FR ForgeRift

Give Claude a real terminal — without giving Claude the keys.

Claude runs the safe tasks for you — you stay in control of the rest. Reading files, checking logs, running builds, deploying, diagnosing errors — Claude handles those directly, no copy-pasting required. High-risk operations stay permanently blocked and in your hands by design. Every call is checked against a three-tier security model, and every decision is logged.

Honest disclosure. These plugins significantly reduce — but do not eliminate — the need for manual terminal work. A defined set of high-risk operations (file deletion, firewall changes, package removal, credential access, and others) are permanently blocked and will always require you to run them yourself. When Claude hits one, it tells you exactly what to run and why. Additionally, LLMs follow instructions probabilistically: Claude may occasionally suggest "paste this into your terminal" even when the plugin is active. We treat every such instance as a defect and ship mitigations each release.
Open source (MIT) Multi-round adversarial review GREEN allowlist AMBER dry-run gate RED hard-block (140+ patterns, local-terminal)
See the plugins View source on GitHub

Two plugins, one trust model

Windows 10 / 11 · Claude Desktop + Cowork (Cowork mode is an optional Anthropic feature for autonomous multi-step tasks)

local-terminal

Audited access to your local Windows machine. No inbound network port — runs as a child process spawned by Claude Desktop.
  • 8 structured tools — file listing, read, search, git, npm, system info, escape hatch.
  • .mcpb extension — installs directly into Claude Desktop. No Windows Service or configuration files required.
  • 140+ RED patterns across 27 categories block deletion, shutdown, code exec, exfiltration, credential access, persistence.
  • Sensitive files protected.env, .ssh, credential stores blocked even from read tools.
Repo & install →
Ubuntu 20.04+ / Debian 11+ · Claude Desktop + Cowork

vps-control

Audited access to a Linux VPS you already run.
  • 17 structured tools — PM2 status, deploy pipeline, git, stdout & error logs, file reads, system health, audit log.
  • Supabase bearer token auth with subscription plan validation, TLS via sslip.io + Let's Encrypt out of the box.
  • 116+ RED patterns across 21 categories block deletion, reboot, shell invocation, DB writes, package install, privilege escalation.
  • Symlink realpath check and path allowlist keep file reads inside declared directories.
Repo & install →

How we keep Claude from doing the wrong thing

Every command Claude tries to run passes through a three-tier classifier before the plugin executes anything. No shell is invoked. No single tool bypasses the check. Audit logs go to disk with token and secret redaction. When configured, the AI safety layer consumes Anthropic API tokens billed to your account.

RED — hard-blocked

File deletion, shutdown, code exec via PowerShell/bash -c, curl/wget/scp/ssh, database writes, privilege escalation, Unicode homoglyphs, newline injection. No override, no flag, no escape.

AMBER — dry-run gate

Bulk copies, find -exec, wildcard renames, package updates. First call forces dry_run=true with a visible warning; a second explicit call is required to execute.

GREEN — allowed & logged

Everything else. Timeout-capped per call, redacted audit log, and a dry-run-first gate on the escape-hatch tool. The boring tier by design.

Honest disclosure. These plugins significantly reduce — but do not eliminate — the need for manual terminal work. By design, a defined set of high-risk operations (file deletion, firewall changes, package removal, credential access, and others) are permanently blocked and will always require you to run them yourself. When Claude hits one of those, it tells you exactly what to run and why. For everything else — reads, logs, builds, deploys, diagnostics — Claude handles it without your intervention. Additionally, LLMs follow instructions probabilistically: Claude may occasionally suggest "paste this into your terminal" even when the plugin is active. We treat every such instance as a defect and ship mitigations each release.

Pricing

All plans include a 14-day free trial — no charge during the trial period. Subscriptions are otherwise non-refundable except for confirmed ForgeRift billing errors, prorated convenience-termination refunds, and applicable statutory consumer rights — see Terms §6.5.

⚠️ local-terminal-mcp: Windows 10 / 11 only. vps-control-mcp is accessible from any OS that runs Claude Desktop. macOS support for local-terminal-mcp is planned for a future release.

Individual
$14.99
per month — one plugin
or $149 / yr — save $31  ($179.88)
  • All tools for your chosen plugin
  • Email support available
vps-control
Try free — 14 days Get annual — $149/yr — save $31
local-terminal
Try free — 14 days Get annual — $149/yr — save $31
Bundle (best value)
$19.99
per month — both plugins
or $199 / yr — save $41  ($239.88)
  • All local-terminal tools
  • All vps-control tools
  • Email support available
Try Bundle free — 14 days Get annual — $199/yr — save $41
Founder Cohort
$9.99
per month — Individual  /  $14.99 — Bundle
  • Individual plugin — $9.99/mo rate-locked while subscription stays active
  • Bundle — $14.99/mo rate-locked while subscription stays active
  • Monthly billing only — no annual option
  • First 100 paid subscribers or 3 months after the marketplace listing date — whichever comes first
🔒 Rate lock requires an active subscription. Canceling permanently forfeits your Founder price — it cannot be reclaimed after lapse.
Claim vps-control Founder Claim local-terminal Founder Claim Bundle Founder
Founder Cohort pricing is rate-locked while your subscription remains continuously active. Canceling permanently forfeits your Founder price — it cannot be reclaimed after lapse.