v1.0.0 — Dispatcher refactor, parallel SSH, base64 hardening, smoke test

thefoxup is a secure, lightweight Bash tool for updating Debian/Ubuntu servers — locally or remotely via SSH, with YAML configuration and parallel execution.

Features

• Three update modes: lite (update only), full (update + reboot), off (update + shutdown), check (read-only status)
• Remote execution: parallel SSH with configurable concurrency (THEFOXUP_MAX_PARALLEL, default 10)
• Atomic locking: flock-based with signal-safe release — no stale locks
• Input validation: mode whitelisted, host/user/path validated via regex allowlists
• Injection prevention: SSH paths base64-encoded, SSH mode whitelist on remote side
• Non-interactive CLI: sudo ./foxup.sh lite|full|off [--yes] [--remote|--all]
• Configurable: 10+ environment variables for timeouts, SSH options, log rotation
• Safety: PIPESTATUS captured after apt + tee — no silent failures
• Logging: one file per run, auto-cleaned after 30 days, chmod 600

Security

• Only key-based SSH authentication (no password/sshpass)
• servers.yaml gitignored, remote paths base64-encoded
• --force-confold on dist-upgrade to preserve existing configs
• SSH agent detection — sequential fallback when no agent available