FR ForgeRift

Give Claude a real terminal — without giving Claude the keys.

We run the safe tasks automatically so you don't have to. Reading files, checking logs, running builds, deploying, diagnosing errors — Claude handles those directly, no copy-pasting required. High-risk operations stay permanently blocked and in your hands by design. Every call is checked against a three-tier security model, and every decision is logged.

Open source (MIT) Audited · 80+ adversarial findings closed GREEN allowlist AMBER dry-run gate RED hard-block (140+ patterns, local-terminal)
See the plugins View source on GitHub

Two plugins, one trust model

Windows 10 / 11 · Claude Desktop + Cowork

local-terminal

Audited access to your local Windows machine. No network port — runs in-process via Claude Desktop.
  • 8 structured tools — file listing, read, search, git, npm, system info, escape hatch.
  • .mcpb extension — installs directly into Claude Desktop. No Windows Service or configuration files required.
  • 140+ RED patterns across 27 categories block deletion, shutdown, code exec, exfiltration, credential access, persistence.
  • Sensitive files protected.env, .ssh, credential stores blocked even from read tools.
Repo & install →
Ubuntu 20.04+ / Debian 11+ · Claude Desktop + Cowork

vps-control

Audited access to a Linux VPS you already run.
  • 17 structured tools — PM2 status, deploy pipeline, git, stdout & error logs, file reads, system health, audit log.
  • Supabase bearer token auth with subscription plan validation, TLS via sslip.io + Let's Encrypt out of the box.
  • 116+ RED patterns across 21 categories block deletion, reboot, shell invocation, DB writes, package install, privilege escalation.
  • Symlink realpath check and path allowlist keep file reads inside declared directories.
Repo & install →

How we keep Claude from doing the wrong thing

Every command Claude tries to run passes through a three-tier classifier before the plugin executes anything. No shell is invoked. No single tool bypasses the check. Audit logs go to disk with token and secret redaction.

RED — hard-blocked

File deletion, shutdown, code exec via PowerShell/bash -c, curl/wget/scp/ssh, database writes, privilege escalation, Unicode homoglyphs, newline injection. No override, no flag, no escape.

AMBER — dry-run gate

Bulk copies, find -exec, wildcard renames, package updates. First call forces dry_run=true with a visible warning; a second explicit call is required to execute.

GREEN — allowed & logged

Everything else. Rate-limited, timeout-capped, redacted audit log, and a hard cap on the escape-hatch tool. The boring tier by design.

Honest disclosure. These plugins significantly reduce — but do not eliminate — the need for manual terminal work. By design, a defined set of high-risk operations (file deletion, firewall changes, package removal, credential access, and others) are permanently blocked and will always require you to run them yourself. When Claude hits one of those, it tells you exactly what to run and why. For everything else — reads, logs, builds, deploys, diagnostics — Claude handles it without your intervention. Additionally, LLMs follow instructions probabilistically: Claude may occasionally suggest "paste this into your terminal" even when the plugin is active. We treat every such instance as a defect and ship mitigations each release.

Pricing

All plans include a 14-day free trial — no charge during the trial period. No refunds after trial ends.

⚠️ Windows 10 / 11 only — these plugins run on Claude Desktop for Windows. macOS support is planned for a future release.

Individual
$14.99
per month — one plugin
or $149 / yr — save $31  ($179.88)
  • All tools for your chosen plugin
  • Email support available
vps-control
Try free — 14 days Get annual — $149/yr — save $31
local-terminal
Try free — 14 days Get annual — $149/yr — save $31
Bundle (best value)
$19.99
per month — both plugins
or $199 / yr — save $41  ($239.88)
  • All local-terminal tools
  • All vps-control tools
  • Email support available
Try Bundle free — 14 days Get annual — $199/yr — save $41
Founder Cohort
$9.99
per month — Individual  /  $14.99 — Bundle
  • Individual plugin — $9.99/mo locked for life
  • Bundle — $14.99/mo locked for life
  • Monthly billing only — no annual option
  • First 100 subscribers or 3 months post-launch — whichever comes first
🔒 Rate lock requires an active subscription. Canceling permanently forfeits your Founder price — it cannot be reclaimed after lapse.
Claim vps-control Founder Claim local-terminal Founder Claim Bundle Founder
Founder Cohort pricing is locked for the life of your subscription. Canceling permanently forfeits the Founder rate — reactivating after lapse restores access at the then-current price. See the Terms of Service for full details.