@lifeaitools/clauth 1.5.84 → 1.7.1

package/cli/commands/serve.js

@@ -17,10 +17,17 @@ import ora from "ora";
 import { execSync as execSyncTop } from "child_process";
 import Conf from "conf";
 import { getConfOptions } from "../conf-path.js";
-import { appendFile, readdir, readFile, writeFile, rm, mkdir, stat, rename } from "node:fs/promises";
+import { appendFile, readdir, readFile, writeFile, rm, mkdir, stat, rename, cp } from "node:fs/promises";
 import fg from "fast-glob";
 import { rgPath } from "@vscode/ripgrep";
 import { createStudioDebugRuntime } from "../studio-debug.js";
+import { writeCredentialWithRecovery } from "../recovery.js";
+import * as fsGit from "../lib/fs-git.js";
+import {
+  getWatchdogStatuses,
+  readWatchdogEvents,
+  restartWatchdogService,
+} from "../watchdog-registry.js";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "../../package.json"), "utf8"));
@@ -309,9 +316,14 @@ function createRotationEngine(password, machineHash, logFile) {
       const result = await config.rotate(currentKey);
       if (!result.newKey) throw new Error("Rotation returned no new key");
 
-      // Write new key to vault
-      const { token: wt, timestamp: wts } = deriveToken(password, machineHash);
-      const writeResult = await api.write(password, machineHash, wt, wts, serviceName, result.newKey);
+      // Write new key to vault after preserving an encrypted recovery snapshot.
+      const { result: writeResult } = await writeCredentialWithRecovery({
+        password,
+        machineHash,
+        service: serviceName,
+        value: result.newKey,
+        logFile,
+      });
       if (writeResult.error) throw new Error(`Write failed: ${writeResult.error}`);
 
       // Update expiry in state
@@ -412,6 +424,26 @@ const STAGED_PID_FILE = path.join(os.tmpdir(), "clauth-serve-staged.pid");
 const LOG_FILE = path.join(os.tmpdir(), "clauth-serve.log");
 const LIVE_PORT = 52437;
 const STAGED_PORT = 52438;
+const WRITE_TOKEN_BYTES = 32;
+const WRITE_TOKEN_TTL_MS = 10 * 60 * 1000;
+
+function makeWriteToken() {
+  return {
+    token: crypto.randomBytes(WRITE_TOKEN_BYTES).toString("base64url"),
+    expiresAt: Date.now() + WRITE_TOKEN_TTL_MS,
+  };
+}
+
+function validateWriteToken(req, writeSession) {
+  if (!writeSession?.token || Date.now() > writeSession.expiresAt) return false;
+  const header = req.headers["x-clauth-write-token"] || req.headers.authorization;
+  const token = Array.isArray(header) ? header[0] : header;
+  if (!token) return false;
+  const supplied = String(token).startsWith("Bearer ") ? String(token).slice(7) : String(token);
+  const a = Buffer.from(supplied);
+  const b = Buffer.from(writeSession.token);
+  return a.length === b.length && crypto.timingSafeEqual(a, b);
+}
 
 // ── PID helpers ──────────────────────────────────────────────
 function readPid() {
@@ -607,14 +639,14 @@ function dashboardHtml(port, whitelist, isStaged = false) {
   .project-tab{background:none;border:none;border-bottom:2px solid transparent;color:#64748b;padding:8px 16px;font-size:.82rem;font-weight:500;cursor:pointer;white-space:nowrap;transition:all .15s}
   .project-tab:hover{color:#94a3b8;background:rgba(59,130,246,.05)}
   .project-tab.active{color:#60a5fa;border-bottom-color:#3b82f6;background:rgba(59,130,246,.08)}
-  .project-tab .tab-count{font-size:.7rem;color:#475569;margin-left:4px;font-weight:400}
-  .project-tab.active .tab-count{color:#3b82f6}
-  .service-search{display:flex;align-items:center;gap:10px;margin:-.35rem 0 1rem;background:#0f172a;border:1px solid #1e293b;border-radius:8px;padding:9px 12px}
-  .service-search-label{font-size:.76rem;color:#64748b;font-weight:600;letter-spacing:.02em;text-transform:uppercase;white-space:nowrap}
-  .service-search-input{flex:1;min-width:180px;background:#0a0f1a;border:1px solid #334155;border-radius:6px;color:#e2e8f0;font-family:'Courier New',monospace;font-size:.88rem;padding:8px 11px;outline:none;transition:border-color .15s}
-  .service-search-input:focus{border-color:#3b82f6}
-  .service-search-count{font-size:.78rem;color:#64748b;white-space:nowrap}
-  .project-edit{display:none;margin-top:8px;padding:8px 10px;background:#0f172a;border:1px solid #334155;border-radius:6px}
+  .project-tab .tab-count{font-size:.7rem;color:#475569;margin-left:4px;font-weight:400}
+  .project-tab.active .tab-count{color:#3b82f6}
+  .service-search{display:flex;align-items:center;gap:10px;margin:-.35rem 0 1rem;background:#0f172a;border:1px solid #1e293b;border-radius:8px;padding:9px 12px}
+  .service-search-label{font-size:.76rem;color:#64748b;font-weight:600;letter-spacing:.02em;text-transform:uppercase;white-space:nowrap}
+  .service-search-input{flex:1;min-width:180px;background:#0a0f1a;border:1px solid #334155;border-radius:6px;color:#e2e8f0;font-family:'Courier New',monospace;font-size:.88rem;padding:8px 11px;outline:none;transition:border-color .15s}
+  .service-search-input:focus{border-color:#3b82f6}
+  .service-search-count{font-size:.78rem;color:#64748b;white-space:nowrap}
+  .project-edit{display:none;margin-top:8px;padding:8px 10px;background:#0f172a;border:1px solid #334155;border-radius:6px}
   .project-edit.open{display:flex;gap:6px;align-items:center}
   .project-edit input{background:#1e293b;border:1px solid #334155;border-radius:4px;color:#e2e8f0;font-size:.78rem;padding:4px 8px;outline:none;flex:1;font-family:'Courier New',monospace;transition:border-color .15s}
   .project-edit input:focus{border-color:#3b82f6}
@@ -868,13 +900,13 @@ function dashboardHtml(port, whitelist, isStaged = false) {
     <div class="wizard-foot" id="wizard-foot"></div>
   </div>
 
-  <div id="project-tabs" class="project-tabs" style="display:none"></div>
-  <div id="service-search" class="service-search">
-    <span class="service-search-label">Search</span>
-    <input id="service-search-input" class="service-search-input" type="search" placeholder="service name or display name" autocomplete="off" spellcheck="false" oninput="setServiceSearch(this.value)">
-    <span id="service-search-count" class="service-search-count"></span>
-  </div>
-  <div id="grid" class="grid"><p class="loading">Loading services…</p></div>
+  <div id="project-tabs" class="project-tabs" style="display:none"></div>
+  <div id="service-search" class="service-search">
+    <span class="service-search-label">Search</span>
+    <input id="service-search-input" class="service-search-input" type="search" placeholder="service name or display name" autocomplete="off" spellcheck="false" oninput="setServiceSearch(this.value)">
+    <span id="service-search-count" class="service-search-count"></span>
+  </div>
+  <div id="grid" class="grid"><p class="loading">Loading services…</p></div>
   <div class="footer">localhost:${port} · 127.0.0.1 only · 10-strike lockout</div>
 </div>
 
@@ -968,6 +1000,13 @@ function renderSetPanel(name) {
 }
 
 // ── Boot: check lock state ──────────────────
+let writeToken = null;
+
+function writeHeaders(extra) {
+  if (!writeToken) throw new Error("Write access requires password unlock in this browser session.");
+  return { ...(extra || {}), "X-Clauth-Write-Token": writeToken };
+}
+
 async function boot() {
   try {
     const ping = await fetch(BASE + "/ping").then(r => r.json());
@@ -1090,6 +1129,7 @@ async function unlock() {
       throw new Error(r.error + rem);
     }
 
+    writeToken = r.write_token || null;
     input.value = "";
     const ping = await fetch(BASE + "/ping").then(r => r.json());
     showMain(ping);
@@ -1107,6 +1147,7 @@ async function unlock() {
 // ── Lock ────────────────────────────────────
 async function lockVault() {
   const r = await fetch(BASE + "/lock", { method: "POST" }).then(r => r.json()).catch(() => ({}));
+  writeToken = null;
   showLockScreen(r.hard_locked || false);
 }
 
@@ -1168,25 +1209,25 @@ async function stopDaemon() {
 }
 
 // ── Load services ───────────────────────────
-let allServices = [];
-let activeProjectTab = "all";
-let serviceSearchQuery = "";
-
-function serviceSort(a, b) {
-  return String(a.name || "").localeCompare(String(b.name || ""), undefined, { sensitivity: "base", numeric: true });
-}
-
-function matchesServiceSearch(s, query) {
-  if (!query) return true;
-  const q = query.toLowerCase();
-  return String(s.name || "").toLowerCase().includes(q) ||
-    String(s.label || "").toLowerCase().includes(q);
-}
-
-function setServiceSearch(value) {
-  serviceSearchQuery = value || "";
-  renderServiceGrid(allServices);
-}
+let allServices = [];
+let activeProjectTab = "all";
+let serviceSearchQuery = "";
+
+function serviceSort(a, b) {
+  return String(a.name || "").localeCompare(String(b.name || ""), undefined, { sensitivity: "base", numeric: true });
+}
+
+function matchesServiceSearch(s, query) {
+  if (!query) return true;
+  const q = query.toLowerCase();
+  return String(s.name || "").toLowerCase().includes(q) ||
+    String(s.label || "").toLowerCase().includes(q);
+}
+
+function setServiceSearch(value) {
+  serviceSearchQuery = value || "";
+  renderServiceGrid(allServices);
+}
 
 function renderProjectTabs(services) {
   const tabsEl = document.getElementById("project-tabs");
@@ -1212,35 +1253,35 @@ function renderProjectTabs(services) {
   ).join("");
 }
 
-function switchProjectTab(key) {
-  activeProjectTab = key;
-  renderProjectTabs(allServices);
-  renderServiceGrid(allServices);
-}
+function switchProjectTab(key) {
+  activeProjectTab = key;
+  renderProjectTabs(allServices);
+  renderServiceGrid(allServices);
+}
 
 function renderServiceGrid(services) {
   const grid = document.getElementById("grid");
   let filtered = services;
   if (activeProjectTab === "unassigned") {
     filtered = services.filter(s => !s.project);
-  } else if (activeProjectTab !== "all") {
-    filtered = services.filter(s => s.project === activeProjectTab);
-  }
-  filtered = filtered
-    .filter(s => matchesServiceSearch(s, serviceSearchQuery))
-    .slice()
-    .sort(serviceSort);
-  const searchCount = document.getElementById("service-search-count");
-  if (searchCount) {
-    const trimmed = serviceSearchQuery.trim();
-    searchCount.textContent = trimmed ? filtered.length + " match" + (filtered.length === 1 ? "" : "es") : filtered.length + " shown";
-  }
-  if (!filtered.length) {
-    grid.innerHTML = serviceSearchQuery.trim()
-      ? '<p class="loading">No services match that search.</p>'
-      : '<p class="loading">No services in this group.</p>';
-    return;
-  }
+  } else if (activeProjectTab !== "all") {
+    filtered = services.filter(s => s.project === activeProjectTab);
+  }
+  filtered = filtered
+    .filter(s => matchesServiceSearch(s, serviceSearchQuery))
+    .slice()
+    .sort(serviceSort);
+  const searchCount = document.getElementById("service-search-count");
+  if (searchCount) {
+    const trimmed = serviceSearchQuery.trim();
+    searchCount.textContent = trimmed ? filtered.length + " match" + (filtered.length === 1 ? "" : "es") : filtered.length + " shown";
+  }
+  if (!filtered.length) {
+    grid.innerHTML = serviceSearchQuery.trim()
+      ? '<p class="loading">No services match that search.</p>'
+      : '<p class="loading">No services in this group.</p>';
+    return;
+  }
   grid.innerHTML = filtered.map(s => \`
     <div class="card">
       <div style="display:flex;align-items:flex-start;justify-content:space-between">
@@ -1398,7 +1439,7 @@ async function rotateKey(name) {
   const rotBtn = document.getElementById("rotbtn-" + name);
   if (rotBtn) { rotBtn.disabled = true; rotBtn.textContent = "rotating…"; }
   try {
-    const r = await fetch(BASE + "/rotate/" + name, { method: "POST" }).then(r => r.json());
+    const r = await fetch(BASE + "/rotate/" + name, { method: "POST", headers: writeHeaders() }).then(r => r.json());
     if (r.ok) {
       if (rotBtn) { rotBtn.textContent = "✓ rotated"; rotBtn.style.background = "#166534"; }
       loadExpiry(); // refresh badges
@@ -1419,7 +1460,7 @@ async function setExpiry(name) {
   try {
     await fetch(BASE + "/set-expiry/" + name, {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify({ expires_at: expiresAt, rotation_days: parseInt(days) }),
     });
     loadExpiry();
@@ -1487,7 +1528,7 @@ async function saveProject(name) {
   try {
     const r = await fetch(BASE + "/update-service", {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify({ service: name, project: project || "" })
     }).then(r => r.json());
     if (r.locked) { showLockScreen(); return; }
@@ -1532,7 +1573,7 @@ async function saveLabel(name) {
   try {
     const r = await fetch(BASE + "/update-service", {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify({ service: name, label: newLabel })
     }).then(r => r.json());
     if (r.locked) { showLockScreen(false); return; }
@@ -1556,7 +1597,7 @@ async function saveRename(oldName) { await saveLabel(oldName); }
 async function deleteService(name) {
   if (!confirm(\`Delete service "\${name}"? This cannot be undone.\`)) return;
   try {
-    const r = await fetch(BASE + "/delete/" + name, { method: "POST" }).then(r => r.json());
+    const r = await fetch(BASE + "/delete/" + name, { method: "POST", headers: writeHeaders() }).then(r => r.json());
     if (r.locked) { showLockScreen(false); return; }
     if (r.error) throw new Error(r.error);
     loadServices();
@@ -1612,15 +1653,15 @@ async function saveKey(name) {
     value = JSON.stringify(obj);
   } else {
     const input = document.getElementById("set-input-" + name);
-    value = input ? input.value.trim() : "";
-    if (!value) { msg.className = "set-msg fail"; msg.textContent = "Value is empty."; return; }
+    value = input ? input.value : "";
+    if (!value.trim()) { msg.className = "set-msg fail"; msg.textContent = "Value is empty."; return; }
   }
 
   msg.className = "set-msg"; msg.textContent = "Saving…";
   try {
     const r = await fetch(BASE + "/set/" + name, {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify({ value })
     }).then(r => r.json());
 
@@ -1658,7 +1699,7 @@ async function toggleService(name) {
   try {
     const r = await fetch(BASE + "/toggle/" + name, {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify({ enabled: newState })
     }).then(r => r.json());
 
@@ -1763,12 +1804,13 @@ async function changePassword() {
   try {
     const r = await fetch(BASE + "/change-pw", {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify({ newPassword: newPw })
     }).then(r => r.json());
 
     if (r.locked) { showLockScreen(); return; }
     if (r.error) throw new Error(r.error);
+    writeToken = r.write_token || null;
 
     msg.className = "chpw-msg ok"; msg.textContent = "✓ Password updated";
     document.getElementById("chpw-new").value = "";
@@ -1838,7 +1880,7 @@ async function addService() {
     if (project) payload.project = project;
     const r = await fetch(BASE + "/add-service", {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify(payload)
     }).then(r => r.json());
 
@@ -2058,7 +2100,7 @@ async function wizSubmitCfToken() {
 
   const r = await fetch(BASE + "/tunnel/setup/cf-token", {
     method: "POST",
-    headers: { "Content-Type": "application/json" },
+    headers: writeHeaders({ "Content-Type": "application/json" }),
     body: JSON.stringify({ token }),
   }).then(r => r.json()).catch(() => null);
 
@@ -2496,6 +2538,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
   const UNKNOWN_SERVICE_THRESHOLD = 2;    // misses before we return the full service list
   let authHardLocked = false;
   let password = initPassword || null;   // null = locked; set via POST /auth
+  let writeSession = null;               // null until explicit password auth grants write scope
   const machineHash = getMachineHash();
 
   // Rotation engine — starts after unlock
@@ -2522,6 +2565,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       whitelist,
       failCount,
       MAX_FAILS,
+      writeEnabled: process.env.CLAUTH_MCP_WRITE === "1",
     };
   }
 
@@ -2916,6 +2960,22 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     const studioDebugHandled = await studioDebugRuntime.handle(req, res, url, CORS);
     if (studioDebugHandled !== false) return;
 
+    if (method === "GET" && reqPath === "/watchdog/services") {
+      return ok(res, await getWatchdogStatuses());
+    }
+
+    if (method === "GET" && reqPath === "/watchdog/events") {
+      const limit = Number(url.searchParams.get("limit") || 100);
+      return ok(res, { events: readWatchdogEvents(limit) });
+    }
+
+    const restartMatch = reqPath.match(/^\/watchdog\/services\/([^/]+)\/restart$/);
+    if (method === "POST" && restartMatch) {
+      const result = restartWatchdogService(decodeURIComponent(restartMatch[1]));
+      res.writeHead(result.ok ? 200 : 403, { "Content-Type": "application/json", ...CORS });
+      return res.end(JSON.stringify(result));
+    }
+
     // ── Hosts that bypass OAuth (fresh domains for claude.ai compatibility) ──
     const NOAUTH_HOSTS = ["fs.regendevcorp.com", "clauth.regendevcorp.com", "chitchat.regendevcorp.com"];
     const requestHost = (req.headers.host || "").split(":")[0].toLowerCase();
@@ -3115,12 +3175,13 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     const MCP_PATHS = ["/mcp", "/gws", "/clauth", "/fs", "/chitchat", "/codevelop"];
     const isMcpPath = MCP_PATHS.includes(reqPath);
     function toolsForPath(p) {
-      if (p === "/gws")      return MCP_TOOLS.filter(t => t.name.startsWith("gws_"));
-      if (p === "/clauth")   return MCP_TOOLS.filter(t => t.name.startsWith("clauth_") || t.name === "monkey_dispatch" || t.name.startsWith("terminal_") || t.name.startsWith("channel_"));
-      if (p === "/fs")       return MCP_TOOLS.filter(t => t.name.startsWith("fs_"));
-      if (p === "/chitchat") return MCP_TOOLS.filter(t => t.name.startsWith("chitchat_"));
-      if (p === "/codevelop") return MCP_TOOLS.filter(t => t.name.startsWith("codevelop_"));
-      return MCP_TOOLS; // /mcp — all tools
+      const tools = filterMcpToolsForWriteMode(MCP_TOOLS);
+      if (p === "/gws")      return tools.filter(t => t.name.startsWith("gws_"));
+      if (p === "/clauth")   return tools.filter(t => t.name.startsWith("clauth_") || t.name === "monkey_dispatch" || t.name.startsWith("terminal_") || t.name.startsWith("channel_"));
+      if (p === "/fs")       return tools.filter(t => t.name.startsWith("fs_"));
+      if (p === "/chitchat") return tools.filter(t => t.name.startsWith("chitchat_"));
+      if (p === "/codevelop") return tools.filter(t => t.name.startsWith("codevelop_"));
+      return tools; // /mcp — all tools
     }
     function serverNameForPath(p) {
       if (p === "/gws")      return "gws";
@@ -3324,7 +3385,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       if (rpcMethod === "tools/list") {
         sseSend(session.res, "message", {
           jsonrpc: "2.0", id,
-          result: { tools: MCP_TOOLS }
+          result: { tools: filterMcpToolsForWriteMode(MCP_TOOLS) }
         });
         return;
       }
@@ -4121,6 +4182,16 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return false;
     }
 
+    function writeGuard(req, res) {
+      if (lockedGuard(res)) return true;
+      if (!validateWriteToken(req, writeSession)) {
+        res.writeHead(403, { "Content-Type": "application/json", ...CORS });
+        res.end(JSON.stringify({ error: "write token required", write_locked: true }));
+        return true;
+      }
+      return false;
+    }
+
     // GET /meta — return valid key_types from DB check constraint
     if (method === "GET" && reqPath === "/meta") {
       if (lockedGuard(res)) return;
@@ -4311,6 +4382,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
         const result = await api.test(pw, machineHash, token, timestamp);
         if (result.error) throw new Error(result.error);
         password = pw;   // unlock — store in process memory only
+        writeSession = makeWriteToken();
         authFailCount = 0;
         authHardLocked = false;
         const logLine = `[${new Date().toISOString()}] Vault unlocked\n`;
@@ -4365,7 +4437,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
           tunnelStatus = "starting";
           startTunnel().catch(() => {});
         }
-        return ok(res, { ok: true, locked: false });
+        return ok(res, { ok: true, locked: false, write_token: writeSession.token, write_expires_at: new Date(writeSession.expiresAt).toISOString() });
       } catch {
         authFailCount++;
         const authRemaining = MAX_AUTH_FAILS - authFailCount;
@@ -4386,6 +4458,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     // POST /lock — clear password from memory
     if (method === "POST" && reqPath === "/lock") {
       password = null;
+      writeSession = null;
       stopTunnel();
       const logLine = `[${new Date().toISOString()}] Vault locked\n`;
       try { fs.appendFileSync(LOG_FILE, logLine); } catch {}
@@ -4395,7 +4468,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     // POST /rename/:service — rename a service
     const renameMatch = reqPath.match(/^\/rename\/([a-zA-Z0-9_-]+)$/);
     if (method === "POST" && renameMatch) {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
       const service = renameMatch[1].toLowerCase();
       let body;
       try { body = await readBody(req); } catch {
@@ -4420,7 +4493,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     // POST /delete/:service — remove a service entirely
     const deleteMatch = reqPath.match(/^\/delete\/([a-zA-Z0-9_-]+)$/);
     if (method === "POST" && deleteMatch) {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
       const service = deleteMatch[1].toLowerCase();
       try {
         const { token, timestamp } = deriveToken(password, machineHash);
@@ -4435,7 +4508,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     // POST /toggle/:service — enable or disable a service
     const toggleMatch = reqPath.match(/^\/toggle\/([a-zA-Z0-9_-]+)$/);
     if (method === "POST" && toggleMatch) {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
       const service = toggleMatch[1].toLowerCase();
 
       let body;
@@ -4519,7 +4592,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
 
     // POST /rotate/:service — manually trigger rotation for a service
     if (method === "POST" && reqPath.startsWith("/rotate/")) {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
       const service = reqPath.slice("/rotate/".length);
       if (!service) {
         res.writeHead(400, { "Content-Type": "application/json", ...CORS });
@@ -4531,7 +4604,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
 
     // POST /set-expiry/:service — set expiry date for a service
     if (method === "POST" && reqPath.startsWith("/set-expiry/")) {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
       const service = reqPath.slice("/set-expiry/".length);
       let body;
       try { body = await readBody(req); } catch {
@@ -4688,7 +4761,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
 
     // POST /tunnel/setup/cf-token
     if (method === "POST" && reqPath === "/tunnel/setup/cf-token") {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
       let body;
       try { body = await readBody(req); } catch { return strike(res, 400, "Invalid JSON"); }
       const { token: cfToken } = body;
@@ -4708,9 +4781,8 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
         const accountId = ad?.result?.[0]?.id;
         const accountName = ad?.result?.[0]?.name;
 
-        // Save token to vault using api.write (same as /set/:service)
-        const { token: t, timestamp } = deriveToken(password, machineHash);
-        await api.write(password, machineHash, t, timestamp, "cloudflare", cfToken);
+        // Save token to vault using the same guarded recovery path as /set/:service.
+        await writeCredentialWithRecovery({ password, machineHash, service: "cloudflare", value: cfToken, logFile: LOG_FILE });
 
         // Save accountId to clauth_config
         const sbUrl = (api.getBaseUrl() || "").replace("/functions/v1/auth-vault", "");
@@ -4991,7 +5063,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
 
     // POST /change-pw — change master password (must be unlocked)
     if (method === "POST" && reqPath === "/change-pw") {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
 
       let body;
       try { body = await readBody(req); } catch {
@@ -5011,9 +5083,10 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
         const result = await api.changePassword(password, machineHash, token, timestamp, newSeedHash);
         if (result.error) throw new Error(result.error);
         password = newPassword;  // update in-memory password to new one
+        writeSession = makeWriteToken();
         const logLine = `[${new Date().toISOString()}] Password changed\n`;
         try { fs.appendFileSync(LOG_FILE, logLine); } catch {}
-        return ok(res, { ok: true });
+        return ok(res, { ok: true, write_token: writeSession.token, write_expires_at: new Date(writeSession.expiresAt).toISOString() });
       } catch (err) {
         res.writeHead(502, { "Content-Type": "application/json", ...CORS });
         return res.end(JSON.stringify({ error: err.message }));
@@ -5023,7 +5096,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     // POST /set/:service — write a new key value into vault
     const setMatch = reqPath.match(/^\/set\/([a-zA-Z0-9_-]+)$/);
     if (method === "POST" && setMatch) {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
       const service = setMatch[1].toLowerCase();
 
       if (whitelist && !whitelist.includes(service)) {
@@ -5042,10 +5115,9 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       }
 
       try {
-        const { token, timestamp } = deriveToken(password, machineHash);
-        const result = await api.write(password, machineHash, token, timestamp, service, value.trim());
+        const { result, snapshot, normalized } = await writeCredentialWithRecovery({ password, machineHash, service, value, logFile: LOG_FILE });
         if (result.error) return strike(res, 502, result.error);
-        return ok(res, { ok: true, service });
+        return ok(res, { ok: true, service, recovery_snapshot: snapshot?.ok ? true : false, normalized });
       } catch (err) {
         return strike(res, 502, err.message);
       }
@@ -5053,7 +5125,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
 
     // POST /generate-token — generate a cryptographically random bearer token and store it
     if (method === "POST" && reqPath === "/generate-token") {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
 
       let body;
       try { body = await readBody(req); } catch {
@@ -5075,10 +5147,9 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       try {
         const randomHex = crypto.randomBytes(32).toString("hex");
         const token = `${prefix}${randomHex}`;
-        const { token: authToken, timestamp } = deriveToken(password, machineHash);
-        const result = await api.write(password, machineHash, authToken, timestamp, service, token);
+        const { result, snapshot } = await writeCredentialWithRecovery({ password, machineHash, service, value: token, logFile: LOG_FILE, normalize: false });
         if (result.error) return strike(res, 502, result.error);
-        return ok(res, { token, service, stored: true });
+        return ok(res, { token, service, stored: true, recovery_snapshot: snapshot?.ok ? true : false });
       } catch (err) {
         return strike(res, 502, err.message);
       }
@@ -5086,7 +5157,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
 
     // POST /add-service — register a new service in the vault
     if (method === "POST" && reqPath === "/add-service") {
-      if (lockedGuard(res)) return;
+      if (writeGuard(req, res)) return;
 
       let body;
       try { body = await readBody(req); } catch {
@@ -5117,8 +5188,8 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     }
 
     // POST /update-service — update service metadata (project, label, description)
-    if (method === "POST" && reqPath === "/update-service") {
-      if (lockedGuard(res)) return;
+    if (method === "POST" && reqPath === "/update-service") {
+      if (writeGuard(req, res)) return;
 
       let body;
       try { body = await readBody(req); } catch {
@@ -5149,39 +5220,39 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
         return ok(res, { ok: true, service: service.toLowerCase(), ...updates });
       } catch (err) {
         return strike(res, 502, err.message);
-      }
-    }
-
-    if (method === "GET" && reqPath === "/search") {
-      if (lockedGuard(res)) return;
-      const query = (url.searchParams.get("q") || url.searchParams.get("query") || "").trim();
-      const project = (url.searchParams.get("project") || "").trim() || undefined;
-      const includeAddresses = url.searchParams.get("addresses") !== "false";
-      if (!query) {
-        res.writeHead(400, { "Content-Type": "application/json", ...CORS });
-        return res.end(JSON.stringify({ error: "q query parameter is required" }));
-      }
-
-      try {
-        const { token, timestamp } = deriveToken(password, machineHash);
-        const result = await searchServices({
-          password,
-          machineHash,
-          token,
-          timestamp,
-          project,
-          query,
-          includeAddresses,
-          whitelist
-        });
-        if (result.error) return strike(res, 502, result.error);
-        return ok(res, result);
-      } catch (err) {
-        return strike(res, 502, err.message);
-      }
-    }
-
-    // Unknown route — a wrong URL is not an auth failure. Log it, return 404,
+      }
+    }
+
+    if (method === "GET" && reqPath === "/search") {
+      if (lockedGuard(res)) return;
+      const query = (url.searchParams.get("q") || url.searchParams.get("query") || "").trim();
+      const project = (url.searchParams.get("project") || "").trim() || undefined;
+      const includeAddresses = url.searchParams.get("addresses") !== "false";
+      if (!query) {
+        res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+        return res.end(JSON.stringify({ error: "q query parameter is required" }));
+      }
+
+      try {
+        const { token, timestamp } = deriveToken(password, machineHash);
+        const result = await searchServices({
+          password,
+          machineHash,
+          token,
+          timestamp,
+          project,
+          query,
+          includeAddresses,
+          whitelist
+        });
+        if (result.error) return strike(res, 502, result.error);
+        return ok(res, result);
+      } catch (err) {
+        return strike(res, 502, err.message);
+      }
+    }
+
+    // Unknown route — a wrong URL is not an auth failure. Log it, return 404,
     // but do NOT increment failCount (which locks the vault at MAX_FAILS).
     // Auth failures (wrong password, wrong token) still strike via /auth and /get/:service.
     try {
@@ -5552,8 +5623,8 @@ async function actionForeground(opts) {
 // Reuses the same auth model as the HTTP daemon.
 // Secrets are delivered via temp files — never in the MCP response.
 
-import { createInterface } from "readline";
-import { execSync, spawn as spawnProc, spawnSync } from "child_process";
+import { createInterface } from "readline";
+import { execSync, spawn as spawnProc, spawnSync } from "child_process";
 
 // ── Monkey dispatch — headless Claude CLI worker ─────────────────
 function findClaudeBinary() {
@@ -6156,9 +6227,9 @@ function stopCodevelopSession(session_id) {
   return { stopped: true, session_id };
 }
 
-const ENV_MAP = {
-  "github":           "GITHUB_TOKEN",
-  "supabase-anon":    "NEXT_PUBLIC_SUPABASE_ANON_KEY",
+const ENV_MAP = {
+  "github":           "GITHUB_TOKEN",
+  "supabase-anon":    "NEXT_PUBLIC_SUPABASE_ANON_KEY",
   "supabase-service": "SUPABASE_SERVICE_ROLE_KEY",
   "supabase-db":      "SUPABASE_DB_URL",
   "vercel":           "VERCEL_TOKEN",
@@ -6170,116 +6241,116 @@ const ENV_MAP = {
   "rocketreach":      "ROCKETREACH_API_KEY",
   "npm":              "NPM_TOKEN",
   "namecheap":        "NAMECHEAP_API_KEY",
-  "gmail":            "GMAIL_CREDENTIALS",
-};
-
-const ADDRESS_KEY_TYPES = new Set(["connstring", "fileserver", "oauth"]);
-const ADDRESS_FIELDS = new Set(["url", "uri", "host", "hostname", "server", "address", "base_url", "endpoint", "path", "root"]);
-
-function normalizeSearchText(value) {
-  return String(value || "").toLowerCase();
-}
-
-function redactUrlish(value) {
-  const text = String(value || "").trim();
-  if (!text) return "";
-  try {
-    const url = new URL(text);
-    if (url.username) url.username = "***";
-    if (url.password) url.password = "***";
-    return url.toString();
-  } catch {
-    return text.replace(/:\/\/([^:@/\s]+):([^@/\s]+)@/g, "://***:***@");
-  }
-}
-
-function collectAddressHints(value, keyType) {
-  if (!ADDRESS_KEY_TYPES.has(String(keyType || "").toLowerCase())) return [];
-  const hints = new Set();
-
-  function add(candidate) {
-    if (candidate === undefined || candidate === null) return;
-    const text = redactUrlish(candidate);
-    if (text) hints.add(text);
-  }
-
-  function walk(node, fieldName = "") {
-    if (node === undefined || node === null) return;
-    if (typeof node === "string") {
-      if (fieldName && ADDRESS_FIELDS.has(fieldName.toLowerCase())) add(node);
-      if (/^[a-z][a-z0-9+.-]*:\/\//i.test(node) || /^[A-Za-z]:[\\/]/.test(node) || node.startsWith("\\\\")) add(node);
-      return;
-    }
-    if (Array.isArray(node)) {
-      for (const item of node) walk(item, fieldName);
-      return;
-    }
-    if (typeof node === "object") {
-      for (const [key, child] of Object.entries(node)) walk(child, key);
-    }
-  }
-
-  try {
-    walk(JSON.parse(value));
-  } catch {
-    walk(value);
-  }
-
-  return [...hints];
-}
-
-async function searchServices({ password, machineHash, token, timestamp, query, project, includeAddresses = true, whitelist }) {
-  const q = normalizeSearchText(query);
-  if (!q) return { error: "query is required" };
-
-  const result = await api.status(password, machineHash, token, timestamp, project);
-  if (result.error) return { error: result.error };
-
-  let services = result.services || [];
-  if (whitelist) services = services.filter(s => whitelist.includes(String(s.name || "").toLowerCase()));
-
-  const matches = [];
-  for (const s of services) {
-    const fields = {
-      name: s.name,
-      label: s.label,
-      project: s.project,
-      type: s.key_type,
-      description: s.description
-    };
-    const matched = Object.entries(fields)
-      .filter(([, value]) => normalizeSearchText(value).includes(q))
-      .map(([field]) => field);
-
-    let addressHints = [];
-    if (includeAddresses && ADDRESS_KEY_TYPES.has(String(s.key_type || "").toLowerCase()) && s.vault_key) {
-      const secret = await api.retrieve(password, machineHash, token, timestamp, s.name);
-      if (!secret.error) {
-        addressHints = collectAddressHints(secret.value, s.key_type);
-        if (addressHints.some(h => normalizeSearchText(h).includes(q))) matched.push("address");
-      }
-    }
-
-    if (matched.length) {
-      matches.push({
-        name: s.name,
-        label: s.label || null,
-        project: s.project || null,
-        key_type: s.key_type,
-        enabled: !!s.enabled,
-        has_key: !!s.vault_key,
-        description: s.description || null,
-        matched: [...new Set(matched)],
-        address_hints: addressHints
-      });
-    }
-  }
-
-  return { query, count: matches.length, matches };
-}
-
-// ── Filesystem service config — loaded from clauth vault ──
-let _fsMountsCache = null;
+  "gmail":            "GMAIL_CREDENTIALS",
+};
+
+const ADDRESS_KEY_TYPES = new Set(["connstring", "fileserver", "oauth"]);
+const ADDRESS_FIELDS = new Set(["url", "uri", "host", "hostname", "server", "address", "base_url", "endpoint", "path", "root"]);
+
+function normalizeSearchText(value) {
+  return String(value || "").toLowerCase();
+}
+
+function redactUrlish(value) {
+  const text = String(value || "").trim();
+  if (!text) return "";
+  try {
+    const url = new URL(text);
+    if (url.username) url.username = "***";
+    if (url.password) url.password = "***";
+    return url.toString();
+  } catch {
+    return text.replace(/:\/\/([^:@/\s]+):([^@/\s]+)@/g, "://***:***@");
+  }
+}
+
+function collectAddressHints(value, keyType) {
+  if (!ADDRESS_KEY_TYPES.has(String(keyType || "").toLowerCase())) return [];
+  const hints = new Set();
+
+  function add(candidate) {
+    if (candidate === undefined || candidate === null) return;
+    const text = redactUrlish(candidate);
+    if (text) hints.add(text);
+  }
+
+  function walk(node, fieldName = "") {
+    if (node === undefined || node === null) return;
+    if (typeof node === "string") {
+      if (fieldName && ADDRESS_FIELDS.has(fieldName.toLowerCase())) add(node);
+      if (/^[a-z][a-z0-9+.-]*:\/\//i.test(node) || /^[A-Za-z]:[\\/]/.test(node) || node.startsWith("\\\\")) add(node);
+      return;
+    }
+    if (Array.isArray(node)) {
+      for (const item of node) walk(item, fieldName);
+      return;
+    }
+    if (typeof node === "object") {
+      for (const [key, child] of Object.entries(node)) walk(child, key);
+    }
+  }
+
+  try {
+    walk(JSON.parse(value));
+  } catch {
+    walk(value);
+  }
+
+  return [...hints];
+}
+
+async function searchServices({ password, machineHash, token, timestamp, query, project, includeAddresses = true, whitelist }) {
+  const q = normalizeSearchText(query);
+  if (!q) return { error: "query is required" };
+
+  const result = await api.status(password, machineHash, token, timestamp, project);
+  if (result.error) return { error: result.error };
+
+  let services = result.services || [];
+  if (whitelist) services = services.filter(s => whitelist.includes(String(s.name || "").toLowerCase()));
+
+  const matches = [];
+  for (const s of services) {
+    const fields = {
+      name: s.name,
+      label: s.label,
+      project: s.project,
+      type: s.key_type,
+      description: s.description
+    };
+    const matched = Object.entries(fields)
+      .filter(([, value]) => normalizeSearchText(value).includes(q))
+      .map(([field]) => field);
+
+    let addressHints = [];
+    if (includeAddresses && ADDRESS_KEY_TYPES.has(String(s.key_type || "").toLowerCase()) && s.vault_key) {
+      const secret = await api.retrieve(password, machineHash, token, timestamp, s.name);
+      if (!secret.error) {
+        addressHints = collectAddressHints(secret.value, s.key_type);
+        if (addressHints.some(h => normalizeSearchText(h).includes(q))) matched.push("address");
+      }
+    }
+
+    if (matched.length) {
+      matches.push({
+        name: s.name,
+        label: s.label || null,
+        project: s.project || null,
+        key_type: s.key_type,
+        enabled: !!s.enabled,
+        has_key: !!s.vault_key,
+        description: s.description || null,
+        matched: [...new Set(matched)],
+        address_hints: addressHints
+      });
+    }
+  }
+
+  return { query, count: matches.length, matches };
+}
+
+// ── Filesystem service config — loaded from clauth vault ──
+let _fsMountsCache = null;
 let _fsMountsCacheTime = 0;
 const FS_CACHE_TTL = 60000; // 1 minute
 
@@ -6313,115 +6384,124 @@ async function getFileserverMounts(vault) {
   }
 }
 
-async function resolveInMount(requestedPath, mountName, vault) {
+async function resolveInMount(requestedPath, mountName, vault) {
   const { mounts, error } = await getFileserverMounts(vault);
   if (error) return { error };
-  if (!mounts || mounts.length === 0) return { error: "No fileserver services configured. Add one with key_type='fileserver' and value: {\"path\": \"C:/Dev/regen-root\", \"access\": \"rwd\"}" };
+  if (!mounts || mounts.length === 0) return { error: "No fileserver services configured. Add one with key_type='fileserver' and value: {\"path\": \"C:/Dev/regen-root\", \"access\": \"rwdg\"}  (access flags: r=read w=write d=delete g=git)" };
   const mount = mountName ? mounts.find(m => m.name === mountName) : mounts[0];
   if (!mount) return { error: `Mount '${mountName}' not found. Available: ${mounts.map(m => m.name).join(", ")}` };
   if (!mount.path) return { error: `Fileserver '${mount.name}' has no path configured` };
-  const resolved = path.resolve(mount.path, requestedPath);
-  const normalized = path.normalize(resolved);
-  const relative = path.relative(path.normalize(mount.path), normalized);
-  if (relative.startsWith("..") || path.isAbsolute(relative)) {
-    return { error: `Path escapes mount: ${requestedPath}` };
-  }
-  return { resolved: normalized, mount };
-}
-
-function checkAccess(mount, flag) {
-  return mount.access.includes(flag);
-}
-
-function sha256Hex(value) {
-  return crypto.createHash("sha256").update(value).digest("hex");
-}
-
-async function atomicWriteText(filePath, content) {
-  await mkdir(path.dirname(filePath), { recursive: true });
-  const tempPath = path.join(
-    path.dirname(filePath),
-    `.${path.basename(filePath)}.tmp-${process.pid}-${Date.now()}-${crypto.randomBytes(4).toString("hex")}`
-  );
-  await writeFile(tempPath, content, "utf8");
-  await rename(tempPath, filePath);
-}
-
-async function fileInfo(filePath, requestedPath) {
-  const s = await stat(filePath);
-  const info = {
-    path: requestedPath,
-    type: s.isDirectory() ? "dir" : "file",
-    size: s.size,
-    modified: s.mtime.toISOString(),
-  };
-  if (s.isFile()) {
-    const content = await readFile(filePath);
-    info.sha256 = sha256Hex(content);
-  }
-  return info;
-}
-
-const FS_UPLOAD_SESSIONS = new Map();
-const FS_UPLOAD_TTL_MS = 30 * 60 * 1000;
-const FS_MAX_CHUNKS = 500;
-const FS_MAX_CHUNK_BYTES = 128 * 1024;
-const FS_MAX_INGEST_BYTES = 25 * 1024 * 1024;
-const FS_GIT_IMPORT_ALLOWED_PREFIXES = [
-  "docs/",
-  ".rdc/plans/",
-  ".rdc/guides/",
-  ".claude/context/",
-  ".claude/rules/",
-  ".rdc/relay/from-claude-ai/",
-];
-
-function cleanupFsUploadSessions() {
-  const cutoff = Date.now() - FS_UPLOAD_TTL_MS;
-  for (const [id, session] of FS_UPLOAD_SESSIONS) {
-    if (session.updatedAt < cutoff) FS_UPLOAD_SESSIONS.delete(id);
-  }
-}
-
-function runGit(cwd, args, opts = {}) {
-  const res = spawnSync("git", args, {
-    cwd,
-    encoding: "utf8",
-    windowsHide: true,
-    maxBuffer: opts.maxBuffer || 10 * 1024 * 1024,
-  });
-  if (res.status !== 0) {
-    const detail = (res.stderr || res.stdout || "").trim();
-    throw new Error(`git ${args.join(" ")} failed${detail ? `: ${detail}` : ""}`);
-  }
-  return (res.stdout || "").trim();
-}
-
-function runGitRaw(cwd, args, opts = {}) {
-  const res = spawnSync("git", args, {
-    cwd,
-    encoding: "buffer",
-    windowsHide: true,
-    maxBuffer: opts.maxBuffer || 10 * 1024 * 1024,
-  });
-  if (res.status !== 0) {
-    const detail = Buffer.concat([res.stderr || Buffer.alloc(0), res.stdout || Buffer.alloc(0)]).toString("utf8").trim();
-    throw new Error(`git ${args.join(" ")} failed${detail ? `: ${detail}` : ""}`);
-  }
-  return res.stdout || Buffer.alloc(0);
-}
-
-function normalizeRepoPath(p) {
-  if (!p || typeof p !== "string") return null;
-  const normalized = p.replace(/\\/g, "/").replace(/^\/+/, "");
-  const parts = normalized.split("/").filter(Boolean);
-  if (parts.length === 0 || parts.includes("..") || path.isAbsolute(p)) return null;
-  return parts.join("/");
-}
-
-function isAllowedGitImportPath(p, allowedPrefixes = FS_GIT_IMPORT_ALLOWED_PREFIXES) {
-  return allowedPrefixes.some((prefix) => p === prefix.replace(/\/$/, "") || p.startsWith(prefix));
-}
+  const resolved = path.resolve(mount.path, requestedPath);
+  const normalized = path.normalize(resolved);
+  const relative = path.relative(path.normalize(mount.path), normalized);
+  if (relative.startsWith("..") || path.isAbsolute(relative)) {
+    return { error: `Path escapes mount: ${requestedPath}` };
+  }
+  return { resolved: normalized, mount };
+}
+
+function checkAccess(mount, flag) {
+  return mount.access.includes(flag);
+}
+
+function sha256Hex(value) {
+  return crypto.createHash("sha256").update(value).digest("hex");
+}
+
+async function atomicWriteText(filePath, content) {
+  await mkdir(path.dirname(filePath), { recursive: true });
+  const tempPath = path.join(
+    path.dirname(filePath),
+    `.${path.basename(filePath)}.tmp-${process.pid}-${Date.now()}-${crypto.randomBytes(4).toString("hex")}`
+  );
+  await writeFile(tempPath, content, "utf8");
+  await rename(tempPath, filePath);
+}
+
+async function fileInfo(filePath, requestedPath) {
+  const s = await stat(filePath);
+  const info = {
+    path: requestedPath,
+    type: s.isDirectory() ? "dir" : "file",
+    size: s.size,
+    modified: s.mtime.toISOString(),
+  };
+  if (s.isFile()) {
+    const content = await readFile(filePath);
+    info.sha256 = sha256Hex(content);
+  }
+  return info;
+}
+
+const FS_UPLOAD_SESSIONS = new Map();
+const FS_UPLOAD_TTL_MS = 30 * 60 * 1000;
+const FS_MAX_CHUNKS = 500;
+const FS_MAX_CHUNK_BYTES = 128 * 1024;
+const FS_MAX_INGEST_BYTES = 25 * 1024 * 1024;
+const FS_GIT_IMPORT_ALLOWED_PREFIXES = [
+  "docs/",
+  ".rdc/plans/",
+  ".rdc/guides/",
+  ".claude/context/",
+  ".claude/rules/",
+  ".rdc/relay/from-claude-ai/",
+];
+
+function cleanupFsUploadSessions() {
+  const cutoff = Date.now() - FS_UPLOAD_TTL_MS;
+  for (const [id, session] of FS_UPLOAD_SESSIONS) {
+    if (session.updatedAt < cutoff) FS_UPLOAD_SESSIONS.delete(id);
+  }
+}
+
+function runGit(cwd, args, opts = {}) {
+  const res = spawnSync("git", args, {
+    cwd,
+    encoding: "utf8",
+    windowsHide: true,
+    maxBuffer: opts.maxBuffer || 10 * 1024 * 1024,
+  });
+  if (res.status !== 0) {
+    const detail = (res.stderr || res.stdout || "").trim();
+    throw new Error(`git ${args.join(" ")} failed${detail ? `: ${detail}` : ""}`);
+  }
+  return (res.stdout || "").trim();
+}
+
+function runGitRaw(cwd, args, opts = {}) {
+  const res = spawnSync("git", args, {
+    cwd,
+    encoding: "buffer",
+    windowsHide: true,
+    maxBuffer: opts.maxBuffer || 10 * 1024 * 1024,
+  });
+  if (res.status !== 0) {
+    const detail = Buffer.concat([res.stderr || Buffer.alloc(0), res.stdout || Buffer.alloc(0)]).toString("utf8").trim();
+    throw new Error(`git ${args.join(" ")} failed${detail ? `: ${detail}` : ""}`);
+  }
+  return res.stdout || Buffer.alloc(0);
+}
+
+// Read a single credential value from the vault inside an MCP handler.
+// (The git operations themselves live in ../lib/fs-git.js — pure + testable.)
+async function vaultRetrieveValue(vault, service) {
+  if (!vault.password) return { error: "locked" };
+  if (vault.whitelist && !vault.whitelist.includes(service.toLowerCase())) return { error: "not_in_whitelist" };
+  const { token, timestamp } = deriveToken(vault.password, vault.machineHash);
+  return api.retrieve(vault.password, vault.machineHash, token, timestamp, service);
+}
+
+function normalizeRepoPath(p) {
+  if (!p || typeof p !== "string") return null;
+  const normalized = p.replace(/\\/g, "/").replace(/^\/+/, "");
+  const parts = normalized.split("/").filter(Boolean);
+  if (parts.length === 0 || parts.includes("..") || path.isAbsolute(p)) return null;
+  return parts.join("/");
+}
+
+function isAllowedGitImportPath(p, allowedPrefixes = FS_GIT_IMPORT_ALLOWED_PREFIXES) {
+  return allowedPrefixes.some((prefix) => p === prefix.replace(/\/$/, "") || p.startsWith(prefix));
+}
 
 const MCP_TOOLS = [
   {
@@ -6444,28 +6524,28 @@ const MCP_TOOLS = [
     description: "List all services with type, enabled state, key presence, and last retrieval time",
     inputSchema: { type: "object", properties: {}, additionalProperties: false }
   },
-  {
-    name: "clauth_list",
-    description: "List registered service names",
-    inputSchema: { type: "object", properties: {}, additionalProperties: false }
-  },
-  {
-    name: "clauth_search",
-    description: "Search registered services by name, label, project, description, type, or redacted address hints from address-bearing secrets",
-    inputSchema: {
-      type: "object",
-      properties: {
-        query: { type: "string", description: "Search text, such as part of a service name, project, host, URL, or filesystem path" },
-        project: { type: "string", description: "Optional project scope" },
-        addresses: { type: "boolean", default: true, description: "Include redacted address hints from connstring/fileserver/oauth secrets" }
-      },
-      required: ["query"],
-      additionalProperties: false
-    }
-  },
-  {
-    name: "clauth_get",
-    description: "Retrieve a secret and deliver to a temp file (default), clipboard, or stdout. Temp files auto-delete after 30 seconds.",
+  {
+    name: "clauth_list",
+    description: "List registered service names",
+    inputSchema: { type: "object", properties: {}, additionalProperties: false }
+  },
+  {
+    name: "clauth_search",
+    description: "Search registered services by name, label, project, description, type, or redacted address hints from address-bearing secrets",
+    inputSchema: {
+      type: "object",
+      properties: {
+        query: { type: "string", description: "Search text, such as part of a service name, project, host, URL, or filesystem path" },
+        project: { type: "string", description: "Optional project scope" },
+        addresses: { type: "boolean", default: true, description: "Include redacted address hints from connstring/fileserver/oauth secrets" }
+      },
+      required: ["query"],
+      additionalProperties: false
+    }
+  },
+  {
+    name: "clauth_get",
+    description: "Retrieve a secret and deliver to a temp file (default), clipboard, or stdout. Temp files auto-delete after 30 seconds.",
     inputSchema: {
       type: "object",
       properties: {
@@ -6928,9 +7008,9 @@ const MCP_TOOLS = [
       additionalProperties: false,
     },
   },
-  {
-    name: "fs_write",
-    description: "Write content to a file. Creates parent directories if needed. Overwrites existing file.",
+  {
+    name: "fs_write",
+    description: "Write content to a file. Creates parent directories if needed. Overwrites existing file.",
     inputSchema: {
       type: "object",
       properties: {
@@ -6939,93 +7019,93 @@ const MCP_TOOLS = [
         mount: { type: "string", description: "Mount name (default: first mount)" },
       },
       required: ["path", "content"],
-      additionalProperties: false,
-    },
-  },
-  {
-    name: "fs_stat",
-    description: "Get file or directory metadata. Files include a SHA-256 hash for guarded edits.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        path: { type: "string", description: "Relative path within mount" },
-        mount: { type: "string", description: "Mount name (default: first mount)" },
-      },
-      required: ["path"],
-      additionalProperties: false,
-    },
-  },
-  {
-    name: "fs_append",
-    description: "Append text to a file, optionally guarded by the current file SHA-256 hash.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        path: { type: "string", description: "Relative path within mount" },
-        content: { type: "string", description: "Text to append" },
-        mount: { type: "string", description: "Mount name (default: first mount)" },
-        expected_sha256: { type: "string", description: "Optional current file SHA-256. If provided and the file exists, append only when it matches." },
-      },
-      required: ["path", "content"],
-      additionalProperties: false,
-    },
-  },
-  {
-    name: "fs_write_chunk",
-    description: "Stage chunked text writes and atomically publish when all chunks arrive. Use when single write arguments are too large.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        upload_id: { type: "string", description: "Caller-chosen idempotency key for this file upload" },
-        path: { type: "string", description: "Relative path within mount" },
-        chunk_index: { type: "number", description: "Zero-based chunk index" },
-        total_chunks: { type: "number", description: "Total chunks expected" },
-        content: { type: "string", description: "Chunk text content" },
-        mount: { type: "string", description: "Mount name (default: first mount)" },
-        expected_sha256: { type: "string", description: "Optional SHA-256 of the final assembled file content" },
-      },
-      required: ["upload_id", "path", "chunk_index", "total_chunks", "content"],
-      additionalProperties: false,
-    },
-  },
-  {
-    name: "fs_ingest_url",
-    description: "Download text from an http(s) URL and atomically write it inside the mount. Useful for moving cloud files into the local filesystem.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: { type: "string", description: "HTTPS or HTTP URL to fetch" },
-        path: { type: "string", description: "Relative output path within mount" },
-        mount: { type: "string", description: "Mount name (default: first mount)" },
-        max_bytes: { type: "number", description: "Maximum download size in bytes (default 5MB, hard max 25MB)" },
-        expected_sha256: { type: "string", description: "Optional SHA-256 of fetched content before writing" },
-      },
-      required: ["url", "path"],
-      additionalProperties: false,
-    },
-  },
-  {
-    name: "fs_import_git_files",
-    description: "Fetch a Git ref and restore only named files into the mounted repo, optionally committing just those files. Designed for Claude.ai GitHub uploads into dirty local monorepos.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        remote: { type: "string", description: "Git remote name (default: origin)" },
-        ref: { type: "string", description: "Branch, tag, or commit to fetch/restore from" },
-        paths: { type: "array", items: { type: "string" }, description: "Repo-relative file paths to import" },
-        mode: { type: "string", enum: ["new_only", "overwrite"], description: "new_only refuses existing local paths. overwrite restores named paths only." },
-        commit: { type: "boolean", description: "When true, stage only imported paths and create a local commit. Never pushes." },
-        message: { type: "string", description: "Commit subject when commit=true" },
-        mount: { type: "string", description: "Mount name (default: first mount)" },
-        allowed_prefixes: { type: "array", items: { type: "string" }, description: "Optional path allowlist prefixes. Defaults to docs and agent corpus paths." },
-      },
-      required: ["ref", "paths"],
-      additionalProperties: false,
-    },
-  },
-  {
-    name: "fs_list",
-    description: "List directory contents with file type, size, and modification time.",
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_stat",
+    description: "Get file or directory metadata. Files include a SHA-256 hash for guarded edits.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Relative path within mount" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      required: ["path"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_append",
+    description: "Append text to a file, optionally guarded by the current file SHA-256 hash.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Relative path within mount" },
+        content: { type: "string", description: "Text to append" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+        expected_sha256: { type: "string", description: "Optional current file SHA-256. If provided and the file exists, append only when it matches." },
+      },
+      required: ["path", "content"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_write_chunk",
+    description: "Stage chunked text writes and atomically publish when all chunks arrive. Use when single write arguments are too large.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        upload_id: { type: "string", description: "Caller-chosen idempotency key for this file upload" },
+        path: { type: "string", description: "Relative path within mount" },
+        chunk_index: { type: "number", description: "Zero-based chunk index" },
+        total_chunks: { type: "number", description: "Total chunks expected" },
+        content: { type: "string", description: "Chunk text content" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+        expected_sha256: { type: "string", description: "Optional SHA-256 of the final assembled file content" },
+      },
+      required: ["upload_id", "path", "chunk_index", "total_chunks", "content"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_ingest_url",
+    description: "Download text from an http(s) URL and atomically write it inside the mount. Useful for moving cloud files into the local filesystem.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        url: { type: "string", description: "HTTPS or HTTP URL to fetch" },
+        path: { type: "string", description: "Relative output path within mount" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+        max_bytes: { type: "number", description: "Maximum download size in bytes (default 5MB, hard max 25MB)" },
+        expected_sha256: { type: "string", description: "Optional SHA-256 of fetched content before writing" },
+      },
+      required: ["url", "path"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_import_git_files",
+    description: "Fetch a Git ref and restore only named files into the mounted repo, optionally committing just those files. Designed for Claude.ai GitHub uploads into dirty local monorepos.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        remote: { type: "string", description: "Git remote name (default: origin)" },
+        ref: { type: "string", description: "Branch, tag, or commit to fetch/restore from" },
+        paths: { type: "array", items: { type: "string" }, description: "Repo-relative file paths to import" },
+        mode: { type: "string", enum: ["new_only", "overwrite"], description: "new_only refuses existing local paths. overwrite restores named paths only." },
+        commit: { type: "boolean", description: "When true, stage only imported paths and create a local commit. Never pushes." },
+        message: { type: "string", description: "Commit subject when commit=true" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+        allowed_prefixes: { type: "array", items: { type: "string" }, description: "Optional path allowlist prefixes. Defaults to docs and agent corpus paths." },
+      },
+      required: ["ref", "paths"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_list",
+    description: "List directory contents with file type, size, and modification time.",
     inputSchema: {
       type: "object",
       properties: {
@@ -7092,13 +7172,115 @@ const MCP_TOOLS = [
       additionalProperties: false,
     },
   },
+  {
+    name: "fs_edit",
+    description: "Replace a unique string in a file. Like Edit in Claude Code: fails if old_string is not found or matches multiple times unless replace_all=true. Atomic write. Returns new file info including sha256.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Relative path within mount" },
+        old_string: { type: "string", description: "Exact text to find (must be unique unless replace_all=true)" },
+        new_string: { type: "string", description: "Replacement text (must differ from old_string)" },
+        replace_all: { type: "boolean", description: "Replace every occurrence (default false)" },
+        expected_sha256: { type: "string", description: "Optional current file SHA-256 guard. If provided and mismatched, edit is rejected." },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      required: ["path", "old_string", "new_string"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_move",
+    description: "Move or rename a file or directory within a mount. Single syscall when possible; falls back to copy+delete across devices. Refuses to overwrite existing destination unless overwrite=true.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        from: { type: "string", description: "Source relative path within mount" },
+        to: { type: "string", description: "Destination relative path within mount" },
+        overwrite: { type: "boolean", description: "Overwrite destination if it exists (default false)" },
+        mount: { type: "string", description: "Mount name for both from and to (default: first mount)" },
+      },
+      required: ["from", "to"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_copy",
+    description: "Copy a file or directory tree within a mount. Recursive by default. Refuses to overwrite existing destination unless overwrite=true.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        from: { type: "string", description: "Source relative path within mount" },
+        to: { type: "string", description: "Destination relative path within mount" },
+        overwrite: { type: "boolean", description: "Overwrite destination if it exists (default false)" },
+        mount: { type: "string", description: "Mount name for both from and to (default: first mount)" },
+      },
+      required: ["from", "to"],
+      additionalProperties: false,
+    },
+  },
   {
     name: "fs_mounts",
     description: "List configured filesystem mounts (fileserver services from vault).",
     inputSchema: { type: "object", properties: {}, additionalProperties: false },
   },
+  {
+    name: "fs_repo_status",
+    description: "Get the current git state of the mounted repo in ONE call: branch, HEAD sha + subject, whether the tree is clean or dirty (with changed paths), staged paths, how far ahead/behind the remote you are, and whether a merge or rebase is in progress. Call this first so you KNOW what you are working with before committing — you never have to guess whether your edits or a previous push landed. Requires 'g' (git) access on the mount.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_use_branch",
+    description: "Safely make sure you are on a branch before committing. Switches to an existing branch, or creates a new one from the current HEAD when create=true. Your uncommitted edits are carried forward; if switching would overwrite local changes it refuses and leaves the tree untouched, telling you which files block the switch. Refuses while a merge/rebase is in progress. Requires 'g' (git) access on the mount.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        branch: { type: "string", description: "Branch name to switch to (or create)" },
+        create: { type: "boolean", description: "Create a new branch from current HEAD instead of switching to an existing one (default false)" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      required: ["branch"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "fs_commit",
+    description: "Save the files you edited durably: stages changes, commits, and PUSHES by default — usually a single call is all you need after editing. Handles the messy cases for you: nothing-to-commit returns cleanly (no error); a merge/rebase in progress or a detached HEAD is refused with a clear message; if the branch is behind the remote it auto-rebases and retries the push, and on conflict it aborts the rebase (restoring your tree) and keeps the commit local so nothing is lost. Refuses to push protected branches (main/master/production) — those are promoted by a human. Returns the commit sha, the exact files committed, whether the push succeeded, and ahead/behind counts, so you never need a follow-up status call. Push auth uses the vault's github token directly (never exposed). Requires 'g' (git) access on the mount.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        message: { type: "string", description: "Commit message (required)" },
+        paths: { type: "array", items: { type: "string" }, description: "Repo-relative paths to commit. Omit to commit ALL current changes in the repo." },
+        push: { type: "boolean", description: "Push to the remote after committing (default true)" },
+        remote: { type: "string", description: "Git remote name (default: origin)" },
+        author_name: { type: "string", description: "Commit author name (default: clauth-fs)" },
+        author_email: { type: "string", description: "Commit author email (default: fs@clauth.local)" },
+        mount: { type: "string", description: "Mount name (default: first mount)" },
+      },
+      required: ["message"],
+      additionalProperties: false,
+    },
+  },
 ];
 
+const MCP_WRITE_TOOL_NAMES = new Set([
+  "clauth_enable",
+  "clauth_disable",
+  "clauth_set_project",
+  "clauth_generate_token",
+]);
+
+function filterMcpToolsForWriteMode(tools) {
+  if (process.env.CLAUTH_MCP_WRITE === "1") return tools;
+  return tools.filter(tool => !MCP_WRITE_TOOL_NAMES.has(tool.name));
+}
+
 function writeTempSecret(service, value) {
   const filePath = path.join(os.tmpdir(), `.clauth-${service}`);
   fs.writeFileSync(filePath, value, { mode: 0o600 });
@@ -7129,6 +7311,11 @@ function mcpError(text) {
 const GWS_EXEC_OPTS = { encoding: "utf8", timeout: 30000, windowsHide: true, shell: os.platform() === "win32" ? "bash" : undefined };
 
 async function handleMcpTool(vault, name, args) {
+  const requireMcpWrite = () => {
+    if (vault.writeEnabled) return null;
+    return mcpError("MCP write tools are disabled by default. Launch clauth with CLAUTH_MCP_WRITE=1 for an explicit write-capable session.");
+  };
+
   switch (name) {
     case "clauth_ping": {
       return mcpResult(
@@ -7182,10 +7369,10 @@ async function handleMcpTool(vault, name, args) {
       }
     }
 
-    case "clauth_list": {
-      if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
-      try {
-        const { token, timestamp } = deriveToken(vault.password, vault.machineHash);
+    case "clauth_list": {
+      if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
+      try {
+        const { token, timestamp } = deriveToken(vault.password, vault.machineHash);
         const result = await api.status(vault.password, vault.machineHash, token, timestamp);
         if (result.error) return mcpError(result.error);
         let services = result.services || [];
@@ -7194,34 +7381,34 @@ async function handleMcpTool(vault, name, args) {
         }
         return mcpResult(services.map(s => s.name).join(", "));
       } catch (err) {
-        return mcpError(err.message);
-      }
-    }
-
-    case "clauth_search": {
-      if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
-      try {
-        const { token, timestamp } = deriveToken(vault.password, vault.machineHash);
-        const result = await searchServices({
-          password: vault.password,
-          machineHash: vault.machineHash,
-          token,
-          timestamp,
-          query: args.query,
-          project: args.project,
-          includeAddresses: args.addresses !== false,
-          whitelist: vault.whitelist
-        });
-        if (result.error) return mcpError(result.error);
-        return mcpResult(JSON.stringify(result, null, 2));
-      } catch (err) {
-        return mcpError(err.message);
-      }
-    }
-
-    case "clauth_get": {
-      if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
-      const service = (args.service || "").toLowerCase();
+        return mcpError(err.message);
+      }
+    }
+
+    case "clauth_search": {
+      if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
+      try {
+        const { token, timestamp } = deriveToken(vault.password, vault.machineHash);
+        const result = await searchServices({
+          password: vault.password,
+          machineHash: vault.machineHash,
+          token,
+          timestamp,
+          query: args.query,
+          project: args.project,
+          includeAddresses: args.addresses !== false,
+          whitelist: vault.whitelist
+        });
+        if (result.error) return mcpError(result.error);
+        return mcpResult(JSON.stringify(result, null, 2));
+      } catch (err) {
+        return mcpError(err.message);
+      }
+    }
+
+    case "clauth_get": {
+      if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
+      const service = (args.service || "").toLowerCase();
       const target = args.target || "file";
       if (!service) return mcpError("service is required");
       if (vault.whitelist && !vault.whitelist.includes(service)) {
@@ -7310,6 +7497,8 @@ async function handleMcpTool(vault, name, args) {
     }
 
     case "clauth_enable": {
+      const writeError = requireMcpWrite();
+      if (writeError) return writeError;
       if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
       const service = (args.service || "").toLowerCase();
       if (!service) return mcpError("service is required");
@@ -7324,6 +7513,8 @@ async function handleMcpTool(vault, name, args) {
     }
 
     case "clauth_disable": {
+      const writeError = requireMcpWrite();
+      if (writeError) return writeError;
       if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
       const service = (args.service || "").toLowerCase();
       if (!service) return mcpError("service is required");
@@ -7363,6 +7554,8 @@ async function handleMcpTool(vault, name, args) {
     }
 
     case "clauth_set_project": {
+      const writeError = requireMcpWrite();
+      if (writeError) return writeError;
       if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
       const service = (args.service || "").toLowerCase();
       const project = args.project;
@@ -7414,6 +7607,8 @@ async function handleMcpTool(vault, name, args) {
     }
 
     case "clauth_generate_token": {
+      const writeError = requireMcpWrite();
+      if (writeError) return writeError;
       if (!vault.password) return mcpError("Vault is locked — call clauth_unlock first");
       const service = (args.service || "").trim().toLowerCase();
       const prefix = args.prefix || "";
@@ -7421,8 +7616,14 @@ async function handleMcpTool(vault, name, args) {
       try {
         const randomHex = crypto.randomBytes(32).toString("hex");
         const generatedToken = `${prefix}${randomHex}`;
-        const { token: authToken, timestamp } = deriveToken(vault.password, vault.machineHash);
-        const result = await api.write(vault.password, vault.machineHash, authToken, timestamp, service, generatedToken);
+        const { result } = await writeCredentialWithRecovery({
+          password: vault.password,
+          machineHash: vault.machineHash,
+          service,
+          value: generatedToken,
+          logFile: LOG_FILE,
+          normalize: false,
+        });
         if (result.error) return mcpError(result.error);
         return mcpResult(`Token generated and stored under "${service}": ${generatedToken}`);
       } catch (err) {
@@ -7515,250 +7716,250 @@ async function handleMcpTool(vault, name, args) {
       }
     }
 
-    case "fs_write": {
-      const r = await resolveInMount(args.path, args.mount, vault);
-      if (r.error) return mcpError(r.error);
-      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
-      try {
-        await atomicWriteText(r.resolved, args.content);
-        return mcpResult(`Written: ${args.path} (${Buffer.byteLength(args.content)} bytes)`);
-      } catch (err) {
-        return mcpError(`Write failed: ${err.message}`);
-      }
-    }
-
-    case "fs_stat": {
-      const r = await resolveInMount(args.path, args.mount, vault);
-      if (r.error) return mcpError(r.error);
-      if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
-      try {
-        return mcpResult(JSON.stringify(await fileInfo(r.resolved, args.path), null, 2));
-      } catch (err) {
-        if (err.code === "ENOENT") return mcpError(`Not found: ${args.path}`);
-        return mcpError(`Stat failed: ${err.message}`);
-      }
-    }
-
-    case "fs_append": {
-      const r = await resolveInMount(args.path, args.mount, vault);
-      if (r.error) return mcpError(r.error);
-      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
-      try {
-        try {
-          const current = await readFile(r.resolved);
-          if (args.expected_sha256 && sha256Hex(current) !== args.expected_sha256) {
-            return mcpError("Append rejected: current file hash does not match expected_sha256");
-          }
-        } catch (err) {
-          if (err.code !== "ENOENT") throw err;
-          if (args.expected_sha256) return mcpError("Append rejected: file does not exist for expected_sha256 guard");
-        }
-        await mkdir(path.dirname(r.resolved), { recursive: true });
-        await appendFile(r.resolved, args.content, "utf8");
-        const info = await fileInfo(r.resolved, args.path);
-        return mcpResult(JSON.stringify({ appended_bytes: Buffer.byteLength(args.content), ...info }, null, 2));
-      } catch (err) {
-        return mcpError(`Append failed: ${err.message}`);
-      }
-    }
-
-    case "fs_write_chunk": {
-      cleanupFsUploadSessions();
-      const { upload_id, chunk_index, total_chunks, content } = args;
-      const index = Number(chunk_index);
-      const total = Number(total_chunks);
-      if (!Number.isInteger(index) || !Number.isInteger(total) || index < 0 || total < 1 || index >= total) {
-        return mcpError("Invalid chunk_index/total_chunks");
-      }
-      if (total > FS_MAX_CHUNKS) return mcpError(`Too many chunks: max ${FS_MAX_CHUNKS}`);
-      if (Buffer.byteLength(content, "utf8") > FS_MAX_CHUNK_BYTES) {
-        return mcpError(`Chunk too large: max ${FS_MAX_CHUNK_BYTES} bytes`);
-      }
-
-      const r = await resolveInMount(args.path, args.mount, vault);
-      if (r.error) return mcpError(r.error);
-      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
-
-      const key = `${r.mount.name}:${args.path}:${upload_id}`;
-      let session = FS_UPLOAD_SESSIONS.get(key);
-      if (!session) {
-        session = { path: args.path, resolved: r.resolved, total, chunks: new Map(), expectedSha256: args.expected_sha256 || null, updatedAt: Date.now() };
-        FS_UPLOAD_SESSIONS.set(key, session);
-      }
-      if (session.total !== total || session.path !== args.path || session.resolved !== r.resolved) {
-        return mcpError("Upload id collision: path or total_chunks differs from existing session");
-      }
-      if (args.expected_sha256 && session.expectedSha256 && args.expected_sha256 !== session.expectedSha256) {
-        return mcpError("Upload id collision: expected_sha256 differs from existing session");
-      }
-
-      session.chunks.set(index, content);
-      session.updatedAt = Date.now();
-
-      if (session.chunks.size < total) {
-        return mcpResult(JSON.stringify({ upload_id, status: "staged", received_chunks: session.chunks.size, total_chunks: total }, null, 2));
-      }
-
-      const assembled = Array.from({ length: total }, (_, i) => session.chunks.get(i)).join("");
-      const actualSha = sha256Hex(assembled);
-      if (session.expectedSha256 && actualSha !== session.expectedSha256) {
-        FS_UPLOAD_SESSIONS.delete(key);
-        return mcpError(`Final SHA-256 mismatch: expected ${session.expectedSha256}, got ${actualSha}`);
-      }
-
-      try {
-        await atomicWriteText(r.resolved, assembled);
-        FS_UPLOAD_SESSIONS.delete(key);
-        return mcpResult(JSON.stringify({ upload_id, status: "written", path: args.path, bytes: Buffer.byteLength(assembled), sha256: actualSha }, null, 2));
-      } catch (err) {
-        return mcpError(`Chunked write failed: ${err.message}`);
-      }
-    }
-
-    case "fs_ingest_url": {
-      const r = await resolveInMount(args.path, args.mount, vault);
-      if (r.error) return mcpError(r.error);
-      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
-
-      let url;
-      try {
-        url = new URL(args.url);
-      } catch {
-        return mcpError("Invalid URL");
-      }
-      if (!["http:", "https:"].includes(url.protocol)) return mcpError("Only http(s) URLs are supported");
-
-      const maxBytes = Math.min(Number(args.max_bytes || 5 * 1024 * 1024), FS_MAX_INGEST_BYTES);
-      try {
-        const response = await fetch(url, { redirect: "follow" });
-        if (!response.ok) return mcpError(`Fetch failed: HTTP ${response.status}`);
-        const length = Number(response.headers.get("content-length") || 0);
-        if (length && length > maxBytes) return mcpError(`Fetch rejected: content-length ${length} exceeds max_bytes ${maxBytes}`);
-
-        const reader = response.body?.getReader();
-        if (!reader) return mcpError("Fetch failed: response body is not readable");
-
-        let received = 0;
-        const chunks = [];
-        while (true) {
-          const { done, value } = await reader.read();
-          if (done) break;
-          received += value.byteLength;
-          if (received > maxBytes) return mcpError(`Fetch rejected: response exceeds max_bytes ${maxBytes}`);
-          chunks.push(Buffer.from(value));
-        }
-
-        const content = Buffer.concat(chunks).toString("utf8");
-        const actualSha = sha256Hex(content);
-        if (args.expected_sha256 && actualSha !== args.expected_sha256) {
-          return mcpError(`Fetched SHA-256 mismatch: expected ${args.expected_sha256}, got ${actualSha}`);
-        }
-        await atomicWriteText(r.resolved, content);
-        return mcpResult(JSON.stringify({ status: "written", path: args.path, bytes: Buffer.byteLength(content), sha256: actualSha, source: url.href }, null, 2));
-      } catch (err) {
-        return mcpError(`Ingest failed: ${err.message}`);
-      }
-    }
-
-    case "fs_import_git_files": {
-      if (!Array.isArray(args.paths) || args.paths.length === 0) return mcpError("paths must be a non-empty array");
-      if (args.paths.length > 25) return mcpError("Too many paths: max 25 per import");
-
-      const r = await resolveInMount(".", args.mount, vault);
-      if (r.error) return mcpError(r.error);
-      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
-
-      const repoRoot = r.resolved;
-      const remote = args.remote || "origin";
-      const mode = args.mode || "new_only";
-      const doCommit = args.commit === true;
-      const allowedPrefixes = Array.isArray(args.allowed_prefixes) && args.allowed_prefixes.length > 0
-        ? args.allowed_prefixes.map((p) => normalizeRepoPath(p.endsWith("/") ? p : `${p}/`)).filter(Boolean)
-        : FS_GIT_IMPORT_ALLOWED_PREFIXES;
-
-      try {
-        const topLevel = path.normalize(runGit(repoRoot, ["rev-parse", "--show-toplevel"]));
-        if (topLevel.toLowerCase() !== path.normalize(repoRoot).toLowerCase()) {
-          return mcpError(`Mount root is not the git repo root: ${repoRoot} (repo root: ${topLevel})`);
-        }
-
-        const normalizedPaths = [];
-        for (const rawPath of args.paths) {
-          const normalized = normalizeRepoPath(rawPath);
-          if (!normalized) return mcpError(`Invalid repo path: ${rawPath}`);
-          if (!isAllowedGitImportPath(normalized, allowedPrefixes)) return mcpError(`Path not allowed for git import: ${normalized}`);
-          normalizedPaths.push(normalized);
-        }
-
-        if (mode === "new_only") {
-          for (const rel of normalizedPaths) {
-            const localPath = path.join(repoRoot, rel);
-            try {
-              await stat(localPath);
-              return mcpError(`Import refused: local path already exists in new_only mode: ${rel}`);
-            } catch (err) {
-              if (err.code !== "ENOENT") throw err;
-            }
-          }
-        }
-
-        if (doCommit) {
-          const staged = runGit(repoRoot, ["diff", "--cached", "--name-only"]);
-          if (staged) return mcpError(`Import refused: index already has staged files:\n${staged}`);
-          if (!args.message || !args.message.trim()) return mcpError("message is required when commit=true");
-        }
-
-        runGit(repoRoot, ["fetch", "--no-tags", remote, args.ref]);
-        const sourceCommit = runGit(repoRoot, ["rev-parse", "FETCH_HEAD"]);
-
-        for (const rel of normalizedPaths) {
-          runGit(repoRoot, ["cat-file", "-e", `${sourceCommit}:${rel}`]);
-        }
-
-        runGit(repoRoot, ["restore", `--source=${sourceCommit}`, "--", ...normalizedPaths]);
-
-        const imported = [];
-        for (const rel of normalizedPaths) {
-          const localPath = path.join(repoRoot, rel);
-          const info = await fileInfo(localPath, rel);
-          const sourceBlob = runGit(repoRoot, ["rev-parse", `${sourceCommit}:${rel}`]);
-          const sourceSize = Number(runGitRaw(repoRoot, ["cat-file", "-s", `${sourceCommit}:${rel}`]).toString("utf8").trim());
-          imported.push({ ...info, source_blob: sourceBlob, source_size: sourceSize });
-        }
-
-        let localCommit = null;
-        if (doCommit) {
-          runGit(repoRoot, ["add", "--", ...normalizedPaths]);
-          const body = [
-            args.message.trim(),
-            "",
-            "Imported from Claude.ai GitHub upload.",
-            "",
-            `Source remote: ${remote}`,
-            `Source ref: ${args.ref}`,
-            `Source commit: ${sourceCommit}`,
-            "",
-            "Paths:",
-            ...normalizedPaths.map((p) => `- ${p}`),
-          ].join("\n");
-          runGit(repoRoot, ["commit", "-m", body]);
-          localCommit = runGit(repoRoot, ["rev-parse", "HEAD"]);
-        }
-
-        return mcpResult(JSON.stringify({
-          status: "ok",
-          mode,
-          committed: doCommit,
-          source_commit: sourceCommit,
-          local_commit: localCommit,
-          imported,
-        }, null, 2));
-      } catch (err) {
-        return mcpError(`Git import failed: ${err.message}`);
-      }
-    }
-
-    case "fs_list": {
+    case "fs_write": {
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
+      try {
+        await atomicWriteText(r.resolved, args.content);
+        return mcpResult(`Written: ${args.path} (${Buffer.byteLength(args.content)} bytes)`);
+      } catch (err) {
+        return mcpError(`Write failed: ${err.message}`);
+      }
+    }
+
+    case "fs_stat": {
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "r")) return mcpError("Read access denied on this mount");
+      try {
+        return mcpResult(JSON.stringify(await fileInfo(r.resolved, args.path), null, 2));
+      } catch (err) {
+        if (err.code === "ENOENT") return mcpError(`Not found: ${args.path}`);
+        return mcpError(`Stat failed: ${err.message}`);
+      }
+    }
+
+    case "fs_append": {
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
+      try {
+        try {
+          const current = await readFile(r.resolved);
+          if (args.expected_sha256 && sha256Hex(current) !== args.expected_sha256) {
+            return mcpError("Append rejected: current file hash does not match expected_sha256");
+          }
+        } catch (err) {
+          if (err.code !== "ENOENT") throw err;
+          if (args.expected_sha256) return mcpError("Append rejected: file does not exist for expected_sha256 guard");
+        }
+        await mkdir(path.dirname(r.resolved), { recursive: true });
+        await appendFile(r.resolved, args.content, "utf8");
+        const info = await fileInfo(r.resolved, args.path);
+        return mcpResult(JSON.stringify({ appended_bytes: Buffer.byteLength(args.content), ...info }, null, 2));
+      } catch (err) {
+        return mcpError(`Append failed: ${err.message}`);
+      }
+    }
+
+    case "fs_write_chunk": {
+      cleanupFsUploadSessions();
+      const { upload_id, chunk_index, total_chunks, content } = args;
+      const index = Number(chunk_index);
+      const total = Number(total_chunks);
+      if (!Number.isInteger(index) || !Number.isInteger(total) || index < 0 || total < 1 || index >= total) {
+        return mcpError("Invalid chunk_index/total_chunks");
+      }
+      if (total > FS_MAX_CHUNKS) return mcpError(`Too many chunks: max ${FS_MAX_CHUNKS}`);
+      if (Buffer.byteLength(content, "utf8") > FS_MAX_CHUNK_BYTES) {
+        return mcpError(`Chunk too large: max ${FS_MAX_CHUNK_BYTES} bytes`);
+      }
+
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
+
+      const key = `${r.mount.name}:${args.path}:${upload_id}`;
+      let session = FS_UPLOAD_SESSIONS.get(key);
+      if (!session) {
+        session = { path: args.path, resolved: r.resolved, total, chunks: new Map(), expectedSha256: args.expected_sha256 || null, updatedAt: Date.now() };
+        FS_UPLOAD_SESSIONS.set(key, session);
+      }
+      if (session.total !== total || session.path !== args.path || session.resolved !== r.resolved) {
+        return mcpError("Upload id collision: path or total_chunks differs from existing session");
+      }
+      if (args.expected_sha256 && session.expectedSha256 && args.expected_sha256 !== session.expectedSha256) {
+        return mcpError("Upload id collision: expected_sha256 differs from existing session");
+      }
+
+      session.chunks.set(index, content);
+      session.updatedAt = Date.now();
+
+      if (session.chunks.size < total) {
+        return mcpResult(JSON.stringify({ upload_id, status: "staged", received_chunks: session.chunks.size, total_chunks: total }, null, 2));
+      }
+
+      const assembled = Array.from({ length: total }, (_, i) => session.chunks.get(i)).join("");
+      const actualSha = sha256Hex(assembled);
+      if (session.expectedSha256 && actualSha !== session.expectedSha256) {
+        FS_UPLOAD_SESSIONS.delete(key);
+        return mcpError(`Final SHA-256 mismatch: expected ${session.expectedSha256}, got ${actualSha}`);
+      }
+
+      try {
+        await atomicWriteText(r.resolved, assembled);
+        FS_UPLOAD_SESSIONS.delete(key);
+        return mcpResult(JSON.stringify({ upload_id, status: "written", path: args.path, bytes: Buffer.byteLength(assembled), sha256: actualSha }, null, 2));
+      } catch (err) {
+        return mcpError(`Chunked write failed: ${err.message}`);
+      }
+    }
+
+    case "fs_ingest_url": {
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
+
+      let url;
+      try {
+        url = new URL(args.url);
+      } catch {
+        return mcpError("Invalid URL");
+      }
+      if (!["http:", "https:"].includes(url.protocol)) return mcpError("Only http(s) URLs are supported");
+
+      const maxBytes = Math.min(Number(args.max_bytes || 5 * 1024 * 1024), FS_MAX_INGEST_BYTES);
+      try {
+        const response = await fetch(url, { redirect: "follow" });
+        if (!response.ok) return mcpError(`Fetch failed: HTTP ${response.status}`);
+        const length = Number(response.headers.get("content-length") || 0);
+        if (length && length > maxBytes) return mcpError(`Fetch rejected: content-length ${length} exceeds max_bytes ${maxBytes}`);
+
+        const reader = response.body?.getReader();
+        if (!reader) return mcpError("Fetch failed: response body is not readable");
+
+        let received = 0;
+        const chunks = [];
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) break;
+          received += value.byteLength;
+          if (received > maxBytes) return mcpError(`Fetch rejected: response exceeds max_bytes ${maxBytes}`);
+          chunks.push(Buffer.from(value));
+        }
+
+        const content = Buffer.concat(chunks).toString("utf8");
+        const actualSha = sha256Hex(content);
+        if (args.expected_sha256 && actualSha !== args.expected_sha256) {
+          return mcpError(`Fetched SHA-256 mismatch: expected ${args.expected_sha256}, got ${actualSha}`);
+        }
+        await atomicWriteText(r.resolved, content);
+        return mcpResult(JSON.stringify({ status: "written", path: args.path, bytes: Buffer.byteLength(content), sha256: actualSha, source: url.href }, null, 2));
+      } catch (err) {
+        return mcpError(`Ingest failed: ${err.message}`);
+      }
+    }
+
+    case "fs_import_git_files": {
+      if (!Array.isArray(args.paths) || args.paths.length === 0) return mcpError("paths must be a non-empty array");
+      if (args.paths.length > 25) return mcpError("Too many paths: max 25 per import");
+
+      const r = await resolveInMount(".", args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
+
+      const repoRoot = r.resolved;
+      const remote = args.remote || "origin";
+      const mode = args.mode || "new_only";
+      const doCommit = args.commit === true;
+      const allowedPrefixes = Array.isArray(args.allowed_prefixes) && args.allowed_prefixes.length > 0
+        ? args.allowed_prefixes.map((p) => normalizeRepoPath(p.endsWith("/") ? p : `${p}/`)).filter(Boolean)
+        : FS_GIT_IMPORT_ALLOWED_PREFIXES;
+
+      try {
+        const topLevel = path.normalize(runGit(repoRoot, ["rev-parse", "--show-toplevel"]));
+        if (topLevel.toLowerCase() !== path.normalize(repoRoot).toLowerCase()) {
+          return mcpError(`Mount root is not the git repo root: ${repoRoot} (repo root: ${topLevel})`);
+        }
+
+        const normalizedPaths = [];
+        for (const rawPath of args.paths) {
+          const normalized = normalizeRepoPath(rawPath);
+          if (!normalized) return mcpError(`Invalid repo path: ${rawPath}`);
+          if (!isAllowedGitImportPath(normalized, allowedPrefixes)) return mcpError(`Path not allowed for git import: ${normalized}`);
+          normalizedPaths.push(normalized);
+        }
+
+        if (mode === "new_only") {
+          for (const rel of normalizedPaths) {
+            const localPath = path.join(repoRoot, rel);
+            try {
+              await stat(localPath);
+              return mcpError(`Import refused: local path already exists in new_only mode: ${rel}`);
+            } catch (err) {
+              if (err.code !== "ENOENT") throw err;
+            }
+          }
+        }
+
+        if (doCommit) {
+          const staged = runGit(repoRoot, ["diff", "--cached", "--name-only"]);
+          if (staged) return mcpError(`Import refused: index already has staged files:\n${staged}`);
+          if (!args.message || !args.message.trim()) return mcpError("message is required when commit=true");
+        }
+
+        runGit(repoRoot, ["fetch", "--no-tags", remote, args.ref]);
+        const sourceCommit = runGit(repoRoot, ["rev-parse", "FETCH_HEAD"]);
+
+        for (const rel of normalizedPaths) {
+          runGit(repoRoot, ["cat-file", "-e", `${sourceCommit}:${rel}`]);
+        }
+
+        runGit(repoRoot, ["restore", `--source=${sourceCommit}`, "--", ...normalizedPaths]);
+
+        const imported = [];
+        for (const rel of normalizedPaths) {
+          const localPath = path.join(repoRoot, rel);
+          const info = await fileInfo(localPath, rel);
+          const sourceBlob = runGit(repoRoot, ["rev-parse", `${sourceCommit}:${rel}`]);
+          const sourceSize = Number(runGitRaw(repoRoot, ["cat-file", "-s", `${sourceCommit}:${rel}`]).toString("utf8").trim());
+          imported.push({ ...info, source_blob: sourceBlob, source_size: sourceSize });
+        }
+
+        let localCommit = null;
+        if (doCommit) {
+          runGit(repoRoot, ["add", "--", ...normalizedPaths]);
+          const body = [
+            args.message.trim(),
+            "",
+            "Imported from Claude.ai GitHub upload.",
+            "",
+            `Source remote: ${remote}`,
+            `Source ref: ${args.ref}`,
+            `Source commit: ${sourceCommit}`,
+            "",
+            "Paths:",
+            ...normalizedPaths.map((p) => `- ${p}`),
+          ].join("\n");
+          runGit(repoRoot, ["commit", "-m", body]);
+          localCommit = runGit(repoRoot, ["rev-parse", "HEAD"]);
+        }
+
+        return mcpResult(JSON.stringify({
+          status: "ok",
+          mode,
+          committed: doCommit,
+          source_commit: sourceCommit,
+          local_commit: localCommit,
+          imported,
+        }, null, 2));
+      } catch (err) {
+        return mcpError(`Git import failed: ${err.message}`);
+      }
+    }
+
+    case "fs_list": {
       const dirPath = args.path || ".";
       const r = await resolveInMount(dirPath, args.mount, vault);
       if (r.error) return mcpError(r.error);
@@ -7881,13 +8082,197 @@ async function handleMcpTool(vault, name, args) {
       }
     }
 
+    case "fs_edit": {
+      if (typeof args.old_string !== "string" || typeof args.new_string !== "string") {
+        return mcpError("old_string and new_string must be strings");
+      }
+      if (args.old_string === args.new_string) {
+        return mcpError("old_string and new_string must differ");
+      }
+      if (args.old_string.length === 0) {
+        return mcpError("old_string must not be empty");
+      }
+      const r = await resolveInMount(args.path, args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "w")) return mcpError("Write access denied on this mount");
+      try {
+        const current = await readFile(r.resolved, "utf8");
+        if (args.expected_sha256 && sha256Hex(current) !== args.expected_sha256) {
+          return mcpError("Edit rejected: current file hash does not match expected_sha256");
+        }
+        const parts = current.split(args.old_string);
+        const occurrences = parts.length - 1;
+        if (occurrences === 0) {
+          return mcpError(`Edit failed: old_string not found in ${args.path}`);
+        }
+        if (occurrences > 1 && !args.replace_all) {
+          return mcpError(`Edit failed: old_string is not unique (${occurrences} matches in ${args.path}). Set replace_all=true to replace all, or provide more surrounding context.`);
+        }
+        const updated = args.replace_all
+          ? parts.join(args.new_string)
+          : current.replace(args.old_string, args.new_string);
+        await atomicWriteText(r.resolved, updated);
+        const info = await fileInfo(r.resolved, args.path);
+        return mcpResult(JSON.stringify({ replacements: args.replace_all ? occurrences : 1, ...info }, null, 2));
+      } catch (err) {
+        if (err.code === "ENOENT") return mcpError(`File not found: ${args.path}`);
+        return mcpError(`Edit failed: ${err.message}`);
+      }
+    }
+
+    case "fs_move": {
+      const src = await resolveInMount(args.from, args.mount, vault);
+      if (src.error) return mcpError(src.error);
+      const dst = await resolveInMount(args.to, args.mount, vault);
+      if (dst.error) return mcpError(dst.error);
+      if (!checkAccess(src.mount, "w") || !checkAccess(src.mount, "d")) {
+        return mcpError("Move requires write+delete access on this mount");
+      }
+      try {
+        await stat(src.resolved);
+      } catch (err) {
+        if (err.code === "ENOENT") return mcpError(`Source not found: ${args.from}`);
+        return mcpError(`Stat failed: ${err.message}`);
+      }
+      let dstExists = false;
+      try {
+        await stat(dst.resolved);
+        dstExists = true;
+      } catch (err) {
+        if (err.code !== "ENOENT") return mcpError(`Stat failed: ${err.message}`);
+      }
+      if (dstExists && !args.overwrite) {
+        return mcpError(`Move refused: destination already exists: ${args.to} (use overwrite=true)`);
+      }
+      try {
+        await mkdir(path.dirname(dst.resolved), { recursive: true });
+        if (dstExists && args.overwrite) {
+          const dstStat = await stat(dst.resolved);
+          await rm(dst.resolved, { recursive: dstStat.isDirectory(), force: true });
+        }
+        try {
+          await rename(src.resolved, dst.resolved);
+        } catch (err) {
+          if (err.code === "EXDEV") {
+            await cp(src.resolved, dst.resolved, { recursive: true, errorOnExist: false, force: true });
+            const srcStat = await stat(src.resolved);
+            await rm(src.resolved, { recursive: srcStat.isDirectory(), force: true });
+          } else {
+            throw err;
+          }
+        }
+        return mcpResult(JSON.stringify({ status: "moved", from: args.from, to: args.to }, null, 2));
+      } catch (err) {
+        return mcpError(`Move failed: ${err.message}`);
+      }
+    }
+
+    case "fs_copy": {
+      const src = await resolveInMount(args.from, args.mount, vault);
+      if (src.error) return mcpError(src.error);
+      const dst = await resolveInMount(args.to, args.mount, vault);
+      if (dst.error) return mcpError(dst.error);
+      if (!checkAccess(src.mount, "r")) return mcpError("Read access denied on this mount");
+      if (!checkAccess(src.mount, "w")) return mcpError("Write access denied on this mount");
+      let srcStat;
+      try {
+        srcStat = await stat(src.resolved);
+      } catch (err) {
+        if (err.code === "ENOENT") return mcpError(`Source not found: ${args.from}`);
+        return mcpError(`Stat failed: ${err.message}`);
+      }
+      let dstExists = false;
+      try {
+        await stat(dst.resolved);
+        dstExists = true;
+      } catch (err) {
+        if (err.code !== "ENOENT") return mcpError(`Stat failed: ${err.message}`);
+      }
+      if (dstExists && !args.overwrite) {
+        return mcpError(`Copy refused: destination already exists: ${args.to} (use overwrite=true)`);
+      }
+      try {
+        await mkdir(path.dirname(dst.resolved), { recursive: true });
+        await cp(src.resolved, dst.resolved, {
+          recursive: true,
+          errorOnExist: false,
+          force: !!args.overwrite,
+        });
+        return mcpResult(JSON.stringify({
+          status: "copied",
+          from: args.from,
+          to: args.to,
+          type: srcStat.isDirectory() ? "dir" : "file",
+        }, null, 2));
+      } catch (err) {
+        return mcpError(`Copy failed: ${err.message}`);
+      }
+    }
+
     case "fs_mounts": {
       const { mounts, error } = await getFileserverMounts(vault);
       if (error) return mcpError(error);
-      if (!mounts || mounts.length === 0) return mcpResult("No fileserver mounts configured. Create one:\n1. Use clauth dashboard or clauth_enable to add a service with key_type='fileserver'\n2. Set the secret value to JSON: {\"path\": \"C:/Dev/regen-root\", \"access\": \"rwd\"}");
+      if (!mounts || mounts.length === 0) return mcpResult("No fileserver mounts configured. Create one:\n1. Use clauth dashboard or clauth_enable to add a service with key_type='fileserver'\n2. Set the secret value to JSON: {\"path\": \"C:/Dev/regen-root\", \"access\": \"rwdg\"}  (add 'g' to allow the git verbs: fs_commit, fs_use_branch, fs_repo_status)");
       return mcpResult(JSON.stringify(mounts, null, 2));
     }
 
+    case "fs_repo_status": {
+      const r = await resolveInMount(".", args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "g")) return mcpError("Git access denied on this mount. Add 'g' to the mount's access string (e.g. 'rwdg') to enable the git verbs.");
+      try {
+        const { result, error } = await fsGit.repoStatus(r.resolved);
+        if (error) return mcpError(error);
+        return mcpResult(JSON.stringify(result, null, 2));
+      } catch (err) {
+        return mcpError(`Status failed: ${err.message}`);
+      }
+    }
+
+    case "fs_use_branch": {
+      const r = await resolveInMount(".", args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "g")) return mcpError("Git access denied on this mount. Add 'g' to the mount's access string (e.g. 'rwdg') to enable the git verbs.");
+      try {
+        const { result, error } = await fsGit.useBranch(r.resolved, args.branch, args.create === true);
+        if (error) return mcpError(error);
+        return mcpResult(JSON.stringify(result, null, 2));
+      } catch (err) {
+        return mcpError(`Branch switch failed: ${err.message}`);
+      }
+    }
+
+    case "fs_commit": {
+      const r = await resolveInMount(".", args.mount, vault);
+      if (r.error) return mcpError(r.error);
+      if (!checkAccess(r.mount, "g")) return mcpError("Git access denied on this mount. Add 'g' to the mount's access string (e.g. 'rwdg') to enable the git verbs.");
+      const push = args.push !== false;
+      // Fetch the push token from the vault up front (commit happens first, so
+      // a missing token still preserves the local commit).
+      let token = null, tokenError = null;
+      if (push) {
+        const sec = await vaultRetrieveValue(vault, "github");
+        if (sec.error || !sec.value) tokenError = `could not read the 'github' token (${sec.error || "empty"})`;
+        else token = sec.value;
+      }
+      try {
+        const { result, error } = await fsGit.commit(r.resolved, {
+          message: args.message,
+          paths: args.paths,
+          push,
+          remote: args.remote,
+          token,
+          tokenError,
+          authorName: args.author_name,
+          authorEmail: args.author_email,
+        });
+        if (error) return mcpError(error);
+        return mcpResult(JSON.stringify(result, null, 2));
+      } catch (err) {
+        return mcpError(`Commit failed: ${err.message}`);
+      }
+    }
+
     case "monkey_dispatch": {
       const { prompt, job_id } = args;
       if (!prompt) return mcpError("prompt required");
@@ -8077,6 +8462,7 @@ function createMcpServer(initPassword, whitelist) {
     whitelist,
     failCount: 0,
     MAX_FAILS: 10,
+    writeEnabled: process.env.CLAUTH_MCP_WRITE === "1",
   };
 
   const rl = createInterface({ input: process.stdin, terminal: false });
@@ -8115,7 +8501,7 @@ function createMcpServer(initPassword, whitelist) {
     if (msg.method === "tools/list") {
       return send({
         jsonrpc: "2.0", id,
-        result: { tools: MCP_TOOLS }
+        result: { tools: filterMcpToolsForWriteMode(MCP_TOOLS) }
       });
     }