• feat: Claude Desktop one-click install with safe defaults.
• feat: Download the .mcpb bundle from any release and double-click. Your agent gets list_hosts, get_host and list_containers out of the box. No shell, no container control.
• feat: purple mcp --read-only exposes the same safe trio when wiring up Claude Code, Cursor or any other MCP client by hand.
• feat: Every MCP tool call lands in ~/.purple/mcp-audit.log as JSON. Timestamp, tool, args, outcome, reason. Owner-only file mode. run_command arguments redacted so passwords on shell flags never hit disk. Redirect with --audit-log <PATH> or turn it off with --no-audit.
• feat: Audit log refuses to open through a pre-existing symlink, so a writable-directory attacker cannot redirect writes elsewhere. run_command switched off busy-polling and clamps oversized timeouts, so a runaway agent cannot pin the server.
• feat: Linux musl builds for x86_64 and aarch64 ship next to the existing glibc binaries. Drop the static binary on any distro and run.
• change: Wordmark refreshed with cleaner box-drawing strokes. Same cadence, still a cyan period at the end.