# Kastell

> CLI toolkit for provisioning, securing, and managing self-hosted servers.
> 457+ security checks across 31 categories. CIS/PCI-DSS/HIPAA compliance.
> 24-step hardening. Supports Coolify, Dokploy, bare VPS. 4 providers (Hetzner, DigitalOcean, Vultr, Linode).

Kastell is an open-source CLI that automates server provisioning, hardening, maintenance, and security audit.
Run `npx kastell` for an interactive menu or use individual commands.
Includes an MCP server (`npx kastell-mcp`) for AI-native server management via Claude Code, Cursor, VS Code Copilot, and other MCP clients.

Key differentiators: 457+-check audit engine, 24-step production hardening (server_lock), fleet management, and CIS/PCI-DSS/HIPAA compliance mapping.

## MCP Tools

- [server_info](https://kastell.dev): List servers, check cloud provider status, query available sizes
- [server_logs](https://kastell.dev): Fetch logs and system metrics via SSH
- [server_manage](https://kastell.dev): Add, remove, or destroy cloud servers
- [server_maintain](https://kastell.dev): Update platform, restart servers, full maintenance cycle
- [server_secure](https://kastell.dev): SSH hardening, UFW firewall, domain/SSL management
- [server_backup](https://kastell.dev): Backup/restore databases, create VPS snapshots
- [server_provision](https://kastell.dev): Provision new servers on cloud providers
- [server_audit](https://kastell.dev): 457+-check security audit with compliance framework filtering
- [server_evidence](https://kastell.dev): Forensic evidence collection with SHA256 checksums
- [server_guard](https://kastell.dev): Autonomous security monitoring daemon
- [server_doctor](https://kastell.dev): Proactive health analysis with remediation commands
- [server_lock](https://kastell.dev): One-shot 24-step production hardening
- [server_fleet](https://kastell.dev): Fleet-wide health and security posture dashboard
- [server_fix](https://kastell.dev): Apply safe auto-fixes with backup (SAFE tier only, dryRun default)

## Quick Setup

- [npm package](https://www.npmjs.com/package/kastell): `npx kastell-mcp` (stdio transport)
- [GitHub](https://github.com/kastelldev/kastell): Source code and issues
- [Documentation](https://kastell.dev): Full docs

## Optional

- [SECURITY.md](https://github.com/kastelldev/kastell/blob/main/SECURITY.md): Security policy and architecture
- [MCP Registry](https://registry.modelcontextprotocol.io): Listed as io.github.kastelldev/kastell
