Kastor
Allows using Cloudflare Tunnel to create a secure public URL that forwards to the local Kastor server.
Integrates with Git for version control operations including status, diff, staging, committing, and publishing changes.
Provides a public HTTPS tunnel to expose the local Kastor server to the internet for MCP client access.
Supports Tailscale Funnel to expose the local Kastor server via a Tailscale network for MCP client connections.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Kastorshow git status for the current project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Kastor
Kastor lets ChatGPT, or another MCP client, work with files on your machine.
You choose the folders it can touch. The client can then read files, edit code, run checks, inspect git changes, and use a few Codex-like workflow tools.
Kastor is not another AI agent. It is the local tool server. The thinking still happens in ChatGPT or the MCP client you connect.
flowchart TD
Client["ChatGPT / MCP client"] --> Auth["Owner password approval"]
Auth --> Server["Kastor MCP server"]
Server --> Roots["Allowed project folders"]
Server --> Files["read / write / edit / apply_patch"]
Server --> Search["grep / glob / ls"]
Server --> Git["git status / diff / commit prep"]
Server --> Checks["run checks / self test"]
Server --> Plan["task plan / checkpoint / review / resume"]
Server --> Guard["rule check"]
Server --> Screen["optional Windows computer use"]First Run
Requirements:
Node.js
>=20.12 <27npm
Git
Bash. On Windows, Git Bash is enough.
A public HTTPS tunnel if ChatGPT needs to reach this PC
From a clone:
npm install
npm run build
node dist/cli.js setup-guide
node dist/cli.js init
node dist/cli.js doctor
node dist/cli.js serveWindows users can run:
.\scripts\bootstrap-windows.ps1 -RunInitmacOS and Linux users can run:
bash ./scripts/bootstrap-unix.sh --initThe MCP endpoint you give to ChatGPT is:
https://your-domain.example.com/mcpKASTOR_PUBLIC_BASE_URL should be the origin only:
https://your-domain.example.comRelated MCP server: ai-distiller-mcp
Permissions
Start small.
kastor init asks for one of these presets:
project: only the folder you run setup fromprojects: one or more project folderspower: broad access on a private machine
For public examples, use project or projects.
Do not share a setup that allows C:\, /, or your whole home folder. That is
fine for your own private machine if you know what you are doing. It is a bad
default for anyone else.
If you want full-PC access, make it a private-machine choice. Do not put that in a tutorial, template, screenshot, or shared config.
Config Files
Kastor writes local config here by default:
~/.kastor/config.json
~/.kastor/auth.jsonKeep auth.json private. It contains the owner password used when a client asks
to connect.
Kastor still accepts old DEVSPACE_* environment variables for compatibility,
but new setups should use KASTOR_*.
Important values:
KASTOR_ALLOWED_ROOTS=/absolute/path/to/your/project
KASTOR_PUBLIC_BASE_URL=https://your-domain.example.com
KASTOR_OAUTH_OWNER_TOKEN=change-me-to-a-long-random-secretTunnel
ChatGPT cannot reach 127.0.0.1 on your PC. You need a public HTTPS URL that
forwards to Kastor.
Common choices:
ngrok
Cloudflare Tunnel
Tailscale Funnel
your own reverse proxy
Point the tunnel to:
http://127.0.0.1:7676Then run:
KASTOR_PUBLIC_BASE_URL=https://your-domain.example.com node dist/cli.js serveSee docs/tunnels.md for examples.
Main Tools
open_workspace: open an allowed project folderread,write,edit,apply_patch: inspect and change filesgrep,glob,ls,size_top: find code and filesgit_status,git_diff,git_stage,git_commit,git_publish: inspect and prepare git workrun_checks,self_test: run verificationtask_plan: save objectives, checkpoints, reviews, resume packets, and summariesrule_check: check risky steps before doing themcomputer_use: optional Windows UI control
Safety
Treat an approved MCP client like a developer sitting at your PC.
Allow only folders you are willing to expose.
Review diffs before committing.
Do not commit
.env,~/.kastor/auth.json, tunnel URLs, or logs.Keep
KASTOR_ALLOWED_HOSTSspecific. Do not use*outside debugging.Use a tunnel URL you control.
Before Sharing
Run:
npm run typecheck
npm test
npm run build
npm audit --audit-level=high
npm pack --dry-runCheck for private data:
git status --short
git grep -n "sk-\\|xoxb\\|ghp_\\|GHp"Also inspect:
.env~/.kastor/auth.jsonlogs under
~/.kastortunnel URL files
Those files should stay local and untracked.
npm Name
The plain kastor package name has an old unpublished record on npm, so do not
count on it for public publishing.
Use a scoped package name such as:
@mnod/kastorThe command can still be kastor; the npm package name and CLI command do not
have to match.
More Docs
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mno-d/kastor'
If you have feedback or need assistance with the MCP directory API, please join our Discord server