@lifeaitools/clauth 1.5.38 → 1.5.40

package/.clauth-skill/SKILL.md

@@ -170,6 +170,38 @@ clauth uninstall --ref R --pat P --yes Skip confirmation
 `vercel` `namecheap` `neo4j` `anthropic`
 `r2` `r2-bucket` `cloudflare` `rocketreach`
 
+Service type `fileserver` — mount configuration for fs tools (UI-only config).
+
+---
+
+## MCP Server (v1.5.38+)
+
+clauth runs as an MCP server with 3 namespaces and 27 tools:
+
+| Path | Namespace | Tools |
+|------|-----------|-------|
+| `/clauth` | `clauth_*` | 13 credential vault tools |
+| `/gws` | `gws_*` | 6 Google Workspace tools |
+| `/fs` | `fs_*` | 8 filesystem tools (read, write, grep, glob, list, delete, mkdir, mounts) |
+| `/mcp` | all | 27 tools combined |
+
+### claude.ai Connector URLs (noauth mode)
+- `https://clauth.regendevcorp.com/clauth` — credential tools
+- `https://clauth.regendevcorp.com/gws` — Google Workspace
+- `https://fs.regendevcorp.com/fs` — filesystem tools
+
+Noauth mode: fresh domains that return 404 on OAuth endpoints. claude.ai connects directly (Anthropic OAuth proxy bug workaround).
+
+### FS Tools
+`fs_read` `fs_write` `fs_list` `fs_grep` `fs_glob` `fs_delete` `fs_mkdir` `fs_mounts`
+
+Path-jail security: all paths resolved against mount root. Permission flags (r/w/d) per mount. Uses `@vscode/ripgrep` for grep, `fast-glob` for glob.
+
+### Testing
+```bash
+node test-tools.mjs    # 25 tool execution tests across all 3 namespaces
+```
+
 ---
 
 ## Troubleshooting

package/README.md

@@ -108,16 +108,102 @@ Nothing stored locally. Password never persisted. Machine hash is one-way only.
 
 ---
 
+## Daemon Mode (`clauth serve`)
+
+clauth runs as an HTTP daemon on `http://127.0.0.1:52437`. The daemon provides:
+
+- **Web UI** — unlock vault, manage services, configure mounts
+- **REST API** — `GET /get/<service>`, `GET /ping`, `POST /restart`, `GET /shutdown`
+- **MCP server** — Model Context Protocol for Claude Code and claude.ai
+- **Cloudflare Tunnel** — exposes MCP endpoints publicly for claude.ai connectors
+
+Start: `clauth serve start` (starts locked, auto-opens browser for unlock).
+
+Full daemon operations reference: see `regen-root/.claude/rules/clauth.md`.
+
+---
+
+## MCP Server — 3 Namespaces, 27 Tools
+
+clauth is the single MCP interface for all local tools. One process, namespaced paths:
+
+| Path | Namespace | Tools | Description |
+|------|-----------|-------|-------------|
+| `/clauth` | `clauth_*` | 13 | Credential vault operations |
+| `/gws` | `gws_*` | 6 | Google Workspace (Gmail, Calendar, Drive) |
+| `/fs` | `fs_*` | 8 | Filesystem (read, write, grep, glob, delete, mkdir, mounts) |
+| `/mcp` | all | 27 | All namespaces combined (Claude Code) |
+
+### FS Tools (v1.5.38)
+
+8 filesystem tools with path-jail security:
+- `fs_read`, `fs_write`, `fs_list`, `fs_grep`, `fs_glob`, `fs_delete`, `fs_mkdir`, `fs_mounts`
+- Uses `node:fs/promises` (async), `@vscode/ripgrep` (shipped binary), `fast-glob`
+- Permission flags per mount: `r` (read), `w` (write), `d` (delete)
+- Mount config stored as "fileserver" service type in vault — only configurable through web UI
+
+### GWS Tools
+
+6 Google Workspace tools: `gws_gmail_list`, `gws_gmail_read`, `gws_gmail_send`, `gws_gmail_draft`, `gws_calendar_list`, `gws_calendar_create`
+- Calls `gws` CLI via `execSync` with `shell: 'bash'` (fixes Windows cmd.exe JSON quoting)
+
+---
+
+## claude.ai Integration
+
+### Noauth Mode (v1.5.38)
+
+claude.ai's OAuth proxy has a confirmed bug ([anthropics/claude-code#46140](https://github.com/anthropics/claude-code/issues/46140), [anthropics/claude-ai-mcp#136](https://github.com/anthropics/claude-ai-mcp/issues/136)): it completes the token exchange but never sends the authenticated request.
+
+**Workaround:** Noauth hosts — fresh domains where OAuth endpoints return 404. claude.ai connects directly (tunnel URL is the shared secret).
+
+### OAuth 2.1 (v1.5.36-37)
+
+Full OAuth 2.1 protocol implementation is present for future use when Anthropic fixes the bug:
+- 401 gate with `WWW-Authenticate` header
+- Dynamic client registration (public client, no secret)
+- Mandatory PKCE S256
+- `Cache-Control: no-store`
+
+### Connector URLs
+
+| Connector | URL |
+|-----------|-----|
+| clauth | `https://clauth.regendevcorp.com/clauth` |
+| gws | `https://clauth.regendevcorp.com/gws` |
+| fs | `https://fs.regendevcorp.com/fs` |
+
+---
+
+## Dependencies (notable)
+
+- `@vscode/ripgrep` — shipped ripgrep binary for `fs_grep`
+- `fast-glob` — pattern matching for `fs_glob`
+
+---
+
+## Testing
+
+```bash
+node test-tools.mjs    # 25 tool execution tests across all 3 namespaces
+```
+
+Tests actual MCP tool calls (not just OAuth + listing).
+
+---
+
 ## Releasing a New Version (maintainers)
 
 ```bash
 # 1. Bump version in package.json
 # 2. Commit and tag
-git tag v0.1.1
-git push --tags
+git tag v1.5.38
+git push && git push --tags
 # GitHub Actions publishes automatically via Trusted Publishing
 ```
 
+**NEVER** commit a version bump without tagging — the tag triggers npm CI.
+
 ---
 
 > Life before Profits. — LIFEAI / PRT

package/cli/commands/serve.js

@@ -75,9 +75,17 @@ CREATE TABLE IF NOT EXISTS clauth_rotation_log (
 );
 ALTER TABLE clauth_rotation_log ENABLE ROW LEVEL SECURITY;`,
   },
+  {
+    version: 5,
+    name: "005_fileserver_key_type",
+    description: "Add fileserver key_type for filesystem mount configs",
+    type: "safe",
+    sql: `ALTER TABLE clauth_services DROP CONSTRAINT IF EXISTS clauth_services_key_type_check;
+ALTER TABLE clauth_services ADD CONSTRAINT clauth_services_key_type_check CHECK (key_type IN ('token','keypair','connstring','oauth','secret','fileserver'));`,
+  },
 ];
 
-const CURRENT_SCHEMA_VERSION = 4;
+const CURRENT_SCHEMA_VERSION = 5;
 
 // ── Key Rotation Config ─────────────────────────────────────────
 // Per-service rotation capabilities. "auto" services can be rotated programmatically.
@@ -1754,6 +1762,7 @@ const TYPE_LABELS = {
   keypair: "keypair (user:key pair)",
   connstring: "connstring (connection string)",
   oauth: "oauth (OAuth credentials)",
+  fileserver: "fileserver (mount config)",
 };
 
 async function toggleAddService() {
@@ -1771,12 +1780,12 @@ async function toggleAddService() {
     sel.innerHTML = '<option value="">Loading…</option>';
     try {
       const r = await fetch(BASE + "/meta").then(r => r.json());
-      const types = r.key_types || ["token", "secret", "keypair", "connstring", "oauth"];
+      const types = r.key_types || ["token", "secret", "keypair", "connstring", "oauth", "fileserver"];
       sel.innerHTML = types.map(t =>
         \`<option value="\${t}">\${TYPE_LABELS[t] || t}</option>\`
       ).join("");
     } catch {
-      sel.innerHTML = ["token","secret","keypair","connstring","oauth"].map(t =>
+      sel.innerHTML = ["token","secret","keypair","connstring","oauth","fileserver"].map(t =>
         \`<option value="\${t}">\${TYPE_LABELS[t] || t}</option>\`
       ).join("");
     }
@@ -2911,7 +2920,18 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return res.end();
     }
 
+    // ── Hosts that bypass OAuth (fresh domains for claude.ai compatibility) ──
+    const NOAUTH_HOSTS = ["fs.regendevcorp.com", "clauth.regendevcorp.com"];
+    const requestHost = (req.headers.host || "").split(":")[0].toLowerCase();
+    const noAuthHost = NOAUTH_HOSTS.includes(requestHost);
+
     // ── OAuth Discovery (RFC 9728 + RFC 8414) ──────────────
+    // Suppress OAuth discovery on noauth hosts — prevents claude.ai from entering OAuth flow
+    if (noAuthHost && reqPath.startsWith("/.well-known/")) {
+      res.writeHead(404, { "Content-Type": "application/json", ...CORS });
+      return res.end(JSON.stringify({ error: "not_found" }));
+    }
+
     // Restore full well-known + OAuth so custom setup with client_id/secret works.
     if (reqPath.startsWith("/.well-known/oauth-protected-resource")) {
       const base = oauthBase();
@@ -2943,6 +2963,11 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     }
 
     // ── Dynamic Client Registration (RFC 7591) ──────────────
+    // Block OAuth endpoints on noauth hosts
+    if (noAuthHost && ["/register", "/authorize", "/token"].includes(reqPath)) {
+      res.writeHead(404, { "Content-Type": "application/json", ...CORS });
+      return res.end(JSON.stringify({ error: "not_found" }));
+    }
     if (method === "POST" && reqPath === "/register") {
       let body;
       try { body = await readBody(req); } catch {
@@ -3094,7 +3119,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     const isMcpPath = MCP_PATHS.includes(reqPath);
     function toolsForPath(p) {
       if (p === "/gws")    return MCP_TOOLS.filter(t => t.name.startsWith("gws_"));
-      if (p === "/clauth") return MCP_TOOLS.filter(t => t.name.startsWith("clauth_"));
+      if (p === "/clauth") return MCP_TOOLS.filter(t => t.name.startsWith("clauth_") || t.name === "monkey_dispatch" || t.name.startsWith("terminal_"));
       if (p === "/fs")     return MCP_TOOLS.filter(t => t.name.startsWith("fs_"));
       return MCP_TOOLS; // /mcp — all tools
     }
@@ -3106,11 +3131,12 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     }
 
     // ── MCP endpoint auth — 401 gate (OAuth 2.1 protocol) ──
+    // Skipped for noauth hosts — those domains use tunnel URL as shared secret (like regen-media)
     if (method === "POST" && (reqPath === "/sse" || isMcpPath)) {
       const authHeader = req.headers.authorization;
       const token = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
 
-      if (!token || !oauthTokens.has(token)) {
+      if (!noAuthHost && (!token || !oauthTokens.has(token))) {
         // No valid Bearer token → return 401 with discovery hint
         const base = oauthBase();
         const resourcePath = isMcpPath ? reqPath.slice(1) : "sse"; // "mcp", "gws", "clauth", or "sse"
@@ -3445,6 +3471,106 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return;
     }
 
+    // POST /dispatch — spawn a headless Claude CLI worker for monkey skill queue
+    if (method === "POST" && reqPath === "/dispatch") {
+      let body = "";
+      req.on("data", d => body += d);
+      req.on("end", () => {
+        try {
+          const { prompt, job_id } = JSON.parse(body);
+          if (!prompt) {
+            res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+            return res.end(JSON.stringify({ error: "prompt required" }));
+          }
+          const result = spawnClaudeTask(prompt, job_id || "untracked");
+          const status = result.error ? 503 : 200;
+          res.writeHead(status, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify(result));
+        } catch {
+          res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify({ error: "invalid JSON" }));
+        }
+      });
+      return;
+    }
+
+    // POST /terminal/start — start a named terminal session
+    if (method === "POST" && reqPath === "/terminal/start") {
+      let body = "";
+      req.on("data", d => body += d);
+      req.on("end", () => {
+        try {
+          const { name, knowledge_tier, context_md } = JSON.parse(body);
+          if (!name) {
+            res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+            return res.end(JSON.stringify({ error: "name required" }));
+          }
+          const tier = knowledge_tier || 'db_only';
+          const result = startTerminalSession(name, tier, context_md || null);
+          const status = result.error ? 503 : 200;
+          res.writeHead(status, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify(result));
+        } catch {
+          res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify({ error: "invalid JSON" }));
+        }
+      });
+      return;
+    }
+
+    // POST /terminal/send — send a message to a running terminal session
+    if (method === "POST" && reqPath === "/terminal/send") {
+      let body = "";
+      req.on("data", d => body += d);
+      req.on("end", () => {
+        try {
+          const { session_id, message } = JSON.parse(body);
+          if (!session_id || !message) {
+            res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+            return res.end(JSON.stringify({ error: "session_id and message required" }));
+          }
+          const result = sendTerminalMessage(session_id, message);
+          const status = result.error === 'session_busy' ? 409 : result.error ? 404 : 200;
+          res.writeHead(status, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify(result));
+        } catch {
+          res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify({ error: "invalid JSON" }));
+        }
+      });
+      return;
+    }
+
+    // GET /terminal/list — list all active terminal sessions
+    if (method === "GET" && reqPath === "/terminal/list") {
+      res.writeHead(200, { "Content-Type": "application/json", ...CORS });
+      res.end(JSON.stringify(listTerminalSessions()));
+      return;
+    }
+
+    // POST /terminal/stop — stop a terminal session
+    if (method === "POST" && reqPath === "/terminal/stop") {
+      let body = "";
+      req.on("data", d => body += d);
+      req.on("end", () => {
+        try {
+          const { session_id } = JSON.parse(body);
+          if (!session_id) {
+            res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+            return res.end(JSON.stringify({ error: "session_id required" }));
+          }
+          const result = stopTerminalSession(session_id);
+          const status = result.error ? 404 : 200;
+          res.writeHead(status, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify(result));
+        } catch {
+          res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+          res.end(JSON.stringify({ error: "invalid JSON" }));
+        }
+      });
+      return;
+    }
+
     // GET|POST /shutdown (for daemon stop — programmatic, keeps boot.key)
     // Accept POST as well — older scripts and curl default to POST
     if ((method === "GET" || method === "POST") && reqPath === "/shutdown") {
@@ -3576,11 +3702,11 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
         const statusResult = await api.status(password, machineHash, token, timestamp);
         const existingTypes = [...new Set((statusResult.services || []).map(s => s.key_type).filter(Boolean))];
         // Merge with known types (in case no service of that type exists yet)
-        const knownTypes = ["token", "secret", "keypair", "connstring", "oauth"];
+        const knownTypes = ["token", "secret", "keypair", "connstring", "oauth", "fileserver"];
         const allTypes = [...new Set([...knownTypes, ...existingTypes])];
         return ok(res, { key_types: allTypes });
       } catch (err) {
-        return ok(res, { key_types: ["token", "secret", "keypair", "connstring", "oauth"] });
+        return ok(res, { key_types: ["token", "secret", "keypair", "connstring", "oauth", "fileserver"] });
       }
     }
 
@@ -4403,7 +4529,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
         res.writeHead(400, { "Content-Type": "application/json", ...CORS });
         return res.end(JSON.stringify({ error: "name is required" }));
       }
-      const validTypes = ["token", "keypair", "connstring", "oauth", "secret"];
+      const validTypes = ["token", "keypair", "connstring", "oauth", "secret", "fileserver"];
       const type = (key_type || "token").toLowerCase();
       if (!validTypes.includes(type)) {
         res.writeHead(400, { "Content-Type": "application/json", ...CORS });
@@ -4770,6 +4896,153 @@ async function actionForeground(opts) {
 import { createInterface } from "readline";
 import { execSync, spawn as spawnProc } from "child_process";
 
+// ── Monkey dispatch — headless Claude CLI worker ─────────────────
+function findClaudeBinary() {
+  const candidates = [
+    process.env.CLAUDE_BIN,
+    path.join(process.env.APPDATA || '', 'npm', 'claude.cmd'),
+    path.join(process.env.APPDATA || '', 'npm', 'claude'),
+    'claude', // PATH fallback
+  ].filter(Boolean);
+
+  for (const c of candidates) {
+    try {
+      execSync(`"${c}" --version`, { stdio: 'ignore', timeout: 3000 });
+      return c;
+    } catch {}
+  }
+  return null;
+}
+
+let activeCliWorkers = 0;
+const MAX_CLI_WORKERS = 2;
+
+function spawnClaudeTask(prompt, jobId) {
+  if (activeCliWorkers >= MAX_CLI_WORKERS) {
+    return { error: 'concurrency_limit', message: `Max ${MAX_CLI_WORKERS} CLI workers active` };
+  }
+  const binary = findClaudeBinary();
+  if (!binary) {
+    return { error: 'binary_not_found', message: 'claude CLI not found in PATH or AppData/npm' };
+  }
+
+  activeCliWorkers++;
+  const proc = spawnProc(binary, ['-p', prompt, '--dangerously-skip-permissions'], {
+    cwd: 'C:/Dev/regen-root',
+    env: process.env,
+    stdio: ['ignore', 'pipe', 'pipe'],
+    shell: true,
+  });
+
+  const startedAt = Date.now();
+  proc.on('close', (code) => {
+    activeCliWorkers--;
+    console.log(`[monkey] job ${jobId} exited code=${code} in ${Date.now() - startedAt}ms`);
+  });
+
+  return { status: 'spawned', pid: proc.pid, jobId, activeWorkers: activeCliWorkers };
+}
+
+// ── Terminal session manager ─────────────────────────────────────
+// Rolling-context approach: each session stores a context string.
+// /terminal/send spawns a fresh claude -p with [context + message],
+// captures stdout, stores result back in session context.
+const terminalSessions = new Map(); // session_id → SessionState
+
+function generateSessionId() {
+  return crypto.randomUUID();
+}
+
+function startTerminalSession(name, knowledge_tier, context_md) {
+  const binary = findClaudeBinary();
+  if (!binary) {
+    return { error: 'binary_not_found', message: 'claude CLI not found in PATH or AppData/npm' };
+  }
+  const session_id = generateSessionId();
+  const preamble = context_md
+    ? `${context_md}\n\n---\n`
+    : '';
+  const initialContext = `${preamble}Session: ${name} | Tier: ${knowledge_tier}\nReady. Await instructions.`;
+  const session = {
+    session_id,
+    name,
+    knowledge_tier,
+    status: 'ready',
+    started_at: new Date().toISOString(),
+    context: initialContext,
+    activeProc: null,
+  };
+  terminalSessions.set(session_id, session);
+  console.log(`[terminal] started session ${session_id} name=${name}`);
+  return { session_id, status: 'ready' };
+}
+
+function sendTerminalMessage(session_id, message) {
+  const session = terminalSessions.get(session_id);
+  if (!session) return { error: 'not_found', message: `Session ${session_id} not found` };
+  if (session.status === 'stopped') return { error: 'stopped', message: 'Session is stopped' };
+  if (session.status === 'busy') return { error: 'session_busy', message: 'Session is busy — try again shortly' };
+
+  const binary = findClaudeBinary();
+  if (!binary) return { error: 'binary_not_found', message: 'claude CLI not found in PATH or AppData/npm' };
+
+  session.status = 'busy';
+  const fullPrompt = `${session.context}\n\n---\nUser: ${message}`;
+
+  const proc = spawnProc(binary, ['-p', fullPrompt, '--dangerously-skip-permissions'], {
+    cwd: 'C:/Dev/regen-root',
+    env: process.env,
+    stdio: ['ignore', 'pipe', 'pipe'],
+    shell: true,
+  });
+  session.activeProc = proc;
+
+  let stdout = '';
+  let stderr = '';
+  proc.stdout.on('data', d => { stdout += d; });
+  proc.stderr.on('data', d => { stderr += d; });
+  proc.on('close', (code) => {
+    if (terminalSessions.has(session_id)) {
+      const s = terminalSessions.get(session_id);
+      const response = stdout.trim() || stderr.trim() || '(no output)';
+      // Append turn to rolling context (cap at ~8000 chars to avoid overflow)
+      const turn = `\n\nUser: ${message}\nAssistant: ${response}`;
+      const combined = s.context + turn;
+      s.context = combined.length > 8000 ? combined.slice(combined.length - 8000) : combined;
+      s.status = 'ready';
+      s.activeProc = null;
+      console.log(`[terminal] session ${session_id} turn complete code=${code}`);
+    }
+  });
+
+  return { queued: true, session_id };
+}
+
+function listTerminalSessions() {
+  const sessions = [];
+  for (const [, s] of terminalSessions) {
+    sessions.push({
+      session_id: s.session_id,
+      name: s.name,
+      status: s.status,
+      knowledge_tier: s.knowledge_tier,
+      started_at: s.started_at,
+    });
+  }
+  return sessions;
+}
+
+function stopTerminalSession(session_id) {
+  const session = terminalSessions.get(session_id);
+  if (!session) return { error: 'not_found', message: `Session ${session_id} not found` };
+  if (session.activeProc) {
+    try { session.activeProc.kill(); } catch {}
+  }
+  terminalSessions.delete(session_id);
+  console.log(`[terminal] stopped session ${session_id}`);
+  return { stopped: true, session_id };
+}
+
 const ENV_MAP = {
   "github":           "GITHUB_TOKEN",
   "supabase-anon":    "NEXT_PUBLIC_SUPABASE_ANON_KEY",
@@ -4787,14 +5060,48 @@ const ENV_MAP = {
   "gmail":            "GMAIL_CREDENTIALS",
 };
 
-// ── Filesystem service config ──
-const FS_MOUNTS = [
-  { name: "regen-root", path: "C:/Dev/regen-root", access: "rwd" },
-];
+// ── Filesystem service config — loaded from clauth vault ──
+let _fsMountsCache = null;
+let _fsMountsCacheTime = 0;
+const FS_CACHE_TTL = 60000; // 1 minute
+
+async function getFileserverMounts(vault) {
+  if (!vault.password) return { error: "Vault is locked — unlock first" };
+  const now = Date.now();
+  if (_fsMountsCache && now - _fsMountsCacheTime < FS_CACHE_TTL) return { mounts: _fsMountsCache };
+
+  try {
+    const { token, timestamp } = deriveToken(vault.password, vault.machineHash);
+    const result = await api.status(vault.password, vault.machineHash, token, timestamp);
+    if (result.error) return { error: result.error };
+    const mounts = [];
+    for (const s of (result.services || [])) {
+      if (s.key_type === "fileserver" && s.enabled) {
+        try {
+          const { token: t2, timestamp: ts2 } = deriveToken(vault.password, vault.machineHash);
+          const secret = await api.retrieve(vault.password, vault.machineHash, t2, ts2, s.name);
+          if (secret.value) {
+            const config = JSON.parse(secret.value);
+            mounts.push({ name: s.name, path: config.path, access: config.access || "r" });
+          }
+        } catch {}
+      }
+    }
+    _fsMountsCache = mounts;
+    _fsMountsCacheTime = now;
+    return { mounts };
+  } catch (err) {
+    return { error: `Mount lookup failed: ${err.message}` };
+  }
+}
 
-function resolveInMount(requestedPath, mountName) {
-  const mount = FS_MOUNTS.find(m => m.name === mountName) || FS_MOUNTS[0];
-  if (!mount) return { error: "No filesystem mounts configured" };
+async function resolveInMount(requestedPath, mountName, vault) {
+  const { mounts, error } = await getFileserverMounts(vault);
+  if (error) return { error };
+  if (!mounts || mounts.length === 0) return { error: "No fileserver services configured. Add one with key_type='fileserver' and value: {\"path\": \"C:/Dev/regen-root\", \"access\": \"rwd\"}" };
+  const mount = mountName ? mounts.find(m => m.name === mountName) : mounts[0];
+  if (!mount) return { error: `Mount '${mountName}' not found. Available: ${mounts.map(m => m.name).join(", ")}` };
+  if (!mount.path) return { error: `Fileserver '${mount.name}' has no path configured` };
   const resolved = path.resolve(mount.path, requestedPath);
   const normalized = path.normalize(resolved);
   if (!normalized.startsWith(path.normalize(mount.path))) {
@@ -4902,6 +5209,65 @@ const MCP_TOOLS = [
     description: "Test whether the clauth MCP connector is reachable via the Cloudflare tunnel. Returns connectivity status and tunnel URL.",
     inputSchema: { type: "object", properties: {}, additionalProperties: false }
   },
+  {
+    name: "monkey_dispatch",
+    description: "Dispatch a skill job to a headless Claude Code CLI worker. Spawns claude -p with the given prompt in C:/Dev/regen-root. Max 2 concurrent workers.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        prompt:  { type: "string", description: "Full prompt for the CLI worker to execute" },
+        job_id:  { type: "string", description: "monkey_jobs UUID for tracking" },
+      },
+      required: ["prompt"],
+      additionalProperties: false,
+    },
+  },
+
+  // ── Terminal session manager ───────────────────────────────────────────
+  {
+    name: "terminal_start",
+    description: "Start a named persistent Claude session. Sessions maintain rolling context across sends. Returns session_id for subsequent sends.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        name:           { type: "string", description: "Human-readable session name (e.g. 'knowledgedude-prt')" },
+        knowledge_tier: { type: "string", enum: ["db_only", "corpus", "project"], description: "Knowledge tier for the session. 'corpus' injects context_md as preamble." },
+        context_md:     { type: "string", description: "Optional markdown preamble injected as session context (used for 'corpus' tier)" },
+      },
+      required: ["name"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "terminal_send",
+    description: "Send a message to a running terminal session. Spawns a Claude worker with rolling context + message. Returns immediately — session processes async.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        session_id: { type: "string", description: "Session ID returned by terminal_start" },
+        message:    { type: "string", description: "Message to send to the session" },
+      },
+      required: ["session_id", "message"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "terminal_list",
+    description: "List all active terminal sessions with their status (ready/busy/stopped), knowledge tier, and start time.",
+    inputSchema: { type: "object", properties: {}, additionalProperties: false },
+  },
+  {
+    name: "terminal_stop",
+    description: "Stop a terminal session and remove it from memory. Kills any active process.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        session_id: { type: "string", description: "Session ID to stop" },
+      },
+      required: ["session_id"],
+      additionalProperties: false,
+    },
+  },
 
   // ── Google Workspace (gws CLI) ──────────────────────────────────────────
   {
@@ -5083,6 +5449,11 @@ const MCP_TOOLS = [
       additionalProperties: false,
     },
   },
+  {
+    name: "fs_mounts",
+    description: "List configured filesystem mounts (fileserver services from vault).",
+    inputSchema: { type: "object", properties: {}, additionalProperties: false },
+  },
 ];
 
 function writeTempSecret(service, value) {
@@ -5111,6 +5482,9 @@ function mcpError(text) {
   return { content: [{ type: "text", text }], isError: true };
 }
 
+// Windows cmd.exe doesn't support single quotes — use bash for gws JSON args
+const GWS_EXEC_OPTS = { encoding: "utf8", timeout: 30000, windowsHide: true, shell: os.platform() === "win32" ? "bash" : undefined };
+
 async function handleMcpTool(vault, name, args) {
   switch (name) {
     case "clauth_ping": {
@@ -5384,7 +5758,7 @@ async function handleMcpTool(vault, name, args) {
       if (params) cmdArgs.push("--params", `'${JSON.stringify(params)}'`);
       if (body) cmdArgs.push("--json", `'${JSON.stringify(body)}'`);
       try {
-        const raw = execSyncTop(["gws", ...cmdArgs].join(" "), { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(["gws", ...cmdArgs].join(" "), GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) {
         return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`);
@@ -5395,7 +5769,7 @@ async function handleMcpTool(vault, name, args) {
       const p = { userId: "me", maxResults: args.max_results ?? 10 };
       if (args.query) p.q = args.query;
       try {
-        const raw = execSyncTop(`gws gmail users messages list --params '${JSON.stringify(p)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws gmail users messages list --params '${JSON.stringify(p)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
@@ -5403,7 +5777,7 @@ async function handleMcpTool(vault, name, args) {
     case "gws_gmail_read": {
       const p = { userId: "me", id: args.message_id, format: "full" };
       try {
-        const raw = execSyncTop(`gws gmail users messages get --params '${JSON.stringify(p)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws gmail users messages get --params '${JSON.stringify(p)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
@@ -5415,7 +5789,7 @@ async function handleMcpTool(vault, name, args) {
       const encoded = Buffer.from(lines.join("\r\n")).toString("base64url");
       const bodyObj = { userId: "me", resource: { raw: encoded } };
       try {
-        const raw = execSyncTop(`gws gmail users messages send --json '${JSON.stringify(bodyObj)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws gmail users messages send --json '${JSON.stringify(bodyObj)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
@@ -5425,7 +5799,7 @@ async function handleMcpTool(vault, name, args) {
       if (args.time_min) p.timeMin = args.time_min;
       if (args.time_max) p.timeMax = args.time_max;
       try {
-        const raw = execSyncTop(`gws calendar events list --params '${JSON.stringify(p)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws calendar events list --params '${JSON.stringify(p)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
@@ -5434,7 +5808,7 @@ async function handleMcpTool(vault, name, args) {
       const p = { pageSize: args.max_results ?? 10, fields: "files(id,name,mimeType,modifiedTime,size,webViewLink)" };
       if (args.query) p.q = args.query;
       try {
-        const raw = execSyncTop(`gws drive files list --params '${JSON.stringify(p)}'`, { encoding: "utf8", timeout: 30000, windowsHide: true });
+        const raw = execSyncTop(`gws drive files list --params '${JSON.stringify(p)}'`, GWS_EXEC_OPTS);
         try { return mcpResult(JSON.stringify(JSON.parse(raw.trim()), null, 2)); } catch { return mcpResult(raw); }
       } catch (err) { return mcpError(`gws failed: ${err.stderr || err.stdout || err.message}`); }
     }
@@ -5442,7 +5816,7 @@ async function handleMcpTool(vault, name, args) {
     // ── Filesystem tools ──────────────────────────────────────
 
     case "fs_read": {
-      const r = resolveInMount(args.path, args.mount);
+      const r = await resolveInMount(args.path, args.mount, vault);
       if (r.error) return mcpError(r.error);
       if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
       try {
@@ -5461,7 +5835,7 @@ async function handleMcpTool(vault, name, args) {
     }
 
     case "fs_write": {
-      const r = resolveInMount(args.path, args.mount);
+      const r = await resolveInMount(args.path, args.mount, vault);
       if (r.error) return mcpError(r.error);
       if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
       try {
@@ -5475,7 +5849,7 @@ async function handleMcpTool(vault, name, args) {
 
     case "fs_list": {
       const dirPath = args.path || ".";
-      const r = resolveInMount(dirPath, args.mount);
+      const r = await resolveInMount(dirPath, args.mount, vault);
       if (r.error) return mcpError(r.error);
       if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
       try {
@@ -5503,7 +5877,7 @@ async function handleMcpTool(vault, name, args) {
 
     case "fs_grep": {
       const searchPath = args.path || ".";
-      const r = resolveInMount(searchPath, args.mount);
+      const r = await resolveInMount(searchPath, args.mount, vault);
       if (r.error) return mcpError(r.error);
       if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
 
@@ -5553,7 +5927,7 @@ async function handleMcpTool(vault, name, args) {
 
     case "fs_glob": {
       const basePath = args.path || ".";
-      const r = resolveInMount(basePath, args.mount);
+      const r = await resolveInMount(basePath, args.mount, vault);
       if (r.error) return mcpError(r.error);
       if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
       try {
@@ -5571,11 +5945,12 @@ async function handleMcpTool(vault, name, args) {
     }
 
     case "fs_delete": {
-      const r = resolveInMount(args.path, args.mount);
+      const r = await resolveInMount(args.path, args.mount, vault);
       if (r.error) return mcpError(r.error);
       if (!checkAccess(r.mount, "d")) return mcpError("Delete access denied on this mount");
       try {
-        await rm(r.resolved);
+        const s = await stat(r.resolved);
+        await rm(r.resolved, { recursive: s.isDirectory() });
         return mcpResult(`Deleted: ${args.path}`);
       } catch (err) {
         if (err.code === "ENOENT") return mcpError(`Not found: ${args.path}`);
@@ -5584,7 +5959,7 @@ async function handleMcpTool(vault, name, args) {
     }
 
     case "fs_mkdir": {
-      const r = resolveInMount(args.path, args.mount);
+      const r = await resolveInMount(args.path, args.mount, vault);
       if (r.error) return mcpError(r.error);
       if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
       try {
@@ -5595,6 +5970,49 @@ async function handleMcpTool(vault, name, args) {
       }
     }
 
+    case "fs_mounts": {
+      const { mounts, error } = await getFileserverMounts(vault);
+      if (error) return mcpError(error);
+      if (!mounts || mounts.length === 0) return mcpResult("No fileserver mounts configured. Create one:\n1. Use clauth dashboard or clauth_enable to add a service with key_type='fileserver'\n2. Set the secret value to JSON: {\"path\": \"C:/Dev/regen-root\", \"access\": \"rwd\"}");
+      return mcpResult(JSON.stringify(mounts, null, 2));
+    }
+
+    case "monkey_dispatch": {
+      const { prompt, job_id } = args;
+      if (!prompt) return mcpError("prompt required");
+      const result = spawnClaudeTask(prompt, job_id || "untracked");
+      if (result.error) return mcpError(`${result.error}: ${result.message}`);
+      return mcpResult(JSON.stringify(result));
+    }
+
+    case "terminal_start": {
+      const { name, knowledge_tier, context_md } = args;
+      if (!name) return mcpError("name required");
+      const result = startTerminalSession(name, knowledge_tier || 'db_only', context_md || null);
+      if (result.error) return mcpError(`${result.error}: ${result.message}`);
+      return mcpResult(JSON.stringify(result));
+    }
+
+    case "terminal_send": {
+      const { session_id, message } = args;
+      if (!session_id || !message) return mcpError("session_id and message required");
+      const result = sendTerminalMessage(session_id, message);
+      if (result.error) return mcpError(`${result.error}: ${result.message}`);
+      return mcpResult(JSON.stringify(result));
+    }
+
+    case "terminal_list": {
+      return mcpResult(JSON.stringify(listTerminalSessions()));
+    }
+
+    case "terminal_stop": {
+      const { session_id } = args;
+      if (!session_id) return mcpError("session_id required");
+      const result = stopTerminalSession(session_id);
+      if (result.error) return mcpError(`${result.error}: ${result.message}`);
+      return mcpResult(JSON.stringify(result));
+    }
+
     default:
       return mcpError(`Unknown tool: ${name}`);
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lifeaitools/clauth",
-  "version": "1.5.38",
+  "version": "1.5.40",
   "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
   "type": "module",
   "bin": {