@lifeaitools/clauth 1.5.37 → 1.5.39

package/.clauth-skill/SKILL.md

@@ -170,6 +170,38 @@ clauth uninstall --ref R --pat P --yes Skip confirmation
 `vercel` `namecheap` `neo4j` `anthropic`
 `r2` `r2-bucket` `cloudflare` `rocketreach`
 
+Service type `fileserver` — mount configuration for fs tools (UI-only config).
+
+---
+
+## MCP Server (v1.5.38+)
+
+clauth runs as an MCP server with 3 namespaces and 27 tools:
+
+| Path | Namespace | Tools |
+|------|-----------|-------|
+| `/clauth` | `clauth_*` | 13 credential vault tools |
+| `/gws` | `gws_*` | 6 Google Workspace tools |
+| `/fs` | `fs_*` | 8 filesystem tools (read, write, grep, glob, list, delete, mkdir, mounts) |
+| `/mcp` | all | 27 tools combined |
+
+### claude.ai Connector URLs (noauth mode)
+- `https://clauth.regendevcorp.com/clauth` — credential tools
+- `https://clauth.regendevcorp.com/gws` — Google Workspace
+- `https://fs.regendevcorp.com/fs` — filesystem tools
+
+Noauth mode: fresh domains that return 404 on OAuth endpoints. claude.ai connects directly (Anthropic OAuth proxy bug workaround).
+
+### FS Tools
+`fs_read` `fs_write` `fs_list` `fs_grep` `fs_glob` `fs_delete` `fs_mkdir` `fs_mounts`
+
+Path-jail security: all paths resolved against mount root. Permission flags (r/w/d) per mount. Uses `@vscode/ripgrep` for grep, `fast-glob` for glob.
+
+### Testing
+```bash
+node test-tools.mjs    # 25 tool execution tests across all 3 namespaces
+```
+
 ---
 
 ## Troubleshooting

package/README.md

@@ -108,16 +108,102 @@ Nothing stored locally. Password never persisted. Machine hash is one-way only.
 
 ---
 
+## Daemon Mode (`clauth serve`)
+
+clauth runs as an HTTP daemon on `http://127.0.0.1:52437`. The daemon provides:
+
+- **Web UI** — unlock vault, manage services, configure mounts
+- **REST API** — `GET /get/<service>`, `GET /ping`, `POST /restart`, `GET /shutdown`
+- **MCP server** — Model Context Protocol for Claude Code and claude.ai
+- **Cloudflare Tunnel** — exposes MCP endpoints publicly for claude.ai connectors
+
+Start: `clauth serve start` (starts locked, auto-opens browser for unlock).
+
+Full daemon operations reference: see `regen-root/.claude/rules/clauth.md`.
+
+---
+
+## MCP Server — 3 Namespaces, 27 Tools
+
+clauth is the single MCP interface for all local tools. One process, namespaced paths:
+
+| Path | Namespace | Tools | Description |
+|------|-----------|-------|-------------|
+| `/clauth` | `clauth_*` | 13 | Credential vault operations |
+| `/gws` | `gws_*` | 6 | Google Workspace (Gmail, Calendar, Drive) |
+| `/fs` | `fs_*` | 8 | Filesystem (read, write, grep, glob, delete, mkdir, mounts) |
+| `/mcp` | all | 27 | All namespaces combined (Claude Code) |
+
+### FS Tools (v1.5.38)
+
+8 filesystem tools with path-jail security:
+- `fs_read`, `fs_write`, `fs_list`, `fs_grep`, `fs_glob`, `fs_delete`, `fs_mkdir`, `fs_mounts`
+- Uses `node:fs/promises` (async), `@vscode/ripgrep` (shipped binary), `fast-glob`
+- Permission flags per mount: `r` (read), `w` (write), `d` (delete)
+- Mount config stored as "fileserver" service type in vault — only configurable through web UI
+
+### GWS Tools
+
+6 Google Workspace tools: `gws_gmail_list`, `gws_gmail_read`, `gws_gmail_send`, `gws_gmail_draft`, `gws_calendar_list`, `gws_calendar_create`
+- Calls `gws` CLI via `execSync` with `shell: 'bash'` (fixes Windows cmd.exe JSON quoting)
+
+---
+
+## claude.ai Integration
+
+### Noauth Mode (v1.5.38)
+
+claude.ai's OAuth proxy has a confirmed bug ([anthropics/claude-code#46140](https://github.com/anthropics/claude-code/issues/46140), [anthropics/claude-ai-mcp#136](https://github.com/anthropics/claude-ai-mcp/issues/136)): it completes the token exchange but never sends the authenticated request.
+
+**Workaround:** Noauth hosts — fresh domains where OAuth endpoints return 404. claude.ai connects directly (tunnel URL is the shared secret).
+
+### OAuth 2.1 (v1.5.36-37)
+
+Full OAuth 2.1 protocol implementation is present for future use when Anthropic fixes the bug:
+- 401 gate with `WWW-Authenticate` header
+- Dynamic client registration (public client, no secret)
+- Mandatory PKCE S256
+- `Cache-Control: no-store`
+
+### Connector URLs
+
+| Connector | URL |
+|-----------|-----|
+| clauth | `https://clauth.regendevcorp.com/clauth` |
+| gws | `https://clauth.regendevcorp.com/gws` |
+| fs | `https://fs.regendevcorp.com/fs` |
+
+---
+
+## Dependencies (notable)
+
+- `@vscode/ripgrep` — shipped ripgrep binary for `fs_grep`
+- `fast-glob` — pattern matching for `fs_glob`
+
+---
+
+## Testing
+
+```bash
+node test-tools.mjs    # 25 tool execution tests across all 3 namespaces
+```
+
+Tests actual MCP tool calls (not just OAuth + listing).
+
+---
+
 ## Releasing a New Version (maintainers)
 
 ```bash
 # 1. Bump version in package.json
 # 2. Commit and tag
-git tag v0.1.1
-git push --tags
+git tag v1.5.38
+git push && git push --tags
 # GitHub Actions publishes automatically via Trusted Publishing
 ```
 
+**NEVER** commit a version bump without tagging — the tag triggers npm CI.
+
 ---
 
 > Life before Profits. — LIFEAI / PRT

package/cli/commands/serve.js

@@ -17,6 +17,9 @@ import ora from "ora";
 import { execSync as execSyncTop } from "child_process";
 import Conf from "conf";
 import { getConfOptions } from "../conf-path.js";
+import { readdir, readFile, writeFile, rm, mkdir, stat, rename } from "node:fs/promises";
+import fg from "fast-glob";
+import { rgPath } from "@vscode/ripgrep";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "../../package.json"), "utf8"));
@@ -72,9 +75,17 @@ CREATE TABLE IF NOT EXISTS clauth_rotation_log (
 );
 ALTER TABLE clauth_rotation_log ENABLE ROW LEVEL SECURITY;`,
   },
+  {
+    version: 5,
+    name: "005_fileserver_key_type",
+    description: "Add fileserver key_type for filesystem mount configs",
+    type: "safe",
+    sql: `ALTER TABLE clauth_services DROP CONSTRAINT IF EXISTS clauth_services_key_type_check;
+ALTER TABLE clauth_services ADD CONSTRAINT clauth_services_key_type_check CHECK (key_type IN ('token','keypair','connstring','oauth','secret','fileserver'));`,
+  },
 ];
 
-const CURRENT_SCHEMA_VERSION = 4;
+const CURRENT_SCHEMA_VERSION = 5;
 
 // ── Key Rotation Config ─────────────────────────────────────────
 // Per-service rotation capabilities. "auto" services can be rotated programmatically.
@@ -1751,6 +1762,7 @@ const TYPE_LABELS = {
   keypair: "keypair (user:key pair)",
   connstring: "connstring (connection string)",
   oauth: "oauth (OAuth credentials)",
+  fileserver: "fileserver (mount config)",
 };
 
 async function toggleAddService() {
@@ -1768,12 +1780,12 @@ async function toggleAddService() {
     sel.innerHTML = '<option value="">Loading…</option>';
     try {
       const r = await fetch(BASE + "/meta").then(r => r.json());
-      const types = r.key_types || ["token", "secret", "keypair", "connstring", "oauth"];
+      const types = r.key_types || ["token", "secret", "keypair", "connstring", "oauth", "fileserver"];
       sel.innerHTML = types.map(t =>
         \`<option value="\${t}">\${TYPE_LABELS[t] || t}</option>\`
       ).join("");
     } catch {
-      sel.innerHTML = ["token","secret","keypair","connstring","oauth"].map(t =>
+      sel.innerHTML = ["token","secret","keypair","connstring","oauth","fileserver"].map(t =>
         \`<option value="\${t}">\${TYPE_LABELS[t] || t}</option>\`
       ).join("");
     }
@@ -2908,12 +2920,23 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return res.end();
     }
 
+    // ── Hosts that bypass OAuth (fresh domains for claude.ai compatibility) ──
+    const NOAUTH_HOSTS = ["fs.regendevcorp.com", "clauth.regendevcorp.com"];
+    const requestHost = (req.headers.host || "").split(":")[0].toLowerCase();
+    const noAuthHost = NOAUTH_HOSTS.includes(requestHost);
+
     // ── OAuth Discovery (RFC 9728 + RFC 8414) ──────────────
+    // Suppress OAuth discovery on noauth hosts — prevents claude.ai from entering OAuth flow
+    if (noAuthHost && reqPath.startsWith("/.well-known/")) {
+      res.writeHead(404, { "Content-Type": "application/json", ...CORS });
+      return res.end(JSON.stringify({ error: "not_found" }));
+    }
+
     // Restore full well-known + OAuth so custom setup with client_id/secret works.
     if (reqPath.startsWith("/.well-known/oauth-protected-resource")) {
       const base = oauthBase();
       const suffix = reqPath.replace("/.well-known/oauth-protected-resource", "").replace(/^\//, "");
-      const resourcePath = suffix && ["/gws", "/clauth", "/mcp", "/sse"].includes("/" + suffix) ? "/" + suffix : "/sse";
+      const resourcePath = suffix && ["/gws", "/clauth", "/mcp", "/fs", "/sse"].includes("/" + suffix) ? "/" + suffix : "/sse";
       res.writeHead(200, { "Content-Type": "application/json", "Cache-Control": "no-store", ...CORS });
       return res.end(JSON.stringify({
         resource: `${base}${resourcePath}`,
@@ -2940,6 +2963,11 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     }
 
     // ── Dynamic Client Registration (RFC 7591) ──────────────
+    // Block OAuth endpoints on noauth hosts
+    if (noAuthHost && ["/register", "/authorize", "/token"].includes(reqPath)) {
+      res.writeHead(404, { "Content-Type": "application/json", ...CORS });
+      return res.end(JSON.stringify({ error: "not_found" }));
+    }
     if (method === "POST" && reqPath === "/register") {
       let body;
       try { body = await readBody(req); } catch {
@@ -3087,25 +3115,28 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     }
 
     // ── MCP path helpers ──
-    const MCP_PATHS = ["/mcp", "/gws", "/clauth"];
+    const MCP_PATHS = ["/mcp", "/gws", "/clauth", "/fs"];
     const isMcpPath = MCP_PATHS.includes(reqPath);
     function toolsForPath(p) {
       if (p === "/gws")    return MCP_TOOLS.filter(t => t.name.startsWith("gws_"));
-      if (p === "/clauth") return MCP_TOOLS.filter(t => t.name.startsWith("clauth_"));
+      if (p === "/clauth") return MCP_TOOLS.filter(t => t.name.startsWith("clauth_") || t.name === "monkey_dispatch");
+      if (p === "/fs")     return MCP_TOOLS.filter(t => t.name.startsWith("fs_"));
       return MCP_TOOLS; // /mcp — all tools
     }
     function serverNameForPath(p) {
       if (p === "/gws")    return "gws";
       if (p === "/clauth") return "clauth";
+      if (p === "/fs")     return "fs";
       return "clauth";
     }
 
     // ── MCP endpoint auth — 401 gate (OAuth 2.1 protocol) ──
+    // Skipped for noauth hosts — those domains use tunnel URL as shared secret (like regen-media)
     if (method === "POST" && (reqPath === "/sse" || isMcpPath)) {
       const authHeader = req.headers.authorization;
       const token = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
 
-      if (!token || !oauthTokens.has(token)) {
+      if (!noAuthHost && (!token || !oauthTokens.has(token))) {
         // No valid Bearer token → return 401 with discovery hint
         const base = oauthBase();
         const resourcePath = isMcpPath ? reqPath.slice(1) : "sse"; // "mcp", "gws", "clauth", or "sse"
@@ -3440,6 +3471,29 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return;
     }
 
+    // POST /dispatch — spawn a headless Claude CLI worker for monkey skill queue
+    if (method === "POST" && reqPath === "/dispatch") {
+      let body = "";
+      req.on("data", d => body += d);
+      req.on("end", () => {
+        try {
+          const { prompt, job_id } = JSON.parse(body);
+          if (!prompt) {
+            res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+            return res.end(JSON.stringify({ error: "prompt required" }));
+          }
+          const result = spawnClaudeTask(prompt, job_id || "untracked");
+          const status = result.error ? 503 : 200;
+          res.writeHead(status, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify(result));
+        } catch {
+          res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify({ error: "invalid JSON" }));
+        }
+      });
+      return;
+    }
+
     // GET|POST /shutdown (for daemon stop — programmatic, keeps boot.key)
     // Accept POST as well — older scripts and curl default to POST
     if ((method === "GET" || method === "POST") && reqPath === "/shutdown") {
@@ -3571,11 +3625,11 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
         const statusResult = await api.status(password, machineHash, token, timestamp);
         const existingTypes = [...new Set((statusResult.services || []).map(s => s.key_type).filter(Boolean))];
         // Merge with known types (in case no service of that type exists yet)
-        const knownTypes = ["token", "secret", "keypair", "connstring", "oauth"];
+        const knownTypes = ["token", "secret", "keypair", "connstring", "oauth", "fileserver"];
         const allTypes = [...new Set([...knownTypes, ...existingTypes])];
         return ok(res, { key_types: allTypes });
       } catch (err) {
-        return ok(res, { key_types: ["token", "secret", "keypair", "connstring", "oauth"] });
+        return ok(res, { key_types: ["token", "secret", "keypair", "connstring", "oauth", "fileserver"] });
       }
     }
 
@@ -4398,7 +4452,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
         res.writeHead(400, { "Content-Type": "application/json", ...CORS });
         return res.end(JSON.stringify({ error: "name is required" }));
       }
-      const validTypes = ["token", "keypair", "connstring", "oauth", "secret"];
+      const validTypes = ["token", "keypair", "connstring", "oauth", "secret", "fileserver"];
       const type = (key_type || "token").toLowerCase();
       if (!validTypes.includes(type)) {
         res.writeHead(400, { "Content-Type": "application/json", ...CORS });
@@ -4765,6 +4819,53 @@ async function actionForeground(opts) {
 import { createInterface } from "readline";
 import { execSync, spawn as spawnProc } from "child_process";
 
+// ── Monkey dispatch — headless Claude CLI worker ─────────────────
+function findClaudeBinary() {
+  const candidates = [
+    process.env.CLAUDE_BIN,
+    path.join(process.env.APPDATA || '', 'npm', 'claude.cmd'),
+    path.join(process.env.APPDATA || '', 'npm', 'claude'),
+    'claude', // PATH fallback
+  ].filter(Boolean);
+
+  for (const c of candidates) {
+    try {
+      execSync(`"${c}" --version`, { stdio: 'ignore', timeout: 3000 });
+      return c;
+    } catch {}
+  }
+  return null;
+}
+
+let activeCliWorkers = 0;
+const MAX_CLI_WORKERS = 2;
+
+function spawnClaudeTask(prompt, jobId) {
+  if (activeCliWorkers >= MAX_CLI_WORKERS) {
+    return { error: 'concurrency_limit', message: `Max ${MAX_CLI_WORKERS} CLI workers active` };
+  }
+  const binary = findClaudeBinary();
+  if (!binary) {
+    return { error: 'binary_not_found', message: 'claude CLI not found in PATH or AppData/npm' };
+  }
+
+  activeCliWorkers++;
+  const proc = spawnProc(binary, ['-p', prompt, '--dangerously-skip-permissions'], {
+    cwd: 'C:/Dev/regen-root',
+    env: process.env,
+    stdio: ['ignore', 'pipe', 'pipe'],
+    shell: true,
+  });
+
+  const startedAt = Date.now();
+  proc.on('close', (code) => {
+    activeCliWorkers--;
+    console.log(`[monkey] job ${jobId} exited code=${code} in ${Date.now() - startedAt}ms`);
+  });
+
+  return { status: 'spawned', pid: proc.pid, jobId, activeWorkers: activeCliWorkers };
+}
+
 const ENV_MAP = {
   "github":           "GITHUB_TOKEN",
   "supabase-anon":    "NEXT_PUBLIC_SUPABASE_ANON_KEY",
@@ -4782,6 +4883,60 @@ const ENV_MAP = {
   "gmail":            "GMAIL_CREDENTIALS",
 };
 
+// ── Filesystem service config — loaded from clauth vault ──
+let _fsMountsCache = null;
+let _fsMountsCacheTime = 0;
+const FS_CACHE_TTL = 60000; // 1 minute
+
+async function getFileserverMounts(vault) {
+  if (!vault.password) return { error: "Vault is locked — unlock first" };
+  const now = Date.now();
+  if (_fsMountsCache && now - _fsMountsCacheTime < FS_CACHE_TTL) return { mounts: _fsMountsCache };
+
+  try {
+    const { token, timestamp } = deriveToken(vault.password, vault.machineHash);
+    const result = await api.status(vault.password, vault.machineHash, token, timestamp);
+    if (result.error) return { error: result.error };
+    const mounts = [];
+    for (const s of (result.services || [])) {
+      if (s.key_type === "fileserver" && s.enabled) {
+        try {
+          const { token: t2, timestamp: ts2 } = deriveToken(vault.password, vault.machineHash);
+          const secret = await api.retrieve(vault.password, vault.machineHash, t2, ts2, s.name);
+          if (secret.value) {
+            const config = JSON.parse(secret.value);
+            mounts.push({ name: s.name, path: config.path, access: config.access || "r" });
+          }
+        } catch {}
+      }
+    }
+    _fsMountsCache = mounts;
+    _fsMountsCacheTime = now;
+    return { mounts };
+  } catch (err) {
+    return { error: `Mount lookup failed: ${err.message}` };
+  }
+}
+
+async function resolveInMount(requestedPath, mountName, vault) {
+  const { mounts, error } = await getFileserverMounts(vault);
+  if (error) return { error };
+  if (!mounts || mounts.length === 0) return { error: "No fileserver services configured. Add one with key_type='fileserver' and value: {\"path\": \"C:/Dev/regen-root\", \"access\": \"rwd\"}" };
+  const mount = mountName ? mounts.find(m => m.name === mountName) : mounts[0];
+  if (!mount) return { error: `Mount '${mountName}' not found. Available: ${mounts.map(m => m.name).join(", ")}` };
+  if (!mount.path) return { error: `Fileserver '${mount.name}' has no path configured` };
+  const resolved = path.resolve(mount.path, requestedPath);
+  const normalized = path.normalize(resolved);
+  if (!normalized.startsWith(path.normalize(mount.path))) {
+    return { error: `Path escapes mount: ${requestedPath}` };
+  }
+  return { resolved: normalized, mount };
+}
+
+function checkAccess(mount, flag) {
+  return mount.access.includes(flag);
+}
+
 const MCP_TOOLS = [
   {
     name: "clauth_ping",
@@ -4877,6 +5032,19 @@ const MCP_TOOLS = [
     description: "Test whether the clauth MCP connector is reachable via the Cloudflare tunnel. Returns connectivity status and tunnel URL.",
     inputSchema: { type: "object", properties: {}, additionalProperties: false }
   },
+  {
+    name: "monkey_dispatch",
+    description: "Dispatch a skill job to a headless Claude Code CLI worker. Spawns claude -p with the given prompt in C:/Dev/regen-root. Max 2 concurrent workers.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        prompt:  { type: "string", description: "Full prompt for the CLI worker to execute" },
+        job_id:  { type: "string", description: "monkey_jobs UUID for tracking" },
+      },
+      required: ["prompt"],
+      additionalProperties: false,
+    },
+  },
 
   // ── Google Workspace (gws CLI) ──────────────────────────────────────────
   {
@@ -4959,6 +5127,110 @@ const MCP_TOOLS = [
       additionalProperties: false
     }
   },
+  // ── Filesystem tools ──
+  {
+    name: "fs_read",
+    description: "Read a file. Returns UTF-8 text with line numbers. Supports offset/limit for large files.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Relative path within mount (e.g. 'packages/ui/src/index.ts')" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+        offset: { type: "number", description: "Start line (0-based, default 0)" },
+        limit: { type: "number", description: "Max lines to return (default 500)" },
+      },
+      required: ["path"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_write",
+    description: "Write content to a file. Creates parent directories if needed. Overwrites existing file.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Relative path within mount" },
+        content: { type: "string", description: "File content to write" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      required: ["path", "content"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_list",
+    description: "List directory contents with file type, size, and modification time.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Relative directory path (default: mount root)" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_grep",
+    description: "Search file contents using ripgrep. Returns matching lines with context. Spawns rg process.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        pattern: { type: "string", description: "Regex pattern to search for" },
+        path: { type: "string", description: "Relative path to search in (default: mount root)" },
+        glob: { type: "string", description: "File glob filter (e.g. '*.ts', '*.{js,tsx}')" },
+        context: { type: "number", description: "Lines of context around matches (default 0)" },
+        max_results: { type: "number", description: "Max matches (default 50)" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      required: ["pattern"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_glob",
+    description: "Find files by glob pattern. Returns matching file paths relative to mount.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        pattern: { type: "string", description: "Glob pattern (e.g. '**/*.tsx', 'apps/*/package.json')" },
+        path: { type: "string", description: "Relative base path (default: mount root)" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      required: ["pattern"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_delete",
+    description: "Delete a file or empty directory.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Relative path to delete" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      required: ["path"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_mkdir",
+    description: "Create a directory (recursive — creates parents if needed).",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Relative directory path to create" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      required: ["path"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_mounts",
+    description: "List configured filesystem mounts (fileserver services from vault).",
+    inputSchema: { type: "object", properties: {}, additionalProperties: false },
+  },
 ];
 
 function writeTempSecret(service, value) {
@@ -4987,6 +5259,9 @@ function mcpError(text) {
   return { content: [{ type: "text", text }], isError: true };
 }
 
+// Windows cmd.exe doesn't support single quotes — use bash for gws JSON args
+const GWS_EXEC_OPTS = { encoding: "utf8", timeout: 30000, windowsHide: true, shell: os.platform() === "win32" ? "bash" : undefined };
+
 async function handleMcpTool(vault, name, args) {
   switch (name) {
     case "clauth_ping": {
@@ -5260,7 +5535,7 @@ async function handleMcpTool(vault, name, args) {
       if (params) cmdArgs.push("--params", `'${JSON.stringify(params)}'`);
       if (body) cmdArgs.push("--json", `'${JSON.stringify(body)}'`);
       try {
-        const raw = execSyncTop(["gws", ...cmdArgs].join(" "), { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(["gws", ...cmdArgs].join(" "), GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) {
         return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`);
@@ -5271,7 +5546,7 @@ async function handleMcpTool(vault, name, args) {
       const p = { userId: "me", maxResults: args.max_results ?? 10 };
       if (args.query) p.q = args.query;
       try {
-        const raw = execSyncTop(`gws gmail users messages list --params '${JSON.stringify(p)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws gmail users messages list --params '${JSON.stringify(p)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
@@ -5279,7 +5554,7 @@ async function handleMcpTool(vault, name, args) {
     case "gws_gmail_read": {
       const p = { userId: "me", id: args.message_id, format: "full" };
       try {
-        const raw = execSyncTop(`gws gmail users messages get --params '${JSON.stringify(p)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws gmail users messages get --params '${JSON.stringify(p)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
@@ -5291,7 +5566,7 @@ async function handleMcpTool(vault, name, args) {
       const encoded = Buffer.from(lines.join("\r\n")).toString("base64url");
       const bodyObj = { userId: "me", resource: { raw: encoded } };
       try {
-        const raw = execSyncTop(`gws gmail users messages send --json '${JSON.stringify(bodyObj)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws gmail users messages send --json '${JSON.stringify(bodyObj)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
@@ -5301,7 +5576,7 @@ async function handleMcpTool(vault, name, args) {
       if (args.time_min) p.timeMin = args.time_min;
       if (args.time_max) p.timeMax = args.time_max;
       try {
-        const raw = execSyncTop(`gws calendar events list --params '${JSON.stringify(p)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws calendar events list --params '${JSON.stringify(p)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
@@ -5310,11 +5585,183 @@ async function handleMcpTool(vault, name, args) {
       const p = { pageSize: args.max_results ?? 10, fields: "files(id,name,mimeType,modifiedTime,size,webViewLink)" };
       if (args.query) p.q = args.query;
       try {
-        const raw = execSyncTop(`gws drive files list --params '${JSON.stringify(p)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws drive files list --params '${JSON.stringify(p)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
 
+    // ── Filesystem tools ──────────────────────────────────────
+
+    case "fs_read": {
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
+      try {
+        const content = await readFile(r.resolved, "utf8");
+        const lines = content.split("\n");
+        const offset = args.offset || 0;
+        const limit = args.limit || 500;
+        const slice = lines.slice(offset, offset + limit);
+        const numbered = slice.map((line, i) => `${offset + i + 1}\t${line}`).join("\n");
+        const header = `${r.resolved} (${lines.length} lines${offset > 0 ? `, showing ${offset + 1}-${Math.min(offset + limit, lines.length)}` : ""})`;
+        return mcpResult(`${header}\n${numbered}`);
+      } catch (err) {
+        if (err.code === "ENOENT") return mcpError(`File not found: ${args.path}`);
+        return mcpError(`Read failed: ${err.message}`);
+      }
+    }
+
+    case "fs_write": {
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
+      try {
+        await mkdir(path.dirname(r.resolved), { recursive: true });
+        await writeFile(r.resolved, args.content, "utf8");
+        return mcpResult(`Written: ${args.path} (${Buffer.byteLength(args.content)} bytes)`);
+      } catch (err) {
+        return mcpError(`Write failed: ${err.message}`);
+      }
+    }
+
+    case "fs_list": {
+      const dirPath = args.path || ".";
+      const r = await resolveInMount(dirPath, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
+      try {
+        const entries = await readdir(r.resolved, { withFileTypes: true });
+        const results = [];
+        for (const entry of entries) {
+          try {
+            const s = await stat(path.join(r.resolved, entry.name));
+            results.push({
+              name: entry.name,
+              type: entry.isDirectory() ? "dir" : "file",
+              size: s.size,
+              modified: s.mtime.toISOString(),
+            });
+          } catch {
+            results.push({ name: entry.name, type: entry.isDirectory() ? "dir" : "file" });
+          }
+        }
+        return mcpResult(JSON.stringify(results, null, 2));
+      } catch (err) {
+        if (err.code === "ENOENT") return mcpError(`Directory not found: ${dirPath}`);
+        return mcpError(`List failed: ${err.message}`);
+      }
+    }
+
+    case "fs_grep": {
+      const searchPath = args.path || ".";
+      const r = await resolveInMount(searchPath, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
+
+      const maxResults = args.max_results || 50;
+      const rgArgs = [
+        "--no-heading", "--line-number", "--color", "never",
+        "--max-count", String(maxResults),
+      ];
+      if (args.context) rgArgs.push("-C", String(args.context));
+      if (args.glob) rgArgs.push("--glob", args.glob);
+      rgArgs.push(args.pattern, r.resolved);
+
+      return new Promise((resolve) => {
+        let output = "";
+        let killed = false;
+        const proc = spawnProc(rgPath, rgArgs, { timeout: 15000, windowsHide: true });
+
+        proc.stdout.on("data", (chunk) => {
+          output += chunk.toString();
+          if (output.length > 65536) { // 64KB cap
+            killed = true;
+            proc.kill();
+          }
+        });
+        proc.stderr.on("data", () => {}); // ignore stderr
+
+        proc.on("close", (code) => {
+          if (killed) {
+            resolve(mcpResult(output.slice(0, 65536) + "\n... (output truncated at 64KB)"));
+          } else if (code === 1) {
+            resolve(mcpResult("No matches found"));
+          } else if (output) {
+            // Make paths relative to mount
+            const mountNorm = r.mount.path.replace(/\\/g, "/");
+            const cleaned = output.replace(new RegExp(mountNorm.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') + "/?", "g"), "");
+            resolve(mcpResult(cleaned));
+          } else {
+            resolve(mcpResult("No matches found"));
+          }
+        });
+
+        proc.on("error", (err) => {
+          resolve(mcpError(`Grep failed: ${err.message}`));
+        });
+      });
+    }
+
+    case "fs_glob": {
+      const basePath = args.path || ".";
+      const r = await resolveInMount(basePath, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
+      try {
+        const matches = await fg(args.pattern, {
+          cwd: r.resolved,
+          dot: false,
+          onlyFiles: true,
+          ignore: ["**/node_modules/**", "**/.git/**"],
+        });
+        if (matches.length === 0) return mcpResult("No files matched");
+        return mcpResult(matches.sort().join("\n"));
+      } catch (err) {
+        return mcpError(`Glob failed: ${err.message}`);
+      }
+    }
+
+    case "fs_delete": {
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "d")) return mcpError("Delete access denied on this mount");
+      try {
+        const s = await stat(r.resolved);
+        await rm(r.resolved, { recursive: s.isDirectory() });
+        return mcpResult(`Deleted: ${args.path}`);
+      } catch (err) {
+        if (err.code === "ENOENT") return mcpError(`Not found: ${args.path}`);
+        return mcpError(`Delete failed: ${err.message}`);
+      }
+    }
+
+    case "fs_mkdir": {
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
+      try {
+        await mkdir(r.resolved, { recursive: true });
+        return mcpResult(`Created: ${args.path}`);
+      } catch (err) {
+        return mcpError(`Mkdir failed: ${err.message}`);
+      }
+    }
+
+    case "fs_mounts": {
+      const { mounts, error } = await getFileserverMounts(vault);
+      if (error) return mcpError(error);
+      if (!mounts || mounts.length === 0) return mcpResult("No fileserver mounts configured. Create one:\n1. Use clauth dashboard or clauth_enable to add a service with key_type='fileserver'\n2. Set the secret value to JSON: {\"path\": \"C:/Dev/regen-root\", \"access\": \"rwd\"}");
+      return mcpResult(JSON.stringify(mounts, null, 2));
+    }
+
+    case "monkey_dispatch": {
+      const { prompt, job_id } = args;
+      if (!prompt) return mcpError("prompt required");
+      const result = spawnClaudeTask(prompt, job_id || "untracked");
+      if (result.error) return mcpError(`${result.error}: ${result.message}`);
+      return mcpResult(JSON.stringify(result));
+    }
+
     default:
       return mcpError(`Unknown tool: ${name}`);
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lifeaitools/clauth",
-  "version": "1.5.37",
+  "version": "1.5.39",
   "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
   "type": "module",
   "bin": {
@@ -19,7 +19,9 @@
     "conf": "^13.0.0",
     "inquirer": "^10.1.0",
     "node-fetch": "^3.3.2",
-    "ora": "^8.1.0"
+    "ora": "^8.1.0",
+    "@vscode/ripgrep": "^1.15.9",
+    "fast-glob": "^3.3.2"
   },
   "engines": {
     "node": ">=18.0.0"