io.github.kastelldev/kastell

Server security audit (413 checks), hardening, and fleet management across 4 cloud providers.

37Apache-2.0cloud

Install

Config snippet generator goes here (5 client tabs)

README

<p align="center">
  <img src="assets/logo.png" alt="Kastell" width="120" />
</p>

<h1 align="center">Kastell</h1>
<p align="center">Your infrastructure, fortified.</p>

> English | [Türkçe](README.tr.md)

![Tests](https://github.com/kastelldev/kastell/actions/workflows/ci.yml/badge.svg)
[![Coverage](https://img.shields.io/codecov/c/github/kastelldev/kastell?logo=codecov)](https://app.codecov.io/gh/kastelldev/kastell)
![npm](https://img.shields.io/npm/v/kastell)
![Downloads](https://img.shields.io/npm/dt/kastell)
![License](https://img.shields.io/badge/license-Apache%202.0-blue)
![GitHub stars](https://img.shields.io/github/stars/kastelldev/kastell?style=flat-square)
[![Socket Badge](https://socket.dev/api/badge/npm/package/kastell)](https://socket.dev/npm/package/kastell)
[![Snyk](https://snyk.io/test/github/kastelldev/kastell/badge.svg)](https://snyk.io/test/github/kastelldev/kastell)
[![Website](https://img.shields.io/badge/website-kastell.dev-blue?style=flat-square)](https://kastell.dev)

## Why Kastell Exists

Most self-hosted servers break because:

- No backup discipline
- No update strategy
- No security hardening
- No monitoring
- No snapshot routine

Stop babysitting your servers. Kastell was built to fix that.

## Quick Start

```bash
# Interactive mode -- no commands to memorize
npx kastell
```

Running `kastell` without any arguments launches an **interactive search menu** with a gradient ASCII banner and quick-start examples. Browse actions by emoji-categorized groups, type to filter results instantly, and configure options step by step -- no need to remember any command names or flags.

```
 ██╗  ██╗  ██████╗  ███████╗████████╗███████╗██╗     ██╗
 ██║ ██╔╝  ██╔══██╗ ██╔════╝╚══██╔══╝██╔════╝██║     ██║
 █████╔╝   ███████║ ███████╗   ██║   █████╗  ██║     ██║
 ██╔═██╗   ██╔══██║ ╚════██║   ██║   ██╔══╝  ██║     ██║
 ██║  ██╗  ██║  ██║ ███████║   ██║   ███████╗███████╗███████╗
 ╚═╝  ╚═╝  ╚═╝  ╚═╝ ╚══════╝   ╚═╝   ╚══════╝╚══════╝╚══════╝

  KASTELL  v1.14.0  ·  Your infrastructure, fortified.

  $ kastell init --template production  → deploy a new server
  $ kastell status --all                → check all servers
  $ kastell secure setup                → harden SSH + fail2ban
  $ kastell maintain --all              → full maintenance cycle

? What would you like to do?
   Server Management
❯    Deploy a new server
     Add an existing server
     List all servers
     ...
   Security
     Harden SSH & fail2ban
     Manage firewall (UFW)
     ...
```

Each action includes sub-options (server mode, template, log source, port number, etc.) and a **<- Back** option to return to the main menu at any point.

If you already know the commands, you can still use them directly:

```bash
kastell init                    # Deploy a new server
kastell status my-server        # Check server status
kastell backup --all            # Backup all servers
```

Kastell handles server provisioning, SSH key setup, firewall configuration, and platform installation automatically.

## What Makes Kastell Different?

| Problem | Solution |
|---------|----------|
| Broke your server with an update? | Pre-update snapshot protection via `maintain` |
| No idea if your server is healthy? | Built-in monitoring, health checks, and `doctor` diagnostics |
| Security is an afterthought? | Firewall, SSH hardening, SSL, and security audits built-in |
| Backups? Maybe someday... | One-command backup & restore with manifest tracking |
| Managing multiple servers? | `--all` flag across backup, maintain, status, and health |
| Existing server not tracked? | `kastell add` brings any server under management |
| Don't want to memorize commands? | Just run `kastell` -- interactive menu guides you |

## What Can You Do?

### Deploy
```bash
kastell                               # Interactive menu (recommended)
kastell init                          # Interactive setup (direct)
kastell init --provider hetzner       # Non-interactive
kastell init --config kastell.yml     # From YAML config
kastell init --template production    # Use a template
kastell init --mode bare              # Generic VPS (no platform)
kastell init --mode dokploy           # Dokploy (Docker Swarm PaaS)
```

### Manage
```bash
kastell list                  # List all servers
kastell status my-server      # Check server status
kastell status --all          # Check all servers
kastell ssh my-server         # SSH into server
kastell restart my-server     # Restart server
kastell destroy my-server     # Destroy cloud server entirely
kastell add                   # Add existing server
kastell remove my-server      # Remove from local config
kastell config set key value  # Manage default configuration
kastell config validate       # Validate servers.yaml structure and types
kastell export                # Export server list to JSON
kastell import servers.json   # Import servers from JSON
```

### Update & Maintain
```bash
kastell update my-server              # Update platform (Coo