FR ForgeRift

Give Claude a real terminal — without giving Claude the keys.

We run the safe tasks automatically so you don't have to. Reading files, checking logs, running builds, deploying, diagnosing errors — Claude handles those directly, no copy-pasting required. High-risk operations stay permanently blocked and in your hands by design. Every call is checked against a three-tier security model, and every decision is logged.

Source available (BUSL 1.1) Audited — 80+ adversarial findings closed GREEN allowlist AMBER dry-run gate RED hard-block (725+ combined patterns)
See the plugins View source on GitHub

Two plugins, one trust model

Windows 10 / 11 · Claude Desktop + Cowork

local-terminal

Audited access to a local Windows machine, localhost-only.
  • 8 structured tools — file listing, read, search, git, npm, system info, escape hatch.
  • Runs as a Windows Service via NSSM, bound strictly to 127.0.0.1.
  • 450+ RED patterns across 27 categories block deletion, shutdown, code exec, exfiltration, credential access, persistence.
  • Sensitive files protected.env, .ssh, credential stores blocked even from read tools.
Repo & install →
Ubuntu 20.04+ / Debian 11+ · Claude Desktop + Cowork

vps-control

Audited access to a Linux VPS you already run.
  • 17 structured tools — PM2 status, deploy pipeline, git, stdout & error logs, file reads, system health, audit log.
  • OAuth 2.0 + bearer token, TLS via sslip.io + Let's Encrypt out of the box.
  • 275+ RED patterns across 26 categories block deletion, reboot, shell invocation, DB writes, package install, privilege escalation.
  • Symlink realpath check and path allowlist keep file reads inside declared directories.
Repo & install →

See it in action

local-terminal — RED-tier block intercepting a dangerous command before it reaches the shell.

local-terminal RED-tier block demo

vps-control — full deploy pipeline: git pull → build → PM2 restart, driven by Claude.

vps-control deploy pipeline demo

How we keep Claude from doing the wrong thing

Every command Claude tries to run passes through a three-tier classifier before the plugin executes anything. No shell is invoked. No single tool bypasses the check. Audit logs go to disk with token and secret redaction.

RED — hard-blocked

File deletion, shutdown, code exec via PowerShell/bash -c, curl/wget/scp/ssh, database writes, privilege escalation, Unicode homoglyphs, newline injection. No override, no flag, no escape.

AMBER — dry-run gate

Bulk copies, find -exec, wildcard renames, package updates. First call forces dry_run=true with a visible warning; a second explicit call is required to execute.

GREEN — allowed & logged

Everything else. Rate-limited, timeout-capped, redacted audit log, and a hard cap on the escape-hatch tool. The boring tier by design.

Honest disclosure. These plugins significantly reduce — but do not eliminate — the need for manual terminal work. By design, a defined set of high-risk operations (file deletion, firewall changes, package removal, credential access, and others) are permanently blocked and will always require you to run them yourself. When Claude hits one of those, it tells you exactly what to run and why. For everything else — reads, logs, builds, deploys, diagnostics — Claude handles it without your intervention. Additionally, LLMs follow instructions probabilistically: Claude may occasionally suggest "paste this into your terminal" even when the plugin is active. We treat every such instance as a defect and ship mitigations each release.

Pricing

All plans include a 14-day free trial — no charge during the trial period. No refunds after trial ends.

🖥 Windows 10 / 11 only — these plugins run on Claude Desktop for Windows. macOS support is planned for a future release.

Individual
$14.99
per month · one plugin
or $149 / yr — save $31  ($179.88)
  • All tools for your chosen plugin
  • Email support, 1 business day
Try vps-control free Try local-terminal free
Bundle (best value)
$19.99
per month · both plugins
or $199 / yr — save $41  ($239.88)
  • All local-terminal tools
  • All vps-control tools
  • Email support, 1 business day
Try the Bundle free
Founder Cohort
$9.99
per month · Individual  /  $14.99 · Bundle
  • Individual plugin — $9.99/mo locked for life
  • Bundle — $14.99/mo locked for life
  • Monthly billing only — no annual option
  • First 100 subscribers or 3 months post-launch — whichever comes first
⚠ Rate lock requires an active subscription. Canceling permanently forfeits your Founder price — it cannot be reclaimed after lapse.
Claim vps-control Founder Claim local-terminal Founder Claim Bundle Founder
Founder Cohort pricing is locked for the life of your subscription. Canceling permanently forfeits the Founder rate — reactivating after lapse restores access at the then-current price. See the Terms of Service for full details.