kastelldev/kastell

v2.2.7 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 18d Server & OS Management

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

automation cli coolify devops digitalocean docker

+10 more

dokploy hetzner linode mcp security-audit self-hosted server-management typescript vps vultr

Summary

AI summary

Fixed plugin manifest version drift causing stale version reports after update.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Added plugin tarball smoke test script `scripts/smoke-plugin-install.sh` simulating CC plugin install. Added plugin tarball smoke test script `scripts/smoke-plugin-install.sh` simulating CC plugin install. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Introduced CI `plugin-manifest` job for schema validation, version drift detection, and smoke test on Ubuntu/Node 20. Introduced CI `plugin-manifest` job for schema validation, version drift detection, and smoke test on Ubuntu/Node 20. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	npm tarball plugin.json version now syncs before npm version and validates tarball contents before push. npm tarball plugin.json version now syncs before npm version and validates tarball contents before push. Source: llm_adapter@2026-05-21 Confidence: high	—
Refactor	Medium	Replaced `setTimeout(_, 5)` with `process.nextTick` to fix race condition in test mocks across multiple files. Replaced `setTimeout(_, 5)` with `process.nextTick` to fix race condition in test mocks across multiple files. Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

Fixed

npm tarball plugin.json version sync — v2.2.6 npm tarball shipped with package.json 2.2.6 but .claude-plugin/plugin.json stuck at 2.2.5; CC marketplace /plugin update showed correct version on disk but plugin manifest reported stale. Release flow now syncs plugin.json before npm version and validates tarball contents before push (FATAL gate). Users now see correct version after /plugin update.

Added

Plugin tarball smoke test (scripts/smoke-plugin-install.sh) — simulates CC plugin install (no npm install): runs npm pack, extracts tarball, verifies all manifest paths shipped, and boots MCP bundle without module errors
CI plugin-manifest job — schema validation + version drift detection + smoke test on Ubuntu/Node 20 (catches plugin shipping issues before publish)

Changed

Test mock race fix — process.nextTick replaces setTimeout(_, 5) for stderr emit in mockProcess.ts, mcp-server-backup.test.ts, restore.test.ts; eliminates flaky scpDownload timing race on macOS-Node20 CI runners (5ms stderr vs 10ms close ordering)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track kastelldev/kastell

Get notified when new releases ship.

About kastelldev/kastell

Server security auditing and hardening toolkit. 413 security checks across 29 categories (SSH, Firewall, Docker, TLS, HTTP Headers), CIS/PCI-DSS/HIPAA compliance mapping, 19-step production hardening, fleet management, and forensic evidence collection. Supports Hetzner, DigitalOcean, Vultr, and Linode. 13 MCP tools.

All releases →