Platform for securly running Agents with incredible devX

Website · Docs · Slack

---

Nightshift

Nightshift is a platform that gives each user the ability to provision isolated, general purpose, SSH-accessible Linux machines.

These machines are called chicklets. Chicklets are long-lived, persistent, and accessible over a single public IP.

After setting up Nighthsift users are able to create and connect to their own chicklets with the chicklet CLI tool:

Built-in Auth

# create an account and login
chicklet register --email you@example.com --password your-password
chicklet login --email you@example.com --password your-password

Hatching Chicklets

# create a chicklet
chicklet create dev
chicklet create dev --tier medium

# connect to your chicklet 
chicklet console -s dev

# execute a command in your chicklet
chicklet exec -s dev -- echo "Hello from one chicklet to another!" 

Each chicklet is a Kata Container running Ubuntu with sshd. The VM provides hard multi-tenancy which means that chicklets are fully isolated at the hypervisor level.

Chicklets come preinstalled with claude code, gemini, and codex. Create a chicklet and use it as your agent coding environment you can access from anywhere.

The Nightshift team runs our own chicklet-as-a-service offering at chicklet.io and it's super easy to get started. However, for those wanting to run the Nightshift platform themselves, you can follow the operator guide below.

If you need help setting up the Nighthsift platform, please feel free to reach out to gianni@nightshift.sh.

Table of Contents

• Usage
  • Install the CLI
  • Register and Login
  • Create a Chicklet
  • Connect to Your Chicklet
  • Execute a Remote Command
  • Manage SSH Keys
  • Stop and Start Chicklets
  • Expose Ports
  • Organizations
  • Chicklet URLs
  • Delete a Chicklet
• REST API
• Operator Guide — Setting up Nightshift on your own infrastructure
• Networking — How pod networking, SSH proxy, port exposure, and HTTPS URLs work
• Admin Guide — Day-to-day administration, networking, and troubleshooting
• Billing Setup — Configuring Stripe billing for chicklet-as-a-service

Usage

Install the CLI

The chicklet binary is already built. Copy it to any machine that will manage chicklets:

# On the server, it's already at /usr/local/bin/chicklet
# For remote machines, copy the binary and configure the API URL:
chicklet config --api-url http://YOUR_SERVER_IP:8080 --host YOUR_SERVER_IP

Register and Login

chicklet register --email you@example.com --password your-password
chicklet login --email you@example.com --password your-password

On login, an API key is saved to ~/.chicklet/config.json. All subsequent commands use it automatically.

Create a Chicklet

chicklet create dev
chicklet create dev --tier medium

On first run, your local SSH public key (~/.ssh/id_ed25519.pub or ~/.ssh/id_rsa.pub) is automatically detected and registered. No manual key setup is needed.

Connect to Your Chicklet

# Interactive console session
chicklet console -s dev

# Or directly with any SSH client (proxy listens on port 2222)
ssh -p 2222 dev@YOUR_SERVER_IP

You land as the chicklet user with passwordless sudo.

Execute a Remote Command

Run a single command in a chicklet without starting an interactive session:

chicklet exec -s dev -- ls -la /tmp
chicklet exec -s dev -- cat /etc/os-release

Manage SSH Keys

SSH keys are registered automatically when you create your first chicklet. You can also manage them manually:

# Auto-detects ~/.ssh/id_ed25519.pub or ~/.ssh/id_rsa.pub
chicklet ssh-key add

# Or specify explicitly
chicklet ssh-key add --name laptop --key-file ~/.ssh/id_ed25519.pub
chicklet ssh-key add --name work --key "ssh-ed25519 AAAA... user@host"

# List keys
chicklet ssh-key list

# Remove a key by ID
chicklet ssh-key remove 3

Stop and Start Chicklets

Stopping a chicklet deletes the pod but keeps your persistent data:

chicklet chicklet stop dev
chicklet chicklet start dev

Files written to /chicklet-data/ inside the chicklet persist across stop/start cycles. The persistent storage is mounted from /var/lib/chicklets/{chicklet-name}/ on the host.

Expose Ports

To make a service running inside your chicklet accessible from the internet:

# Expose port 8080 from the chicklet
chicklet cl ports dev --add 8080

# See assigned NodePorts
chicklet cl ports dev
# PORT  NODEPORT
# 8080  31217

The service is then accessible at http://YOUR_SERVER_IP:31217. NodePorts are assigned from the 30000-32767 range. Remember that you'll need to configure your security group to allow access to your host machine on that port range.

Organizations

Organizations let you group chicklets under a shared namespace. The org slug becomes part of each chicklet's URL.

# Create an org
chicklet org create "My Team" --slug myteam

# List your orgs
chicklet org list

# Manage members
chicklet org add-member myteam --email colleague@example.com
chicklet org members myteam
chicklet org remove-member myteam 42    # by user ID

# Delete an org (must have no chicklets first)
chicklet org delete myteam

Only the org owner can delete the org or remove members. Any member can add new members and create chicklets within the org.

Chicklet URLs

When you create a chicklet inside an org, it gets a public HTTPS URL automatically:

chicklet create myapp --org myteam
# Chicklet "myapp" created (tier: small). URL: https://myapp-myteam.chicklet.io/ ...

The URL format is https://<chicklet-name>-<org-slug>.chicklet.io/. Requests to this URL are reverse-proxied to the first exposed port on the chicklet.

Example: deploy a public web server

# Create an org and a chicklet
chicklet org create demo --slug demo
chicklet create web --org demo

# SSH in and start a server on port 3000
chicklet console -s web
# (inside the chicklet)
cat > server.js << 'EOF'
const http = require("http");
http.createServer((req, res) => {
  res.end("Hello from chicklet!");
}).listen(3000, "0.0.0.0");
EOF
node server.js &
exit

# Expose port 3000 so the URL has a backend to proxy to
chicklet cl ports web --add 3000

# Make the URL publicly accessible (default is authenticated)
chicklet cl url web --auth public

Your server is now live at https://web-demo.chicklet.io/.

Managing URLs:

# Show URL and current auth mode
chicklet cl url myapp
# URL:  https://myapp-myteam.chicklet.io/
# Auth: chicklet

# Make public (no auth required)
chicklet cl url myapp --auth public

# Revert to authenticated (requires API key in Authorization header)
chicklet cl url myapp --auth chicklet

The cl list command includes a URL column:

chicklet cl list
# NAME    TIER   STATE    PHASE   POD IP       URL
# myapp   small  running  Ready   10.42.0.5    https://myapp-myteam.chicklet.io/

Chicklets created without --org work the same as before — they just don't get a URL.

Note: Chicklet URLs require the operator to have DNS and a reverse proxy configured. See the Operator Guide for setup instructions.

Delete a Chicklet

chicklet chicklet delete dev

This removes the pod, persistent volume, DNS record (if any), and all associated resources.

---

REST API

Documentation for the REST API endpoints is automatically generated from the Go code comments. You can view it at http://YOUR_SERVER_IP:8080/ when the API server is running.