npm - kastell - Versions diffs - 2.1.0 → 2.2.1 - Mend

kastell 2.1.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (501) hide show

package/.claude-plugin/marketplace.json +18 -0
package/.claude-plugin/plugin.json +39 -0
package/CHANGELOG.md +1266 -1216
package/LICENSE +201 -201
package/NOTICE +5 -5
package/README.md +1 -1
package/README.tr.md +1 -1
package/bin/kastell +2 -2
package/bin/kastell-mcp +5 -5
package/dist/adapters/coolify.js +92 -92
package/dist/adapters/dokploy.js +99 -99
package/dist/adapters/shared.d.ts.map +1 -1
package/dist/adapters/shared.js +4 -2
package/dist/adapters/shared.js.map +1 -1
package/dist/commands/add.d.ts.map +1 -1
package/dist/commands/add.js +6 -9
package/dist/commands/add.js.map +1 -1
package/dist/commands/auth.d.ts.map +1 -1
package/dist/commands/auth.js +12 -12
package/dist/commands/auth.js.map +1 -1
package/dist/commands/doctor.d.ts +1 -0
package/dist/commands/doctor.d.ts.map +1 -1
package/dist/commands/doctor.js +23 -8
package/dist/commands/doctor.js.map +1 -1
package/dist/commands/evidence.d.ts.map +1 -1
package/dist/commands/evidence.js +8 -9
package/dist/commands/evidence.js.map +1 -1
package/dist/commands/fix.d.ts +1 -0
package/dist/commands/fix.d.ts.map +1 -1
package/dist/commands/fix.js +24 -5
package/dist/commands/fix.js.map +1 -1
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +4 -7
package/dist/commands/init.js.map +1 -1
package/dist/commands/interactive/backup-maintenance.d.ts +8 -0
package/dist/commands/interactive/backup-maintenance.d.ts.map +1 -0
package/dist/commands/interactive/backup-maintenance.js +120 -0
package/dist/commands/interactive/backup-maintenance.js.map +1 -0
package/dist/commands/interactive/index.d.ts +4 -0
package/dist/commands/interactive/index.d.ts.map +1 -0
package/dist/commands/interactive/index.js +94 -0
package/dist/commands/interactive/index.js.map +1 -0
package/dist/commands/interactive/menu.d.ts +23 -0
package/dist/commands/interactive/menu.d.ts.map +1 -0
package/dist/commands/interactive/menu.js +121 -0
package/dist/commands/interactive/menu.js.map +1 -0
package/dist/commands/interactive/monitoring.d.ts +5 -0
package/dist/commands/interactive/monitoring.d.ts.map +1 -0
package/dist/commands/interactive/monitoring.js +96 -0
package/dist/commands/interactive/monitoring.js.map +1 -0
package/dist/commands/interactive/plugins.d.ts +2 -0
package/dist/commands/interactive/plugins.d.ts.map +1 -0
package/dist/commands/interactive/plugins.js +30 -0
package/dist/commands/interactive/plugins.js.map +1 -0
package/dist/commands/interactive/security.d.ts +9 -0
package/dist/commands/interactive/security.d.ts.map +1 -0
package/dist/commands/interactive/security.js +535 -0
package/dist/commands/interactive/security.js.map +1 -0
package/dist/commands/interactive/server-management.d.ts +5 -0
package/dist/commands/interactive/server-management.d.ts.map +1 -0
package/dist/commands/interactive/server-management.js +79 -0
package/dist/commands/interactive/server-management.js.map +1 -0
package/dist/commands/interactive/shared.d.ts +12 -0
package/dist/commands/interactive/shared.d.ts.map +1 -0
package/dist/commands/interactive/shared.js +30 -0
package/dist/commands/interactive/shared.js.map +1 -0
package/dist/commands/interactive.d.ts.map +1 -1
package/dist/commands/interactive.js +29 -0
package/dist/commands/interactive.js.map +1 -1
package/dist/commands/lock.js +1 -1
package/dist/commands/lock.js.map +1 -1
package/dist/commands/plugin.d.ts +8 -0
package/dist/commands/plugin.d.ts.map +1 -0
package/dist/commands/plugin.js +87 -0
package/dist/commands/plugin.js.map +1 -0
package/dist/commands/regression.d.ts.map +1 -1
package/dist/commands/regression.js +1 -2
package/dist/commands/regression.js.map +1 -1
package/dist/commands/restart.d.ts.map +1 -1
package/dist/commands/restart.js +3 -2
package/dist/commands/restart.js.map +1 -1
package/dist/commands/schedule.js +2 -2
package/dist/commands/schedule.js.map +1 -1
package/dist/core/audit/checkIds.d.ts +516 -0
package/dist/core/audit/checkIds.d.ts.map +1 -0
package/dist/core/audit/checkIds.js +515 -0
package/dist/core/audit/checkIds.js.map +1 -0
package/dist/core/audit/checks/accounts.d.ts.map +1 -1
package/dist/core/audit/checks/accounts.js +23 -22
package/dist/core/audit/checks/accounts.js.map +1 -1
package/dist/core/audit/checks/auth.d.ts.map +1 -1
package/dist/core/audit/checks/auth.js +23 -22
package/dist/core/audit/checks/auth.js.map +1 -1
package/dist/core/audit/checks/backup.d.ts.map +1 -1
package/dist/core/audit/checks/backup.js +9 -8
package/dist/core/audit/checks/backup.js.map +1 -1
package/dist/core/audit/checks/banners.d.ts.map +1 -1
package/dist/core/audit/checks/banners.js +7 -6
package/dist/core/audit/checks/banners.js.map +1 -1
package/dist/core/audit/checks/boot.d.ts.map +1 -1
package/dist/core/audit/checks/boot.js +12 -11
package/dist/core/audit/checks/boot.js.map +1 -1
package/dist/core/audit/checks/cloudmeta.d.ts.map +1 -1
package/dist/core/audit/checks/cloudmeta.js +7 -6
package/dist/core/audit/checks/cloudmeta.js.map +1 -1
package/dist/core/audit/checks/crypto.d.ts +0 -5
package/dist/core/audit/checks/crypto.d.ts.map +1 -1
package/dist/core/audit/checks/crypto.js +20 -19
package/dist/core/audit/checks/crypto.js.map +1 -1
package/dist/core/audit/checks/ddos.d.ts.map +1 -1
package/dist/core/audit/checks/ddos.js +9 -8
package/dist/core/audit/checks/ddos.js.map +1 -1
package/dist/core/audit/checks/dns.d.ts.map +1 -1
package/dist/core/audit/checks/dns.js +9 -8
package/dist/core/audit/checks/dns.js.map +1 -1
package/dist/core/audit/checks/docker.d.ts.map +1 -1
package/dist/core/audit/checks/docker.js +65 -64
package/dist/core/audit/checks/docker.js.map +1 -1
package/dist/core/audit/checks/fileintegrity.d.ts.map +1 -1
package/dist/core/audit/checks/fileintegrity.js +11 -10
package/dist/core/audit/checks/fileintegrity.js.map +1 -1
package/dist/core/audit/checks/filesystem.d.ts.map +1 -1
package/dist/core/audit/checks/filesystem.js +21 -20
package/dist/core/audit/checks/filesystem.js.map +1 -1
package/dist/core/audit/checks/firewall.d.ts.map +1 -1
package/dist/core/audit/checks/firewall.js +18 -17
package/dist/core/audit/checks/firewall.js.map +1 -1
package/dist/core/audit/checks/httpHeaders.d.ts.map +1 -1
package/dist/core/audit/checks/httpHeaders.js +7 -6
package/dist/core/audit/checks/httpHeaders.js.map +1 -1
package/dist/core/audit/checks/incidentready.d.ts.map +1 -1
package/dist/core/audit/checks/incidentready.js +13 -12
package/dist/core/audit/checks/incidentready.js.map +1 -1
package/dist/core/audit/checks/kernel.d.ts.map +1 -1
package/dist/core/audit/checks/kernel.js +32 -31
package/dist/core/audit/checks/kernel.js.map +1 -1
package/dist/core/audit/checks/logging.d.ts.map +1 -1
package/dist/core/audit/checks/logging.js +21 -20
package/dist/core/audit/checks/logging.js.map +1 -1
package/dist/core/audit/checks/mac.d.ts.map +1 -1
package/dist/core/audit/checks/mac.js +11 -10
package/dist/core/audit/checks/mac.js.map +1 -1
package/dist/core/audit/checks/malware.d.ts.map +1 -1
package/dist/core/audit/checks/malware.js +12 -11
package/dist/core/audit/checks/malware.js.map +1 -1
package/dist/core/audit/checks/memory.d.ts.map +1 -1
package/dist/core/audit/checks/memory.js +12 -11
package/dist/core/audit/checks/memory.js.map +1 -1
package/dist/core/audit/checks/network.d.ts.map +1 -1
package/dist/core/audit/checks/network.js +22 -21
package/dist/core/audit/checks/network.js.map +1 -1
package/dist/core/audit/checks/nginx.d.ts.map +1 -1
package/dist/core/audit/checks/nginx.js +17 -16
package/dist/core/audit/checks/nginx.js.map +1 -1
package/dist/core/audit/checks/resourcelimits.d.ts.map +1 -1
package/dist/core/audit/checks/resourcelimits.js +9 -8
package/dist/core/audit/checks/resourcelimits.js.map +1 -1
package/dist/core/audit/checks/scheduling.d.ts.map +1 -1
package/dist/core/audit/checks/scheduling.js +13 -12
package/dist/core/audit/checks/scheduling.js.map +1 -1
package/dist/core/audit/checks/secrets.d.ts.map +1 -1
package/dist/core/audit/checks/secrets.js +16 -15
package/dist/core/audit/checks/secrets.js.map +1 -1
package/dist/core/audit/checks/services.d.ts.map +1 -1
package/dist/core/audit/checks/services.js +26 -25
package/dist/core/audit/checks/services.js.map +1 -1
package/dist/core/audit/checks/ssh.d.ts.map +1 -1
package/dist/core/audit/checks/ssh.js +23 -22
package/dist/core/audit/checks/ssh.js.map +1 -1
package/dist/core/audit/checks/supplychain.d.ts.map +1 -1
package/dist/core/audit/checks/supplychain.js +13 -12
package/dist/core/audit/checks/supplychain.js.map +1 -1
package/dist/core/audit/checks/time.d.ts.map +1 -1
package/dist/core/audit/checks/time.js +10 -9
package/dist/core/audit/checks/time.js.map +1 -1
package/dist/core/audit/checks/tls.d.ts.map +1 -1
package/dist/core/audit/checks/tls.js +9 -8
package/dist/core/audit/checks/tls.js.map +1 -1
package/dist/core/audit/checks/updates.d.ts.map +1 -1
package/dist/core/audit/checks/updates.js +12 -11
package/dist/core/audit/checks/updates.js.map +1 -1
package/dist/core/audit/compliance/categories/index.d.ts +3 -0
package/dist/core/audit/compliance/categories/index.d.ts.map +1 -0
package/dist/core/audit/compliance/categories/index.js +737 -0
package/dist/core/audit/compliance/categories/index.js.map +1 -0
package/dist/core/audit/compliance/helpers.d.ts +17 -0
package/dist/core/audit/compliance/helpers.d.ts.map +1 -0
package/dist/core/audit/compliance/helpers.js +40 -0
package/dist/core/audit/compliance/helpers.js.map +1 -0
package/dist/core/audit/compliance/mapper.d.ts +4 -16
package/dist/core/audit/compliance/mapper.d.ts.map +1 -1
package/dist/core/audit/compliance/mapper.js +3 -776
package/dist/core/audit/compliance/mapper.js.map +1 -1
package/dist/core/audit/fix-history.d.ts +16 -7
package/dist/core/audit/fix-history.d.ts.map +1 -1
package/dist/core/audit/fix-history.js +25 -2
package/dist/core/audit/fix-history.js.map +1 -1
package/dist/core/audit/fix.d.ts +17 -2
package/dist/core/audit/fix.d.ts.map +1 -1
package/dist/core/audit/fix.js +115 -42
package/dist/core/audit/fix.js.map +1 -1
package/dist/core/audit/formatters/badge.js +20 -20
package/dist/core/audit/index.d.ts.map +1 -1
package/dist/core/audit/index.js +3 -2
package/dist/core/audit/index.js.map +1 -1
package/dist/core/audit/snapshot.d.ts.map +1 -1
package/dist/core/audit/snapshot.js +6 -2
package/dist/core/audit/snapshot.js.map +1 -1
package/dist/core/audit/types.d.ts +11 -1
package/dist/core/audit/types.d.ts.map +1 -1
package/dist/core/audit/watch.d.ts.map +1 -1
package/dist/core/audit/watch.js +3 -2
package/dist/core/audit/watch.js.map +1 -1
package/dist/core/backup.d.ts.map +1 -1
package/dist/core/backup.js +10 -5
package/dist/core/backup.js.map +1 -1
package/dist/core/bot/handlers.d.ts.map +1 -1
package/dist/core/bot/handlers.js +2 -17
package/dist/core/bot/handlers.js.map +1 -1
package/dist/core/completions.d.ts.map +1 -1
package/dist/core/completions.js +632 -610
package/dist/core/completions.js.map +1 -1
package/dist/core/deploy.d.ts.map +1 -1
package/dist/core/deploy.js +7 -4
package/dist/core/deploy.js.map +1 -1
package/dist/core/doctor-fix.d.ts +1 -1
package/dist/core/doctor-fix.d.ts.map +1 -1
package/dist/core/doctor-fix.js +17 -2
package/dist/core/doctor-fix.js.map +1 -1
package/dist/core/doctor.d.ts.map +1 -1
package/dist/core/doctor.js +2 -1
package/dist/core/doctor.js.map +1 -1
package/dist/core/firewall.d.ts +0 -1
package/dist/core/firewall.d.ts.map +1 -1
package/dist/core/firewall.js +2 -13
package/dist/core/firewall.js.map +1 -1
package/dist/core/lock/auth.d.ts +7 -0
package/dist/core/lock/auth.d.ts.map +1 -0
package/dist/core/lock/auth.js +59 -0
package/dist/core/lock/auth.js.map +1 -0
package/dist/core/lock/docker.d.ts +4 -0
package/dist/core/lock/docker.d.ts.map +1 -0
package/dist/core/lock/docker.js +28 -0
package/dist/core/lock/docker.js.map +1 -0
package/dist/core/lock/index.d.ts +11 -0
package/dist/core/lock/index.d.ts.map +1 -0
package/dist/core/lock/index.js +247 -0
package/dist/core/lock/index.js.map +1 -0
package/dist/core/lock/monitoring.d.ts +4 -0
package/dist/core/lock/monitoring.d.ts.map +1 -0
package/dist/core/lock/monitoring.js +55 -0
package/dist/core/lock/monitoring.js.map +1 -0
package/dist/core/lock/network.d.ts +6 -0
package/dist/core/lock/network.d.ts.map +1 -0
package/dist/core/lock/network.js +59 -0
package/dist/core/lock/network.js.map +1 -0
package/dist/core/lock/ssh.d.ts +5 -0
package/dist/core/lock/ssh.d.ts.map +1 -0
package/dist/core/lock/ssh.js +49 -0
package/dist/core/lock/ssh.js.map +1 -0
package/dist/core/lock/system.d.ts +9 -0
package/dist/core/lock/system.d.ts.map +1 -0
package/dist/core/lock/system.js +80 -0
package/dist/core/lock/system.js.map +1 -0
package/dist/core/lock/types.d.ts +41 -0
package/dist/core/lock/types.d.ts.map +1 -0
package/dist/core/lock/types.js +2 -0
package/dist/core/lock/types.js.map +1 -0
package/dist/core/maintain.d.ts.map +1 -1
package/dist/core/maintain.js +3 -1
package/dist/core/maintain.js.map +1 -1
package/dist/core/manage.d.ts.map +1 -1
package/dist/core/manage.js +7 -4
package/dist/core/manage.js.map +1 -1
package/dist/core/notify.d.ts.map +1 -1
package/dist/core/notify.js +2 -1
package/dist/core/notify.js.map +1 -1
package/dist/core/notifyStore.d.ts.map +1 -1
package/dist/core/notifyStore.js +3 -1
package/dist/core/notifyStore.js.map +1 -1
package/dist/core/plugin.d.ts +23 -0
package/dist/core/plugin.d.ts.map +1 -0
package/dist/core/plugin.js +107 -0
package/dist/core/plugin.js.map +1 -0
package/dist/core/provision.d.ts.map +1 -1
package/dist/core/provision.js +9 -4
package/dist/core/provision.js.map +1 -1
package/dist/core/scheduleManager.d.ts +2 -1
package/dist/core/scheduleManager.d.ts.map +1 -1
package/dist/core/scheduleManager.js +13 -7
package/dist/core/scheduleManager.js.map +1 -1
package/dist/index.js +34 -2
package/dist/index.js.map +1 -1
package/dist/mcp/index.js +5 -9
package/dist/mcp/index.js.map +1 -1
package/dist/mcp/schemas/audit.d.ts +34 -0
package/dist/mcp/schemas/audit.d.ts.map +1 -0
package/dist/mcp/schemas/audit.js +23 -0
package/dist/mcp/schemas/audit.js.map +1 -0
package/dist/mcp/schemas/common.d.ts +16 -0
package/dist/mcp/schemas/common.d.ts.map +1 -0
package/dist/mcp/schemas/common.js +14 -0
package/dist/mcp/schemas/common.js.map +1 -0
package/dist/mcp/schemas/health.d.ts +14 -0
package/dist/mcp/schemas/health.d.ts.map +1 -0
package/dist/mcp/schemas/health.js +13 -0
package/dist/mcp/schemas/health.js.map +1 -0
package/dist/mcp/schemas/index.d.ts +5 -0
package/dist/mcp/schemas/index.d.ts.map +1 -0
package/dist/mcp/schemas/index.js +5 -0
package/dist/mcp/schemas/index.js.map +1 -0
package/dist/mcp/schemas/server.d.ts +18 -0
package/dist/mcp/schemas/server.d.ts.map +1 -0
package/dist/mcp/schemas/server.js +16 -0
package/dist/mcp/schemas/server.js.map +1 -0
package/dist/mcp/server.d.ts.map +1 -1
package/dist/mcp/server.js +71 -40
package/dist/mcp/server.js.map +1 -1
package/dist/mcp/tools/serverAudit.d.ts +63 -1
package/dist/mcp/tools/serverAudit.d.ts.map +1 -1
package/dist/mcp/tools/serverAudit.js +63 -6
package/dist/mcp/tools/serverAudit.js.map +1 -1
package/dist/mcp/tools/serverBackup.d.ts +100 -2
package/dist/mcp/tools/serverBackup.d.ts.map +1 -1
package/dist/mcp/tools/serverBackup.handlers.d.ts.map +1 -1
package/dist/mcp/tools/serverBackup.handlers.js +9 -0
package/dist/mcp/tools/serverBackup.handlers.js.map +1 -1
package/dist/mcp/tools/serverBackup.js +74 -0
package/dist/mcp/tools/serverBackup.js.map +1 -1
package/dist/mcp/tools/serverCompare.d.ts +33 -0
package/dist/mcp/tools/serverCompare.d.ts.map +1 -1
package/dist/mcp/tools/serverCompare.js +45 -2
package/dist/mcp/tools/serverCompare.js.map +1 -1
package/dist/mcp/tools/serverDoctor.d.ts +14 -0
package/dist/mcp/tools/serverDoctor.d.ts.map +1 -1
package/dist/mcp/tools/serverDoctor.js +16 -1
package/dist/mcp/tools/serverDoctor.js.map +1 -1
package/dist/mcp/tools/serverEvidence.d.ts +13 -0
package/dist/mcp/tools/serverEvidence.d.ts.map +1 -1
package/dist/mcp/tools/serverEvidence.js +17 -2
package/dist/mcp/tools/serverEvidence.js.map +1 -1
package/dist/mcp/tools/serverExplain.d.ts +17 -0
package/dist/mcp/tools/serverExplain.d.ts.map +1 -1
package/dist/mcp/tools/serverExplain.js +33 -1
package/dist/mcp/tools/serverExplain.js.map +1 -1
package/dist/mcp/tools/serverFix.d.ts +78 -0
package/dist/mcp/tools/serverFix.d.ts.map +1 -1
package/dist/mcp/tools/serverFix.js +87 -0
package/dist/mcp/tools/serverFix.js.map +1 -1
package/dist/mcp/tools/serverFleet.d.ts +24 -1
package/dist/mcp/tools/serverFleet.d.ts.map +1 -1
package/dist/mcp/tools/serverFleet.js +24 -1
package/dist/mcp/tools/serverFleet.js.map +1 -1
package/dist/mcp/tools/serverGuard.d.ts +12 -0
package/dist/mcp/tools/serverGuard.d.ts.map +1 -1
package/dist/mcp/tools/serverGuard.js +16 -0
package/dist/mcp/tools/serverGuard.js.map +1 -1
package/dist/mcp/tools/serverInfo.d.ts +77 -1
package/dist/mcp/tools/serverInfo.d.ts.map +1 -1
package/dist/mcp/tools/serverInfo.js +77 -4
package/dist/mcp/tools/serverInfo.js.map +1 -1
package/dist/mcp/tools/serverLock.d.ts +10 -0
package/dist/mcp/tools/serverLock.d.ts.map +1 -1
package/dist/mcp/tools/serverLock.js +15 -3
package/dist/mcp/tools/serverLock.js.map +1 -1
package/dist/mcp/tools/serverLogs.d.ts +43 -0
package/dist/mcp/tools/serverLogs.d.ts.map +1 -1
package/dist/mcp/tools/serverLogs.js +28 -0
package/dist/mcp/tools/serverLogs.js.map +1 -1
package/dist/mcp/tools/serverMaintain.d.ts +47 -0
package/dist/mcp/tools/serverMaintain.d.ts.map +1 -1
package/dist/mcp/tools/serverMaintain.js +75 -41
package/dist/mcp/tools/serverMaintain.js.map +1 -1
package/dist/mcp/tools/serverManage.d.ts +50 -0
package/dist/mcp/tools/serverManage.d.ts.map +1 -1
package/dist/mcp/tools/serverManage.js +49 -0
package/dist/mcp/tools/serverManage.js.map +1 -1
package/dist/mcp/tools/serverPlugin.d.ts +30 -0
package/dist/mcp/tools/serverPlugin.d.ts.map +1 -0
package/dist/mcp/tools/serverPlugin.js +47 -0
package/dist/mcp/tools/serverPlugin.js.map +1 -0
package/dist/mcp/tools/serverProvision.d.ts +22 -0
package/dist/mcp/tools/serverProvision.d.ts.map +1 -1
package/dist/mcp/tools/serverProvision.js +22 -2
package/dist/mcp/tools/serverProvision.js.map +1 -1
package/dist/mcp/tools/serverSecure.d.ts +120 -0
package/dist/mcp/tools/serverSecure.d.ts.map +1 -1
package/dist/mcp/tools/serverSecure.handlers.d.ts.map +1 -1
package/dist/mcp/tools/serverSecure.handlers.js +39 -98
package/dist/mcp/tools/serverSecure.handlers.js.map +1 -1
package/dist/mcp/tools/serverSecure.js +101 -0
package/dist/mcp/tools/serverSecure.js.map +1 -1
package/dist/mcp/utils.d.ts +1 -0
package/dist/mcp/utils.d.ts.map +1 -1
package/dist/mcp/utils.js +5 -1
package/dist/mcp/utils.js.map +1 -1
package/dist/plugin/loader.d.ts +10 -0
package/dist/plugin/loader.d.ts.map +1 -0
package/dist/plugin/loader.js +88 -0
package/dist/plugin/loader.js.map +1 -0
package/dist/plugin/registry.d.ts +16 -0
package/dist/plugin/registry.d.ts.map +1 -0
package/dist/plugin/registry.js +101 -0
package/dist/plugin/registry.js.map +1 -0
package/dist/plugin/sdk/constants.d.ts +3 -0
package/dist/plugin/sdk/constants.d.ts.map +1 -0
package/dist/plugin/sdk/constants.js +3 -0
package/dist/plugin/sdk/constants.js.map +1 -0
package/dist/plugin/sdk/types.d.ts +29 -0
package/dist/plugin/sdk/types.d.ts.map +1 -0
package/dist/plugin/sdk/types.js +2 -0
package/dist/plugin/sdk/types.js.map +1 -0
package/dist/plugin/validate.d.ts +3 -0
package/dist/plugin/validate.d.ts.map +1 -0
package/dist/plugin/validate.js +31 -0
package/dist/plugin/validate.js.map +1 -0
package/dist/providers/base.d.ts.map +1 -1
package/dist/providers/base.js +2 -1
package/dist/providers/base.js.map +1 -1
package/dist/providers/linode.d.ts +1 -0
package/dist/providers/linode.d.ts.map +1 -1
package/dist/providers/linode.js +4 -0
package/dist/providers/linode.js.map +1 -1
package/dist/utils/cloudInit.js +58 -58
package/dist/utils/config.d.ts +3 -0
package/dist/utils/config.d.ts.map +1 -1
package/dist/utils/config.js +11 -6
package/dist/utils/config.js.map +1 -1
package/dist/utils/encryption.d.ts.map +1 -1
package/dist/utils/encryption.js +4 -1
package/dist/utils/encryption.js.map +1 -1
package/dist/utils/errorMapper.d.ts.map +1 -1
package/dist/utils/errorMapper.js +2 -1
package/dist/utils/errorMapper.js.map +1 -1
package/dist/utils/errors.d.ts +1 -0
package/dist/utils/errors.d.ts.map +1 -1
package/dist/utils/errors.js +3 -0
package/dist/utils/errors.js.map +1 -1
package/dist/utils/migration.d.ts.map +1 -1
package/dist/utils/migration.js +25 -14
package/dist/utils/migration.js.map +1 -1
package/dist/utils/paths.d.ts +4 -0
package/dist/utils/paths.d.ts.map +1 -1
package/dist/utils/paths.js +4 -0
package/dist/utils/paths.js.map +1 -1
package/dist/utils/safeMode.d.ts.map +1 -1
package/dist/utils/safeMode.js +3 -2
package/dist/utils/safeMode.js.map +1 -1
package/dist/utils/secureWrite.d.ts.map +1 -1
package/dist/utils/secureWrite.js +2 -1
package/dist/utils/secureWrite.js.map +1 -1
package/dist/utils/securityLogger.d.ts.map +1 -1
package/dist/utils/securityLogger.js +7 -3
package/dist/utils/securityLogger.js.map +1 -1
package/dist/utils/version.d.ts +4 -0
package/dist/utils/version.d.ts.map +1 -0
package/dist/utils/version.js +22 -0
package/dist/utils/version.js.map +1 -0
package/dist/utils/yamlConfig.d.ts.map +1 -1
package/dist/utils/yamlConfig.js +3 -2
package/dist/utils/yamlConfig.js.map +1 -1
package/kastell-plugin/.claude-plugin/plugin.json +20 -0
package/kastell-plugin/.mcp.json +8 -0
package/kastell-plugin/README.md +113 -0
package/kastell-plugin/agents/.gitkeep +0 -0
package/kastell-plugin/agents/kastell-auditor.md +77 -0
package/kastell-plugin/agents/scripts/bucket_mapper.sh +101 -0
package/kastell-plugin/agents/scripts/trend_report.sh +91 -0
package/kastell-plugin/hooks/destroy-block.cjs +31 -0
package/kastell-plugin/hooks/hooks.json +57 -0
package/kastell-plugin/hooks/pre-commit-audit-guard.cjs +75 -0
package/kastell-plugin/hooks/session-audit.cjs +86 -0
package/kastell-plugin/hooks/session-log.cjs +56 -0
package/kastell-plugin/hooks/stop-quality-check.cjs +72 -0
package/kastell-plugin/skills/.gitkeep +0 -0
package/kastell-plugin/skills/kastell-careful/SKILL.md +64 -0
package/kastell-plugin/skills/kastell-ops/SKILL.md +139 -0
package/kastell-plugin/skills/kastell-ops/references/commands.md +45 -0
package/kastell-plugin/skills/kastell-ops/references/mcp-tools.md +50 -0
package/kastell-plugin/skills/kastell-ops/references/patterns.md +145 -0
package/kastell-plugin/skills/kastell-ops/references/pitfalls.md +136 -0
package/kastell-plugin/skills/kastell-ops/scripts/check_coverage.sh +101 -0
package/kastell-plugin/skills/kastell-ops/scripts/fleet_report.sh +73 -0
package/kastell-plugin/skills/kastell-ops/scripts/parse_audit.sh +76 -0
package/kastell-plugin/skills/kastell-research/SKILL.md +90 -0
package/kastell-plugin/skills/kastell-scaffold/SKILL.md +104 -0
package/kastell-plugin/skills/kastell-scaffold/references/template-audit-check.md +150 -0
package/kastell-plugin/skills/kastell-scaffold/references/template-command.md +80 -0
package/kastell-plugin/skills/kastell-scaffold/references/template-mcp-tool.md +72 -0
package/kastell-plugin/skills/kastell-scaffold/references/template-provider.md +67 -0
package/kastell-plugin/skills/kastell-scaffold/scripts/scaffold.sh +180 -0
package/kastell-plugin/skills/kastell-scaffold/templates/check-test.ts.tpl +27 -0
package/kastell-plugin/skills/kastell-scaffold/templates/check.ts.tpl +50 -0
package/kastell-plugin/skills/kastell-scaffold/templates/command-core.ts.tpl +18 -0
package/kastell-plugin/skills/kastell-scaffold/templates/command-test.ts.tpl +17 -0
package/kastell-plugin/skills/kastell-scaffold/templates/command.ts.tpl +25 -0
package/kastell-plugin/skills/kastell-scaffold/templates/mcp-tool-test.ts.tpl +30 -0
package/kastell-plugin/skills/kastell-scaffold/templates/mcp-tool.ts.tpl +29 -0
package/kastell-plugin/skills/kastell-scaffold/templates/provider-test.ts.tpl +34 -0
package/kastell-plugin/skills/kastell-scaffold/templates/provider.ts.tpl +32 -0
package/package.json +122 -113

package/kastell-plugin/skills/kastell-ops/references/pitfalls.md ADDED Viewed

@@ -0,0 +1,136 @@
+# Kastell Pitfalls
+Known traps, symptoms, and fixes. Severity: HIGH (blocks correct behavior), MEDIUM (causes test/maintenance pain), LOW (minor inconsistency).
+---
+## 1. Adapter Bypass (HIGH)
+**Symptom:** `if (server.platform === 'coolify') { port = 8000 } else { port = 3000 }` in `src/commands/`
+**Root cause:** Command accesses platform properties directly instead of using the adapter.
+**Fix:** Use `getAdapter(platform)` from `factory.ts` and read `adapter.port`, `adapter.defaultLogService`, `adapter.platformPorts`.
+```typescript
+// WRONG
+const port = server.platform === 'coolify' ? 8000 : 3000;
+// CORRECT
+import { getAdapter } from '../../src/adapters/factory.js';
+const adapter = getAdapter(server.platform);
+const port = adapter.port;
+```
+---
+## 2. Business Logic in Commands (HIGH)
+**Symptom:** Complex calculations, API calls, try/catch blocks, or SSH calls in `src/commands/*.ts`.
+**Root cause:** Logic was not extracted to `src/core/`.
+**Fix:** Extract all logic to a new `src/core/<name>.ts` function. Command only calls core and displays the result.
+---
+## 3. UI in Core (HIGH)
+**Symptom:** `chalk.green(...)`, `ora('...').start()`, or `console.log()` in `src/core/*.ts`.
+**Root cause:** Core function was handling display instead of returning data.
+**Fix:** Core functions return plain data objects. The command layer (or MCP handler) handles display using chalk/ora.
+---
+## 4. Direct Adapter Import (MEDIUM)
+**Symptom:** `import { CoolifyAdapter } from '../../src/adapters/coolify.js'` in a command or core file.
+**Root cause:** Bypasses the factory cache and breaks the abstraction boundary.
+**Fix:** Always use `getAdapter(platform)` from `src/adapters/factory.ts`.
+---
+## 5. Inline Adapter Mocks in Tests (MEDIUM)
+**Symptom:** `const adapter = { healthCheck: jest.fn(), port: 8000, ... }` scattered across test files.
+**Root cause:** Not using the centralized mock factory.
+**Fix:** Use `createMockAdapter()` from `tests/helpers/mockAdapter.ts`. When the `PlatformAdapter` interface gains new methods, only `mockAdapter.ts` needs updating.
+---
+## 6. SSH Batch Grouping (MEDIUM)
+**Symptom:** Audit or health commands call `sshExec` 4-6 times sequentially, each fetching partially overlapping data.
+**Root cause:** Each check independently fetches data instead of using shared batched results.
+**Fix:** Batch fast config commands together (single SSH call), batch slow probe commands together. Use head limits appropriate to the data volume (e.g., `head -50` for audit log checks).
+---
+## 7. Jest requireActual Crash (MEDIUM)
+**Symptom:** Tests crash on Node v24+ with an error related to `jest.requireActual`.
+**Root cause:** `jest.requireActual` behavior changed in Node v24.
+**Fix:** Use inline `jest.fn()` mocks instead of `jest.requireActual`. For module-level mocks, use `jest.mock()` with a factory function.
+---
+## 8. Module-Level Side Effects (MEDIUM)
+**Symptom:** Test imports a module that registers listeners or modifies globals at load time, causing unexpected behavior when other tests run.
+**Root cause:** Module has top-level side effects (e.g., `process.on('SIGINT', ...)` at module scope).
+**Fix:** Mock the module in ALL test files that import it, not just the direct test file. Side effects occur at import time.
+---
+## 9. Hardcoded Port Numbers (LOW)
+**Symptom:** `8000` or `3000` literals appear in `src/commands/` or `src/core/` files.
+**Root cause:** Port copied from constants instead of read from adapter.
+**Fix:** Use `adapter.port` for platform HTTP port, `adapter.platformPorts` for firewall protection list.
+---
+## 10. PROVIDER_REGISTRY Mismatch (LOW)
+**Symptom:** New provider works via direct code path but fails CLI validation, completion, or `--provider` flag parsing.
+**Root cause:** Provider added to `src/providers/` but not added to `PROVIDER_REGISTRY` in `src/constants.ts`.
+**Fix:** Always add to `PROVIDER_REGISTRY` first — it is the single source of truth for provider enumeration, validation, and display.
+---
+## 11. SSH Timeout Too Short (LOW)
+**Symptom:** Long-running commands (lock, audit, update) fail silently or with cryptic timeout errors.
+**Root cause:** Default SSH timeout (30s) is insufficient for operations like platform update (~3 minutes).
+**Fix:** Use 180s timeout for slow operations:
+```typescript
+await sshExec(ip, command, { timeout: 180_000 });
+```
+---
+## 12. describe.each + clearAllMocks (LOW)
+**Symptom:** Tests pass individually but fail when the full suite runs. Mock call counts are wrong in later tests.
+**Root cause:** `jest.clearAllMocks()` clears call history but does not reset mock implementations. `describe.each` reuses the same mock instance across parameterized runs.
+**Fix:** Use `jest.resetAllMocks()` in `beforeEach` when using `describe.each`. This resets both call history and implementations.

package/kastell-plugin/skills/kastell-ops/scripts/check_coverage.sh ADDED Viewed

@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+# check_coverage.sh — Compare audit check count vs test count.
+# Usage: bash check_coverage.sh [project-root]
+#
+# Counts audit checks defined in src/core/audit/checks/ and matching tests.
+# Requires: node
+set -euo pipefail
+PROJECT_ROOT="${1:-$(git rev-parse --show-toplevel 2>/dev/null || pwd)}"
+node -e "
+const fs = require('fs');
+const path = require('path');
+const root = process.argv[1];
+const checksDir = path.join(root, 'src', 'core', 'audit', 'checks');
+if (!fs.existsSync(checksDir)) {
+  console.error('Error: ' + checksDir + ' not found');
+  process.exit(1);
+}
+// Read all .ts files in checks dir (excluding index.ts)
+const checkFiles = fs.readdirSync(checksDir)
+  .filter(f => f.endsWith('.ts') && f !== 'index.ts');
+let totalChecks = 0;
+const uniqueIds = new Set();
+const perFile = [];
+for (const file of checkFiles) {
+  const content = fs.readFileSync(path.join(checksDir, file), 'utf8');
+  const ids = [...content.matchAll(/id:\s*['\"]([^'\"]+)['\"]/g)].map(m => m[1]);
+  totalChecks += ids.length;
+  ids.forEach(id => uniqueIds.add(id));
+  perFile.push({ name: file.replace('.ts', ''), checks: ids.length });
+}
+// Count categories from index.ts
+let categories = 0;
+const indexPath = path.join(checksDir, 'index.ts');
+if (fs.existsSync(indexPath)) {
+  const indexContent = fs.readFileSync(indexPath, 'utf8');
+  categories = (indexContent.match(/sectionName/g) || []).length;
+}
+// Find audit test files recursively
+function findTests(dir) {
+  let count = 0;
+  if (!fs.existsSync(dir)) return 0;
+  for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) count += findTests(full);
+    else if (entry.name.endsWith('.test.ts') && entry.name.includes('audit') ||
+             full.includes('audit') && entry.name.endsWith('.test.ts')) {
+      count++;
+    }
+  }
+  return count;
+}
+const testCount = findTests(path.join(root, 'src'));
+// Pre-index all test file contents once (avoids N+1 file reads)
+const testIndex = new Set();
+function indexTests(dir) {
+  try {
+    for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+      const full = path.join(dir, entry.name);
+      if (entry.isDirectory()) indexTests(full);
+      else if (entry.name.endsWith('.test.ts')) {
+        const content = fs.readFileSync(full, 'utf8');
+        // Extract referenced module names from imports and test descriptions
+        for (const match of content.matchAll(/['\"]([^'\"]*audit[^'\"]*)['\"]|from\s+['\"]([^'\"]+)['\"]/g)) {
+          const ref = match[1] || match[2] || '';
+          ref.split('/').forEach(part => testIndex.add(part.replace('.js', '').replace('.ts', '')));
+        }
+      }
+    }
+  } catch {}
+}
+indexTests(path.join(root, 'src'));
+function hasTestFor(name) { return testIndex.has(name); }
+console.log('=== Audit Check Coverage ===');
+console.log('Project: ' + root);
+console.log('');
+console.log('Check source files: ' + checkFiles.length);
+console.log('Categories:         ' + categories);
+console.log('Checks defined:     ' + totalChecks);
+console.log('Unique check IDs:   ' + uniqueIds.size);
+console.log('Audit test files:   ' + testCount);
+console.log('');
+console.log('Per-file breakdown:');
+perFile.sort((a, b) => a.name.localeCompare(b.name));
+for (const f of perFile) {
+  const tested = hasTestFor(f.name) ? '✓' : '✗';
+  console.log('  ' + tested + ' ' + f.name.padEnd(20) + ' ' + String(f.checks).padStart(3) + ' checks');
+}
+" "$PROJECT_ROOT"

package/kastell-plugin/skills/kastell-ops/scripts/fleet_report.sh ADDED Viewed

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+# fleet_report.sh — Generate a fleet-wide server score table.
+# Usage: kastell fleet --json | bash fleet_report.sh
+#    OR: bash fleet_report.sh < fleet-output.json
+#    OR: bash fleet_report.sh fleet-output.json
+#
+# Requires: node
+set -euo pipefail
+if [[ -n "${1:-}" && -f "$1" ]]; then
+  INPUT=$(cat "$1")
+elif [[ ! -t 0 ]]; then
+  INPUT=$(cat)
+else
+  echo "Usage: kastell fleet --json | bash fleet_report.sh" >&2
+  exit 1
+fi
+node -e "
+const data = JSON.parse(process.argv[1]);
+const servers = data.servers || data.fleet || data || [];
+if (!Array.isArray(servers) || servers.length === 0) {
+  console.log('No servers found in fleet data.');
+  process.exit(0);
+}
+// Header
+const cols = { name: 20, ip: 16, provider: 12, mode: 8, score: 6, health: 10 };
+const pad = (s, n) => String(s || '-').slice(0, n).padEnd(n);
+const sep = '-'.repeat(Object.values(cols).reduce((a, b) => a + b + 3, 0));
+console.log('=== Kastell Fleet Report ===');
+console.log('Servers: ' + servers.length);
+console.log('');
+console.log(
+  pad('Name', cols.name) + ' | ' +
+  pad('IP', cols.ip) + ' | ' +
+  pad('Provider', cols.provider) + ' | ' +
+  pad('Mode', cols.mode) + ' | ' +
+  pad('Score', cols.score) + ' | ' +
+  pad('Health', cols.health)
+);
+console.log(sep);
+// Sort by score (lowest first = needs attention)
+const sorted = [...servers].sort((a, b) => (a.score ?? 0) - (b.score ?? 0));
+for (const s of sorted) {
+  const score = s.score ?? s.auditScore ?? '-';
+  const health = s.health ?? s.status ?? '-';
+  const icon = health === 'ONLINE' ? '●' : health === 'DEGRADED' ? '◐' : '○';
+  console.log(
+    pad(s.name, cols.name) + ' | ' +
+    pad(s.ip, cols.ip) + ' | ' +
+    pad(s.provider, cols.provider) + ' | ' +
+    pad(s.mode, cols.mode) + ' | ' +
+    pad(score, cols.score) + ' | ' +
+    icon + ' ' + pad(health, cols.health - 2)
+  );
+}
+// Summary
+const scores = sorted.map(s => s.score ?? s.auditScore).filter(s => typeof s === 'number');
+if (scores.length > 0) {
+  const avg = Math.round(scores.reduce((a, b) => a + b, 0) / scores.length);
+  const min = Math.min(...scores);
+  const max = Math.max(...scores);
+  console.log('');
+  console.log('Avg: ' + avg + ' | Min: ' + min + ' | Max: ' + max);
+}
+" "$INPUT"

package/kastell-plugin/skills/kastell-ops/scripts/parse_audit.sh ADDED Viewed

@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+# parse_audit.sh — Parse kastell audit JSON into 5 security domain summaries.
+# Usage: kastell audit --server <name> --json | bash parse_audit.sh
+#    OR: bash parse_audit.sh < audit-output.json
+#    OR: bash parse_audit.sh audit-output.json
+#
+# Requires: node (uses inline JS for JSON parsing — no jq dependency)
+set -euo pipefail
+# Read JSON from file arg, stdin, or pipe
+if [[ -n "${1:-}" && -f "$1" ]]; then
+  INPUT=$(cat "$1")
+elif [[ ! -t 0 ]]; then
+  INPUT=$(cat)
+else
+  echo "Usage: kastell audit --server <name> --json | bash parse_audit.sh" >&2
+  echo "   OR: bash parse_audit.sh <audit-json-file>" >&2
+  exit 1
+fi
+node -e "
+const data = JSON.parse(process.argv[1]);
+const checks = data.checks || data.results || [];
+// 5 security domain mapping
+const DOMAINS = {
+  'Perimeter':       ['Network', 'Firewall', 'DNS Security'],
+  'Authentication':  ['SSH', 'Auth', 'Crypto', 'Accounts'],
+  'Runtime':         ['Docker', 'Services', 'Boot', 'Scheduling'],
+  'Internals':       ['Filesystem', 'Logging', 'Kernel', 'Memory'],
+  'Compliance':      ['Updates', 'File Integrity', 'Malware', 'MAC', 'Secrets',
+                      'Cloud Metadata', 'Supply Chain', 'Backup Hygiene',
+                      'Resource Limits', 'Incident Readiness', 'Banners', 'Time',
+                      'TLS', 'HTTP Security Headers'],
+};
+// Map categories to domains
+const catToDomain = {};
+for (const [domain, cats] of Object.entries(DOMAINS)) {
+  for (const cat of cats) catToDomain[cat.toLowerCase()] = domain;
+}
+// Bucket checks
+const buckets = {};
+for (const d of Object.keys(DOMAINS)) buckets[d] = { passed: 0, failed: 0, critical: [] };
+for (const c of checks) {
+  const cat = (c.category || '').toLowerCase();
+  let domain = 'Compliance'; // default
+  for (const [key, val] of Object.entries(catToDomain)) {
+    if (cat.includes(key)) { domain = val; break; }
+  }
+  if (c.passed) buckets[domain].passed++;
+  else {
+    buckets[domain].failed++;
+    if (c.severity === 'critical') buckets[domain].critical.push(c.id || c.name);
+  }
+}
+// Output
+const score = data.score ?? data.overallScore ?? 'N/A';
+console.log('=== Kastell Audit Domain Summary ===');
+console.log('Overall Score: ' + score + '/100');
+console.log('');
+for (const [domain, b] of Object.entries(buckets)) {
+  const total = b.passed + b.failed;
+  const pct = total > 0 ? Math.round(b.passed / total * 100) : 0;
+  const bar = '█'.repeat(Math.round(pct / 5)) + '░'.repeat(20 - Math.round(pct / 5));
+  console.log(domain + ': ' + b.passed + '/' + total + ' (' + pct + '%) ' + bar);
+  if (b.critical.length > 0) {
+    console.log('  Critical: ' + b.critical.slice(0, 3).join(', '));
+  }
+}
+" "$INPUT"

package/kastell-plugin/skills/kastell-research/SKILL.md ADDED Viewed

@@ -0,0 +1,90 @@
+---
+name: kastell-research
+description: Read-only Kastell codebase exploration. Use when tracing a bug across files, mapping callsites before refactoring, or exploring unfamiliar subsystems. Runs in isolated context with Explore agent.
+context: fork
+agent: Explore
+allowed-tools: Read, Grep, Glob
+effort: medium
+memory: project
+---
+# Kastell Research
+## Purpose
+Explore the Kastell codebase using read-only tools (Read, Grep, Glob). Runs in a forked Explore agent with Kastell architecture knowledge inlined.
+## When to Use
+- **Bug investigation:** Trace a bug from CLI command through core logic to adapters/providers. Start at the command file, follow imports to core, check utils and adapters.
+- **Feature mapping:** Map all callsites of a function, trace the import chain, understand how subsystems connect before making changes.
+- **Architecture question:** Understand how audit categories work, how the adapter dispatch flows, or how lock hardening steps are structured.
+## Live Codebase
+**Commands:**
+!`node -e "import('fs').then(f=>console.log(f.readdirSync('src/commands').filter(x=>x.endsWith('.ts')).map(x=>x.replace('.ts','')).join(', '))).catch(()=>console.log('commands dir not found'))"`
+**Provider registry:**
+!`node -e "import('fs').then(f=>{const c=f.readFileSync('src/constants.ts','utf8');const m=c.match(/PROVIDER_REGISTRY[\s\S]{0,200}/);console.log(m?m[0].split('\n').slice(0,4).join('\n'):'not found')}).catch(()=>console.log('constants.ts not found'))"`
+## Architecture Map
+```
+src/
+  commands/     # 31 thin CLI wrappers (parse args + delegate only)
+  core/         # Business logic (ALL computation here)
+    audit/      # 30 audit categories, 457+ checks
+    lock/       # 24-step server hardening
+  providers/    # Cloud API: hetzner, digitalocean, vultr, linode
+  adapters/     # Platform abstraction: coolify, dokploy
+    factory.ts  # getAdapter(platform) — entry point
+  mcp/
+    server.ts   # 13 tool registrations
+    tools/      # Handler files
+  utils/        # ssh, config, cloudInit, modeGuard
+  types/        # ServerMode, ServerRecord, Platform
+  constants.ts  # PROVIDER_REGISTRY
+```
+## Layer Flow
+Commands (parse args) --> Core (business logic) --> Providers (cloud API) / Adapters (platform ops). MCP tools also delegate to Core.
+## Research Workflows
+**Bug investigation:**
+1. Find the command file (`src/commands/<name>.ts`)
+2. Follow the core import (`src/core/<name>.ts`)
+3. Check adapter/provider calls
+4. Check utils (ssh, config)
+**Feature mapping:**
+1. Grep for the function name
+2. Follow import chain
+3. Map all callsites
+4. Check test coverage in `__tests__/`
+**Architecture question:**
+1. Read the Architecture Map above
+2. Read `kastell-plugin/skills/kastell-ops/SKILL.md` for full detail (adapter contract, provider registry, layer rules)
+3. Trace specific files
+## Debug by Symptom
+Common failure patterns and where to look first:
+| Symptom | Start Here | Then Check |
+|---------|-----------|------------|
+| SSH auth failure | `src/utils/ssh.ts` → `sshExec()` | `assertValidIp()`, server config `~/.kastell/servers.json`, banner parsing |
+| Provider API error | `src/providers/<name>.ts` | `withProviderErrorHandling()` in `src/utils/retry.ts`, API token config |
+| Audit check false positive | `src/core/audit/checks/<category>.ts` | SSH command output parsing, regex pattern, `sshExec` mock in test |
+| Fix rejected (SAFE tier) | `src/core/fix.ts` → `resolveTier()` | `FORBIDDEN_PATTERNS`, shell redirect/pipe in fixCommand string |
+| MCP tool error | `src/mcp/tools/<name>.ts` | Handler → core delegation, Zod schema validation, `result.content` format |
+| Lock step failure | `src/core/lock.ts` | Step's SSH command, `sshExec` stderr, cloud-init completion |
+| Config not found | `src/utils/config.ts` | `~/.kastell/` dir existence, `servers.json` format, migration from `~/.quicklify/` |
+**Known pitfalls:** See `kastell-plugin/skills/kastell-ops/references/pitfalls.md`
+## ARGUMENTS
+$ARGUMENTS

package/kastell-plugin/skills/kastell-scaffold/SKILL.md ADDED Viewed

@@ -0,0 +1,104 @@
+---
+name: kastell-scaffold
+description: Generate new Kastell components from templates. Creates boilerplate for CLI commands, audit checks, providers, and MCP tools following current architecture (commands thin, core fat, adapters dispatch).
+context: fork
+disable-model-invocation: true
+effort: medium
+allowed-tools: Read, Edit, Write, Bash, Glob, Grep
+argument-hint: "[check|command|provider|mcp-tool] [name]"
+---
+# Kastell Scaffold
+## Purpose
+Generate boilerplate files for new Kastell components. Each template follows the post-P63/P64 architecture: commands are thin wrappers, business logic lives in core/, providers handle cloud API, adapters abstract platform ops.
+## Usage
+```
+/kastell:scaffold command server-migrate     # creates command + core + test files
+/kastell:scaffold check filesystem-perms     # creates audit check + catalog update
+/kastell:scaffold provider ovhcloud          # creates provider + registry entry + test
+/kastell:scaffold mcp-tool server_migrate    # creates MCP tool + registration + test
+```
+`$ARGUMENTS[0]` is the component type. `$ARGUMENTS[1]` is the component name.
+## Architecture Rules
+These rules apply in every generated file. The forked subagent does not automatically have kastell-ops context — enforce these rules explicitly.
+| Layer    | Path              | Rule                                                         |
+|----------|-------------------|--------------------------------------------------------------|
+| Commands | src/commands/     | Parse args + delegate. ZERO business logic.                  |
+| Core     | src/core/         | ALL business logic. No chalk/ora/UI imports.                 |
+| Providers| src/providers/    | Cloud API per provider. Extends BaseProvider.                |
+| Adapters | src/adapters/     | Platform ops via PlatformAdapter. Access via getAdapter().   |
+| MCP      | src/mcp/tools/    | Zod schema + handler. Delegates to core.                     |
+**Critical:** Never import CoolifyAdapter or DokployAdapter directly. Always use `getAdapter(platform)` from `src/adapters/factory.ts`.
+**ESM:** `"type": "module"` — use `import`, not `require`. All imports use `.js` extension.
+## Existing Components
+**Commands:**
+!`node -e "import('fs').then(f=>console.log(f.readdirSync('src/commands').filter(x=>x.endsWith('.ts')).map(x=>x.replace('.ts','')).join(', '))).catch(()=>console.log('commands dir not found'))"`
+**Providers:**
+!`node -e "import('fs').then(f=>console.log(f.readdirSync('src/providers').filter(x=>x.endsWith('.ts')&&x!=='base.ts').map(x=>x.replace('.ts','')).join(', '))).catch(()=>console.log('providers dir not found'))"`
+**MCP tools:**
+!`node -e "import('fs').then(f=>console.log(f.readdirSync('src/mcp/tools').filter(x=>x.endsWith('.ts')).map(x=>x.replace('.ts','')).join(', '))).catch(()=>console.log('mcp/tools dir not found'))"`
+**Audit categories:**
+!`node -e "import('fs').then(f=>console.log(f.readdirSync('src/core/audit',{withFileTypes:true}).filter(d=>d.isDirectory()).map(d=>d.name).join(', '))).catch(()=>console.log('audit dir not found'))"`
+## Script (Deterministic)
+Run the scaffold script to generate boilerplate files:
+```bash
+bash scripts/scaffold.sh $ARGUMENTS[0] $ARGUMENTS[1]
+```
+The script reads `.tpl` templates from `templates/`, replaces `__NAME__`/`__NAME_PASCAL__`/`__NAME_CAMEL__`/`__NAME_UPPER__` placeholders, and creates files in the project. Add `--dry-run` to preview without writing.
+**Files generated per type:**
+- `command` → 3 files: `src/commands/`, `src/core/`, `src/__tests__/core/`
+- `check` → 2 files: `src/core/audit/checks/`, `src/__tests__/core/audit/checks/`
+- `provider` → 2 files: `src/providers/`, `src/__tests__/providers/`
+- `mcp-tool` → 2 files: `src/mcp/tools/`, `src/__tests__/mcp/`
+## Template Reference (Context for LLM)
+After running the script, read the matching reference for registration details:
+| Type       | Reference File                                 |
+|------------|------------------------------------------------|
+| `command`  | references/template-command.md                 |
+| `check`    | references/template-audit-check.md             |
+| `provider` | references/template-provider.md                |
+| `mcp-tool` | references/template-mcp-tool.md                |
+## After Generation
+Perform these steps after creating the boilerplate files:
+- [ ] Write tests first (TDD preferred — test core, not command)
+- [ ] Register the component:
+  - Commands: add import in `src/index.ts`
+  - MCP tools: `registerTool()` in `src/mcp/server.ts`
+  - Providers: add to `PROVIDER_REGISTRY` in `src/constants.ts`
+  - Audit checks: add entry to `src/core/audit/catalog.ts`
+- [ ] Run `npm run build && npm test && npm run lint`
+- [ ] Update README.md
+## Skill/Agent Oluşturma Kuralları (Yeni skill/agent scaffold ediliyorsa)
+Yeni skill veya agent oluşturulurken aşağıdaki koşullar ZORUNLU:
+- [ ] **Ersin kriteri:** scripts/ klasörü oluştur — deterministik iş LLM'e bırakılmayacak
+- [ ] **Progressive disclosure:** SKILL.md < 500 satır, detaylar references/ klasöründe
+- [ ] **Frontmatter:** `effort` + `allowed-tools` ekle (minimum zorunlu)
+- [ ] **Yan etki varsa:** `disable-model-invocation: true` ekle
+- [ ] **Agent ise:** `maxTurns` belirle, `memory` scope tanımla
+- [ ] **Script dili:** Shell (sh/bash) tercih et — Node.js ekosistemiyle uyumlu
+- [ ] **Evaluation:** Gerçek task'ta test et, struggle noktalarını gözlemle