One command.
Full production stack.

Your server never stays silent

Configure SMTP once and Cipi becomes your security watchdog. Email alerts fire on deploy failures, backup errors, SSH intrusions, privilege escalations, key changes, and app lifecycle events. You sleep, Cipi watches.

• Deploy failures & backup errors
• SSH login, sudo/su elevation, Fail2ban bans
• SSH key add/remove/rename tracking
• App create/edit/delete lifecycle events
• All events logged to /var/log/cipi/events.log

Connect GitHub or GitLab

Add your personal access token and Cipi auto-creates deploy keys and webhooks on every app create. No manual repo settings.

• Auto deploy key injection
• Auto webhook creation
• Custom GitLab URL support

Your app, connected

A Laravel package that unlocks webhook deploys, health checks, MCP server for AI debugging, and GDPR-safe database anonymization. One require, zero config.

• Auto-discovers, no config needed
• Webhook + Health + MCP + Anonymizer
• .env variables auto-injected by Cipi

Create. Deploy. Done.

Every app gets its own Linux user, database, Nginx vhost, PHP-FPM pool, workers, and zero-downtime Deployer releases. Full isolation.

Everything is an endpoint

Every CLI command is also a REST API call. Build dashboards, CI/CD integrations, or custom tooling. There is also an MCP (Model Context Protocol) to interface with the APIs. Token-based auth, JSON responses.

• Create, deploy, manage apps via HTTP
• Fine-grained token abilities
• Async jobs with status polling

git push = deployed

Push to your branch, the webhook fires, Cipi deploys in the background. Signature-verified, zero-downtime, instant HTTP response. No CI/CD pipeline needed.

• HMAC signature verification
• Background deploy (no HTTP timeout)
• Branch filtering support

Your server talks back

Get alerted on SSH intrusion attempts, blocked IPs, deploy failures, and service restarts. Cipi watches, you sleep.

• Fail2ban ban/unban events
• Deploy success & rollback alerts
• Configurable via SMTP or Telegram

Real-time app vitals

A JSON endpoint that reports PHP version, database connectivity, disk usage, queue health, and scheduler status. Perfect for UptimeRobot, Pingdom, or custom monitors.

Your AI talks to production

Connect Cursor, VS Code, or Claude Desktop to your live app via MCP. Six tools: health, app_info, logs, db_query, artisan, and deploy. Ask questions in natural language. Read logs, run SQL, clear cache, trigger deploys — no SSH needed.

• SQL queries with ASCII table results (capped at 100 rows)
• Log filtering by type, severity, and keyword search
• Destructive DDL blocked (DROP, TRUNCATE, GRANT)
• Works over HTTPS only — no SSH access required

GDPR-safe data exports

Define anonymization rules per table and column. Get a full database dump with fake data replacing PII. Real structure, no real personal data.

Quick dumps, one command

One command to backup a database. Schedule it in cron, get a compressed dump. No manual mysqldump, no hassle.

Restore from backup

Pick a backup, restore it. One command, no manual SQL imports. Your database is back to the exact state you need.

Full app backup to the cloud

Code, database, .env, storage — everything encrypted and shipped to any S3-compatible bucket. Schedule it, forget it, sleep well.

Clone server A → B

Transfer apps, databases, configs, and SSL certificates to a replica server in one encrypted SSH transfer. Migration or disaster recovery, one command.

• AES-256 encrypted archive transfer
• Selective app sync or full server
• Include DB dumps and storage files

Hardened by default

SSH key-only auth, Fail2ban, UFW firewall, unattended security upgrades, AES-256 vault for all credentials, GDPR-compliant log retention, and isolated Linux users for every app. Security isn't an add-on. It's the architecture.