Ghostvault
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| GHOSTVAULT_DATA_DIR | No | Profiles, DB, logs | ~/.ghostvault |
| GHOSTVAULT_HEADLESS | No | Open a visible window (recommended for login + 2FA) | false |
| GHOSTVAULT_LOG_LEVEL | No | Console log level | INFO |
| GHOSTVAULT_TRANSPORT | No | stdio | http | sse | stdio |
| GHOSTVAULT_DEFAULT_OS | No | Default fingerprint OS for new accounts | macos |
| GHOSTVAULT_LOGIN_TIMEOUT | No | Seconds to complete login + 2FA | 300 |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| gv_list_accountsA | List all managed accounts and which one is currently active. Returns each account's id, label, email, status (created/logging_in/active/ failed), whether a browser context is running, and the active account id. Use this first to discover account ids before calling other tools. |
| gv_create_accountA | Create a new managed account slot with a locked fingerprint + advanced config. Generates a fresh, pinned fingerprint + empty persistent profile. The account is NOT signed in yet — call gv_sign_in next to open a login window. Args: name: Human label for the account (e.g. "Work"). os: Pinned fingerprint OS — "windows" | "macos" | "linux". Defaults to server config (or the device profile's recommended OS if device_profile is set). proxy: Optional Playwright-style proxy dict for this account only. provider: Identity provider — "google" (default), "github", etc. preset: Bundle of advanced-config defaults — "balanced" (default) | "stealth" | "minimal". Explicit params below override the preset. locale: Locale(s) for Intl + Accept-Language, e.g. "en-US" or ["en-US","en"]. When set, overrides geoip-based locale matching. timezone: IANA timezone, e.g. "America/New_York". When set, overrides geoip. humanize: Human-like cursor movement. True (default in balanced) | False | float (max seconds for the move). block_webrtc: Block WebRTC to prevent IP leak. True | False | "auto" (auto = block only when a proxy is set; the preset default). block_webgl: Disable WebGL entirely. Some sites break; use sparingly. webgl_config: [vendor, renderer] pair to spoof, e.g. ["Apple Inc.", "Apple GPU"]. fonts: List of installed font family names to inject (on top of OS defaults). addons: List of paths to extracted Firefox addon dirs (must have manifest.json). disable_coop: Disable Cross-Origin-Opener-Policy — needed for some captcha/turnstile iframes. (stealth preset sets this.) block_images: Block all image loading. Faster but visually inconsistent. device_profile: A realistic hardware template that fills in ~15 Camoufox config keys at once (screen size, GPU vendor/renderer, media-device counts, battery level, audio sample rate). One of: macbook-pro-14-m2, macbook-air-13-m1, imac-24, windows-desktop-rtx, thinkpad-x1-carbon, surface-laptop-5, linux-workstation, dell-xps-13-ubuntu, generic-laptop, headless-server. Recommended for maximum fingerprint consistency. device_config: Raw dict of Camoufox config-domain keys (battery:, mediaDevices:, navigator.hardwareConcurrency, ...) to override or augment the chosen device_profile. See the Advanced Configuration docs for the full ~100-key schema. Returns the new account id, resolved config, and any consistency warnings. |
| gv_update_account_configA | Update the advanced fingerprint config of an existing account. Only the keys you pass are changed; everything else stays locked. The account's fingerprint + seeds are NOT re-rolled — identity stays the same, only the injection/behavioral params change. The browser must be CLOSED when this is called; relaunch with gv_open_account to apply the new settings. Args: account_id: The account id to update. locale, timezone, humanize, block_webrtc, block_webgl, webgl_config, fonts, addons, disable_coop, block_images: Same meanings as in gv_create_account. Pass only the ones you want to change. device_profile: Switch to a different hardware template (replaces the device_config section). Same names as in gv_create_account. device_config: Raw Camoufox config keys to merge into device_config (battery:, mediaDevices:, navigator.hardwareConcurrency, ...). Overrides values from device_profile. reset_keys: List of advanced keys to remove entirely (fall back to default). E.g. ["locale", "timezone"] to clear explicit pins. reset_device_keys: List of raw Camoufox config keys to remove from device_config. E.g. ["battery:level", "mediaDevices:webcams"]. Returns the updated keys, the new advanced + device config dicts. |
| gv_sign_inA | Open a sign-in window for the user to complete login (including 2FA). A real browser window opens on the server's machine — the USER completes sign-in themselves; Ghostvault never touches the password. On success the session is saved to the account's persistent profile automatically. First-time login from a new fingerprint usually triggers a 2FA challenge — this is expected. The tool blocks until login completes or times out. Login level is auto-selected:
DECISION GUIDE:
Args: account_id: The account id from gv_list_accounts. provider: Override the provider for this login (e.g. "github", "facebook", or a custom provider name). Defaults to the account's provider field. credentials: Optional dict of credential values for Level 2 auto-fill (e.g. {"username": "john", "password": "secret"}). If omitted, stored credentials are loaded automatically. |
| gv_switch_accountA | Switch the active account that browser tools operate on. The account must already be open (it becomes open after gv_sign_in). All subsequent gv_open_url / gv_read_gmail calls target the active account until you switch again. Args: account_id: The account id to make active. |
| gv_get_session_statusB | Check whether an account's browser session is running and authenticated. If account_id is omitted, checks the active account. Returns: id, name, email, running, active, status, last_login_at. |
| gv_close_accountA | Close the running browser context for an account (keeps its session saved). The persistent profile stays on disk, so reopening reuses the same login. Use this to free resources when done with an account. Args: account_id: The account id to close. |
| gv_lock_accountA | Lock an account — close the browser and re-encrypt its profile. The saved session is KEPT, so reopening (gv_open_account) works without re-login. This is the manual version of auto-lock. Use it when you're done with an account for now but want to come back to it later without re-authenticating. Args: account_id: The account id to lock. |
| gv_sign_outA | Sign the account out of the provider (invalidates the session server-side). Opens the browser, navigates to the provider's sign-out URL, waits for the session to clear, then closes the browser. After this, the account must sign in again before any browser tools work. If the provider has no logout_url configured, the browser closes and the user is told to navigate to the site's logout page manually. Args: account_id: The account id to sign out. provider: Override the provider for this sign-out. Defaults to the account's provider field. |
| gv_delete_accountA | Delete an account and all its data from Ghostvault. Removes the profile directory, encrypted archive (if any), fingerprint file, and the DB row. Cannot delete a running account — lock/close it first. This does NOT sign the account out of Google; use gv_sign_out first if you want to invalidate the session server-side. Args: account_id: The account id to delete. |
| gv_open_accountA | Open the browser context for an already-signed-in account. Unlike gv_sign_in (which waits for you to complete login), this opens the account's persistent profile and reuses the existing saved session — no login window, no waiting. Use this after a sign-in has succeeded once and you've since closed the browser. Also marks the account as active so subsequent browser tools target it. Args: account_id: The account id to open. |
| gv_open_ephemeralA | Open a throwaway browser session for anonymous scraping — NO account needed. Launches a fresh Camoufox browser with a random identity, no persistent profile, and no DB row. Nothing survives the session — perfect for public pages that don't require login. The session becomes the active target, so ALL existing browser tools work on it unchanged: gv_open_url, gv_get_page_content, gv_screenshot, gv_get_page_links, gv_click_element, gv_fill_input, gv_scroll, gv_press_key. Defaults are tuned for scraping: headless=True, block_images=True, short 5-minute idle auto-close. Override per call if needed. Args: url: Optional URL to navigate to immediately. Omit to start on a blank page. headless: Override the default (True). Set False to watch the browser. proxy: Optional Playwright-style proxy dict (same format as gv_create_account). block_images: Override the default (True). Set False if you need screenshots. Returns the session id + next steps. When done, call gv_close_ephemeral. The session also auto-closes after GHOSTVAULT_EPHEMERAL_AUTO_CLOSE_MINUTES idle (default 5). |
| gv_close_ephemeralA | Close an ephemeral session and free its resources. Removes the tempdir + tears down the browser process. If the closed session was the active target, the active slot falls back to another running context (or None). Args: session_id: The session id from gv_open_ephemeral. Omit to close the currently-active session. Returns the closed id + the new active target. |
| gv_open_urlA | Open a URL in the active account's browser. Works for ANY website — including third-party sites that use Google Sign-In (they'll auto-SSO using the account's session). The page becomes the "current" page that google_get_page_content / google_click_element operate on. Args: url: Absolute URL to navigate to. wait_until: "load" | "domcontentloaded" | "networkidle" (default domcontentloaded). |
| gv_get_page_contentA | Read the current page's text content, optionally with a screenshot. Set include_screenshot=true to ALSO receive an image of the page so you can SEE the layout — use this when text alone isn't enough (captcha, image buttons, complex visual structure). Args: include_screenshot: If true, append a PNG image of the viewport. max_chars: Max characters of page text (default 20000). |
| gv_screenshotA | Capture a screenshot of the current page as a PNG image (vision support). Use this to visually understand the page when the text snapshot is ambiguous — e.g. to locate a button by its appearance or read a captcha. Args: full_page: If true, capture the full scrollable page (larger image). |
| gv_get_page_linksA | List the visible links on the current page. Returns [{text, href}, ...]. Use this to choose where to navigate next. Args: limit: Max number of links to return (default 50, max 100). |
| gv_click_elementA | Click an element on the current page by visible text or CSS selector. Text matching is case-insensitive and substring-based (preferred). If no text matches, the target is tried as a CSS selector. After clicking, waits for the page to settle and returns a preview of the new page. Args:
target: Visible text of the element (preferred) OR a CSS selector.
timeout_ms: Max wait time in ms (default 10000).
humanize: When true, hover briefly before clicking + jitter the click
point. Defaults to the account's DECISION GUIDE — when to set humanize=true: • Google / SSO login buttons ("Next", "Sign in") → ALWAYS • Captcha-protected pages (reCAPTCHA, Cloudflare) → ALWAYS • Form submit buttons on banking / payments → ALWAYS • Search buttons, nav links on trusted sites → optional (can skip) • One-time quick clicks in a familiar dashboard → can skip Note: If the account's Returns the clicked target, whether humanize was applied, and a page preview. |
| gv_fill_inputA | Fill a form input on the current page. Tries to find the input by its label text first (case-insensitive, substring match), falling back to a CSS selector. By default this uses Playwright's instant paste (fast, but detectable).
Set Args:
target: Visible label text of the field (preferred) OR a CSS selector.
value: The text to type into the field.
timeout_ms: Max wait time in ms (default 10000).
humanize: Type char-by-char with realistic cadence. Defaults to the
account's DECISION GUIDE — when to set humanize=true: • Google / SSO login forms (email, password) → ALWAYS (instant paste is the #1 bot detection tell) • Captcha-protected form fields → ALWAYS • Banking / payment forms → ALWAYS • 2FA / OTP code fields → optional (short codes, paste is fine) • Search boxes on trusted sites (Gmail, Drive) → optional • Quick one-off inputs in a familiar dashboard → can skip Recommended values by scenario: • Login email: humanize=true, wpm=85, variance=0.4, mistakes=0.02 • Login password: humanize=true, wpm=65, variance=0.5, mistakes=0.0 • Long form: humanize=true, wpm=90, variance=0.35, mistakes=0.01 • Search box: humanize=false (or omit) Note: If the account's Returns the target, char count, and whether humanize was applied. |
| gv_press_keyA | Press a single key or key chord on the active page. Use this for things Args:
key: Playwright key name — "Enter", "Tab", "Escape", "ArrowDown",
"Backspace", "a", "1", etc.
modifiers: Optional modifier keys to hold — ["Control"], ["Shift"],
["Control", "Shift"]. Combined as Returns the pressed chord. |
| gv_scrollA | Scroll the active page in human-like increments. reCAPTCHA v3 and similar behavioral detectors weight scroll behavior heavily. This tool scrolls in small bursts with varied distance + reading pauses, mimicking a real user skimming the page. Args: direction: "down" (default) or "up". amount: Roughly the number of scroll gestures (each ~300px). Default 3. humanize: Vary the scroll distance + add reading pauses between gestures (default true — scrolling is cheap, leave it on). delay_after_ms: Pause for a randomized ~this many ms after. Returns the direction, amount, and whether humanize was applied. |
| gv_read_gmailA | Read the Gmail inbox of the active account. Returns recent messages as [{id, subject, sender, snippet, url, date}, ...]. Gmail's DOM changes often — if this returns empty, use gv_open_url to mail.google.com and google_get_page_content (with screenshot) instead. Args: limit: Max number of messages (default 20, max 50). |
| gv_get_logsA | Return the most recent debug log entries (for troubleshooting). Each entry records a tool call / browser action with timestamp, account, action, status, duration, and error info. Use this when something isn't working and you need to see what happened. Args: n: Number of recent entries to return (default 50, max 500). |
| gv_get_auth_statusA | Check whether the private/public password gate is active and unlocked. Returns gate_enabled (bool), unlocked (bool), and a human-readable message. If no password has been set, the gate is off and all profiles are public. |
| gv_setup_passwordA | Open a browser window to set a password for the private/public gate. This is a ONE-TIME setup. After setting a password, you can mark profiles as private (google_make_private) — they'll be hidden until you unlock (google_unlock). Public profiles remain accessible without unlocking. A browser window opens with a password form — type and confirm there. The password is stored as a salted hash (PBKDF2-SHA256, 200k iterations). |
| gv_unlockA | Unlock the private/public gate to access private profiles. Two modes:
Once unlocked, private profiles are visible and accessible until you call google_logout or restart the MCP server. Args: password: Your gate password. Omit to unlock via a browser window. |
| gv_logoutA | Lock the private/public gate. Closes any open private browser contexts and switches the active account to the first available public profile (or none). Private profiles become hidden again until you call google_unlock. This does NOT sign you out of Google — it only locks Ghostvault's gate. |
| gv_make_privateA | Mark a profile as private (hidden when the gate is locked). Requires the password gate to be active (call google_setup_password first). Args: account_id: The account id to make private. |
| gv_make_publicB | Mark a profile as public (accessible without unlocking). Args: account_id: The account id to make public. |
| gv_create_providerA | Create a custom login provider recipe for any website. Once created, use it with Args: name: Unique provider name (e.g. "my_bank"). Cannot shadow built-ins. login_url: The URL to navigate to for login (e.g. "https://app.example.com/login"). success_url_fragments: URL fragments indicating login succeeded (e.g. ["app.example.com/dashboard"]). auth_cookie_names: Cookie names that prove authentication (e.g. ["session_id"]). auth_cookie_domain: The domain to read auth cookies from (e.g. "https://app.example.com"). logout_url: Optional direct logout URL. If None, user must logout manually. session_probe_url: Optional URL to check if session is still valid. login_url_fragments: URL fragments indicating redirect to login (session expired). description: Human-readable description of this provider. |
| gv_list_providersA | List all providers (built-in + custom) with capability flags. Returns each provider's name, max_login_level, needs_credentials, has_logout_url, has_session_probe, is_builtin, and description. Built-in providers: google, github, facebook, generic. |
| gv_get_providerA | Show one provider's full configuration (login URL, cookies, etc.). Args: name: The provider name (built-in or custom). |
| gv_update_providerA | Update a custom provider's configuration. Built-in providers cannot be updated. Pass only the fields you want to change. The provider must be closed (no active login flow) when updating. Args: name: The provider name to update. login_url, success_url_fragments, auth_cookie_names, auth_cookie_domain, logout_url, session_probe_url, login_url_fragments, description: Same meanings as in gv_create_provider. Pass only the ones to change. |
| gv_delete_providerA | Delete a custom provider. Built-in providers cannot be deleted. Args: name: The provider name to delete. |
| gv_check_sessionA | Check whether the account's browser session is still authenticated. Uses a 2-layer check: cookie expiry (fast) + probe URL redirect (accurate). Returns the health status (active / likely_active / expired / unknown), a reason, and the recommended action. The browser context must be open (call gv_open_account first) for an accurate check. If closed, returns 'unknown'. Args: account_id: The account id to check. Omit to check the active account. |
| gv_detect_login_optionsA | Scan the current page (or a URL) for available login options. Detects SSO buttons (Google, GitHub, Facebook, etc.), username/password form fields, 2FA/OTP fields, and captcha. Returns a recommendation on which login path to take. Use this BEFORE gv_sign_in when you're not sure what the page offers — it helps the agent decide whether to auto-fill, click an SSO button, or let the user log in manually. DECISION GUIDE — what to do with the result:
In ALL cases, the session is saved automatically — the user only needs to log in once per account. Args: url: Optional URL to navigate to before scanning. If omitted, scans the current page. |
| gv_set_credentialsA | Store credentials (username/password) for Level 2 form auto-fill. Credentials are saved in the account's fingerprint bundle (encrypted at rest when encryption is enabled). Use this before calling gv_sign_in on a provider that has login_steps configured. Args:
account_id: The account id.
credentials: Dict of credential key-value pairs. The keys must match
the |
| gv_get_credentialsA | Show which credential keys are stored for an account (values are masked). Args: account_id: The account id. |
| gv_api_callA | Make an HTTP request using the active account's browser session. Uses the browser's cookies + TLS fingerprint, so the request looks identical to one made by the page itself. Bypasses cookie-based auth and TLS fingerprinting. Faster than navigating a page when you just need data from an API endpoint. Args: method: HTTP method — GET, POST, PUT, PATCH, DELETE. url: The absolute URL to request. headers: Optional dict of HTTP headers (e.g. {"Authorization": "Bearer ..."}). body: Optional request body. Dict/list → JSON-encoded automatically; string → sent as-is. use_session: If True (default), the browser's cookies + TLS are used. Set False to send a "clean" request (no cookies). timeout_ms: Request timeout in ms (default 30000). Returns {status, status_text, headers, body, url}. |
| gv_eval_jsA | Run JavaScript in the active page and return the result. Use cases:
The script can be an expression or a function. If Args: script: JS expression or arrow function. arg: Optional argument to pass to a function script. Returns whatever the JS evaluates to. |
| gv_get_cookiesA | Read cookies from the active browser context. Cookie values longer than 20 chars are masked for security. Use this for debugging sessions or understanding what the site has set. Args: domain: If set, only cookies matching this domain are returned. If omitted, all cookies are returned. |
| gv_record_loginA | Record a login flow for future automatic replay (Level 3). Opens a browser, injects an action recorder, and waits for the user to complete login manually (including 2FA, captcha, etc.). After login succeeds, the recorded steps are saved to the provider's config. Future gv_sign_in calls with the same provider will replay these steps automatically — pausing only for credential fields (password, OTP) and captcha that can't be replayed. Security: password/OTP values are NEVER recorded. Only the field selectors + credential_key are saved. Store actual credentials via gv_set_credentials. When to use:
Args: account_id: The account id to use. provider: Override the provider. Defaults to the account's provider. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mienetic/Ghostvault'
If you have feedback or need assistance with the MCP directory API, please join our Discord server