@leo000001/claude-code-mcp 2.0.1 → 2.0.3

package/dist/index.js

@@ -7,6 +7,47 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { z } from "zod";
 
+// src/utils/permission-updated-input.ts
+function normalizePermissionUpdatedInput(input) {
+  if (input && typeof input === "object" && !Array.isArray(input)) {
+    return input;
+  }
+  return { input };
+}
+
+// src/utils/normalize-tool-input.ts
+function normalizeMsysToWindowsPath(path2) {
+  if (/^[a-zA-Z]:[\\/]/.test(path2) || path2.startsWith("\\\\")) return void 0;
+  if (path2.startsWith("//")) {
+    const m2 = path2.match(/^\/\/([^/]{2,})\/(.*)$/);
+    if (m2) {
+      const host = m2[1];
+      const rest2 = m2[2] ?? "";
+      return `\\\\${host}\\${rest2.replace(/\//g, "\\")}`;
+    }
+  }
+  const cyg = path2.match(/^\/cygdrive\/([a-zA-Z])\/(.*)$/);
+  if (cyg) {
+    const drive2 = cyg[1].toUpperCase();
+    const rest2 = cyg[2] ?? "";
+    return `${drive2}:\\${rest2.replace(/\//g, "\\")}`;
+  }
+  const m = path2.match(/^\/(?:mnt\/)?([a-zA-Z])\/(.*)$/);
+  if (!m) return void 0;
+  const drive = m[1].toUpperCase();
+  const rest = m[2] ?? "";
+  return `${drive}:\\${rest.replace(/\//g, "\\")}`;
+}
+function normalizeToolInput(toolName, input, platform = process.platform) {
+  if (platform !== "win32") return input;
+  if (toolName !== "NotebookEdit") return input;
+  const filePath = input.file_path;
+  if (typeof filePath !== "string") return input;
+  const normalized = normalizeMsysToWindowsPath(filePath);
+  if (!normalized) return input;
+  return { ...input, file_path: normalized };
+}
+
 // src/session/manager.ts
 var DEFAULT_SESSION_TTL_MS = 30 * 60 * 1e3;
 var DEFAULT_RUNNING_SESSION_MAX_MS = 4 * 60 * 60 * 1e3;
@@ -19,7 +60,9 @@ var SessionManager = class _SessionManager {
   cleanupTimer;
   sessionTtlMs = DEFAULT_SESSION_TTL_MS;
   runningSessionMaxMs = DEFAULT_RUNNING_SESSION_MAX_MS;
-  constructor() {
+  platform;
+  constructor(opts) {
+    this.platform = opts?.platform ?? process.platform;
     this.cleanupTimer = setInterval(() => this.cleanup(), DEFAULT_CLEANUP_INTERVAL_MS);
     if (this.cleanupTimer.unref) {
       this.cleanupTimer.unref();
@@ -193,10 +236,16 @@ var SessionManager = class _SessionManager {
     const info = this.sessions.get(sessionId);
     if (!state || !info) return false;
     if (!state.pendingPermissions.has(req.requestId)) {
+      const inferredExpiresAt = new Date(Date.now() + timeoutMs).toISOString();
+      const record = {
+        ...req,
+        timeoutMs,
+        expiresAt: inferredExpiresAt
+      };
       const timeoutId = setTimeout(() => {
         this.finishRequest(
           sessionId,
-          req.requestId,
+          record.requestId,
           {
             behavior: "deny",
             message: `Permission request timed out after ${timeoutMs}ms.`,
@@ -205,12 +254,12 @@ var SessionManager = class _SessionManager {
           "timeout"
         );
       }, timeoutMs);
-      state.pendingPermissions.set(req.requestId, { record: req, finish, timeoutId });
+      state.pendingPermissions.set(record.requestId, { record, finish, timeoutId });
       info.status = "waiting_permission";
       info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       this.pushEvent(sessionId, {
         type: "permission_request",
-        data: req,
+        data: record,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
       return true;
@@ -242,11 +291,40 @@ var SessionManager = class _SessionManager {
         };
       }
     }
+    if (finalResult.behavior === "allow") {
+      const updatedInput = finalResult.updatedInput;
+      const validRecord = updatedInput !== null && updatedInput !== void 0 && typeof updatedInput === "object" && !Array.isArray(updatedInput);
+      if (!validRecord) {
+        finalResult = {
+          ...finalResult,
+          updatedInput: normalizePermissionUpdatedInput(pending.record.input)
+        };
+      } else {
+        finalResult = {
+          ...finalResult,
+          updatedInput: normalizeToolInput(
+            pending.record.toolName,
+            updatedInput,
+            this.platform
+          )
+        };
+      }
+    }
     if (pending.timeoutId) clearTimeout(pending.timeoutId);
     state.pendingPermissions.delete(requestId);
+    const eventData = {
+      requestId,
+      toolName: pending.record.toolName,
+      behavior: finalResult.behavior,
+      source
+    };
+    if (finalResult.behavior === "deny") {
+      eventData.message = finalResult.message;
+      eventData.interrupt = finalResult.interrupt;
+    }
     this.pushEvent(sessionId, {
       type: "permission_result",
-      data: { requestId, behavior: finalResult.behavior, source },
+      data: eventData,
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
     });
     try {
@@ -651,28 +729,37 @@ function consumeQuery(params) {
   let initTimeoutId;
   const canUseTool = async (toolName, input, options2) => {
     const sessionId = await getSessionId();
+    const normalizedInput = normalizeToolInput(toolName, input, params.platform);
     const sessionInfo = params.sessionManager.get(sessionId);
     if (sessionInfo) {
       if (Array.isArray(sessionInfo.disallowedTools) && sessionInfo.disallowedTools.includes(toolName)) {
         return { behavior: "deny", message: `Tool '${toolName}' is disallowed by session policy.` };
       }
       if (!options2.blockedPath && Array.isArray(sessionInfo.allowedTools) && sessionInfo.allowedTools.includes(toolName)) {
-        return { behavior: "allow" };
+        return {
+          behavior: "allow",
+          updatedInput: normalizePermissionUpdatedInput(normalizedInput)
+        };
       }
     }
     const requestId = `${options2.toolUseID}:${toolName}:${Date.now()}:${Math.random().toString(16).slice(2)}`;
+    const createdAt = (/* @__PURE__ */ new Date()).toISOString();
+    const timeoutMs = params.permissionRequestTimeoutMs;
+    const expiresAt = new Date(Date.now() + timeoutMs).toISOString();
     const record = {
       requestId,
       toolName,
-      input,
-      summary: summarizePermission(toolName, input),
+      input: normalizedInput,
+      summary: summarizePermission(toolName, normalizedInput),
       description: describeTool(toolName, params.toolCache),
       decisionReason: options2.decisionReason,
       blockedPath: options2.blockedPath,
       toolUseID: options2.toolUseID,
       agentID: options2.agentID,
       suggestions: options2.suggestions,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      createdAt,
+      timeoutMs,
+      expiresAt
     };
     return await new Promise((resolve) => {
       let finished = false;
@@ -1394,13 +1481,16 @@ var TOOL_CATALOG = {
     description: "Run shell commands (e.g. npm install, git commit, ls) in the project directory.",
     category: "execute"
   },
-  Read: { description: "Read the contents of a file given its path.", category: "file_read" },
+  Read: {
+    description: "Read the contents of a file given its path (large files may hit per-call size caps; use offset/limit or Grep chunking).",
+    category: "file_read"
+  },
   Write: {
     description: "Create a new file or completely replace an existing file's contents.",
     category: "file_write"
   },
   Edit: {
-    description: "Make targeted changes to specific parts of an existing file without rewriting the whole file.",
+    description: "Make targeted changes to specific parts of an existing file without rewriting the whole file (replace_all is substring-based).",
     category: "file_write"
   },
   Glob: {
@@ -1412,7 +1502,7 @@ var TOOL_CATALOG = {
     category: "file_read"
   },
   NotebookEdit: {
-    description: "Edit individual cells in Jupyter notebooks (.ipynb files).",
+    description: "Edit individual cells in Jupyter notebooks (.ipynb files) (expects native Windows paths; this server normalizes /d/... when possible).",
     category: "file_write"
   },
   WebFetch: {
@@ -1433,6 +1523,10 @@ var TOOL_CATALOG = {
   AskUserQuestion: {
     description: "Ask the user a question and wait for their answer before continuing.",
     category: "interaction"
+  },
+  TeamDelete: {
+    description: "Delete a team and its resources (may require all active members to shutdown_approved; cleanup may complete asynchronously).",
+    category: "agent"
   }
 };
 function uniq(items) {
@@ -1487,7 +1581,7 @@ function buildInternalToolsDescription(tools) {
   const grouped = groupByCategory(tools);
   const categories = Object.keys(grouped).sort((a, b) => a.localeCompare(b));
   let desc = 'Start a new Claude Code agent session.\n\nLaunches an autonomous coding agent that can read/write files, run shell commands, search code, manage git, access the web, and more. Returns immediately with a sessionId \u2014 the agent runs asynchronously in the background.\n\nWorkflow:\n1. Call claude_code with a prompt \u2192 returns { sessionId, status: "running", pollInterval }\n2. Poll with claude_code_check (action="poll") to receive progress events and the final result\n3. If the agent needs permission for a tool call, approve or deny via claude_code_check (action="respond_permission")\n\n';
-  desc += "Defaults:\n- settingSources: ['user', 'project', 'local'] (loads ~/.claude/settings.json, .claude/settings.json, .claude/settings.local.json, and CLAUDE.md)\n- persistSession: true\n- sessionInitTimeoutMs: 10000\n- permissionRequestTimeoutMs: 60000\n- allowedTools/disallowedTools: [] (none)\n- resumeToken: omitted unless CLAUDE_CODE_MCP_RESUME_SECRET is set on the server\n\n";
+  desc += "Defaults:\n- settingSources: ['user', 'project', 'local'] (loads ~/.claude/settings.json, .claude/settings.json, .claude/settings.local.json, and CLAUDE.md)\n- persistSession: true\n- sessionInitTimeoutMs: 10000\n- permissionRequestTimeoutMs: 60000\n- allowedTools/disallowedTools: [] (none)\n- resumeToken: omitted unless CLAUDE_CODE_MCP_RESUME_SECRET is set on the server\n- Permission prompts auto-deny on timeout; use claude_code_check actions[].expiresAt/remainingMs\n\n";
   desc += "Internal tools available to the agent (use allowedTools/disallowedTools to control approval policy; authoritative list returned by claude_code_check with includeTools=true):\n";
   for (const category of categories) {
     desc += `
@@ -1498,7 +1592,8 @@ function buildInternalToolsDescription(tools) {
 `;
     }
   }
-  desc += '\nUse `allowedTools` to pre-approve tools (no permission prompts). Use `disallowedTools` to permanently block specific tools. Any tool not in either list will pause the session (status: "waiting_permission") until approved or denied via claude_code_check.\n';
+  desc += "\nSecurity: You MUST configure allowedTools/disallowedTools based on your own permission scope. Only allow tools that you yourself are authorized to perform \u2014 do not grant the agent broader permissions than you have. For example, if you lack write access to a directory, do not include Write/Edit in allowedTools. When in doubt, leave both lists empty and review each permission request individually via claude_code_check.\n\n";
+  desc += 'Use `allowedTools` to pre-approve tools (no permission prompts). Use `disallowedTools` to permanently block specific tools. Any tool not in either list will pause the session (status: "waiting_permission") until approved or denied via claude_code_check.\n';
   return desc;
 }
 
@@ -1621,20 +1716,27 @@ function buildResult(sessionManager, toolCache, input) {
     }),
     nextCursor,
     availableTools,
-    actions: includeActions && status === "waiting_permission" ? pending.map((req) => ({
-      type: "permission",
-      requestId: req.requestId,
-      toolName: req.toolName,
-      input: req.input,
-      summary: req.summary,
-      decisionReason: req.decisionReason,
-      blockedPath: req.blockedPath,
-      toolUseID: req.toolUseID,
-      agentID: req.agentID,
-      suggestions: req.suggestions,
-      description: req.description,
-      createdAt: req.createdAt
-    })) : void 0,
+    actions: includeActions && status === "waiting_permission" ? pending.map((req) => {
+      const expiresMs = req.expiresAt ? Date.parse(req.expiresAt) : Number.NaN;
+      const remainingMs = Number.isFinite(expiresMs) ? Math.max(0, expiresMs - Date.now()) : void 0;
+      return {
+        type: "permission",
+        requestId: req.requestId,
+        toolName: req.toolName,
+        input: req.input,
+        summary: req.summary,
+        decisionReason: req.decisionReason,
+        blockedPath: req.blockedPath,
+        toolUseID: req.toolUseID,
+        agentID: req.agentID,
+        suggestions: req.suggestions,
+        description: req.description,
+        createdAt: req.createdAt,
+        timeoutMs: req.timeoutMs,
+        expiresAt: req.expiresAt,
+        remainingMs
+      };
+    }) : void 0,
     result: includeResult && stored?.result ? redactAgentResult(stored.result, {
       includeUsage,
       includeModelUsage,
@@ -1796,8 +1898,96 @@ function executeClaudeCodeSession(input, sessionManager) {
   }
 }
 
+// src/resources/register-resources.ts
+var RESOURCE_SCHEME = "claude-code-mcp";
+var RESOURCE_URIS = {
+  serverInfo: `${RESOURCE_SCHEME}:///server-info`,
+  internalTools: `${RESOURCE_SCHEME}:///internal-tools`,
+  gotchas: `${RESOURCE_SCHEME}:///gotchas`
+};
+function asTextResource(uri, text, mimeType) {
+  return {
+    contents: [
+      {
+        uri: uri.toString(),
+        text,
+        mimeType
+      }
+    ]
+  };
+}
+function registerResources(server, deps) {
+  const serverInfoUri = new URL(RESOURCE_URIS.serverInfo);
+  server.registerResource(
+    "server_info",
+    serverInfoUri.toString(),
+    {
+      title: "Server Info",
+      description: "Static server metadata (version/platform/runtime).",
+      mimeType: "application/json"
+    },
+    () => asTextResource(
+      serverInfoUri,
+      JSON.stringify(
+        {
+          name: "claude-code-mcp",
+          node: process.version,
+          platform: process.platform,
+          arch: process.arch,
+          resources: Object.values(RESOURCE_URIS),
+          toolCatalogCount: deps.toolCache.getTools().length
+        },
+        null,
+        2
+      ),
+      "application/json"
+    )
+  );
+  const toolsUri = new URL(RESOURCE_URIS.internalTools);
+  server.registerResource(
+    "internal_tools",
+    toolsUri.toString(),
+    {
+      title: "Internal Tools",
+      description: "Claude Code internal tool catalog (static + runtime-discovered).",
+      mimeType: "application/json"
+    },
+    () => asTextResource(
+      toolsUri,
+      JSON.stringify({ tools: deps.toolCache.getTools() }, null, 2),
+      "application/json"
+    )
+  );
+  const gotchasUri = new URL(RESOURCE_URIS.gotchas);
+  server.registerResource(
+    "gotchas",
+    gotchasUri.toString(),
+    {
+      title: "Gotchas",
+      description: "Practical limits and gotchas when using Claude Code via this MCP server.",
+      mimeType: "text/markdown"
+    },
+    () => asTextResource(
+      gotchasUri,
+      [
+        "# claude-code-mcp: gotchas",
+        "",
+        "- Permission approvals have a timeout (default 60s) and auto-deny (`actions[].expiresAt`/`remainingMs`).",
+        "- `Read` has a per-call size cap in practice (often ~256KB); for large files use `offset`/`limit` or chunk with `Grep`.",
+        "- `Edit` with `replace_all=true` is substring replacement; if no match is found the tool returns an error.",
+        "- `NotebookEdit` expects native Windows paths; this server normalizes MSYS paths like `/d/...` when possible.",
+        "- `TeamDelete` may require members to reach `shutdown_approved`; cleanup can be asynchronous during shutdown.",
+        '- Skills may become available later in the same session (early calls may show "Unknown").',
+        "- Some internal features (e.g. ToolSearch) may not appear in `availableTools` because it is derived from SDK `system/init.tools`.",
+        ""
+      ].join("\n"),
+      "text/markdown"
+    )
+  );
+}
+
 // src/server.ts
-var SERVER_VERSION = true ? "2.0.1" : "0.0.0-dev";
+var SERVER_VERSION = true ? "2.0.3" : "0.0.0-dev";
 function createServer(serverCwd) {
   const sessionManager = new SessionManager();
   const toolCache = new ToolDiscoveryCache();
@@ -2081,6 +2271,7 @@ action="respond_permission" \u2014 Approve or deny a pending permission request.
       };
     }
   );
+  registerResources(server, { toolCache });
   const originalClose = server.close.bind(server);
   server.close = async () => {
     sessionManager.destroy();