Kastell

Name: Kastell
Author: kastelldev

kastelldev/kastell

Run 413-point server security audits and hardening guidance across Hetzner, DigitalOcean, Vultr, and Linode fleets from your agent.

Overview

Kastell is a MCP server for the Ship phase that runs 413 server security checks and fleet hardening across four cloud providers.

What is this MCP server?

413 automated server security checks in the published server description
Fleet management and hardening across 4 cloud providers: Hetzner, DigitalOcean, Vultr, Linode
Optional per-provider API tokens via HETZNER_TOKEN, DIGITALOCEAN_TOKEN, VULTR_TOKEN, LINODE_TOKEN
npm stdio package identifier kastell (v1.14.0) for MCP hosts
Agent-driven audits for indie builders running multi-VPS infrastructure without a dedicated SecOps hire
413 server security checks per server description
MCP package version 1.14.0 (npm identifier kastell)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 52 GitHub stars.

What problem does it solve?

Spinning up cheap VPS fleets is easy for solopreneurs, but nobody has time to manually verify hundreds of security settings on every box.

Who is it for?

Indie SaaS founders managing multiple Linux servers on Hetzner, DO, Vultr, or Linode who want agent-assisted baseline audits before go-live.

Skip if: Builders on serverless-only platforms with no VM API tokens, or teams needing formal compliance attestations without human review.

What do I get? / Deliverables

After registering Kastell with provider tokens, your agent can audit and guide hardening across your cloud servers from one MCP surface.

Agent-invokable security audit results across configured cloud accounts
Hardening-oriented follow-ups aligned to the 413-check catalog claim
Repeatable fleet audit workflow before ship and after infra changes

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Pre-launch and pre-scale hardening belongs in ship before you expose services publicly or handle customer data. Security subphase covers audit, CIS-style checks, and fleet posture—not day-two metric dashboards.

How it compares

Cloud VM security audit MCP, not an application SAST skill or generic infrastructure provisioner.

Common Questions / FAQ

Who is Kastell for?

Solo builders and tiny teams operating Linux fleets on supported clouds who want MCP-driven security audits and hardening hints.

When should I use Kastell?

Use it in ship/security before launch, after provisioning new servers, or when hardening SSH, firewall, and exposure settings across a fleet.

How do I add Kastell to my agent?

Install the npm kastell MCP package (stdio), set optional HETZNER_TOKEN, DIGITALOCEAN_TOKEN, VULTR_TOKEN, and/or LINODE_TOKEN env vars, then add the server in your MCP client config.

Kastell

kastelldev/kastell

Run 413-point server security audits and hardening guidance across Hetzner, DigitalOcean, Vultr, and Linode fleets from your agent.

Overview

Kastell is a MCP server for the Ship phase that runs 413 server security checks and fleet hardening across four cloud providers.

What is this MCP server?

413 automated server security checks in the published server description
Fleet management and hardening across 4 cloud providers: Hetzner, DigitalOcean, Vultr, Linode
Optional per-provider API tokens via HETZNER_TOKEN, DIGITALOCEAN_TOKEN, VULTR_TOKEN, LINODE_TOKEN
npm stdio package identifier kastell (v1.14.0) for MCP hosts
Agent-driven audits for indie builders running multi-VPS infrastructure without a dedicated SecOps hire
413 server security checks per server description
MCP package version 1.14.0 (npm identifier kastell)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 52 GitHub stars.

What problem does it solve?

Spinning up cheap VPS fleets is easy for solopreneurs, but nobody has time to manually verify hundreds of security settings on every box.

Who is it for?

Indie SaaS founders managing multiple Linux servers on Hetzner, DO, Vultr, or Linode who want agent-assisted baseline audits before go-live.

Skip if: Builders on serverless-only platforms with no VM API tokens, or teams needing formal compliance attestations without human review.

What do I get? / Deliverables

After registering Kastell with provider tokens, your agent can audit and guide hardening across your cloud servers from one MCP surface.

Agent-invokable security audit results across configured cloud accounts
Hardening-oriented follow-ups aligned to the 413-check catalog claim
Repeatable fleet audit workflow before ship and after infra changes

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Cloud VM security audit MCP, not an application SAST skill or generic infrastructure provisioner.

Common Questions / FAQ

Who is Kastell for?

Solo builders and tiny teams operating Linux fleets on supported clouds who want MCP-driven security audits and hardening hints.

When should I use Kastell?

Use it in ship/security before launch, after provisioning new servers, or when hardening SSH, firewall, and exposure settings across a fleet.

How do I add Kastell to my agent?

Install the npm kastell MCP package (stdio), set optional HETZNER_TOKEN, DIGITALOCEAN_TOKEN, VULTR_TOKEN, and/or LINODE_TOKEN env vars, then add the server in your MCP client config.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Kastell for?

When should I use Kastell?

How do I add Kastell to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Kastell for?

When should I use Kastell?

How do I add Kastell to my agent?