Sirpi

GitHub to Production in Minutes - AI agents deploy it, You Own Everything, Zero Lock-in

Comment

Inspiration

Every developer has faced it — the anxiety of deploying to production. The endless YAML configurations, Dockerfile debugging sessions, Terraform state conflicts, and that sinking feeling when your infrastructure fails at 2 AM.

While platforms like Heroku and Vercel made deployment simple, they came with vendor lock-in and limited control. Google Cloud offers incredible power and flexibility, but requires deep DevOps expertise to use correctly. Junior developers shouldn't need to master Kubernetes, Docker, and Terraform just to ship their first app.

That's why I built Sirpi (Tamil: sculptor) — an AI-native platform that sculpts raw GitHub repositories into production-ready serverless infrastructure on Google Cloud Run or AWS Fargate. It combines the simplicity of platform-as-a-service with the power of infrastructure-as-code—with zero vendor lock-in and full ownership.

Think Vercel meets Terraform meets Google ADK — but you choose your cloud provider and own everything.

What it does

Sirpi is an AI-native DevOps automation platform that:

  • Analyzes repositories using multi-agent AI powered by Google Agent Development Kit (ADK)

  • Generates optimized Dockerfiles tailored to your specific tech stack and dependencies

  • Creates production-ready Terraform configurations for complete serverless infrastructure

  • Supports multi-cloud deployment — users choose between Google Cloud Run or AWS Fargate

  • Deploys securely without credentials — OAuth 2.0 for GCP (no service account keys) and cross-account IAM role assumption for AWS (no access keys shared)

  • Streams real-time logs from isolated E2B sandboxes during builds and deployments

  • Provides AI assistance through Gemini 2.5 Flash with full deployment context via ADK Memory

  • Manages Cloud Run scaling — adjust min/max instances through natural language chat

  • Analyzes infrastructure costs — get cost estimates and optimization recommendations

  • Enables complete ownership — download all Terraform files and state, migrate anywhere, zero vendor lock-in

  • Provides clean exit — destroy infrastructure anytime with no dangling resources or unexpected cloud costs

In short: from GitHub URL to production in under 10 minutes, on your preferred cloud provider, with infrastructure you fully own and control.

How I built it

I used a modern stack with sophisticated AI orchestration:

Frontend

  • Next.js 15 for server-side rendering and optimal performance

  • Clerk for seamless authentication

  • Server-Sent Events for real-time deployment log streaming

  • Tailwind CSS for clean, professional UI

Backend

  • FastAPI for high-performance async API handling

  • Google Agent Development Kit (ADK) for multi-agent orchestration

  • ADK Database Session Service for stateful agent collaboration

  • Gemini 2.5 Flash for intelligent code analysis and assistant capabilities

  • Supabase PostgreSQL for deployment metadata and ADK session persistence

  • UV package manager for fast, reliable dependency management

AI Agent System

  • Custom orchestrator coordinating specialized agents via ADK

  • Code Analyzer Agent using GitHub API to understand repository structure

  • Dockerfile Generator Agent with template-based optimization

  • Terraform Generator Agent with cloud-agnostic templates (Cloud Run for GCP, Fargate for AWS)

  • CI/CD Generator Agent creating GitHub Actions workflows for both cloud providers

  • Sirpi Assistant Agent with cloud-aware management tools (scaling, cost analysis, metrics)

  • All agents communicate via ADK Memory—enabling stateful workflows without hardcoded logic

Infrastructure

  • Google Cloud Run for Sirpi backend hosting (the platform itself runs on Cloud Run)

  • Multi-cloud deployment support — users can deploy to GCP Cloud Run or AWS Fargate

  • OAuth 2.0 for secure GCP credential management (no service account keys)

  • Cross-account IAM role assumption for secure AWS deployments (no access keys shared)

  • E2B cloud sandboxes for isolated code execution

  • Google Artifact Registry (GCP) or Amazon ECR (AWS) for Docker image storage

  • Terraform with GCS backend (GCP) or S3 backend (AWS) for infrastructure management

  • Google Cloud Monitoring and AWS CloudWatch for service metrics

The most technically ambitious part?

I built a real-time streaming execution pipeline that connects the backend, E2B sandboxes, and frontend in a live, transparent flow. Here's how:

  1. Multi-agent orchestration via ADK Memory — agents write context to database, subsequent agents read and build upon it, creating a stateful workflow without hardcoded logic

  2. Secure sandbox execution — all Docker builds and Terraform operations run in isolated E2B environments, streaming logs in real-time to prevent infrastructure compromise

  3. Multi-cloud secure deployment — using Google OAuth 2.0 for GCP (no service account keys) and cross-account IAM role assumption for AWS (no access keys shared) to provision infrastructure in user's cloud account

  4. Cloud-agnostic Terraform state management — integrated GCS backend for GCP deployments and S3 backend with DynamoDB locking for AWS deployments

  5. AI-powered infrastructure management — Gemini assistant with ADK tools that can query services, update scaling configuration, and analyze costs in real-time across both cloud providers

This allowed me to:

  • Execute untrusted code safely without exposing our infrastructure

  • Provide full visibility into every build and deployment step

  • Deploy into user's cloud accounts (GCP or AWS) with zero credential sharing

  • Stream live progress updates during deployment workflows

  • Enable natural language infrastructure management through AI assistant

  • Support cloud-agnostic workflows while maintaining cloud-specific optimizations

Challenges I ran into

Real-time log streaming from E2B sandboxes was complex — handling WebSocket connections, buffering outputs, and maintaining streaming state across long-running Terraform operations

ADK session management required careful orchestration — implementing database-backed session service for persistent agent context, ensuring agents wrote complete state and subsequent agents could reliably read and parse it

Multi-cloud credential management required careful implementation — OAuth 2.0 for GCP with token refresh and proper scopes, plus cross-account IAM role assumption for AWS with trust policy validation and temporary credential handling

Cloud-agnostic Terraform state management needed bulletproof implementation — GCS backend for GCP with proper locking, S3 backend with DynamoDB locking for AWS, preventing state corruption during concurrent operations and ensuring clean deletion across both providers

Streaming long deployments without timeout required WebSocket keep-alive logic, chunked SSE messages, and graceful reconnection handling

Balancing AI autonomy with safety gates — determining where human approval was essential (PR merge, GCP OAuth) versus where agents could proceed autonomously

Intelligent repository analysis — handling diverse repository structures including branch name variations (main/master), existing Dockerfiles in different locations (root, docker/, .docker/), multiple package managers, monorepo detection, and framework-specific entry point conventions

ADK tool integration — implementing proper function signatures with Optional types, handling ToolContext correctly, and ensuring tools could access user credentials securely

Accomplishments that I'm proud of

Reduced deployment complexity from ~40 configuration files to zero — developers only need to connect their GitHub and authorize GCP; Sirpi handles Dockerfile, Terraform, and Cloud Run configuration automatically

Built a production-ready platform, not a demo — complete error handling, state management, and clean teardown workflows that would work in enterprise environments

Achieved true multi-agent collaboration via ADK Memory — agents genuinely build on each other's work through shared database state, not through prompt chaining

Created seamless multi-cloud security — users never share service account keys (GCP) or access keys (AWS); infrastructure deploys into their cloud account with full ownership and control

Implemented real-time execution visibility — every Docker build layer, every Terraform resource creation, streamed live to the frontend with zero information loss

Built intelligent cloud-aware AI assistant — Gemini-powered assistant that can query services (Cloud Run or Fargate), update scaling configuration, analyze costs across providers, and explain infrastructure decisions using ADK tools

Designed for zero vendor lock-in — users can download all Terraform files and state, manage infrastructure independently, or migrate to other platforms

Made complex DevOps accessible — a junior developer with zero DevOps knowledge can deploy production infrastructure to GCP or AWS in minutes

Achieved end-to-end deployment speed — complete infrastructure provisioning from repository URL to live application in under 10 minutes

What I learned

Google ADK transforms multi-agent systems — database-backed session service enables genuine agent collaboration with persistent context across workflow stages

Security isolation is non-negotiable — executing user code requires sandboxes; I learned E2B's API intricacies for reliable isolation

Real-time streaming requires careful architecture — Server-Sent Events, chunking strategies, and reconnection logic were essential for 5+ minute operations

Multi-cloud security patterns are complex but essential — OAuth 2.0 for GCP requires proper scope management and token refresh, while AWS cross-account IAM needs trust policy validation and temporary credential handling

Template-based generation beats pure AI — for Terraform, templates with intelligent variable injection proved more reliable than fully AI-generated code

Users value ownership over convenience — the ability to download state files and migrate away is a feature, not a concession

ADK tool development requires precision — proper type hints (Optional[str]), ToolContext handling, and clear function signatures are essential for reliable agent behavior

What's next for Sirpi

Immediate (Post-Hackathon)

  • Support for additional deployment targets (Cloud Run Jobs, GKE Autopilot, AWS ECS)

  • Enhanced Terraform templates for managed databases (Cloud SQL, RDS), caching (Memorystore, ElastiCache), and messaging (Pub/Sub, SQS)

  • Improved AI Assistant with deployment troubleshooting and cross-cloud cost comparison

  • Multi-region deployment support for both GCP and AWS

Near-term

  • Cost estimation before deployment using Cloud Billing API and AWS Pricing API

  • Infrastructure drift detection and automatic remediation across both clouds

  • Team collaboration features with shared deployments

  • Unified monitoring and alerting (Cloud Monitoring, CloudWatch, Datadog)

Long-term Vision

  • Expand to Azure and other cloud providers

  • ML model deployment pipelines (Vertex AI, SageMaker)

  • Cross-cloud database migration automation

  • Full platform marketplace for deployment templates

  • Hybrid cloud deployments with intelligent workload placement

I built Sirpi because deployment should be simple, secure, and empower developers rather than gatekeep them. This hackathon validated that vision with Google's powerful AI and serverless technologies, and I'm excited to continue building.

Built With

  • google-adk
  • google-gemini
  • google-cloud-run
  • google-vertex-ai
  • google-artifact-registry
  • clerk
  • e2b
  • fastapi
  • github
  • nextjs
  • postgresql
  • supabase
  • tailwindcss
  • terraform
  • typescript
  • uv

Built With

Share this project:

Updates