This release adds 4 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+10 more
Affected surfaces
Summary
AI summaryAdded comprehensive security audit system with history, watch mode, quick wins, auto‑fix, and platform detection
Full changelog
Added
- Security audit system:
kastell auditcommand with 9 check categories (SSH, auth, firewall, Docker, kernel, filesystem, network, logging, updates), scoring 0-100, terminal/JSON/summary/badge formatters - Audit history:
kastell audit --historytracks score trends over time with comparison - Audit watch mode:
kastell audit --watchmonitors security score changes on interval - Audit quick wins:
kastell audit --quick-winssuggests highest-impact fixes - Audit auto-fix:
kastell audit --fixapplies safe remediations automatically - MCP server_audit tool: Full audit capabilities exposed via MCP (summary/json/score formats)
- Token buffer: In-memory token protection with controlled exposure window
- Platform auto-detection: SSH-based
detectPlatform()checks filesystem markers for Dokploy/Coolify/bare
Changed
- Test count: 2,266 → 2,467 (+201 new tests)
- Test suites: 86 → 112 (+26 new suites)
- MCP tools: 7 → 8 (server_audit added)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About kastelldev/kastell
Server security auditing and hardening toolkit. 413 security checks across 29 categories (SSH, Firewall, Docker, TLS, HTTP Headers), CIS/PCI-DSS/HIPAA compliance mapping, 19-step production hardening, fleet management, and forensic evidence collection. Supports Hetzner, DigitalOcean, Vultr, and Linode. 13 MCP tools.
Related context
Related tools
Beta — feedback welcome: [email protected]