FR ForgeRift

Give Claude a real terminal — without giving Claude the keys.

Claude runs the safe tasks for you — you stay in control of the rest. Reading files, checking logs, running builds, deploying, diagnosing errors — Claude handles those directly, no copy-pasting required. High-risk operations stay permanently blocked and in your hands by design. Every call is checked against a three-tier security model, and every decision is logged.

Honest disclosure. These plugins significantly reduce — but do not eliminate — the need for manual terminal work. A defined set of high-risk operations (file deletion, firewall changes, package removal, credential access, and others) are permanently blocked and will always require you to run them yourself. When Claude hits one, it tells you exactly what to run and why. Additionally, LLMs follow instructions probabilistically: Claude may occasionally suggest "paste this into your terminal" even when the plugin is active. We treat every such instance as a defect and ship mitigations each release.
Open source (MIT) Multi-round adversarial review GREEN allowlist AMBER dry-run default RED hard-block (140+ patterns, local-terminal)
See the plugins View source on GitHub

Two plugins, one trust model

Windows 10 / 11 · Claude Desktop + Cowork (Cowork mode is an optional Anthropic feature for autonomous multi-step tasks)

local-terminal

Audited access to your local Windows machine. No inbound network port — runs as a child process spawned by Claude Desktop.
  • 8 structured tools — file listing, read, search, git, npm, system info, escape hatch.
  • .mcpb extension — installs directly into Claude Desktop. No Windows Service or configuration files required.
  • 140+ RED patterns across 27 categories block deletion, shutdown, code exec, exfiltration, credential access, persistence.
  • Sensitive files protected.env, .ssh, credential stores blocked even from read tools.
Repo & install →
Ubuntu 20.04+ / Debian 11+ · Claude Desktop + Cowork

vps-control

Audited access to a Linux VPS you already run.
  • 17 structured tools — PM2 status, deploy pipeline, git, stdout & error logs, file reads, system health, audit log.
  • Supabase bearer token auth with subscription plan validation, TLS via sslip.io + Let's Encrypt out of the box.
  • 116+ RED patterns across 21 categories block deletion, reboot, shell invocation, DB writes, package install, privilege escalation.
  • Symlink realpath check and path allowlist keep file reads inside declared directories.
Repo & install →

How we keep Claude from doing the wrong thing

Every command Claude tries to run passes through a three-tier classifier before the plugin executes anything. Structured tools execute fixed allowlisted operations (no user-provided command string reaches the security classifier); only the run_command escape hatch accepts arbitrary command text. The pipeline runs in order: Layer 1 hard-block static patterns (HARD_BLOCKED_PATTERNS, 140+ patterns across 27 categories) reject instantly; then — if an Anthropic API key is configured — two parallel AI safety checks (Layer 2 + Layer 3); then the remaining RED static pattern checks (BLOCKED_PATTERNS); then the AMBER warning classifier. No single tool bypasses the check. Audit logs go to disk with token and secret redaction. Without an Anthropic API key (or if the API call fails), the AI classification layers are silently skipped and the plugin falls back to the static RED block list plus AMBER dry-run warnings only. Set LAYER_STRICT_MODE=true to block on API failure instead of skipping.

RED — hard-blocked

File deletion, shutdown, code exec via PowerShell/bash -c, curl/wget/scp/ssh, database writes, privilege escalation, Unicode homoglyphs, newline injection (each line is checked independently against the block list). No override, no flag, no escape for the hard-blocked categories.

AMBER — dry-run default

Bulk copies, find -exec, sed -i, wildcard renames. dry_run=true is the default; an AMBER match fires a visible warning. Passing dry_run=false on the first call executes immediately — the recommended workflow is to preview first, then confirm.

GREEN — allowed & logged

Everything else. Timeout-capped per call, redacted audit log, and a dry-run-first gate on the escape-hatch tool. The boring tier by design.

Honest disclosure. These plugins significantly reduce — but do not eliminate — the need for manual terminal work. By design, a defined set of high-risk operations (file deletion, firewall changes, package removal, credential access, and others) are permanently blocked and will always require you to run them yourself. When Claude hits one of those, it tells you exactly what to run and why. For everything else — reads, logs, builds, deploys, diagnostics — Claude handles it without your intervention. Additionally, LLMs follow instructions probabilistically: Claude may occasionally suggest "paste this into your terminal" even when the plugin is active. We treat every such instance as a defect and ship mitigations each release.

Pricing

All plans include a 14-day free trial — no charge during the trial period. Subscriptions are otherwise non-refundable except for confirmed ForgeRift billing errors, prorated convenience-termination refunds, and applicable statutory consumer rights — see Terms §6.5.

⚠️ local-terminal-mcp: Windows 10 / 11 only. vps-control-mcp is accessible from any OS that runs Claude Desktop. macOS support for local-terminal-mcp is planned for a future release.

Individual
$14.99
per month — one plugin
or $149 / yr — save $31  ($179.88)
  • All tools for your chosen plugin
  • Email support available
vps-control
Try free — 14 days Get annual — $149/yr — save $31
local-terminal
Try free — 14 days Get annual — $149/yr — save $31
Bundle (best value)
$19.99
per month — both plugins
or $199 / yr — save $41  ($239.88)
  • All local-terminal tools
  • All vps-control tools
  • Email support available
Try Bundle free — 14 days Get annual — $199/yr — save $41
Founder Cohort
$9.99
per month — Individual  /  $14.99 — Bundle
  • Individual plugin — $9.99/mo rate-locked while subscription stays active
  • Bundle — $14.99/mo rate-locked while subscription stays active
  • Monthly billing only — no annual option
  • First 100 paid subscribers or 3 months after the marketplace listing date — whichever comes first
🔒 Rate lock requires an active subscription. Canceling permanently forfeits your Founder price — it cannot be reclaimed after lapse.
Claim vps-control Founder Claim local-terminal Founder Claim Bundle Founder
Founder Cohort pricing is rate-locked while your subscription remains continuously active. Canceling permanently forfeits your Founder price — it cannot be reclaimed after lapse.