){let e=S.keyDir(t);ft(e)&&await dt(e,{recursive:!0})}H();import{Client as bn}from"ssh2";import{readFile as $n}from"fs/promises";async function b(t){let{instanceName:e,ip:n,command:o,stream:r=!1,timeoutMs:l=3e4}=t,s=await $n(S.privateKey(e),"utf-8");return new Promise((c,a)=>{let u=new bn,f="",g="";u.on("ready",()=>{i.debug(`SSH connected to ${n}`),u.exec(o,(d,m)=>{if(d)return u.end(),a(d);m.on("data",y=>{let I=y.toString();f+=I,r&&process.stdout.write(I)}),m.stderr.on("data",y=>{let I=y.toString();g+=I,r&&process.stderr.write(I)}),m.on("close",y=>{u.end(),c({stdout:f,stderr:g,exitCode:y??0})})})}).on("error",d=>{let m="";d.code==="ECONNREFUSED"?m=" (instance may have been destroyed or is still booting)":d.code==="EHOSTUNREACH"?m=" (IP unreachable \u2014 instance may not be running)":d.code==="ETIMEDOUT"&&(m=" (connection timed out \u2014 check if instance is running with 'gibil list')"),a(new Error(`SSH connection to ${n} failed: ${d.message}${m}`))}).connect({host:n,port:22,username:"root",privateKey:s,readyTimeout:l,hostVerifier:()=>!0,agent:process.env.SSH_AUTH_SOCK,agentForward:!0})})}async function _e(t,e,n=12e4){let o=Date.now(),r=5e3;for(;Date.now()-o<n;)try{await b({instanceName:t,ip:e,command:"echo ready",timeoutMs:1e4});return}catch{i.debug(`SSH not ready on ${e}, retrying...`),await new Promise(l=>setTimeout(l,r))}throw new Error(`SSH did not become available on ${e} within ${n/1e3}s`)}function je(t){let{repo:e,config:n,ttlMinutes:o,githubToken:r,gitIdentity:l}=t,s=["#!/bin/bash","set -euo pipefail","","# \u2500\u2500 Gibil cloud-init \u2500\u2500","export HOME=/root","export DEBIAN_FRONTEND=noninteractive"];r&&s.push(`export GITHUB_TOKEN=${P(r)}`),s.push("","# Base packages","apt-get update -qq","apt-get install -y -qq git curl wget build-essential unzip > /dev/null 2>&1","","# Install GitHub CLI","if ! type gh > /dev/null 2>&1; then","  curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg 2>/dev/null","  chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg","  ARCH=$(dpkg --print-architecture)",'  echo "deb [arch=${ARCH} signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" > /etc/apt/sources.list.d/github-cli.list',"  apt-get update -qq && apt-get install -y -qq gh > /dev/null 2>&1","fi","");let c=n?.image??"node:20";if(s.push(...xn(c)),t.agent){let a=kn(t.agent);a&&(s.push(`# Install ${t.agent} + tmux`),t.agent==="aider"&&s.push("apt-get install -y -qq python3-pip > /dev/null 2>&1"),s.push(`${a} > /dev/null 2>&1`,"apt-get install -y -qq tmux > /dev/null 2>&1",""))}if(n?.services&&n.services.length>0){s.push(...Sn()),s.push("");for(let a of n.services)s.push(...In(a))}if(n?.env){s.push("# Environment variables");for(let[a,u]of Object.entries(n.env))s.push(`export ${a}=${P(u)}`),s.push(`echo ${P(`${a}=${u}`)} >> /etc/environment`);s.push("")}if(s.push("# Configure git"),l?(s.push(`git config --global user.email ${P(l.email)}`),s.push(`git config --global user.name ${P(l.name)}`),l.signingKey&&(s.push("git config --global gpg.format ssh"),s.push(`git config --global user.signingkey ${P("key::"+l.signingKey)}`),s.push("git config --global commit.gpgsign true"),s.push("git config --global tag.gpgsign true"),s.push("mkdir -p /root/.ssh"),s.push(`echo ${P(l.email+" "+l.signingKey)} > /root/.ssh/allowed_signers`),s.push("git config --global gpg.ssh.allowedSignersFile /root/.ssh/allowed_signers"))):(s.push("git config --global user.email 'gibil@bot.dev'"),s.push("git config --global user.name 'Gibil Bot'")),s.push(""),e){let a=e.match(/github\.com\/([^/]+\/[^/.]+)/);if(s.push("# Clone repository"),s.push("cd /root"),a){let u=a[1];s.push('if [ -n "${GITHUB_TOKEN:-}" ]; then'),s.push(`  CLONE_URL="https://x-access-token:\${GITHUB_TOKEN}@github.com/${u}.git"`),s.push("else"),s.push(`  CLONE_URL='https://github.com/${u}.git'`),s.push("fi"),s.push('timeout 300 git clone "$CLONE_URL" /root/project || { echo "Git clone failed or timed out"; exit 1; }')}else s.push(`timeout 300 git clone ${P(e)} /root/project || { echo "Git clone failed or timed out"; exit 1; }`);s.push("cd /root/project"),s.push(""),s.push('if [ -n "${GITHUB_TOKEN:-}" ]; then'),s.push('  echo "${GITHUB_TOKEN}" | gh auth login --with-token 2>/dev/null || true'),a&&s.push(`  git -C /root/project remote set-url origin "https://x-access-token:\${GITHUB_TOKEN}@github.com/${a[1]}.git"`),s.push("fi"),s.push("")}if(o&&o>0&&(s.push("# Auto-destroy after TTL"),s.push(`echo "shutdown -h now" | at now + ${o} minutes 2>/dev/null || true`),s.push(`(sleep ${o*60} && shutdown -h now) &`),s.push("")),s.push("# Clean up cloud-init secrets"),s.push("rm -f /var/lib/cloud/instance/user-data.txt"),s.push(""),s.push("# Signal that infrastructure is ready"),s.push("touch /root/.gibil-ready"),s.push('echo "Gibil infrastructure ready"'),s.push(""),e&&n?.tasks&&n.tasks.length>0){s.push("# Run project tasks"),s.push("cd /root/project");for(let a of n.tasks)s.push(`echo '\u25B6 Running task: '${P(a.name)}`),s.push(`if ! ${a.command}; then`),s.push(`  echo '\u2717 Task failed: '${P(a.name)}`),s.push("  touch /root/.gibil-tasks-failed"),s.push("fi");s.push(""),s.push("# Signal tasks complete"),s.push("if [ ! -f /root/.gibil-tasks-failed ]; then"),s.push("  touch /root/.gibil-tasks-done"),s.push('  echo "Gibil tasks complete"'),s.push("else"),s.push('  echo "Gibil tasks finished with errors"'),s.push("fi")}return s.join(`
-`)}function xn(t){let e=[];if(t.startsWith("node:")){let n=t.split(":")[1]??"20";e.push("# Install Node.js"),e.push(`curl -fsSL https://deb.nodesource.com/setup_${n}.x | bash - > /dev/null 2>&1`),e.push("apt-get install -y -qq nodejs > /dev/null 2>&1"),e.push("npm install -g pnpm@latest > /dev/null 2>&1"),e.push("")}else if(t.startsWith("python:")){let n=t.split(":")[1]??"3.12";e.push("# Install Python"),e.push(`apt-get install -y -qq python${n} python3-pip python3-venv > /dev/null 2>&1`),e.push("")}else if(t.startsWith("go:")){let n=t.split(":")[1]??"1.22";e.push("# Install Go"),e.push('GO_ARCH=$(uname -m | sed "s/x86_64/amd64/" | sed "s/aarch64/arm64/")'),e.push(`wget -q https://go.dev/dl/go${n}.linux-\${GO_ARCH}.tar.gz -O /tmp/go.tar.gz`),e.push("tar -C /usr/local -xzf /tmp/go.tar.gz"),e.push("export PATH=$PATH:/usr/local/go/bin"),e.push('echo "export PATH=\\$PATH:/usr/local/go/bin" >> /root/.bashrc'),e.push("")}else e.push("# Install Node.js (default)"),e.push("curl -fsSL https://deb.nodesource.com/setup_20.x | bash - > /dev/null 2>&1"),e.push("apt-get install -y -qq nodejs > /dev/null 2>&1"),e.push("npm install -g pnpm@latest > /dev/null 2>&1"),e.push("");return e}function Sn(){return["# Install Docker","curl -fsSL https://get.docker.com | sh > /dev/null 2>&1","systemctl enable docker --now"]}function In(t){let e=[];e.push(`# Start service: ${t.name.replace(/[^a-zA-Z0-9_-]/g,"")}`);let o=`docker run -d --name ${t.name.replace(/[^a-zA-Z0-9_-]/g,"")}`;if(t.port&&(o+=` -p ${t.port}:${t.port}`),t.env)for(let[r,l]of Object.entries(t.env))o+=` -e ${r}=${P(l)}`;return o+=` ${P(t.image)}`,e.push(o),e.push(""),e}var pt={claude:"npm install -g @anthropic-ai/claude-code",aider:"pip install --break-system-packages aider-chat",codex:"npm install -g @openai/codex"},re={claude:["ANTHROPIC_API_KEY"],aider:["ANTHROPIC_API_KEY","OPENAI_API_KEY"],codex:["OPENAI_API_KEY"]},M=Object.keys(pt);function kn(t){return pt[t]??null}function P(t){return`'${t.replace(/'/g,"'\\''")}'`}import{readFile as _n}from"fs/promises";import{existsSync as gt,statSync as jn}from"fs";import{join as Cn}from"path";import{parse as ht}from"yaml";async function ie(t){let e=t.match(/github\.com\/([^/]+)\/([^/.]+)/);if(!e)return null;let[,n,o]=e,r=`https://raw.githubusercontent.com/${n}/${o}/HEAD/.gibil.yml`;try{let l={};process.env.GITHUB_TOKEN&&(l.Authorization=`token ${process.env.GITHUB_TOKEN}`);let s=await fetch(r,{signal:AbortSignal.timeout(1e4),headers:l});if(!s.ok)return null;let c=await s.text();return Tn(c)}catch{return null}}var En=".gibil.yml";async function se(t){let e;if(gt(t)&&jn(t).isFile()?e=t:e=Cn(t,En),!gt(e))return null;let n=await _n(e,"utf-8"),o=ht(n);return yt(o)}function Tn(t){let e=ht(t);return yt(e)}function yt(t){if(!t||typeof t!="object")throw new Error("Invalid .gibil.yml: must be a YAML object");let e=t,n={};return typeof e.name=="string"&&(n.name=e.name),typeof e.image=="string"&&(n.image=e.image),typeof e.server_type=="string"&&(n.server_type=e.server_type),typeof e.location=="string"&&(n.location=e.location),Array.isArray(e.services)&&(n.services=e.services.map(o=>{let r=o;if(typeof r.name!="string"||typeof r.image!="string")throw new Error("Each service must have a 'name' and 'image' field");return{name:r.name,image:r.image,port:typeof r.port=="number"?r.port:void 0,env:mt(r.env,`service "${r.name}"`)}})),Array.isArray(e.tasks)&&(n.tasks=e.tasks.map(o=>{let r=o;if(typeof r.name!="string"||typeof r.command!="string")throw new Error("Each task must have a 'name' and 'command' field");return{name:r.name,command:r.command}})),e.env!==void 0&&(n.env=mt(e.env,"top-level")),n}function mt(t,e){if(t==null)return;if(typeof t!="object"||Array.isArray(t))throw new Error(`env in ${e} must be a key-value object`);let n={};for(let[o,r]of Object.entries(t))if(typeof r=="string")n[o]=r;else if(typeof r=="number"||typeof r=="boolean")n[o]=String(r);else throw new Error(`env.${o} in ${e} must be a string, number, or boolean \u2014 got ${typeof r}`);return Object.keys(n).length>0?n:void 0}H();import{readFile as Pn,writeFile as An,mkdir as wt,rm as Nn,readdir as On}from"fs/promises";import{existsSync as vt}from"fs";import{join as Ye}from"path";var Ve=class{instancesDir;keysDir;constructor(e){let n=e??S.root;this.instancesDir=Ye(n,"instances"),this.keysDir=Ye(n,"keys")}async ensureDirectories(){await wt(this.instancesDir,{recursive:!0,mode:448}),await wt(this.keysDir,{recursive:!0,mode:448})}instanceFile(e){return Ye(this.instancesDir,`${e}.json`)}async save(e){await this.ensureDirectories(),await An(this.instanceFile(e.name),JSON.stringify(e,null,2),{mode:384})}async load(e){let n=this.instanceFile(e);if(!vt(n))return null;let o=await Pn(n,"utf-8");return JSON.parse(o)}async loadOrThrow(e){let n=await this.load(e);if(!n)throw new Error(`Instance "${e}" not found. Run "gibil list" to see active instances.`);return n}async loadActiveOrThrow(e){let n=await this.loadOrThrow(e);if(new Date>new Date(n.expiresAt))throw new Error(`Instance "${e}" has expired (TTL was ${n.ttlMinutes}m). Run "gibil destroy ${e}" to clean up.`);return n}async delete(e){let n=this.instanceFile(e);vt(n)&&await Nn(n)}async list(){await this.ensureDirectories();let e=await On(this.instancesDir),n=[];for(let o of e){if(!o.endsWith(".json"))continue;let r=o.replace(".json",""),l=await this.load(r);l&&n.push(l)}return n}},ge=new Ve;var Z=t=>ge.save(t);var Ce=t=>ge.loadOrThrow(t),_=t=>ge.loadActiveOrThrow(t),Ee=t=>ge.delete(t),X=()=>ge.list();import{randomBytes as Hn}from"crypto";function Q(t=6){return Hn(Math.ceil(t/2)).toString("hex").slice(0,t)}function Te(){return`gibil-${Q()}`}function bt(){return`fleet-${Q(8)}`}function Pe(){return`j-${Q(8)}`}H();var Rn=/^[a-zA-Z0-9][a-zA-Z0-9_-]{0,62}$/;function Ae(t){if(!Rn.test(t))throw new Error(`Invalid instance name "${t}". Names must be 1-63 chars, start with alphanumeric, and contain only [a-zA-Z0-9_-].`);return t}function me(t,e){let n=parseInt(t,10);if(isNaN(n)||n<=0)throw new Error(`${e} must be a positive integer, got "${t}"`);return n}L();import{execSync as Ne}from"child_process";import{readFileSync as Mn}from"fs";function Dn(){try{let t=Ne("git config user.name",{encoding:"utf-8"}).trim(),e=Ne("git config user.email",{encoding:"utf-8"}).trim();if(!t||!e)return;let n;try{if(Ne("git config gpg.format",{encoding:"utf-8"}).trim()==="ssh"){let r=Ne("git config user.signingkey",{encoding:"utf-8"}).trim();if(r)try{n=Mn(r,"utf-8").trim()}catch{(r.startsWith("ssh-")||r.startsWith("key::"))&&(n=r.replace(/^key::/,""))}}}catch{}return{name:t,email:e,signingKey:n}}catch{return}}async function Oe(t,e,n){i.step("Generating SSH keys...");let o=await ke(e),r,l;try{i.step("Uploading SSH key..."),r=await t.createSSHKey(`gibil-${e}-${Q(4)}`,o.publicKey),n.repo&&n.repo.includes("github.com")&&!process.env.GITHUB_TOKEN&&i.debug("No GITHUB_TOKEN set \u2014 private repos will fail to clone. Set GITHUB_TOKEN to enable private repo access.");let s=Dn(),c=je({repo:n.repo,config:n.config??void 0,ttlMinutes:n.ttlMinutes,githubToken:process.env.GITHUB_TOKEN,gitIdentity:s,agent:n.agent}),a=i.spin("Creating server on Hetzner..."),u=await t.createServer(e,r.id,c,n.serverType??n.config?.server_type,n.location??n.config?.location);l=u.id,a.succeed("Server created");let f=i.spin("VM booting..."),d=(await t.waitForReady(u.id)).public_net.ipv4.ip;f.succeed(`VM running at ${d}`);let m=new Date,y={name:e,serverId:u.id,ip:d,sshKeyId:r.id,keyPath:S.privateKey(e),status:"running",createdAt:m.toISOString(),ttlMinutes:n.ttlMinutes,expiresAt:new Date(m.getTime()+n.ttlMinutes*6e4).toISOString(),repo:n.repo,fleetId:n.fleetId,gitIdentity:s};await Z(y);let I=i.spin("Waiting for SSH...");if(await _e(e,d),I.succeed("SSH ready"),n.repo||n.config){let N=i.spin("Provisioning (runtime, repo, deps)..."),w=36e4,x=5e3,G=Date.now(),te=!1;for(;Date.now()-G<w;){try{if((await b({instanceName:e,ip:d,command:"test -f /root/.gibil-ready && echo ready || echo waiting",timeoutMs:1e4})).stdout.trim()==="ready"){te=!0;break}}catch{}await new Promise(D=>setTimeout(D,x))}if(te)N.succeed("Provisioning complete");else{N.fail("Provisioning may have failed");try{let D=await b({instanceName:e,ip:d,command:"tail -20 /var/log/cloud-init-output.log 2>/dev/null || echo 'No cloud-init log found'",timeoutMs:1e4});i.info(D.stdout)}catch{i.warn("Could not read cloud-init log.")}}}return y}catch(s){throw i.error(`Failed to create instance "${e}", cleaning up...`),l&&await t.destroyServer(l).catch(c=>i.warn(`Could not destroy Hetzner server ${l}: ${c instanceof Error?c.message:String(c)}`)),r&&await t.deleteSSHKey(r.id).catch(c=>i.warn(`Could not delete Hetzner SSH key ${r.id}: ${c instanceof Error?c.message:String(c)}`)),await oe(e).catch(c=>i.warn(`Could not clean up local SSH keys: ${c instanceof Error?c.message:String(c)}`)),s}}function $t(t){let e=Math.max(0,Math.floor((new Date(t.expiresAt).getTime()-Date.now())/1e3));return{name:t.name,ip:t.ip,ssh:`ssh -i ${t.keyPath} -o StrictHostKeyChecking=no root@${t.ip}`,status:t.status,ttl_remaining:e,created_at:t.createdAt,fleet_id:t.fleetId}}function xt(t){t.command("create").description("Spin up one or more ephemeral dev machines").option("-n, --name <name>","Instance name").option("-f, --fleet <count>","Number of instances to create in parallel").option("-r, --repo <git-url>","Git repository to clone on startup").option("--json","Output instance info as JSON").option("--ttl <minutes>","Auto-destroy after N minutes","60").option("-c, --config <path>","Path to .gibil.yml config").option("--server-type <type>","Hetzner server type (e.g. cpx11, cpx21)").option("--location <loc>","Hetzner location (e.g. fsn1, nbg1)").option("-q, --quiet","Suppress non-essential output").option("-e, --env <KEY=VALUE...>","Environment variables to set on the server").option("--agent <name>","Install a coding agent (claude, aider, codex)").action(async e=>{e.json&&$(!0);let n=me(e.ttl??"60","TTL");if(n>10080)throw new Error("TTL cannot exceed 7 days (10080 minutes).");let o=me(e.fleet??"1","Fleet count");if(o>20)throw new Error("Fleet size cannot exceed 20. Contact support for higher limits.");if(e.name&&Ae(e.name),!e.agent){let a=await pe();a&&(e.agent=a)}if(e.agent&&!M.includes(e.agent))throw new Error(`Unknown agent "${e.agent}". Supported: ${M.join(", ")}`);let r={};if(e.env)for(let a of e.env){let u=a.indexOf("=");if(u<=0)throw new Error(`Invalid --env format: "${a}". Use KEY=VALUE.`);r[a.slice(0,u)]=a.slice(u+1)}r.GITHUB_TOKEN&&!process.env.GITHUB_TOKEN&&(process.env.GITHUB_TOKEN=r.GITHUB_TOKEN);let l=null;e.config?l=await se(e.config):e.repo?l=await ie(e.repo)??await se(process.cwd()):l=await se(process.cwd()),Object.keys(r).length>0&&(l||(l={}),l.env={...l.env,...r});let s=await E();if(s){i.info("Verifying API key...");let a=await q(s);i.info(`  Authenticated as ${a.user.email} (${a.user.plan})`)}if(e.agent&&!re[e.agent]?.some(u=>l?.env?.[u]||r[u])){let u=re[e.agent]?.join(" or ")??"";i.warn(`${e.agent} needs ${u}. SSH in and export it (recommended) or pass with --env.`)}let c=await T.create();if(o===1){let a=e.name??Te(),u=Date.now(),f=i.spin(`Forging "${a}"...`),g=await Oe(c,a,{repo:e.repo,ttlMinutes:n,config:l,serverType:e.serverType,location:e.location,agent:e.agent}),d=((Date.now()-u)/1e3).toFixed(1);f.succeed(k.createReady(a,d)),s&&await K(s,"create",g.name,e.serverType).catch(m=>i.debug(`Usage tracking failed: ${m instanceof Error?m.message:String(m)}`)),e.json?i.json($t(g)):(i.info(""),i.info($e("Server ready",[`${p("Name:")}  ${h(g.name)}`,`${p("IP:")}    ${g.ip}`,`${p("TTL:")}   ${n} minutes`,`${p("SSH:")}   ${h(`gibil ssh ${g.name}`)}`])),i.info(""),i.info(p("  Try:")),i.info(`    ${h(`gibil run ${g.name} "<your test command>"`)}`),i.info(`    ${h(`gibil ssh ${g.name}`)}`),i.info(`    ${h(`gibil destroy ${g.name}`)}`),i.info(""))}else{let a=bt(),u=e.name??"gibil",f=Date.now(),g=i.spin(`Forging fleet "${a}" \u2014 ${o} servers...`),d=Array.from({length:o},(w,x)=>`${u}-${x+1}-${a.slice(6)}`),m=await Promise.allSettled(d.map(w=>Oe(c,w,{repo:e.repo,ttlMinutes:n,config:l,serverType:e.serverType,location:e.location,fleetId:a,agent:e.agent}))),y=[],I=[];for(let w=0;w<m.length;w++){let x=m[w];x.status==="fulfilled"?y.push(x.value):I.push(`${d[w]}: ${x.reason instanceof Error?x.reason.message:String(x.reason)}`)}let N=((Date.now()-f)/1e3).toFixed(1);if(g.succeed(k.fleetReady(y.length,o)+` ${p(`(${N}s)`)}`),s&&await Promise.all(y.map(w=>K(s,"create",w.name,e.serverType).catch(x=>i.debug(`Usage tracking failed for ${w.name}: ${x instanceof Error?x.message:String(x)}`)))),e.json)i.json({fleet_id:a,instances:y.map($t),errors:I});else{i.info("");for(let w of y)i.info(`  ${O} ${h(w.name)} ${p("\u2192")} ${w.ip}`);for(let w of I)i.info(`  ${ue} ${w}`);i.info("")}}})}import{spawn as Gn}from"child_process";import{spawn as Kn}from"child_process";import{existsSync as Ln}from"fs";function Xe(t){if(t.includes(":")){let e=t.split(":");if(e.length!==3)throw new Error(`Invalid port mapping "${t}". Use PORT or LOCAL:HOST:REMOTE.`);let[n,,o]=e;Ze(n,t),Ze(o,t)}else Ze(t,t)}function Ze(t,e){let n=parseInt(t,10);if(isNaN(n)||n<1||n>65535||String(n)!==t)throw new Error(`Invalid port number in "${e}". Must be 1-65535.`)}function St(t,e){if(!Ln(t.keyPath))throw new Error(`SSH key not found: ${t.keyPath}. The instance may have been destroyed.`);let n=[];for(let o of e){Xe(o);let r=o.includes(":")?o:`${o}:localhost:${o}`,l=o.includes(":")?o.split(":")[0]:o;n.push(l),Kn("ssh",["-f","-N","-L",r,"-i",t.keyPath,"-o","StrictHostKeyChecking=no","-o","UserKnownHostsFile=/dev/null","-o","LogLevel=ERROR","-o","ExitOnForwardFailure=yes",`root@${t.ip}`],{stdio:"ignore",detached:!0}).unref()}return n}function It(t){t.command("ssh <name>").description("SSH into a running ephemeral machine").option("-p, --port <ports...>","Forward local port(s) to server (e.g. --port 3000 --port 5432)").action(async(e,n)=>{let o=await _(e),r=["-A","-i",o.keyPath,"-o","StrictHostKeyChecking=no","-o","UserKnownHostsFile=/dev/null","-o","LogLevel=ERROR"];if(n.port&&n.port.length>0){for(let s of n.port){Xe(s);let c=s.includes(":")?s:`${s}:localhost:${s}`;r.push("-L",c)}i.info("");for(let s of n.port){let c=s.includes(":")?s.split(":")[0]:s;i.info(`  Forwarding ${h(`localhost:${c}`)} \u2192 ${e}:${s}`)}i.info(""),i.info(p("  Tunnel active while SSH session is open. Ctrl+C to stop.")),i.info("")}r.push(`root@${o.ip}`),Gn("ssh",r,{stdio:"inherit"}).on("exit",s=>{process.exit(s??0)})})}ae();function Et(t){t.command("run <name> <command...>").description("Execute a command on a running instance").option("--json","Output result as JSON").option("--timeout <seconds>","Command timeout in seconds (default: 30)").option("-b, --background","Run in background, return job ID immediately").action(async(e,n,o)=>{o.json&&$(!0);let r=await _(e),l=n.join(" "),s=o.timeout?me(o.timeout,"Timeout")*1e3:3e4;if(o.background){let a=Pe(),u="/root/.gibil-jobs",f=`${u}/${a}.log`,g=`${u}/${a}.exit`,d=`${u}/${a}.pid`,m=`${u}/${a}.sh`,y=["#!/bin/bash",`nohup bash -c '${l.replace(/'/g,"'\\''")}' > ${f} 2>&1 &`,"BGPID=$!",`echo $BGPID > ${d}`,`(wait $BGPID 2>/dev/null; echo $? > ${g}) &`,"echo $BGPID"].join(`
-`),I=Buffer.from(y).toString("base64"),N=`mkdir -p ${u} && echo '${I}' | base64 -d > ${m} && chmod +x ${m} && bash ${m}`,w=await b({instanceName:e,ip:r.ip,command:N,timeoutMs:1e4}),x=parseInt(w.stdout.trim(),10);isNaN(x)&&(i.error("Failed to start background job \u2014 could not capture PID"),process.exit(1)),await W({id:a,instance:e,command:l,pid:x,status:"running",startedAt:new Date().toISOString()}),o.json?i.json({job_id:a,instance:e,status:"running",pid:x}):(i.info(`Background job started: ${a} (PID ${x})`),i.info(`  Poll: gibil job ${a}`));return}i.info(`Running on "${e}" (${r.ip}): ${l}`);let c=await b({instanceName:e,ip:r.ip,command:l,stream:!o.json,timeoutMs:s});o.json?i.json({instance:e,command:l,stdout:c.stdout,stderr:c.stderr,exit_code:c.exitCode}):c.exitCode!==0&&i.error(`Command exited with code ${c.exitCode}`),process.exit(c.exitCode??1)})}ae();L();async function Tt(t,e){let n=await Ce(e);i.info(`Destroying instance "${e}" (server ${n.serverId})...`);try{await t.destroyServer(n.serverId)}catch(r){i.warn(`Could not delete server ${n.serverId}: ${r instanceof Error?r.message:String(r)}`)}try{await t.deleteSSHKey(n.sshKeyId)}catch(r){i.warn(`Could not delete SSH key ${n.sshKeyId}: ${r instanceof Error?r.message:String(r)}`)}await oe(e),await Qe(e),await Ee(e);let o=await E();o&&await K(o,"destroy",e).catch(r=>i.warn(`Usage tracking failed (billing may be inaccurate): ${r instanceof Error?r.message:String(r)}`)),i.info(`  ${O} ${k.destroySingle(e)}`)}function Pt(t){t.command("destroy [name]").description("Destroy a running ephemeral machine").option("-a, --all","Destroy all gibil instances").option("--json","Output result as JSON").action(async(e,n)=>{if(n.json&&$(!0),n.all){let o=await X();if(o.length===0){n.json?i.json({destroyed:[],failed:[]}):i.info(k.noInstances);return}let r=await T.create();i.info(`Destroying ${o.length} instance(s)...`);let l=await Promise.allSettled(o.map(a=>Tt(r,a.name))),s=[],c=[];for(let a=0;a<l.length;a++)if(l[a].status==="fulfilled")s.push(o[a].name);else{let u=l[a].reason;c.push(`${o[a].name}: ${u instanceof Error?u.message:String(u)}`)}n.json?i.json({destroyed:s,failed:c}):c.length===0?i.info(`
-${k.destroyAll}`):i.info(`
-${s.length} destroyed, ${c.length} failed`)}else{e||(i.error('Specify an instance name or use --all. Run "gibil list" to see instances.'),process.exit(1));let o=await T.create();await Tt(o,e),n.json&&i.json({destroyed:[e]})}})}function At(t){t.command("list").alias("ls").description("List all active gibil instances").option("--json","Output as JSON").action(async e=>{e.json&&$(!0);let n=await X();if(n.length===0){e.json?i.json({instances:[]}):i.info(k.noInstances);return}let o=n.map(r=>{let l=Math.max(0,Math.floor((new Date(r.expiresAt).getTime()-Date.now())/1e3));return{name:r.name,ip:r.ip,ssh:`ssh -i ${r.keyPath} -o StrictHostKeyChecking=no root@${r.ip}`,status:r.status,ttl_remaining:l,created_at:r.createdAt,fleet_id:r.fleetId}});if(e.json){i.json({instances:o});return}i.info(p(`${"NAME".padEnd(30)} ${"IP".padEnd(18)} ${"STATUS".padEnd(12)} ${"TTL".padEnd(10)} ${"AGE".padEnd(10)}`)),i.info(p("\u2500".repeat(80)));for(let r of o){let l=Nt(r.ttl_remaining),s=Yn(r.created_at),c=r.name.padEnd(30),a=r.status.padEnd(12),u=l.padEnd(10),f=s.padEnd(10),g=r.status==="running"?U(a):F(a),d=r.ttl_remaining<=300?F(u):u;i.info(`${h(c)} ${r.ip.padEnd(18)} ${g} ${d} ${p(f)}`)}i.info(`
-${p(`${o.length} server(s)`)}`)})}function Nt(t){if(t<=0)return"expired";let e=Math.floor(t/60),n=t%60;return e>=60?`${Math.floor(e/60)}h ${e%60}m`:`${e}m ${n}s`}function Yn(t){let e=Date.now()-new Date(t).getTime(),n=Math.floor(e/1e3);return Nt(n)}function Ot(t){t.command("extend <name>").description("Extend the TTL of a running instance").requiredOption("--ttl <minutes>","New TTL in minutes from now").option("--json","Output result as JSON").action(async(e,n)=>{n.json&&$(!0);let o=await _(e),r=parseInt(n.ttl,10);(isNaN(r)||r<=0)&&(i.error("TTL must be a positive number of minutes"),process.exit(1)),await b({instanceName:e,ip:o.ip,command:["pkill -f 'sleep.*shutdown' || true",`(sleep ${r*60} && shutdown -h now) &`].join(" && ")});let l=new Date(Date.now()+r*6e4).toISOString();o.ttlMinutes=r,o.expiresAt=l,await Z(o),n.json?i.json({name:o.name,ttl_minutes:r,expires_at:l}):i.info(`\u2713 Extended "${e}" TTL to ${r} minutes (expires ${l})`)})}import{readFile as Vn}from"fs/promises";import{randomBytes as Zn}from"crypto";function Ht(t){t.command("exec <name>").description("Upload and run a local script on an instance").requiredOption("-s, --script <path>","Path to local script").option("--json","Output result as JSON").action(async(e,n)=>{n.json&&$(!0);let o=await _(e),r=await Vn(n.script,"utf-8");i.info(`Uploading and running script "${n.script}" on "${e}"...`);let l=Buffer.from(r).toString("base64"),s=`/tmp/gibil-script-${Zn(4).toString("hex")}.sh`,c=await b({instanceName:e,ip:o.ip,command:`echo '${l}' | base64 -d > ${s} && chmod +x ${s} && ${s}; EXIT=$?; rm -f ${s}; exit $EXIT`,stream:!n.json});n.json?i.json({instance:e,script:n.script,stdout:c.stdout,stderr:c.stderr,exit_code:c.exitCode}):c.exitCode!==0&&i.error(`Script exited with code ${c.exitCode}`),process.exit(c.exitCode??1)})}L();import{createInterface as Xn}from"readline";function Rt(t){let e=Xn({input:process.stdin,output:process.stderr});return new Promise(n=>{e.question(t,o=>{e.close(),n(o.trim())})})}function Mt(t){let e=t.command("auth").description("Manage authentication");e.command("login").description("Log in with your Gibil API key").option("--key <api-key>","API key (or enter interactively)").option("--json","Output result as JSON").action(async n=>{n.json&&$(!0);let o=n.key??process.env.GIBIL_API_KEY;o||(o=await Rt("Enter your API key: ")),o||(i.error("No API key provided."),process.exit(1)),o.startsWith("pk_")||(i.error('Invalid key format. API keys start with "pk_".'),process.exit(1)),i.info("Verifying API key...");try{let r=await q(o);await Ue(o),n.json?i.json({authenticated:!0,email:r.user.email,plan:r.user.plan}):(i.info(k.authSuccess),i.detail("Email",r.user.email),i.detail("Plan",r.user.plan),i.detail("Limits",`${r.limits.max_concurrent} concurrent servers, ${r.limits.remaining_hours}h remaining`))}catch(r){i.error(r instanceof Error?r.message:String(r)),process.exit(1)}}),e.command("setup").description("Configure Hetzner API token (stored in ~/.gibil/config.json)").option("--token <token>","Hetzner API token (or enter interactively)").action(async n=>{let o=n.token;o||(o=await Rt("Enter your Hetzner API token: ")),o||(i.error("No token provided."),process.exit(1));try{let l=await(await fetch("https://api.hetzner.cloud/v1/servers",{headers:{Authorization:`Bearer ${o}`}})).json();l.error&&(i.error(`Invalid token: ${l.error.message}`),process.exit(1))}catch(r){i.error(`Could not verify token: ${r instanceof Error?r.message:"Check your network."}`),process.exit(1)}await fe(o),i.success("Hetzner token saved to ~/.gibil/config.json")}),e.command("logout").description("Clear stored API key").action(async()=>{await ze(),i.info(k.authLogout)}),e.command("status").description("Show current authentication status").option("--json","Output result as JSON").action(async n=>{n.json&&$(!0);let o=await E();if(!o){n.json?i.json({authenticated:!1}):i.info(`Not logged in. Run ${h("gibil auth login")} to authenticate.`);return}try{let r=await q(o);n.json?i.json({authenticated:!0,email:r.user.email,plan:r.user.plan,limits:r.limits}):(i.success(`Authenticated as ${r.user.email}`),i.detail("Plan",r.user.plan),i.detail("Concurrent servers",String(r.limits.max_concurrent)),i.detail("Hours remaining",String(r.limits.remaining_hours)))}catch{n.json?i.json({authenticated:!1,error:"Key verification failed"}):i.error(`Stored API key is invalid. Run ${h("gibil auth login")} to re-authenticate.`)}})}L();function Dt(t){t.command("usage").description("Show current month's usage and plan limits").option("--json","Output as JSON").action(async e=>{e.json&&$(!0);let n=await E();n||(i.error('Not logged in. Run "gibil auth login" first.'),process.exit(1));try{let o=await qe(n);if(e.json)i.json(o);else{let r=Math.round(o.vm_hours_used/o.vm_hours_limit*100);i.info(`Plan: ${o.plan}`),i.info(`VM hours: ${o.vm_hours_used.toFixed(1)} / ${o.vm_hours_limit}h (${r}%)`),i.info(`Active instances: ${o.active_instances} / ${o.max_concurrent}`),r>80&&i.warn("Running low on hours. Upgrade at https://gibil.dev/pricing")}}catch(o){i.error(o instanceof Error?o.message:String(o)),process.exit(1)}})}import{McpServer as Qn}from"@modelcontextprotocol/sdk/server/mcp.js";import{StdioServerTransport as eo}from"@modelcontextprotocol/sdk/server/stdio.js";import{z as v}from"zod";H();import{execSync as Re}from"child_process";import{readFileSync as to}from"fs";ae();ae();async function et(t){let e=await Y(t);if(e.status!=="running")return{status:e.status,exitCode:e.exitCode};let n=await _(e.instance),o="/root/.gibil-jobs",r=`${o}/${t}.exit`,l=`${o}/${t}.log`,c=(await b({instanceName:e.instance,ip:n.ip,command:`test -f ${r} && cat ${r} || echo RUNNING`,timeoutMs:1e4})).stdout.trim();if(c==="RUNNING")return{status:"running"};let a=parseInt(c,10),u=await b({instanceName:e.instance,ip:n.ip,command:`cat ${l} 2>/dev/null || echo ''`,timeoutMs:1e4}),f=a===0?"done":"failed",g=new Date,d=Math.round((g.getTime()-new Date(e.startedAt).getTime())/1e3);return e.status=f,e.exitCode=a,e.completedAt=g.toISOString(),await W(e),{status:f,exitCode:a,stdout:u.stdout,durationS:d}}function Kt(t){let e=t.command("job").description("Manage background jobs");e.command("status <id>").description("Check status of a background job").option("--json","Output result as JSON").action(async(n,o)=>{o.json&&$(!0);let r=await Y(n),l=await et(n);o.json?i.json({job_id:n,instance:r.instance,command:r.command,status:l.status,exit_code:l.exitCode,started_at:r.startedAt,duration_s:l.durationS,...l.stdout!==void 0?{stdout:l.stdout}:{}}):l.status==="running"?(i.info(`Job ${n} is still running on "${r.instance}"`),i.info(`  Command: ${r.command}`),i.info(`  Started: ${r.startedAt}`)):(i.info(`Job ${n}: ${l.status} (exit code ${l.exitCode}, ${l.durationS}s)`),l.stdout&&process.stdout.write(l.stdout))}),e.command("list").description("List all background jobs").option("--json","Output result as JSON").action(async n=>{n.json&&$(!0);let o=await he();if(o.length===0){n.json?i.json([]):i.info("No background jobs.");return}if(n.json)i.json(o.map(r=>({job_id:r.id,instance:r.instance,command:r.command,status:r.status,started_at:r.startedAt,exit_code:r.exitCode})));else for(let r of o){let l=r.status==="running"?"\u27F3 running":r.status==="done"?"\u2713 done":`\u2717 ${r.status}`;i.info(`  ${r.id}  ${l}  ${r.instance}  ${r.command}`)}}),e.command("cancel <id>").description("Cancel a running background job").option("--json","Output result as JSON").action(async(n,o)=>{o.json&&$(!0);let r=await Y(n);if(r.status!=="running"){o.json?i.json({job_id:n,status:r.status,message:"Job is not running"}):i.info(`Job ${n} is not running (status: ${r.status})`);return}let l=await _(r.instance);await b({instanceName:r.instance,ip:l.ip,command:`kill -- -${r.pid} 2>/dev/null || kill ${r.pid} 2>/dev/null || true`,timeoutMs:1e4}),r.status="cancelled",r.completedAt=new Date().toISOString(),await W(r),o.json?i.json({job_id:n,status:"cancelled"}):i.info(`Job ${n} cancelled.`)}),e.command("logs <id>").description("Fetch output of a background job").option("--json","Output result as JSON").option("-f, --follow","Follow log output (tail -f)").action(async(n,o)=>{o.json&&$(!0);let r=await Y(n),l=await _(r.instance),s=`/root/.gibil-jobs/${n}.log`,c=o.follow?`tail -f ${s}`:`cat ${s} 2>/dev/null || echo '(no output yet)'`,a=o.follow?3e5:1e4,u=await b({instanceName:r.instance,ip:l.ip,command:c,stream:!o.json,timeoutMs:a});o.json&&i.json({job_id:n,stdout:u.stdout})})}function no(){try{let t=Re("git config user.name",{encoding:"utf-8"}).trim(),e=Re("git config user.email",{encoding:"utf-8"}).trim();if(!t||!e)return;let n;try{if(Re("git config gpg.format",{encoding:"utf-8"}).trim()==="ssh"){let r=Re("git config user.signingkey",{encoding:"utf-8"}).trim();if(r)try{n=to(r,"utf-8").trim()}catch{(r.startsWith("ssh-")||r.startsWith("key::"))&&(n=r.replace(/^key::/,""))}}}catch{}return{name:t,email:e,signingKey:n}}catch{return}}async function ye(t,e){if(t)return t;if(e)return _(e);let o=(await X()).filter(r=>new Date<new Date(r.expiresAt));if(o.length===0)throw new Error("No active servers. Use create_server first.");if(o.length===1)return o[0];throw new Error(`Multiple servers running: ${o.map(r=>r.name).join(", ")}. Pass the "server" parameter to specify which one.`)}function V(t,e,n=3e4){return b({instanceName:t.name,ip:t.ip,command:e,stream:!1,timeoutMs:n})}function A(t){return`'${t.replace(/'/g,"'\\''")}'`}async function Lt(t){let e=null;if(t&&(e=await _(t),e.gitIdentity)){let{name:s,email:c,signingKey:a}=e.gitIdentity,u=[`git config --global user.name ${A(s)}`,`git config --global user.email ${A(c)}`];a&&u.push("git config --global gpg.format ssh",`git config --global user.signingkey ${A("key::"+a)}`,"git config --global commit.gpgsign true"),V(e,u.join(" && ")).catch(()=>{})}let n=t?`gibil-${t}`:"gibil",o=new Qn({name:n,version:"0.4.0"});e||(o.tool("create_server","Forge a new ephemeral server with a full Linux environment (Ubuntu 24.04, Node.js 20, pnpm). Clones the repo to /root/project and waits until fully provisioned. After creation, use vm_bash to run commands, vm_read/vm_write for files, vm_grep to search code. Destroy with destroy_server when done.",{name:v.string().optional().describe("Server name (auto-generated if omitted)"),repo:v.string().optional().describe("Git repo URL to clone on boot"),ttl:v.number().optional().describe("Auto-destroy after N minutes (default: 60)"),server_type:v.string().optional().describe("Hetzner server type (default: auto-detected)"),location:v.string().optional().describe("Hetzner datacenter (default: auto-detected)"),env:v.record(v.string(),v.string()).optional().describe("Environment variables to set on the server")},async({name:s,repo:c,ttl:a,server_type:u,location:f,env:g})=>{try{let d=s??Te();s&&Ae(s);let m=await T.create(),y=await ke(d),I=await m.createSSHKey(`gibil-${d}-${Q(4)}`,y.publicKey),N=no(),w=c?await ie(c):null;g&&Object.keys(g).length>0&&(w||(w={}),w.env={...w.env,...g});let x=(w?.services?.length??0)>0,G=a??(x?120:60),te=je({repo:c,config:w??void 0,ttlMinutes:G,githubToken:process.env.GITHUB_TOKEN,gitIdentity:N}),D=await m.createServer(d,I.id,te,u,f),ce=(await m.waitForReady(D.id)).public_net.ipv4.ip,nt=new Date,Vt={name:d,serverId:D.id,ip:ce,sshKeyId:I.id,keyPath:S.privateKey(d),status:"running",createdAt:nt.toISOString(),ttlMinutes:G,expiresAt:new Date(nt.getTime()+G*6e4).toISOString(),repo:c,gitIdentity:N};await Z(Vt),await _e(d,ce);let Me="ready";if(c||w){let Zt=Date.now(),ot=!1;for(;Date.now()-Zt<36e4;){try{if((await b({instanceName:d,ip:ce,command:"test -f /root/.gibil-ready && echo ready || echo waiting",timeoutMs:1e4})).stdout.trim()==="ready"){ot=!0;break}}catch{}await new Promise(De=>setTimeout(De,5e3))}if(!ot){Me="timeout";try{Me=`timeout \u2014 cloud-init log:
-${(await b({instanceName:d,ip:ce,command:"tail -20 /var/log/cloud-init-output.log 2>/dev/null || echo 'no log'",timeoutMs:1e4})).stdout}`}catch{}}}return{content:[{type:"text",text:JSON.stringify({name:d,ip:ce,ttl_minutes:G,status:"running",provisioning:Me,working_directory:c?"/root/project":"/root",hint:c?'Server ready. Run commands with vm_bash, e.g.: vm_bash({ command: "pnpm test" })':"Server ready. Clone a repo or run commands with vm_bash."},null,2)}]}}catch(d){return{content:[{type:"text",text:`Failed to create server: ${d instanceof Error?d.message:String(d)}`}],isError:!0}}}),o.tool("destroy_server","Burn a server. Deletes the Hetzner VM, SSH keys, and local metadata. Always destroy servers when done to avoid costs. Works on expired instances too.",{name:v.string().describe("Name of the server to destroy")},async({name:s})=>{try{let c=await Ce(s),a=await T.create();await a.destroyServer(c.serverId).catch(()=>{}),await a.deleteSSHKey(c.sshKeyId).catch(()=>{}),await oe(s).catch(()=>{});let{deleteJobsByInstance:u}=await Promise.resolve().then(()=>(ae(),Ct));return await u(s).catch(()=>{}),await Ee(s),{content:[{type:"text",text:`Server "${s}" destroyed.`}]}}catch(c){return{content:[{type:"text",text:`Failed to destroy: ${c instanceof Error?c.message:String(c)}`}],isError:!0}}}),o.tool("list_servers","List all active gibil servers with their names, IPs, and remaining TTL.",{},async()=>{let s=await X();if(s.length===0)return{content:[{type:"text",text:"No servers running. Use create_server to forge one."}]};let c=s.map(a=>{let u=Math.max(0,Math.floor((new Date(a.expiresAt).getTime()-Date.now())/1e3));return{name:a.name,ip:a.ip,status:a.status,ttl_remaining_seconds:u,ttl_warning:u<300?"Less than 5 minutes left \u2014 extend with extend_server or finish up":void 0,repo:a.repo}});return{content:[{type:"text",text:JSON.stringify(c,null,2)}]}}),o.tool("extend_server","Extend a server's TTL. Resets the auto-destroy timer.",{name:v.string().describe("Server name"),ttl:v.number().describe("New TTL in minutes from now")},async({name:s,ttl:c})=>{try{if(c<1||c>1440)return{content:[{type:"text",text:"TTL must be between 1 and 1440 minutes (24 hours)."}],isError:!0};let a=Math.floor(c),u=await _(s),f=await V(u,`pkill -f 'sleep.*shutdown' || true && (sleep ${a*60} && shutdown -h now) &`);return f.exitCode!==0?{content:[{type:"text",text:`Failed to extend TTL: ${f.stderr}`}],isError:!0}:(u.ttlMinutes=c,u.expiresAt=new Date(Date.now()+c*6e4).toISOString(),await Z(u),{content:[{type:"text",text:`Server "${s}" TTL extended to ${c} minutes.`}]})}catch(a){return{content:[{type:"text",text:`Failed to extend: ${a instanceof Error?a.message:String(a)}`}],isError:!0}}}));let r=v.string().optional().describe("Server name (auto-selects if only one is running)");o.tool("vm_bash","Run a shell command on a remote server. Default working directory is /root/project. Use for: installing deps, running tests, git operations, builds. For commands over 2 minutes, set background=true to get a job_id you can poll with vm_job_status.",{command:v.string().describe("Shell command to execute"),working_dir:v.string().optional().describe("Working directory (default: /root/project)"),timeout_ms:v.number().optional().describe("Timeout in ms (default: 120000). Increase for long builds or test suites."),background:v.boolean().optional().describe("Run in background, return job ID for polling"),server:r},async s=>{let c=await ye(e,s.server),a=s.working_dir??"/root/project",u=`cd ${A(a)} 2>/dev/null || cd /root && ${s.command}`;if(s.background){let d=Pe(),m="/root/.gibil-jobs",y=`${m}/${d}.log`,I=`${m}/${d}.exit`,N=`${m}/${d}.pid`,w=`${m}/${d}.sh`,x=["#!/bin/bash",`nohup bash -c '${u.replace(/'/g,"'\\''")}' > ${y} 2>&1 &`,"BGPID=$!",`echo $BGPID > ${N}`,`(wait $BGPID 2>/dev/null; echo $? > ${I}) &`,"echo $BGPID"].join(`
-`),G=Buffer.from(x).toString("base64"),te=`mkdir -p ${m} && echo '${G}' | base64 -d > ${w} && chmod +x ${w} && bash ${w}`,D=await V(c,te,1e4),ve=parseInt(D.stdout.trim(),10);return isNaN(ve)?{content:[{type:"text",text:"Failed to start background job \u2014 could not capture PID"}],isError:!0}:(await W({id:d,instance:c.name,command:s.command,pid:ve,status:"running",startedAt:new Date().toISOString()}),{content:[{type:"text",text:JSON.stringify({job_id:d,instance:c.name,status:"running",pid:ve,hint:"Poll with vm_job_status({ job_id }) to check completion."},null,2)}]})}let f=await V(c,u,s.timeout_ms??12e4);return{content:[{type:"text",text:[f.stdout,f.stderr].filter(Boolean).join(`
-`)||"(no output)"}],isError:f.exitCode!==0}}),o.tool("vm_job_status","Check the status of a background job started with vm_bash(background=true). Returns status, exit code, and output when done.",{job_id:v.string().describe("Job ID returned by vm_bash with background=true")},async s=>{try{let c=await Y(s.job_id),a=await et(s.job_id);return{content:[{type:"text",text:JSON.stringify({job_id:s.job_id,instance:c.instance,command:c.command,status:a.status,exit_code:a.exitCode,started_at:c.startedAt,duration_s:a.durationS,...a.stdout!==void 0?{stdout:a.stdout}:{}},null,2)}],isError:a.status==="failed"}}catch(c){return{content:[{type:"text",text:`Error: ${c instanceof Error?c.message:String(c)}`}],isError:!0}}}),o.tool("vm_job_list","List all background jobs across all servers.",{},async()=>{let c=(await he()).map(a=>({job_id:a.id,instance:a.instance,command:a.command,status:a.status,started_at:a.startedAt,exit_code:a.exitCode}));return{content:[{type:"text",text:JSON.stringify(c,null,2)}]}}),o.tool("vm_read","Read a file from a remote server. Returns the file contents with line numbers.",{path:v.string().describe("Absolute path on the server (e.g. /root/project/src/app.ts)"),offset:v.number().optional().describe("Start at line N (1-based)"),limit:v.number().optional().describe("Max lines to return"),server:r},async s=>{let c=await ye(e,s.server),a=A(s.path),u=`cat -n ${a}`;s.offset&&s.limit?u=`sed -n '${s.offset},${s.offset+s.limit-1}p' ${a} | cat -n`:s.offset?u=`tail -n +${s.offset} ${a} | cat -n`:s.limit&&(u=`head -n ${s.limit} ${a} | cat -n`);let f=await V(c,u);return f.exitCode!==0?{content:[{type:"text",text:`Error: ${f.stderr}`}],isError:!0}:{content:[{type:"text",text:f.stdout}]}}),o.tool("vm_write","Write content to a file on a remote server. Creates parent directories if needed. Overwrites existing files.",{path:v.string().describe("Absolute path on the server"),content:v.string().describe("File content to write"),server:r},async s=>{let c=await ye(e,s.server),a=Buffer.from(s.content).toString("base64"),u=A(s.path),f=`mkdir -p "$(dirname ${u})" && echo '${a}' | base64 -d > ${u}`,g=await V(c,f);return g.exitCode!==0?{content:[{type:"text",text:`Error: ${g.stderr}`}],isError:!0}:{content:[{type:"text",text:`Wrote ${s.path}`}]}}),o.tool("vm_ls","List files and directories on a remote server.",{path:v.string().optional().describe("Directory path (default: /root/project)"),glob:v.string().optional().describe("Glob pattern to filter (e.g. '**/*.ts')"),server:r},async s=>{let c=await ye(e,s.server),a=s.path??"/root/project",u;s.glob?u=`cd ${A(a)} && find . -path ${A("./"+s.glob)} -type f 2>/dev/null | sort | head -200`:u=`ls -la ${A(a)}`;let f=await V(c,u);return f.exitCode!==0?{content:[{type:"text",text:`Error: ${f.stderr}`}],isError:!0}:{content:[{type:"text",text:f.stdout}]}}),o.tool("vm_grep","Search for a pattern in files on a remote server. Uses ripgrep if available, falls back to grep.",{pattern:v.string().describe("Regex pattern to search for"),path:v.string().optional().describe("Directory or file to search (default: /root/project)"),include:v.string().optional().describe("File glob to include (e.g. '*.ts')"),server:r},async s=>{let c=await ye(e,s.server),a=s.path??"/root/project",u=A(s.pattern),f=A(a),g;if(s.include){let y=A(s.include);g=`cd ${f} && (rg -n --glob ${y} ${u} 2>/dev/null || grep -rn --include=${y} ${u} .) | head -100`}else g=`cd ${f} && (rg -n ${u} 2>/dev/null || grep -rn ${u} .) | head -100`;return{content:[{type:"text",text:(await V(c,g)).stdout||"(no matches)"}]}});let l=new eo;await o.connect(l)}H();function Gt(t){t.command("mcp [name]").description("Start an MCP server (used by Claude Code, Cursor, and other agents)").option("--print-config","Print the MCP JSON config (with resolved binary path) and exit").action(async(e,n)=>{if(n.printConfig){let o={mcpServers:{gibil:xe()}};console.log(JSON.stringify(o,null,2)),console.error(""),console.error("Copy this to one of:"),console.error("  ~/.claude/mcp.json        (Claude Code CLI)"),console.error("  .claude/mcp.json          (project-level)"),console.error("  Claude Code settings       (VS Code extension)");return}try{await Lt(e)}catch(o){i.error(o instanceof Error?o.message:String(o)),process.exit(1)}})}L();import{createInterface as oo}from"readline";import{existsSync as ro,readFileSync as io,writeFileSync as so,mkdirSync as ao}from"fs";import{join as tt}from"path";import{homedir as co}from"os";H();function Ft(t){let e=oo({input:process.stdin,output:process.stderr});return new Promise(n=>{e.question(t,o=>{e.close(),n(o.trim())})})}async function lo(){let t=!!await Je(),e=!!await E();return{hetzner:t,apiKey:e}}function Ut(t){t.command("init").description("Set up gibil \u2014 configure your forge in 60 seconds").option("--force","Reconfigure even if already set up").action(async e=>{console.error(at);let n=await lo();if(n.hetzner&&!e.force){i.info(`${O} Already configured.`),n.apiKey?(i.detail("Hetzner",U("connected")),i.detail("Gibil API",U("connected"))):(i.detail("Hetzner",U("connected")),i.detail("Gibil API",p("not configured (optional)"))),i.info(""),i.info(`  Run ${h("gibil init --force")} to reconfigure.`),i.info(`  Run ${h("gibil create")} to forge a server.`);return}i.info(""),i.info(h("Step 1: Hetzner API Token")),i.info(p("  Your servers run on Hetzner Cloud. You need an API token.")),i.info(p("  Get one at: https://console.hetzner.cloud \u2192 API Tokens")),i.info("");let o=await Ft("  Hetzner API token: ");o||(i.error("No token provided. Run gibil init again when ready."),process.exit(1));let r=i.spin("Verifying Hetzner token...");try{let m=await(await fetch("https://api.hetzner.cloud/v1/servers",{headers:{Authorization:`Bearer ${o}`}})).json();m.error&&(r.fail(`Invalid token: ${m.error.message}`),process.exit(1)),r.succeed("Hetzner token verified")}catch{r.fail("Could not reach Hetzner API. Check your network."),process.exit(1)}await fe(o);let l=i.spin("Detecting available server types..."),s="cax11",c="fsn1",a=[{type:"cax11",location:"fsn1"},{type:"cpx11",location:"fsn1"}];for(let d of a)try{let y=await(await fetch("https://api.hetzner.cloud/v1/servers",{method:"POST",headers:{Authorization:`Bearer ${o}`,"Content-Type":"application/json"},body:JSON.stringify({name:"gibil-probe",server_type:d.type,image:"ubuntu-24.04",location:d.location,start_after_create:!1})})).json();if(y.server){await fetch(`https://api.hetzner.cloud/v1/servers/${y.server.id}`,{method:"DELETE",headers:{Authorization:`Bearer ${o}`}}),s=d.type,c=d.location;break}}catch{}await Be(s,c),l.succeed(`Default server type: ${s} (${c})`);let u=i.spin("Configuring MCP for Claude Code...");try{let d=tt(co(),".claude"),m=tt(d,".mcp.json");ao(d,{recursive:!0});let y={};try{y=JSON.parse(io(m,"utf-8"))}catch{}y.mcpServers||(y.mcpServers={}),y.mcpServers.gibil=xe(),so(m,JSON.stringify(y,null,2)+`
-`),u.succeed("MCP configured for Claude Code")}catch{u.fail("Could not auto-configure MCP"),i.info(p("  Run gibil mcp --print-config for manual setup"))}i.info(""),i.info(h("Default coding agent (optional)")),i.info(p(`  Install a coding agent on every server. Options: ${M.join(", ")}`)),i.info(p("  Press Enter to skip \u2014 you can always use --agent later.")),i.info("");let g=(await Ft("  Default agent [none]: ")).toLowerCase().trim();g&&M.includes(g)?(await Ie(g),i.info(`  ${O} Default agent: ${U(g)}`)):g?i.info(p(`  Unknown agent "${g}", skipping. Use --agent with: ${M.join(", ")}`)):(await Ie(null),i.info(p("  No default agent. Use --agent claude (or aider, codex) when creating servers."))),i.info(""),i.info(k.initComplete),i.info(""),i.info(p("  Try it now:")),i.info(`    ${h('gibil branch feat/my-feature --run "pnpm test"')}`),i.info(`    ${h("gibil ssh feat-my-feature")}`),i.info(`    ${h("gibil destroy feat-my-feature")}`),i.info(""),i.info(p("  Or with full control:")),i.info(`    ${h("gibil create --name demo --repo https://github.com/lukeed/clsx --ttl 10")}`),i.info(`    ${h('gibil run demo "npm test"')}`),i.info(`    ${h("gibil destroy demo")}`),i.info(""),i.info(p("  Later:")),i.info(`    ${h("gibil auth login")}           ${p("Add a Gibil API key (optional)")}`),i.info(`    ${h("gibil mcp --print-config")}   ${p("MCP setup for other editors")}`),i.info("")})}async function zt(){if(process.env.HETZNER_API_TOKEN)return!1;let t=tt(S.root,"config.json");return!ro(t)}import{execSync as uo}from"child_process";import{existsSync as we}from"fs";L();function fo(){try{let t=uo("git remote get-url origin",{encoding:"utf-8",stdio:["pipe","pipe","pipe"]}).trim();if(!t)throw new Error("empty");return t}catch{throw new Error("Not in a git repo, or no remote configured. Use --repo to specify.")}}function po(t){if(!t||!t.trim())throw new Error("Branch name cannot be empty.");if(/[;&|$`(){}<>!;"'\s\\]/.test(t))throw new Error(`Invalid branch name "${t}". Contains shell-unsafe characters.`)}function Bt(t){return t.replace(/\//g,"-").replace(/[^a-z0-9-]/gi,"-").replace(/-+/g,"-").replace(/^-|-$/g,"").toLowerCase().slice(0,40)}function go(){return we("pnpm-lock.yaml")?"pnpm install":we("bun.lockb")||we("bun.lock")?"bun install":we("yarn.lock")?"yarn install":we("package-lock.json")?"npm install":null}async function Jt(t,e,n){let o=Bt(e),r=Date.now(),l=i.spin(`Forging "${o}" for branch ${h(e)}...`),s=await Oe(t,o,{repo:n.repo,ttlMinutes:n.ttlMinutes,config:n.config,serverType:n.serverType,location:n.location,agent:n.agent}),c=i.spin(`Checking out ${h(e)}...`);if((await b({instanceName:o,ip:s.ip,command:"cd /root/project && git rev-parse --abbrev-ref HEAD",timeoutMs:1e4})).stdout.trim()===e)c.succeed(`Already on ${e}`);else{let f=await b({instanceName:o,ip:s.ip,command:`cd /root/project && git fetch origin '${e.replace(/'/g,"'\\''")}'  && git checkout '${e.replace(/'/g,"'\\''")}'`,timeoutMs:6e4});f.exitCode!==0?(c.fail(`Failed to checkout ${e}`),f.stderr&&i.info(p(f.stderr.trim()))):c.succeed(`Checked out ${e}`)}if(!(!n.noTasks&&n.config?.tasks&&n.config.tasks.length>0)){let f=go();if(f){let g=i.spin(`Installing deps (${f})...`),d=await b({instanceName:o,ip:s.ip,command:`cd /root/project && ${f}`,timeoutMs:3e5});d.exitCode!==0?(g.fail("Dep install failed"),d.stderr&&i.info(p(d.stderr.trim().slice(-500)))):g.succeed("Deps installed")}}if(n.run)if(n.port&&n.port.length>0)i.info(`Starting: ${h(n.run)} (background)`),await b({instanceName:o,ip:s.ip,command:`cd /root/project && nohup ${n.run} > /tmp/gibil-run.log 2>&1 &`,timeoutMs:3e4}),await new Promise(f=>setTimeout(f,3e3));else{i.info(""),i.info(`Running: ${h(n.run)}`);let f=await b({instanceName:o,ip:s.ip,command:`cd /root/project && ${n.run}`,stream:!n.json,timeoutMs:3e5});n.json&&i.info(f.stdout),f.exitCode!==0&&i.info(p(`Exit code: ${f.exitCode}`))}if(n.port&&n.port.length>0){let f=St(s,n.port);i.info("");for(let g of f)i.info(`  ${h(`http://localhost:${g}`)} \u2192 ${o}:${g}`);i.info(""),i.info(p("  Tunnel running in background. Kill with: lsof -ti :PORT | xargs kill"))}let u=((Date.now()-r)/1e3).toFixed(1);return l.succeed(k.createReady(o,u)),n.json?console.log(JSON.stringify({name:o,branch:e,ip:s.ip,ttl_minutes:n.ttlMinutes,ssh:`gibil ssh ${o}`})):(i.info(""),i.info($e(`${e}`,[`Server:  ${o}`,`Branch:  ${e}`,`IP:      ${s.ip}`,`TTL:     ${n.ttlMinutes} minutes`,"",`SSH:     gibil ssh ${o}`,`Test:    gibil run ${o} "pnpm test"`,`Done:    gibil destroy ${o}`]))),s}function qt(t){let e=t.command("branch <branches...>").description("Spin up a branch on a clean Linux server").option("-r, --repo <git-url>","Git repo URL (auto-detected from cwd)").option("--run <command>","Run a command after checkout").option("--ttl <minutes>","Auto-destroy after N minutes","30").option("--json","Output as JSON").option("--no-tasks","Skip .gibil.yml tasks").option("--server-type <type>","Hetzner server type").option("--location <loc>","Hetzner location").option("--agent <name>","Install a coding agent (claude, aider, codex)").option("-p, --port <ports...>","Forward local port(s) to server (e.g. --port 3000)").action(async(n,o)=>{o.json&&$(!0);for(let u of n)po(u);let r=parseInt(o.ttl,10);if(isNaN(r)||r<=0)throw new Error("TTL must be a positive number of minutes.");let l=o.repo??fo(),s=null;if(s=await ie(l)??await se(process.cwd()),!o.agent){let u=await pe();u&&(o.agent=u)}if(o.agent){if(!M.includes(o.agent))throw new Error(`Unknown agent "${o.agent}". Supported: ${M.join(", ")}`);if(!re[o.agent]?.some(f=>s?.env?.[f])){let f=re[o.agent]?.join(" or ")??"";i.warn(`${o.agent} needs ${f}. SSH in and export it (recommended) or pass with --env.`)}}let c=await E();if(c){let u=await q(c);i.info(`Authenticated as ${u.user.email} (${u.user.plan})`)}let a=await T.create();if(n.length===1){let u=await Jt(a,n[0],{repo:l,ttlMinutes:r,config:s,run:o.run,json:o.json,noTasks:o.noTasks,serverType:o.serverType,location:o.location,agent:o.agent,port:o.port});c&&await K(c,"create",u.name).catch(()=>{})}else{i.info(`Forging ${h(String(n.length))} branches in parallel...`),i.info("");let u=await Promise.allSettled(n.map(d=>Jt(a,d,{repo:l,ttlMinutes:r,config:s,run:o.run,json:o.json,noTasks:o.noTasks,serverType:o.serverType,location:o.location,agent:o.agent,port:o.port}))),f=u.filter(d=>d.status==="fulfilled"),g=u.filter(d=>d.status==="rejected");if(!o.json){if(i.info(""),i.info(`${f.length}/${n.length} branches ready.`),g.length>0)for(let d=0;d<u.length;d++){let m=u[d];m.status==="rejected"&&i.error(`  ${n[d]}: ${m.reason instanceof Error?m.reason.message:String(m.reason)}`)}i.info(""),i.info(p(`Destroy all: gibil destroy ${n.map(Bt).join(" ")}`))}if(c)for(let d of u)d.status==="fulfilled"&&await K(c,"create",d.value.name).catch(()=>{});g.length>0&&process.exit(1)}})}function Wt(){let t=process.argv.indexOf("checkout");t>=2&&t===2&&(process.argv[t]="branch")}try{await import("dotenv/config")}catch{}var bo=wo(yo(import.meta.url)),Yt={version:"0.0.0"};for(let t of["../package.json","../../package.json"])try{Yt=JSON.parse(ho(vo(bo,t),"utf-8"));break}catch{}var j=new mo;j.name("gibil").description("Ephemeral dev compute for humans and AI agents").version(`${Yt.version} ${be}`,"-v, --version").addHelpText("before",`
-  ${ct}
-`).addHelpText("after",`
-  ${p("Docs:")} https://gibil.dev/docs
-`);Ut(j);xt(j);It(j);Et(j);Pt(j);At(j);Ot(j);Ht(j);Mt(j);Dt(j);Kt(j);Gt(j);qt(j);async function $o(){Wt();let t=process.argv.slice(2);!(t.length===0||t.includes("init")||t.includes("auth")||t.includes("--help")||t.includes("-h")||t.includes("--version")||t.includes("-v")||t.includes("-V")||t.includes("mcp")||t.includes("ssh")||t.includes("run")||t.includes("exec")||t.includes("list")||t.includes("ls"))&&await zt()&&(i.info(""),i.info(k.setupNeeded),i.info(""),process.exit(1));try{await j.parseAsync(process.argv)}catch(n){n instanceof Error&&i.error(n.message),process.exit(1)}}$o();