npm - @leo000001/claude-code-mcp - Versions diffs - 2.0.0 → 2.0.3 - Mend

@leo000001/claude-code-mcp 2.0.0 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -7,6 +7,47 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { z } from "zod";
+// src/utils/permission-updated-input.ts
+function normalizePermissionUpdatedInput(input) {
+  if (input && typeof input === "object" && !Array.isArray(input)) {
+    return input;
+  }
+  return { input };
+}
+// src/utils/normalize-tool-input.ts
+function normalizeMsysToWindowsPath(path2) {
+  if (/^[a-zA-Z]:[\\/]/.test(path2) || path2.startsWith("\\\\")) return void 0;
+  if (path2.startsWith("//")) {
+    const m2 = path2.match(/^\/\/([^/]{2,})\/(.*)$/);
+    if (m2) {
+      const host = m2[1];
+      const rest2 = m2[2] ?? "";
+      return `\\\\${host}\\${rest2.replace(/\//g, "\\")}`;
+    }
+  }
+  const cyg = path2.match(/^\/cygdrive\/([a-zA-Z])\/(.*)$/);
+  if (cyg) {
+    const drive2 = cyg[1].toUpperCase();
+    const rest2 = cyg[2] ?? "";
+    return `${drive2}:\\${rest2.replace(/\//g, "\\")}`;
+  }
+  const m = path2.match(/^\/(?:mnt\/)?([a-zA-Z])\/(.*)$/);
+  if (!m) return void 0;
+  const drive = m[1].toUpperCase();
+  const rest = m[2] ?? "";
+  return `${drive}:\\${rest.replace(/\//g, "\\")}`;
+}
+function normalizeToolInput(toolName, input, platform = process.platform) {
+  if (platform !== "win32") return input;
+  if (toolName !== "NotebookEdit") return input;
+  const filePath = input.file_path;
+  if (typeof filePath !== "string") return input;
+  const normalized = normalizeMsysToWindowsPath(filePath);
+  if (!normalized) return input;
+  return { ...input, file_path: normalized };
+}
 // src/session/manager.ts
 var DEFAULT_SESSION_TTL_MS = 30 * 60 * 1e3;
 var DEFAULT_RUNNING_SESSION_MAX_MS = 4 * 60 * 60 * 1e3;
@@ -19,7 +60,9 @@ var SessionManager = class _SessionManager {
   cleanupTimer;
   sessionTtlMs = DEFAULT_SESSION_TTL_MS;
   runningSessionMaxMs = DEFAULT_RUNNING_SESSION_MAX_MS;
-  constructor() {
+  platform;
+  constructor(opts) {
+    this.platform = opts?.platform ?? process.platform;
     this.cleanupTimer = setInterval(() => this.cleanup(), DEFAULT_CLEANUP_INTERVAL_MS);
     if (this.cleanupTimer.unref) {
       this.cleanupTimer.unref();
@@ -193,10 +236,16 @@ var SessionManager = class _SessionManager {
     const info = this.sessions.get(sessionId);
     if (!state || !info) return false;
     if (!state.pendingPermissions.has(req.requestId)) {
+      const inferredExpiresAt = new Date(Date.now() + timeoutMs).toISOString();
+      const record = {
+        ...req,
+        timeoutMs,
+        expiresAt: inferredExpiresAt
+      };
       const timeoutId = setTimeout(() => {
         this.finishRequest(
           sessionId,
-          req.requestId,
+          record.requestId,
           {
             behavior: "deny",
             message: `Permission request timed out after ${timeoutMs}ms.`,
@@ -205,12 +254,12 @@ var SessionManager = class _SessionManager {
           "timeout"
         );
       }, timeoutMs);
-      state.pendingPermissions.set(req.requestId, { record: req, finish, timeoutId });
+      state.pendingPermissions.set(record.requestId, { record, finish, timeoutId });
       info.status = "waiting_permission";
       info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       this.pushEvent(sessionId, {
         type: "permission_request",
-        data: req,
+        data: record,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
       return true;
@@ -242,11 +291,40 @@ var SessionManager = class _SessionManager {
         };
       }
     }
+    if (finalResult.behavior === "allow") {
+      const updatedInput = finalResult.updatedInput;
+      const validRecord = updatedInput !== null && updatedInput !== void 0 && typeof updatedInput === "object" && !Array.isArray(updatedInput);
+      if (!validRecord) {
+        finalResult = {
+          ...finalResult,
+          updatedInput: normalizePermissionUpdatedInput(pending.record.input)
+        };
+      } else {
+        finalResult = {
+          ...finalResult,
+          updatedInput: normalizeToolInput(
+            pending.record.toolName,
+            updatedInput,
+            this.platform
+          )
+        };
+      }
+    }
     if (pending.timeoutId) clearTimeout(pending.timeoutId);
     state.pendingPermissions.delete(requestId);
+    const eventData = {
+      requestId,
+      toolName: pending.record.toolName,
+      behavior: finalResult.behavior,
+      source
+    };
+    if (finalResult.behavior === "deny") {
+      eventData.message = finalResult.message;
+      eventData.interrupt = finalResult.interrupt;
+    }
     this.pushEvent(sessionId, {
       type: "permission_result",
-      data: { requestId, behavior: finalResult.behavior, source },
+      data: eventData,
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
     });
     try {
@@ -651,28 +729,37 @@ function consumeQuery(params) {
   let initTimeoutId;
   const canUseTool = async (toolName, input, options2) => {
     const sessionId = await getSessionId();
+    const normalizedInput = normalizeToolInput(toolName, input, params.platform);
     const sessionInfo = params.sessionManager.get(sessionId);
     if (sessionInfo) {
       if (Array.isArray(sessionInfo.disallowedTools) && sessionInfo.disallowedTools.includes(toolName)) {
         return { behavior: "deny", message: `Tool '${toolName}' is disallowed by session policy.` };
       }
       if (!options2.blockedPath && Array.isArray(sessionInfo.allowedTools) && sessionInfo.allowedTools.includes(toolName)) {
-        return { behavior: "allow" };
+        return {
+          behavior: "allow",
+          updatedInput: normalizePermissionUpdatedInput(normalizedInput)
+        };
       }
     }
     const requestId = `${options2.toolUseID}:${toolName}:${Date.now()}:${Math.random().toString(16).slice(2)}`;
+    const createdAt = (/* @__PURE__ */ new Date()).toISOString();
+    const timeoutMs = params.permissionRequestTimeoutMs;
+    const expiresAt = new Date(Date.now() + timeoutMs).toISOString();
     const record = {
       requestId,
       toolName,
-      input,
-      summary: summarizePermission(toolName, input),
+      input: normalizedInput,
+      summary: summarizePermission(toolName, normalizedInput),
       description: describeTool(toolName, params.toolCache),
       decisionReason: options2.decisionReason,
       blockedPath: options2.blockedPath,
       toolUseID: options2.toolUseID,
       agentID: options2.agentID,
       suggestions: options2.suggestions,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      createdAt,
+      timeoutMs,
+      expiresAt
     };
     return await new Promise((resolve) => {
       let finished = false;
@@ -1394,13 +1481,16 @@ var TOOL_CATALOG = {
     description: "Run shell commands (e.g. npm install, git commit, ls) in the project directory.",
     category: "execute"
   },
-  Read: { description: "Read the contents of a file given its path.", category: "file_read" },
+  Read: {
+    description: "Read the contents of a file given its path (large files may hit per-call size caps; use offset/limit or Grep chunking).",
+    category: "file_read"
+  },
   Write: {
     description: "Create a new file or completely replace an existing file's contents.",
     category: "file_write"
   },
   Edit: {
-    description: "Make targeted changes to specific parts of an existing file without rewriting the whole file.",
+    description: "Make targeted changes to specific parts of an existing file without rewriting the whole file (replace_all is substring-based).",
     category: "file_write"
   },
   Glob: {
@@ -1412,7 +1502,7 @@ var TOOL_CATALOG = {
     category: "file_read"
   },
   NotebookEdit: {
-    description: "Edit individual cells in Jupyter notebooks (.ipynb files).",
+    description: "Edit individual cells in Jupyter notebooks (.ipynb files) (expects native Windows paths; this server normalizes /d/... when possible).",
     category: "file_write"
   },
   WebFetch: {
@@ -1433,6 +1523,10 @@ var TOOL_CATALOG = {
   AskUserQuestion: {
     description: "Ask the user a question and wait for their answer before continuing.",
     category: "interaction"
+  },
+  TeamDelete: {
+    description: "Delete a team and its resources (may require all active members to shutdown_approved; cleanup may complete asynchronously).",
+    category: "agent"
   }
 };
 function uniq(items) {
@@ -1487,7 +1581,7 @@ function buildInternalToolsDescription(tools) {
   const grouped = groupByCategory(tools);
   const categories = Object.keys(grouped).sort((a, b) => a.localeCompare(b));
   let desc = 'Start a new Claude Code agent session.\n\nLaunches an autonomous coding agent that can read/write files, run shell commands, search code, manage git, access the web, and more. Returns immediately with a sessionId \u2014 the agent runs asynchronously in the background.\n\nWorkflow:\n1. Call claude_code with a prompt \u2192 returns { sessionId, status: "running", pollInterval }\n2. Poll with claude_code_check (action="poll") to receive progress events and the final result\n3. If the agent needs permission for a tool call, approve or deny via claude_code_check (action="respond_permission")\n\n';
-  desc += "Defaults:\n- settingSources: ['user', 'project', 'local'] (loads ~/.claude/settings.json, .claude/settings.json, .claude/settings.local.json, and CLAUDE.md)\n- persistSession: true\n- sessionInitTimeoutMs: 10000\n- permissionRequestTimeoutMs: 60000\n- allowedTools/disallowedTools: [] (none)\n- resumeToken: omitted unless CLAUDE_CODE_MCP_RESUME_SECRET is set on the server\n\n";
+  desc += "Defaults:\n- settingSources: ['user', 'project', 'local'] (loads ~/.claude/settings.json, .claude/settings.json, .claude/settings.local.json, and CLAUDE.md)\n- persistSession: true\n- sessionInitTimeoutMs: 10000\n- permissionRequestTimeoutMs: 60000\n- allowedTools/disallowedTools: [] (none)\n- resumeToken: omitted unless CLAUDE_CODE_MCP_RESUME_SECRET is set on the server\n- Permission prompts auto-deny on timeout; use claude_code_check actions[].expiresAt/remainingMs\n\n";
   desc += "Internal tools available to the agent (use allowedTools/disallowedTools to control approval policy; authoritative list returned by claude_code_check with includeTools=true):\n";
   for (const category of categories) {
     desc += `
@@ -1498,7 +1592,8 @@ function buildInternalToolsDescription(tools) {
 `;
     }
   }
-  desc += '\nUse `allowedTools` to pre-approve tools (no permission prompts). Use `disallowedTools` to permanently block specific tools. Any tool not in either list will pause the session (status: "waiting_permission") until approved or denied via claude_code_check.\n';
+  desc += "\nSecurity: You MUST configure allowedTools/disallowedTools based on your own permission scope. Only allow tools that you yourself are authorized to perform \u2014 do not grant the agent broader permissions than you have. For example, if you lack write access to a directory, do not include Write/Edit in allowedTools. When in doubt, leave both lists empty and review each permission request individually via claude_code_check.\n\n";
+  desc += 'Use `allowedTools` to pre-approve tools (no permission prompts). Use `disallowedTools` to permanently block specific tools. Any tool not in either list will pause the session (status: "waiting_permission") until approved or denied via claude_code_check.\n';
   return desc;
 }
@@ -1621,20 +1716,27 @@ function buildResult(sessionManager, toolCache, input) {
     }),
     nextCursor,
     availableTools,
-    actions: includeActions && status === "waiting_permission" ? pending.map((req) => ({
-      type: "permission",
-      requestId: req.requestId,
-      toolName: req.toolName,
-      input: req.input,
-      summary: req.summary,
-      decisionReason: req.decisionReason,
-      blockedPath: req.blockedPath,
-      toolUseID: req.toolUseID,
-      agentID: req.agentID,
-      suggestions: req.suggestions,
-      description: req.description,
-      createdAt: req.createdAt
-    })) : void 0,
+    actions: includeActions && status === "waiting_permission" ? pending.map((req) => {
+      const expiresMs = req.expiresAt ? Date.parse(req.expiresAt) : Number.NaN;
+      const remainingMs = Number.isFinite(expiresMs) ? Math.max(0, expiresMs - Date.now()) : void 0;
+      return {
+        type: "permission",
+        requestId: req.requestId,
+        toolName: req.toolName,
+        input: req.input,
+        summary: req.summary,
+        decisionReason: req.decisionReason,
+        blockedPath: req.blockedPath,
+        toolUseID: req.toolUseID,
+        agentID: req.agentID,
+        suggestions: req.suggestions,
+        description: req.description,
+        createdAt: req.createdAt,
+        timeoutMs: req.timeoutMs,
+        expiresAt: req.expiresAt,
+        remainingMs
+      };
+    }) : void 0,
     result: includeResult && stored?.result ? redactAgentResult(stored.result, {
       includeUsage,
       includeModelUsage,
@@ -1796,8 +1898,96 @@ function executeClaudeCodeSession(input, sessionManager) {
   }
 }
+// src/resources/register-resources.ts
+var RESOURCE_SCHEME = "claude-code-mcp";
+var RESOURCE_URIS = {
+  serverInfo: `${RESOURCE_SCHEME}:///server-info`,
+  internalTools: `${RESOURCE_SCHEME}:///internal-tools`,
+  gotchas: `${RESOURCE_SCHEME}:///gotchas`
+};
+function asTextResource(uri, text, mimeType) {
+  return {
+    contents: [
+      {
+        uri: uri.toString(),
+        text,
+        mimeType
+      }
+    ]
+  };
+}
+function registerResources(server, deps) {
+  const serverInfoUri = new URL(RESOURCE_URIS.serverInfo);
+  server.registerResource(
+    "server_info",
+    serverInfoUri.toString(),
+    {
+      title: "Server Info",
+      description: "Static server metadata (version/platform/runtime).",
+      mimeType: "application/json"
+    },
+    () => asTextResource(
+      serverInfoUri,
+      JSON.stringify(
+        {
+          name: "claude-code-mcp",
+          node: process.version,
+          platform: process.platform,
+          arch: process.arch,
+          resources: Object.values(RESOURCE_URIS),
+          toolCatalogCount: deps.toolCache.getTools().length
+        },
+        null,
+        2
+      ),
+      "application/json"
+    )
+  );
+  const toolsUri = new URL(RESOURCE_URIS.internalTools);
+  server.registerResource(
+    "internal_tools",
+    toolsUri.toString(),
+    {
+      title: "Internal Tools",
+      description: "Claude Code internal tool catalog (static + runtime-discovered).",
+      mimeType: "application/json"
+    },
+    () => asTextResource(
+      toolsUri,
+      JSON.stringify({ tools: deps.toolCache.getTools() }, null, 2),
+      "application/json"
+    )
+  );
+  const gotchasUri = new URL(RESOURCE_URIS.gotchas);
+  server.registerResource(
+    "gotchas",
+    gotchasUri.toString(),
+    {
+      title: "Gotchas",
+      description: "Practical limits and gotchas when using Claude Code via this MCP server.",
+      mimeType: "text/markdown"
+    },
+    () => asTextResource(
+      gotchasUri,
+      [
+        "# claude-code-mcp: gotchas",
+        "",
+        "- Permission approvals have a timeout (default 60s) and auto-deny (`actions[].expiresAt`/`remainingMs`).",
+        "- `Read` has a per-call size cap in practice (often ~256KB); for large files use `offset`/`limit` or chunk with `Grep`.",
+        "- `Edit` with `replace_all=true` is substring replacement; if no match is found the tool returns an error.",
+        "- `NotebookEdit` expects native Windows paths; this server normalizes MSYS paths like `/d/...` when possible.",
+        "- `TeamDelete` may require members to reach `shutdown_approved`; cleanup can be asynchronous during shutdown.",
+        '- Skills may become available later in the same session (early calls may show "Unknown").',
+        "- Some internal features (e.g. ToolSearch) may not appear in `availableTools` because it is derived from SDK `system/init.tools`.",
+        ""
+      ].join("\n"),
+      "text/markdown"
+    )
+  );
+}
 // src/server.ts
-var SERVER_VERSION = true ? "2.0.0" : "0.0.0-dev";
+var SERVER_VERSION = true ? "2.0.3" : "0.0.0-dev";
 function createServer(serverCwd) {
   const sessionManager = new SessionManager();
   const toolCache = new ToolDiscoveryCache();
@@ -1821,7 +2011,7 @@ function createServer(serverCwd) {
     z.object({
       type: z.literal("preset"),
       preset: z.literal("claude_code"),
-      append: z.string().optional().describe("Additional instructions to append to the preset")
+      append: z.string().optional().describe("Appended to preset prompt")
     })
   ]);
   const toolsConfigSchema = z.union([
@@ -1835,66 +2025,50 @@ function createServer(serverCwd) {
     z.object({ type: z.literal("adaptive") }),
     z.object({
       type: z.literal("enabled"),
-      budgetTokens: z.number().int().positive().describe("Token budget for thinking")
+      budgetTokens: z.number().int().positive()
     }),
     z.object({ type: z.literal("disabled") })
   ]);
   const outputFormatSchema = z.object({
     type: z.literal("json_schema"),
-    schema: z.record(z.string(), z.unknown()).describe("JSON Schema for structured output")
+    schema: z.record(z.string(), z.unknown())
   });
   const advancedOptionsSchema = z.object({
-    tools: toolsConfigSchema.optional().describe(
-      "Define the base tool set visible to the agent. Default: omitted (SDK/Claude Code default). Pass an array of tool names, or {type: 'preset', preset: 'claude_code'} for the default set."
-    ),
-    persistSession: z.boolean().optional().describe("Persist session history to disk (~/.claude/projects). Default: true."),
-    sessionInitTimeoutMs: z.number().int().positive().optional().describe("How long to wait (in ms) for the agent process to initialize. Default: 10000."),
-    agents: z.record(z.string(), agentDefinitionSchema).optional().describe(
-      "Define custom sub-agents the main agent can delegate tasks to. Each key is the agent name."
-    ),
-    agent: z.string().optional().describe("Name of a custom agent (defined in 'agents') to use as the primary agent."),
-    maxBudgetUsd: z.number().positive().optional().describe("Maximum budget in USD for this session."),
-    effort: z.enum(EFFORT_LEVELS).optional().describe("Effort level: 'low' | 'medium' | 'high' | 'max'."),
-    betas: z.array(z.string()).optional().describe("Beta features to enable."),
-    additionalDirectories: z.array(z.string()).optional().describe("Additional directories the agent can access beyond cwd."),
-    outputFormat: outputFormatSchema.optional().describe("Structured output format with JSON Schema."),
-    thinking: thinkingSchema.optional().describe("Thinking mode: 'adaptive' | 'enabled' (with budget) | 'disabled'."),
-    pathToClaudeCodeExecutable: z.string().optional().describe("Path to the Claude Code executable. Default: SDK-bundled."),
-    mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("MCP server configurations (key: server name, value: server config)."),
-    sandbox: z.record(z.string(), z.unknown()).optional().describe("Sandbox configuration for isolating shell command execution."),
-    fallbackModel: z.string().optional().describe("Fallback model if the primary model fails or is unavailable."),
-    enableFileCheckpointing: z.boolean().optional().describe("Enable file checkpointing to track file changes. Default: false."),
-    includePartialMessages: z.boolean().optional().describe("Include intermediate messages as events in claude_code_check. Default: false."),
-    strictMcpConfig: z.boolean().optional().describe("Enforce strict validation of MCP server configurations. Default: false."),
-    settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe(
-      "Which local config files to load. Default: ['user', 'project', 'local']. Pass [] to disable all."
-    ),
-    debug: z.boolean().optional().describe("Enable debug mode. Default: false."),
-    debugFile: z.string().optional().describe("Write debug logs to a file path (implicitly enables debug mode)."),
-    env: z.record(z.string(), z.string().optional()).optional().describe("Environment variables to merge with process.env.")
-  }).optional().describe(
-    "Low-frequency SDK options. All fields are optional with sensible defaults. Most callers can omit this entirely."
-  );
+    tools: toolsConfigSchema.optional().describe("Visible tool set. Default: SDK"),
+    persistSession: z.boolean().optional().describe("Default: true"),
+    sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000"),
+    agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Sub-agent definitions. Default: none"),
+    agent: z.string().optional().describe("Primary agent name (from 'agents'). Default: none"),
+    maxBudgetUsd: z.number().positive().optional().describe("Default: none"),
+    effort: z.enum(EFFORT_LEVELS).optional().describe("Default: SDK"),
+    betas: z.array(z.string()).optional().describe("Default: none"),
+    additionalDirectories: z.array(z.string()).optional().describe("Default: none"),
+    outputFormat: outputFormatSchema.optional().describe("Default: none (plain text)"),
+    thinking: thinkingSchema.optional().describe("Default: SDK"),
+    pathToClaudeCodeExecutable: z.string().optional().describe("Default: SDK-bundled"),
+    mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("Default: none"),
+    sandbox: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
+    fallbackModel: z.string().optional().describe("Default: none"),
+    enableFileCheckpointing: z.boolean().optional().describe("Default: false"),
+    includePartialMessages: z.boolean().optional().describe("Stream events to claude_code_check. Default: false"),
+    strictMcpConfig: z.boolean().optional().describe("Default: false"),
+    settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. [] = isolation mode"),
+    debug: z.boolean().optional().describe("Default: false"),
+    debugFile: z.string().optional().describe("Enables debug. Default: none"),
+    env: z.record(z.string(), z.string().optional()).optional().describe("Merged with process.env. Default: none")
+  }).optional().describe("Low-frequency SDK options (all optional)");
   server.tool(
     "claude_code",
     buildInternalToolsDescription(toolCache.getTools()),
     {
-      prompt: z.string().describe("The task or question for Claude Code"),
-      cwd: z.string().optional().describe("Working directory. Default: server cwd."),
-      allowedTools: z.array(z.string()).optional().describe(
-        "Tools the agent can use without asking for permission. Default: [] (no auto-approvals). Example: ['Bash', 'Read', 'Write', 'Edit']. Tools not listed here or in disallowedTools will trigger a permission request via claude_code_check."
-      ),
-      disallowedTools: z.array(z.string()).optional().describe(
-        "Tools the agent is forbidden from using. Default: [] (none). Takes priority over allowedTools."
-      ),
-      maxTurns: z.number().int().positive().optional().describe("Maximum number of reasoning steps the agent can take."),
-      model: z.string().optional().describe("Model to use, e.g. 'claude-sonnet-4-5-20250929'."),
-      systemPrompt: systemPromptSchema.optional().describe(
-        "Override the agent's system prompt. Pass a string for full replacement, or use {type: 'preset', preset: 'claude_code', append: '...'} to extend the default."
-      ),
-      permissionRequestTimeoutMs: z.number().int().positive().optional().describe(
-        "How long to wait (in ms) for a permission decision via claude_code_check before auto-denying. Default: 60000."
-      ),
+      prompt: z.string().describe("Task or question"),
+      cwd: z.string().optional().describe("Working directory. Default: server cwd"),
+      allowedTools: z.array(z.string()).optional().describe("Auto-approved tools, e.g. ['Bash','Read','Write','Edit']. Default: []"),
+      disallowedTools: z.array(z.string()).optional().describe("Forbidden tools (priority over allowedTools). Default: []"),
+      maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
+      model: z.string().optional().describe("e.g. 'opus'. Default: SDK"),
+      systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
+      permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Auto-deny timeout (ms). Default: 60000"),
       advanced: advancedOptionsSchema
     },
     async (args, extra) => {
@@ -1946,49 +2120,43 @@ Defaults:
 Disk resume: If the server restarted and the session is no longer in memory, set CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1 to let the agent resume from its on-disk transcript. Pass diskResumeConfig with resumeToken and session parameters.`,
     {
-      sessionId: z.string().describe("The session ID to continue (from a previous claude_code call)"),
-      prompt: z.string().describe("Follow-up prompt or instruction"),
-      forkSession: z.boolean().optional().describe(
-        "Branch this session into a new copy that diverges from the current point. The original session remains unchanged. Default: false."
-      ),
-      sessionInitTimeoutMs: z.number().int().positive().optional().describe("How long to wait (in ms) for a forked session to initialize. Default: 10000."),
-      permissionRequestTimeoutMs: z.number().int().positive().optional().describe(
-        "How long to wait (in ms) for a permission decision via claude_code_check before auto-denying. Default: 60000."
-      ),
+      sessionId: z.string().describe("Session ID from claude_code"),
+      prompt: z.string().describe("Follow-up message"),
+      forkSession: z.boolean().optional().describe("Branch into new session copy. Default: false"),
+      sessionInitTimeoutMs: z.number().int().positive().optional().describe("Fork init timeout (ms). Default: 10000"),
+      permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Auto-deny timeout (ms). Default: 60000"),
       diskResumeConfig: z.object({
-        resumeToken: z.string().optional().describe(
-          "Resume token returned by claude_code / claude_code_reply. Required for disk resume."
-        ),
-        cwd: z.string().optional().describe("Working directory. Required for disk resume."),
-        allowedTools: z.array(z.string()).optional().describe("Tools the agent can use without permission."),
-        disallowedTools: z.array(z.string()).optional().describe("Tools the agent is forbidden from using."),
-        tools: toolsConfigSchema.optional().describe("Which tools the agent can see."),
-        persistSession: z.boolean().optional().describe("Persist session history to disk. Default: true."),
-        maxTurns: z.number().int().positive().optional().describe("Maximum reasoning steps."),
-        model: z.string().optional().describe("Model to use."),
-        systemPrompt: systemPromptSchema.optional().describe("Override the agent's system prompt."),
-        agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Define custom sub-agents."),
-        agent: z.string().optional().describe("Name of a custom agent to use as primary."),
-        maxBudgetUsd: z.number().positive().optional().describe("Maximum budget in USD."),
-        effort: z.enum(EFFORT_LEVELS).optional().describe("Effort level."),
-        betas: z.array(z.string()).optional().describe("Beta features to enable."),
-        additionalDirectories: z.array(z.string()).optional().describe("Additional accessible directories."),
-        outputFormat: outputFormatSchema.optional().describe("Structured output format."),
-        thinking: thinkingSchema.optional().describe("Thinking mode configuration."),
-        resumeSessionAt: z.string().optional().describe("Resume only up to a specific message UUID."),
-        pathToClaudeCodeExecutable: z.string().optional().describe("Path to the Claude Code executable."),
-        mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("MCP server configurations."),
-        sandbox: z.record(z.string(), z.unknown()).optional().describe("Sandbox configuration."),
-        fallbackModel: z.string().optional().describe("Fallback model."),
-        enableFileCheckpointing: z.boolean().optional().describe("Enable file checkpointing. Default: false."),
-        includePartialMessages: z.boolean().optional().describe("Include intermediate messages as events. Default: false."),
-        strictMcpConfig: z.boolean().optional().describe("Enforce strict MCP validation. Default: false."),
-        settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Which local config files to load."),
-        debug: z.boolean().optional().describe("Enable debug mode. Default: false."),
-        debugFile: z.string().optional().describe("Write debug logs to a file path."),
-        env: z.record(z.string(), z.string().optional()).optional().describe("Environment variables to merge with process.env.")
+        resumeToken: z.string().optional().describe("Required"),
+        cwd: z.string().optional().describe("Required"),
+        allowedTools: z.array(z.string()).optional().describe("Default: []"),
+        disallowedTools: z.array(z.string()).optional().describe("Default: []"),
+        tools: toolsConfigSchema.optional().describe("Default: SDK"),
+        persistSession: z.boolean().optional().describe("Default: true"),
+        maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
+        model: z.string().optional().describe("Default: SDK"),
+        systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
+        agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Default: none"),
+        agent: z.string().optional().describe("Default: none"),
+        maxBudgetUsd: z.number().positive().optional().describe("Default: none"),
+        effort: z.enum(EFFORT_LEVELS).optional().describe("Default: SDK"),
+        betas: z.array(z.string()).optional().describe("Default: none"),
+        additionalDirectories: z.array(z.string()).optional().describe("Default: none"),
+        outputFormat: outputFormatSchema.optional().describe("Default: none"),
+        thinking: thinkingSchema.optional().describe("Default: SDK"),
+        resumeSessionAt: z.string().optional().describe("Resume to specific message UUID. Default: none"),
+        pathToClaudeCodeExecutable: z.string().optional().describe("Default: SDK-bundled"),
+        mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("Default: none"),
+        sandbox: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
+        fallbackModel: z.string().optional().describe("Default: none"),
+        enableFileCheckpointing: z.boolean().optional().describe("Default: false"),
+        includePartialMessages: z.boolean().optional().describe("Stream events to claude_code_check. Default: false"),
+        strictMcpConfig: z.boolean().optional().describe("Default: false"),
+        settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. [] = isolation mode"),
+        debug: z.boolean().optional().describe("Default: false"),
+        debugFile: z.string().optional().describe("Enables debug. Default: none"),
+        env: z.record(z.string(), z.string().optional()).optional().describe("Default: none")
       }).optional().describe(
-        "Disk resume fallback configuration. Only needed when CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1 and the in-memory session is missing. Contains resumeToken + all session config overrides."
+        "Disk resume config (needs CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1). Requires resumeToken + cwd."
       )
     },
     async (args, extra) => {
@@ -2026,11 +2194,9 @@ Disk resume: If the server restarted and the session is no longer in memory, set
 - action="get": Get full details for one session (pass sessionId). Add includeSensitive=true to also see cwd, systemPrompt, agents, and additionalDirectories.
 - action="cancel": Stop a running session immediately (pass sessionId).`,
     {
-      action: z.enum(SESSION_ACTIONS).describe("Action to perform: 'list', 'get', or 'cancel'"),
-      sessionId: z.string().optional().describe("Session ID (required for 'get' and 'cancel')"),
-      includeSensitive: z.boolean().optional().describe(
-        "When true, includes sensitive fields (cwd, systemPrompt, agents, additionalDirectories) in the response. Default: false."
-      )
+      action: z.enum(SESSION_ACTIONS),
+      sessionId: z.string().optional().describe("Required for 'get' and 'cancel'"),
+      includeSensitive: z.boolean().optional().describe("Include cwd/systemPrompt/agents/additionalDirectories. Default: false")
     },
     async (args) => {
       const result = executeClaudeCodeSession(args, sessionManager);
@@ -2066,58 +2232,30 @@ action="respond_permission" \u2014 Approve or deny a pending permission request.
   Approving resumes agent execution. Denying (with optional interrupt=true) can halt the entire session.
   The response also includes the latest poll state (events, status, etc.), so a separate poll call is not needed.`,
     {
-      action: z.enum(CHECK_ACTIONS).describe('Action to perform: "poll" or "respond_permission"'),
-      sessionId: z.string().describe("Session ID to check"),
-      cursor: z.number().int().nonnegative().optional().describe(
-        "Event cursor for incremental polling. Pass nextCursor from the previous poll response."
-      ),
-      responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Response shaping preset. 'minimal' reduces payload size. Default: 'minimal'."),
-      maxEvents: z.number().int().positive().optional().describe(
-        "Max number of events to return per poll (pagination via nextCursor). Default: 200 in minimal mode."
-      ),
-      requestId: z.string().optional().describe(
-        "The permission request ID to respond to (from the actions array). Required for respond_permission."
-      ),
-      decision: z.enum(["allow", "deny"]).optional().describe(
-        "Whether to approve or reject the permission request. Required for respond_permission."
-      ),
-      denyMessage: z.string().optional().describe(
-        "Reason for denying, shown to the agent. Only used with decision='deny'. Default: 'Permission denied by caller'."
-      ),
-      interrupt: z.boolean().optional().describe(
-        "When true with decision='deny', stops the entire agent session. Default: false."
-      ),
+      action: z.enum(CHECK_ACTIONS),
+      sessionId: z.string().describe("Target session ID"),
+      cursor: z.number().int().nonnegative().optional().describe("Event offset for incremental poll. Default: 0"),
+      responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Default: 'minimal'"),
+      maxEvents: z.number().int().positive().optional().describe("Events per poll. Default: 200 (minimal)"),
+      requestId: z.string().optional().describe("Permission request ID (from actions[])"),
+      decision: z.enum(["allow", "deny"]).optional().describe("For respond_permission"),
+      denyMessage: z.string().optional().describe("Reason shown to agent on deny. Default: 'Permission denied by caller'"),
+      interrupt: z.boolean().optional().describe("Stop session on deny. Default: false"),
       pollOptions: z.object({
-        includeTools: z.boolean().optional().describe("Include availableTools array from session init. Default: false."),
-        includeEvents: z.boolean().optional().describe(
-          "When false, omits the events array (nextCursor still advances). Default: true."
-        ),
-        includeActions: z.boolean().optional().describe("When false, omits actions[] even if waiting_permission. Default: true."),
-        includeResult: z.boolean().optional().describe("When false, omits the top-level result when idle/error. Default: true."),
-        includeUsage: z.boolean().optional().describe("Include AgentResult.usage. Default: true in full mode, false in minimal."),
-        includeModelUsage: z.boolean().optional().describe(
-          "Include AgentResult.modelUsage. Default: true in full mode, false in minimal."
-        ),
-        includeStructuredOutput: z.boolean().optional().describe(
-          "Include AgentResult.structuredOutput. Default: true in full mode, false in minimal."
-        ),
-        includeTerminalEvents: z.boolean().optional().describe(
-          "Include terminal result/error events in events stream. Default: true in full, false in minimal."
-        ),
-        includeProgressEvents: z.boolean().optional().describe(
-          "Include progress events (tool_progress, auth_status). Default: true in full, false in minimal."
-        )
-      }).optional().describe(
-        "Fine-grained poll control. Overrides responseMode defaults for individual fields. Most callers can omit this."
-      ),
+        includeTools: z.boolean().optional().describe("Default: false"),
+        includeEvents: z.boolean().optional().describe("Default: true"),
+        includeActions: z.boolean().optional().describe("Default: true"),
+        includeResult: z.boolean().optional().describe("Default: true"),
+        includeUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
+        includeModelUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
+        includeStructuredOutput: z.boolean().optional().describe("Default: full=true, minimal=false"),
+        includeTerminalEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
+        includeProgressEvents: z.boolean().optional().describe("Default: full=true, minimal=false")
+      }).optional().describe("Override responseMode defaults"),
       permissionOptions: z.object({
-        updatedInput: z.record(z.string(), z.unknown()).optional().describe(
-          "Modified tool input to use instead of the original. Only with decision='allow'."
-        ),
-        updatedPermissions: z.array(z.record(z.string(), z.unknown())).optional().describe("Permission rule updates to apply. Only with decision='allow'.")
-      }).optional().describe(
-        "Advanced permission response options. Only used with respond_permission + decision='allow'."
-      )
+        updatedInput: z.record(z.string(), z.unknown()).optional().describe("Replace tool input on allow. Default: none"),
+        updatedPermissions: z.array(z.record(z.string(), z.unknown())).optional().describe("Update permission rules on allow. Default: none")
+      }).optional().describe("Allow-only: modify tool input or update rules")
     },
     async (args) => {
       const result = executeClaudeCodeCheck(args, sessionManager, toolCache);
@@ -2133,6 +2271,7 @@ action="respond_permission" \u2014 Approve or deny a pending permission request.
       };
     }
   );
+  registerResources(server, { toolCache });
   const originalClose = server.close.bind(server);
   server.close = async () => {
     sessionManager.destroy();