@leo000001/claude-code-mcp 2.0.1 → 2.2.0

package/dist/index.js

@@ -7,24 +7,125 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { z } from "zod";
 
+// src/utils/permission-updated-input.ts
+function normalizePermissionUpdatedInput(input) {
+  if (input && typeof input === "object" && !Array.isArray(input)) {
+    return input;
+  }
+  return { input };
+}
+
+// src/utils/normalize-windows-path.ts
+import path from "path";
+import os from "os";
+function maybeAddWindowsLongPathPrefix(value) {
+  if (value.startsWith("\\\\?\\") || value.startsWith("\\\\.\\") || value.length < 240)
+    return value;
+  return path.win32.toNamespacedPath(value);
+}
+function expandTilde(value, platform) {
+  if (value === "~") return os.homedir();
+  if (!value.startsWith("~")) return value;
+  const next = value[1];
+  if (next !== "/" && next !== "\\") return value;
+  const rest = value.slice(2);
+  const join2 = platform === "win32" ? path.win32.join : path.posix.join;
+  return join2(os.homedir(), rest);
+}
+function normalizeMsysToWindowsPathInner(rawPath) {
+  if (/^[a-zA-Z]:[\\/]/.test(rawPath) || rawPath.startsWith("\\\\")) return void 0;
+  if (rawPath.startsWith("//")) {
+    const m2 = rawPath.match(/^\/\/([^/]{2,})\/(.*)$/);
+    if (m2) {
+      const host = m2[1];
+      const rest2 = m2[2] ?? "";
+      return `\\\\${host}\\${rest2.replace(/\//g, "\\")}`;
+    }
+  }
+  const cyg = rawPath.match(/^\/cygdrive\/([a-zA-Z])\/(.*)$/);
+  if (cyg) {
+    const drive2 = cyg[1].toUpperCase();
+    const rest2 = cyg[2] ?? "";
+    return `${drive2}:\\${rest2.replace(/\//g, "\\")}`;
+  }
+  const m = rawPath.match(/^\/(?:mnt\/)?([a-zA-Z])\/(.*)$/);
+  if (!m) return void 0;
+  const drive = m[1].toUpperCase();
+  const rest = m[2] ?? "";
+  return `${drive}:\\${rest.replace(/\//g, "\\")}`;
+}
+function normalizeMsysToWindowsPath(rawPath) {
+  const converted = normalizeMsysToWindowsPathInner(rawPath);
+  if (!converted) return void 0;
+  return path.win32.normalize(converted);
+}
+function normalizeWindowsPathLike(value, platform = process.platform) {
+  const expanded = expandTilde(value, platform);
+  if (platform !== "win32") return expanded;
+  const converted = normalizeMsysToWindowsPath(expanded);
+  if (!converted && expanded.startsWith("/")) return expanded;
+  const normalized = path.win32.normalize(converted ?? expanded);
+  return maybeAddWindowsLongPathPrefix(normalized);
+}
+function normalizeWindowsPathArray(values, platform = process.platform) {
+  return values.map((v) => normalizeWindowsPathLike(v, platform));
+}
+
+// src/utils/normalize-tool-input.ts
+function normalizeToolInput(_toolName, input, platform = process.platform) {
+  if (platform !== "win32") return input;
+  const filePath = input.file_path;
+  if (typeof filePath !== "string") return input;
+  const normalized = normalizeWindowsPathLike(filePath, platform);
+  return normalized === filePath ? input : { ...input, file_path: normalized };
+}
+
 // src/session/manager.ts
 var DEFAULT_SESSION_TTL_MS = 30 * 60 * 1e3;
 var DEFAULT_RUNNING_SESSION_MAX_MS = 4 * 60 * 60 * 1e3;
 var DEFAULT_CLEANUP_INTERVAL_MS = 6e4;
 var DEFAULT_EVENT_BUFFER_MAX_SIZE = 1e3;
 var DEFAULT_EVENT_BUFFER_HARD_MAX_SIZE = 2e3;
+var DEFAULT_MAX_SESSIONS = 128;
+var DEFAULT_MAX_PENDING_PERMISSIONS_PER_SESSION = 64;
 var SessionManager = class _SessionManager {
   sessions = /* @__PURE__ */ new Map();
   runtime = /* @__PURE__ */ new Map();
+  drainingSessions = /* @__PURE__ */ new Map();
   cleanupTimer;
   sessionTtlMs = DEFAULT_SESSION_TTL_MS;
   runningSessionMaxMs = DEFAULT_RUNNING_SESSION_MAX_MS;
-  constructor() {
+  platform;
+  maxSessions;
+  maxPendingPermissionsPerSession;
+  constructor(opts) {
+    this.platform = opts?.platform ?? process.platform;
+    const envRaw = process.env.CLAUDE_CODE_MCP_MAX_SESSIONS;
+    const envParsed = typeof envRaw === "string" && envRaw.trim() !== "" ? Number.parseInt(envRaw, 10) : NaN;
+    const configured = opts?.maxSessions ?? (Number.isFinite(envParsed) ? envParsed : void 0);
+    this.maxSessions = typeof configured === "number" ? configured <= 0 ? Number.POSITIVE_INFINITY : configured : DEFAULT_MAX_SESSIONS;
+    const maxPendingEnvRaw = process.env.CLAUDE_CODE_MCP_MAX_PENDING_PERMISSIONS;
+    const maxPendingEnvParsed = typeof maxPendingEnvRaw === "string" && maxPendingEnvRaw.trim() !== "" ? Number.parseInt(maxPendingEnvRaw, 10) : NaN;
+    const maxPendingConfigured = opts?.maxPendingPermissionsPerSession ?? (Number.isFinite(maxPendingEnvParsed) ? maxPendingEnvParsed : void 0);
+    this.maxPendingPermissionsPerSession = typeof maxPendingConfigured === "number" ? maxPendingConfigured <= 0 ? Number.POSITIVE_INFINITY : maxPendingConfigured : DEFAULT_MAX_PENDING_PERMISSIONS_PER_SESSION;
     this.cleanupTimer = setInterval(() => this.cleanup(), DEFAULT_CLEANUP_INTERVAL_MS);
     if (this.cleanupTimer.unref) {
       this.cleanupTimer.unref();
     }
   }
+  getSessionCount() {
+    return this.sessions.size;
+  }
+  getMaxSessions() {
+    return this.maxSessions;
+  }
+  getMaxPendingPermissionsPerSession() {
+    return this.maxPendingPermissionsPerSession;
+  }
+  hasCapacityFor(additionalSessions) {
+    if (additionalSessions <= 0) return true;
+    return this.sessions.size + additionalSessions <= this.maxSessions;
+  }
   create(params) {
     const now = (/* @__PURE__ */ new Date()).toISOString();
     const existing = this.sessions.get(params.sessionId);
@@ -117,7 +218,10 @@ var SessionManager = class _SessionManager {
     if (info.status === "waiting_permission") {
       this.finishAllPending(
         sessionId,
-        { behavior: "deny", message: "Session cancelled", interrupt: true },
+        // `cancel()` already aborts the running query below. Avoid sending an additional
+        // interrupt=true control response while the stream is being torn down, which can race
+        // into SDK-level "Operation aborted" write errors on stdio clients.
+        { behavior: "deny", message: "Session cancelled", interrupt: false },
         "cancel"
       );
     }
@@ -135,8 +239,10 @@ var SessionManager = class _SessionManager {
     this.finishAllPending(
       sessionId,
       { behavior: "deny", message: "Session deleted", interrupt: true },
-      "cleanup"
+      "cleanup",
+      { restoreRunning: false }
     );
+    this.drainingSessions.delete(sessionId);
     this.runtime.delete(sessionId);
     return this.sessions.delete(sessionId);
   }
@@ -192,11 +298,63 @@ var SessionManager = class _SessionManager {
     const state = this.runtime.get(sessionId);
     const info = this.sessions.get(sessionId);
     if (!state || !info) return false;
+    if (info.status !== "running" && info.status !== "waiting_permission") {
+      try {
+        finish({
+          behavior: "deny",
+          message: `Session is not accepting permission requests (status: ${info.status}).`,
+          interrupt: true
+        });
+      } catch {
+      }
+      return false;
+    }
+    if (this.isDraining(sessionId)) {
+      try {
+        finish({
+          behavior: "deny",
+          message: "Session is finishing pending permission requests.",
+          interrupt: true
+        });
+      } catch {
+      }
+      return false;
+    }
     if (!state.pendingPermissions.has(req.requestId)) {
+      if (state.pendingPermissions.size >= this.maxPendingPermissionsPerSession) {
+        const deny = {
+          behavior: "deny",
+          message: "Too many pending permission requests for this session.",
+          interrupt: false
+        };
+        this.pushEvent(sessionId, {
+          type: "permission_result",
+          data: {
+            requestId: req.requestId,
+            toolName: req.toolName,
+            behavior: "deny",
+            source: "policy",
+            message: deny.message,
+            interrupt: deny.interrupt
+          },
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        });
+        try {
+          finish(deny);
+        } catch {
+        }
+        return false;
+      }
+      const inferredExpiresAt = new Date(Date.now() + timeoutMs).toISOString();
+      const record = {
+        ...req,
+        timeoutMs,
+        expiresAt: inferredExpiresAt
+      };
       const timeoutId = setTimeout(() => {
         this.finishRequest(
           sessionId,
-          req.requestId,
+          record.requestId,
           {
             behavior: "deny",
             message: `Permission request timed out after ${timeoutMs}ms.`,
@@ -205,12 +363,12 @@ var SessionManager = class _SessionManager {
           "timeout"
         );
       }, timeoutMs);
-      state.pendingPermissions.set(req.requestId, { record: req, finish, timeoutId });
+      state.pendingPermissions.set(record.requestId, { record, finish, timeoutId });
       info.status = "waiting_permission";
       info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       this.pushEvent(sessionId, {
         type: "permission_request",
-        data: req,
+        data: record,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
       return true;
@@ -242,28 +400,86 @@ var SessionManager = class _SessionManager {
         };
       }
     }
+    if (finalResult.behavior === "allow") {
+      const updatedInput = finalResult.updatedInput;
+      const validRecord = updatedInput !== null && updatedInput !== void 0 && typeof updatedInput === "object" && !Array.isArray(updatedInput);
+      if (!validRecord) {
+        finalResult = {
+          ...finalResult,
+          updatedInput: normalizePermissionUpdatedInput(pending.record.input)
+        };
+      } else {
+        finalResult = {
+          ...finalResult,
+          updatedInput: normalizeToolInput(
+            pending.record.toolName,
+            updatedInput,
+            this.platform
+          )
+        };
+      }
+    }
     if (pending.timeoutId) clearTimeout(pending.timeoutId);
     state.pendingPermissions.delete(requestId);
+    const eventData = {
+      requestId,
+      toolName: pending.record.toolName,
+      behavior: finalResult.behavior,
+      source
+    };
+    if (finalResult.behavior === "deny") {
+      eventData.message = finalResult.message;
+      eventData.interrupt = finalResult.interrupt;
+    } else {
+      const allow = finalResult;
+      if (allow.updatedInput !== void 0) eventData.updatedInput = allow.updatedInput;
+      if (allow.updatedPermissions !== void 0)
+        eventData.updatedPermissions = allow.updatedPermissions;
+    }
     this.pushEvent(sessionId, {
       type: "permission_result",
-      data: { requestId, behavior: finalResult.behavior, source },
+      data: eventData,
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
     });
     try {
       pending.finish(finalResult);
     } catch {
     }
-    if (info.status === "waiting_permission" && state.pendingPermissions.size === 0) {
+    if (info.status === "waiting_permission" && state.pendingPermissions.size === 0 && !this.isDraining(sessionId)) {
       info.status = "running";
       info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     }
     return true;
   }
-  finishAllPending(sessionId, result, source) {
+  finishAllPending(sessionId, result, source, opts) {
     const state = this.runtime.get(sessionId);
     if (!state) return;
-    for (const requestId of Array.from(state.pendingPermissions.keys())) {
-      this.finishRequest(sessionId, requestId, result, source);
+    if (state.pendingPermissions.size === 0) return;
+    this.beginDraining(sessionId);
+    try {
+      while (state.pendingPermissions.size > 0) {
+        const next = state.pendingPermissions.keys().next();
+        if (next.done || typeof next.value !== "string") break;
+        const requestId = next.value;
+        const handled = this.finishRequest(sessionId, requestId, result, source);
+        if (!handled) {
+          const pending = state.pendingPermissions.get(requestId);
+          if (pending?.timeoutId) clearTimeout(pending.timeoutId);
+          state.pendingPermissions.delete(requestId);
+          try {
+            pending?.finish(result);
+          } catch {
+          }
+        }
+      }
+    } finally {
+      this.endDraining(sessionId);
+    }
+    const restoreRunning = opts?.restoreRunning ?? true;
+    const info = this.sessions.get(sessionId);
+    if (restoreRunning && info && info.status === "waiting_permission" && state.pendingPermissions.size === 0) {
+      info.status = "running";
+      info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     }
   }
   /** Remove sessions that have been idle for too long, or stuck running too long */
@@ -275,29 +491,40 @@ var SessionManager = class _SessionManager {
         this.finishAllPending(
           id,
           { behavior: "deny", message: "Session expired", interrupt: true },
-          "cleanup"
+          "cleanup",
+          { restoreRunning: false }
         );
+        this.drainingSessions.delete(id);
         this.sessions.delete(id);
         this.runtime.delete(id);
       } else if (info.status === "running" && now - lastActive > this.runningSessionMaxMs) {
         if (info.abortController) info.abortController.abort();
+        info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
+        info.cancelledReason = info.cancelledReason ?? "Session timed out";
+        info.cancelledSource = info.cancelledSource ?? "cleanup";
         info.status = "error";
         info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       } else if (info.status === "waiting_permission" && now - lastActive > this.runningSessionMaxMs) {
         this.finishAllPending(
           id,
           { behavior: "deny", message: "Session timed out", interrupt: true },
-          "cleanup"
+          "cleanup",
+          { restoreRunning: false }
         );
         if (info.abortController) info.abortController.abort();
+        info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
+        info.cancelledReason = info.cancelledReason ?? "Session timed out";
+        info.cancelledSource = info.cancelledSource ?? "cleanup";
         info.status = "error";
         info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       } else if (info.status !== "running" && info.status !== "waiting_permission" && now - lastActive > this.sessionTtlMs) {
         this.finishAllPending(
           id,
           { behavior: "deny", message: "Session expired", interrupt: true },
-          "cleanup"
+          "cleanup",
+          { restoreRunning: false }
         );
+        this.drainingSessions.delete(id);
         this.sessions.delete(id);
         this.runtime.delete(id);
       }
@@ -346,7 +573,8 @@ var SessionManager = class _SessionManager {
       this.finishAllPending(
         info.sessionId,
         { behavior: "deny", message: "Server shutting down", interrupt: true },
-        "destroy"
+        "destroy",
+        { restoreRunning: false }
       );
       if ((info.status === "running" || info.status === "waiting_permission") && info.abortController) {
         info.abortController.abort();
@@ -416,6 +644,20 @@ var SessionManager = class _SessionManager {
   static clearTerminalEvents(buffer) {
     buffer.events = buffer.events.filter((e) => e.type !== "result" && e.type !== "error");
   }
+  isDraining(sessionId) {
+    return (this.drainingSessions.get(sessionId) ?? 0) > 0;
+  }
+  beginDraining(sessionId) {
+    this.drainingSessions.set(sessionId, (this.drainingSessions.get(sessionId) ?? 0) + 1);
+  }
+  endDraining(sessionId) {
+    const current = this.drainingSessions.get(sessionId) ?? 0;
+    if (current <= 1) {
+      this.drainingSessions.delete(sessionId);
+      return;
+    }
+    this.drainingSessions.set(sessionId, current - 1);
+  }
 };
 
 // src/types.ts
@@ -432,23 +674,98 @@ import { AbortError, query } from "@anthropic-ai/claude-agent-sdk";
 // src/utils/windows.ts
 import { existsSync } from "fs";
 import { execSync } from "child_process";
-import path from "path";
-var { join, dirname, normalize } = path.win32;
+import path2 from "path";
+var { join, dirname, normalize, isAbsolute } = path2.win32;
+var LONG_PATH_PREFIX = "\\\\?\\";
+var UNC_LONG_PATH_PREFIX = "\\\\?\\UNC\\";
 function isWindows() {
   return process.platform === "win32";
 }
+function normalizeMaybeQuotedPath(raw) {
+  return normalize(raw.trim().replace(/^"|"$/g, ""));
+}
+function existsSyncSafe(candidate) {
+  try {
+    return existsSync(candidate);
+  } catch {
+    return false;
+  }
+}
+function ensureLongPathPrefix(normalized) {
+  if (!normalized || normalized.startsWith(LONG_PATH_PREFIX)) return normalized;
+  if (!isAbsolute(normalized)) return normalized;
+  if (normalized.startsWith("\\\\")) {
+    return `${UNC_LONG_PATH_PREFIX}${normalized.slice(2)}`;
+  }
+  return `${LONG_PATH_PREFIX}${normalized}`;
+}
+function existsPath(raw) {
+  if (!raw) return false;
+  const normalized = normalizeMaybeQuotedPath(raw);
+  if (existsSyncSafe(normalized)) return true;
+  const longPath = ensureLongPathPrefix(normalized);
+  if (longPath === normalized) return false;
+  return existsSyncSafe(longPath);
+}
+function tryWhere(exe) {
+  try {
+    const output = execSync(`where ${exe}`, {
+      encoding: "utf8",
+      timeout: 2e3,
+      windowsHide: true
+    });
+    return output.split(/\r?\n/).map((l) => l.trim()).filter(Boolean).map((p) => normalizeMaybeQuotedPath(p));
+  } catch {
+    return [];
+  }
+}
+function pathEntries() {
+  const raw = process.env.PATH;
+  if (typeof raw !== "string" || raw.trim() === "") return [];
+  return raw.split(path2.delimiter).map((p) => p.trim().replace(/^"|"$/g, "")).filter(Boolean).map((p) => normalizeMaybeQuotedPath(p));
+}
+function tryFromPath(exeNames) {
+  const results = [];
+  for (const dir of pathEntries()) {
+    for (const exe of exeNames) {
+      const full = normalize(path2.win32.join(dir, exe));
+      if (existsPath(full)) results.push(full);
+    }
+  }
+  return results;
+}
+function firstExisting(candidates) {
+  for (const p of candidates) {
+    if (p && existsPath(p)) return p;
+  }
+  return null;
+}
+function isWindowsSystemBash(pathLike) {
+  const p = normalizeMaybeQuotedPath(pathLike).toLowerCase();
+  return p.endsWith("\\windows\\system32\\bash.exe") || p.endsWith("\\windows\\syswow64\\bash.exe") || p.includes("\\windows\\system32\\bash.exe") || p.includes("\\windows\\syswow64\\bash.exe");
+}
 function findGitBash() {
   const envPathRaw = process.env.CLAUDE_CODE_GIT_BASH_PATH;
   if (envPathRaw && envPathRaw.trim() !== "") {
-    const envPath = normalize(envPathRaw.trim().replace(/^"|"$/g, ""));
-    if (existsSync(envPath)) return envPath;
-    return null;
-  }
+    const envPath = normalizeMaybeQuotedPath(envPathRaw);
+    if (existsPath(envPath)) return envPath;
+  }
+  const programFilesRoots = [
+    process.env.ProgramW6432,
+    process.env.ProgramFiles,
+    process.env["ProgramFiles(x86)"]
+  ].filter((v) => typeof v === "string" && v.trim() !== "");
+  const defaultCandidates = [];
+  for (const root of programFilesRoots) {
+    const base = join(normalizeMaybeQuotedPath(root), "Git");
+    defaultCandidates.push(join(base, "bin", "bash.exe"));
+    defaultCandidates.push(join(base, "usr", "bin", "bash.exe"));
+  }
+  const fromDefault = firstExisting(defaultCandidates);
+  if (fromDefault) return fromDefault;
   try {
-    const output = execSync("where git", { encoding: "utf8" });
-    const gitCandidates = output.split(/\r?\n/).map((l) => l.trim()).filter(Boolean);
-    for (const gitPathRaw of gitCandidates) {
-      const gitPath = normalize(gitPathRaw.replace(/^"|"$/g, ""));
+    const gitCandidates = [...tryFromPath(["git.exe", "git.cmd", "git.bat"]), ...tryWhere("git")];
+    for (const gitPath of gitCandidates) {
       if (!gitPath) continue;
       const gitDir = dirname(gitPath);
       const gitDirLower = gitDir.toLowerCase();
@@ -470,19 +787,38 @@ function findGitBash() {
         bashCandidates.push(join(root, "mingw64", "bin", "bash.exe"));
       }
       for (const bashPath of bashCandidates) {
-        const normalized = normalize(bashPath);
-        if (existsSync(normalized)) return normalized;
+        const normalizedPath = normalize(bashPath);
+        if (existsPath(normalizedPath)) return normalizedPath;
       }
     }
   } catch {
   }
+  const fromWhereBash = firstExisting(
+    [...tryFromPath(["bash.exe"]), ...tryWhere("bash")].filter(
+      (p) => p.toLowerCase().endsWith("\\bash.exe") && !isWindowsSystemBash(p)
+    )
+  );
+  if (fromWhereBash) return fromWhereBash;
   return null;
 }
 function checkWindowsBashAvailability() {
   if (!isWindows()) return;
+  const envPathRaw = process.env.CLAUDE_CODE_GIT_BASH_PATH;
+  const envPath = envPathRaw && envPathRaw.trim() !== "" ? normalizeMaybeQuotedPath(envPathRaw) : null;
+  const envValid = !!(envPath && existsPath(envPath));
   const bashPath = findGitBash();
   if (bashPath) {
-    console.error(`[windows] Git Bash detected: ${bashPath}`);
+    if (!envValid) {
+      process.env.CLAUDE_CODE_GIT_BASH_PATH = bashPath;
+      if (envPathRaw && envPathRaw.trim() !== "") {
+        console.error(
+          `[windows] WARNING: CLAUDE_CODE_GIT_BASH_PATH is set to "${envPathRaw}" but the file does not exist.`
+        );
+      }
+      console.error(`[windows] Git Bash detected: ${bashPath} (set CLAUDE_CODE_GIT_BASH_PATH)`);
+    } else {
+      console.error(`[windows] Git Bash detected: ${bashPath}`);
+    }
     return;
   }
   const hint = process.env.CLAUDE_CODE_GIT_BASH_PATH ? `CLAUDE_CODE_GIT_BASH_PATH is set to "${process.env.CLAUDE_CODE_GIT_BASH_PATH}" but the file does not exist.` : "CLAUDE_CODE_GIT_BASH_PATH is not set and git was not found in PATH.";
@@ -499,7 +835,9 @@ function checkWindowsBashAvailability() {
 var WINDOWS_BASH_HINT = '\n\n[Windows] The Claude Code CLI requires Git Bash. Set CLAUDE_CODE_GIT_BASH_PATH in your MCP server config or system environment. See README.md "Windows Support" section for details.';
 function enhanceWindowsError(errorMessage) {
   if (!isWindows()) return errorMessage;
-  if (errorMessage.includes("git-bash") || errorMessage.includes("bash.exe") || errorMessage.includes("CLAUDE_CODE_GIT_BASH_PATH")) {
+  const lower = errorMessage.toLowerCase();
+  const looksLikeMissingBash = lower.includes("enoent") && (lower.includes("bash") || lower.includes("git-bash")) || lower.includes("claude code on windows requires git-bash");
+  if (looksLikeMissingBash || lower.includes("claude_code_git_bash_path")) {
     return errorMessage + WINDOWS_BASH_HINT;
   }
   return errorMessage;
@@ -508,6 +846,13 @@ function enhanceWindowsError(errorMessage) {
 // src/tools/query-consumer.ts
 var MAX_TRANSIENT_RETRIES = 3;
 var INITIAL_RETRY_DELAY_MS = 1e3;
+var DEFAULT_PERMISSION_REQUEST_TIMEOUT_MS = 6e4;
+var MAX_PERMISSION_REQUEST_TIMEOUT_MS = 5 * 6e4;
+var MAX_PREINIT_BUFFER_MESSAGES = 200;
+function clampPermissionRequestTimeoutMs(ms) {
+  if (!Number.isFinite(ms) || ms <= 0) return DEFAULT_PERMISSION_REQUEST_TIMEOUT_MS;
+  return Math.min(ms, MAX_PERMISSION_REQUEST_TIMEOUT_MS);
+}
 function classifyError(err, abortSignal) {
   if (abortSignal.aborted) return "abort";
   if (err instanceof AbortError || err instanceof Error && err.name === "AbortError") {
@@ -532,12 +877,16 @@ function describeTool(toolName, toolCache) {
   return found?.description;
 }
 function sdkResultToAgentResult(result) {
+  const sessionTotalTurns = result.session_total_turns;
+  const sessionTotalCostUsd = result.session_total_cost_usd;
   const base = {
     sessionId: result.session_id,
     durationMs: result.duration_ms,
     durationApiMs: result.duration_api_ms,
     numTurns: result.num_turns,
     totalCostUsd: result.total_cost_usd,
+    sessionTotalTurns: typeof sessionTotalTurns === "number" ? sessionTotalTurns : void 0,
+    sessionTotalCostUsd: typeof sessionTotalCostUsd === "number" ? sessionTotalCostUsd : void 0,
     stopReason: result.stop_reason,
     usage: result.usage,
     modelUsage: result.modelUsage,
@@ -649,30 +998,42 @@ function consumeQuery(params) {
     return activeSessionId;
   };
   let initTimeoutId;
+  const permissionRequestTimeoutMs = clampPermissionRequestTimeoutMs(
+    params.permissionRequestTimeoutMs
+  );
   const canUseTool = async (toolName, input, options2) => {
     const sessionId = await getSessionId();
+    const normalizedInput = normalizeToolInput(toolName, input, params.platform);
     const sessionInfo = params.sessionManager.get(sessionId);
     if (sessionInfo) {
       if (Array.isArray(sessionInfo.disallowedTools) && sessionInfo.disallowedTools.includes(toolName)) {
         return { behavior: "deny", message: `Tool '${toolName}' is disallowed by session policy.` };
       }
       if (!options2.blockedPath && Array.isArray(sessionInfo.allowedTools) && sessionInfo.allowedTools.includes(toolName)) {
-        return { behavior: "allow" };
+        return {
+          behavior: "allow",
+          updatedInput: normalizePermissionUpdatedInput(normalizedInput)
+        };
       }
     }
     const requestId = `${options2.toolUseID}:${toolName}:${Date.now()}:${Math.random().toString(16).slice(2)}`;
+    const createdAt = (/* @__PURE__ */ new Date()).toISOString();
+    const timeoutMs = permissionRequestTimeoutMs;
+    const expiresAt = new Date(Date.now() + timeoutMs).toISOString();
     const record = {
       requestId,
       toolName,
-      input,
-      summary: summarizePermission(toolName, input),
+      input: normalizedInput,
+      summary: summarizePermission(toolName, normalizedInput),
       description: describeTool(toolName, params.toolCache),
       decisionReason: options2.decisionReason,
       blockedPath: options2.blockedPath,
       toolUseID: options2.toolUseID,
       agentID: options2.agentID,
       suggestions: options2.suggestions,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      createdAt,
+      timeoutMs,
+      expiresAt
     };
     return await new Promise((resolve) => {
       let finished = false;
@@ -694,10 +1055,14 @@ function consumeQuery(params) {
         sessionId,
         record,
         finish,
-        params.permissionRequestTimeoutMs
+        permissionRequestTimeoutMs
       );
       if (!registered) {
-        finish({ behavior: "deny", message: "Session no longer exists.", interrupt: true });
+        finish({
+          behavior: "deny",
+          message: "Session no longer exists.",
+          interrupt: true
+        });
         return;
       }
       options2.signal.addEventListener("abort", abortListener, { once: true });
@@ -732,6 +1097,7 @@ function consumeQuery(params) {
   };
   const done = (async () => {
     const preInit = [];
+    let preInitDropped = 0;
     if (shouldWaitForInit) {
       initTimeoutId = setTimeout(() => {
         close();
@@ -756,6 +1122,13 @@ function consumeQuery(params) {
               sessionIdResolved = true;
               resolveSessionId(activeSessionId);
               if (initTimeoutId) clearTimeout(initTimeoutId);
+              if (preInitDropped > 0) {
+                params.sessionManager.pushEvent(activeSessionId, {
+                  type: "progress",
+                  data: { type: "pre_init_dropped", dropped: preInitDropped },
+                  timestamp: (/* @__PURE__ */ new Date()).toISOString()
+                });
+              }
               for (const buffered of preInit) {
                 const event2 = messageToEvent(buffered);
                 if (!event2) continue;
@@ -771,35 +1144,50 @@ function consumeQuery(params) {
           }
           if (shouldWaitForInit && !sessionIdResolved) {
             preInit.push(message);
+            if (preInit.length > MAX_PREINIT_BUFFER_MESSAGES) {
+              preInit.shift();
+              preInitDropped++;
+            }
             continue;
           }
           if (message.type === "result") {
             const sessionId2 = message.session_id ?? await getSessionId();
             const agentResult = sdkResultToAgentResult(message);
+            const current = params.sessionManager.get(sessionId2);
+            const previousTotalTurns = current?.totalTurns ?? 0;
+            const previousTotalCostUsd = current?.totalCostUsd ?? 0;
+            const computedTotalTurns = previousTotalTurns + agentResult.numTurns;
+            const computedTotalCostUsd = previousTotalCostUsd + agentResult.totalCostUsd;
+            const sessionTotalTurns = typeof agentResult.sessionTotalTurns === "number" ? Math.max(agentResult.sessionTotalTurns, computedTotalTurns) : computedTotalTurns;
+            const sessionTotalCostUsd = typeof agentResult.sessionTotalCostUsd === "number" ? Math.max(agentResult.sessionTotalCostUsd, computedTotalCostUsd) : computedTotalCostUsd;
+            const resultWithSessionTotals = {
+              ...agentResult,
+              sessionTotalTurns,
+              sessionTotalCostUsd
+            };
             const stored = {
               type: agentResult.isError ? "error" : "result",
-              result: agentResult,
+              result: resultWithSessionTotals,
               createdAt: (/* @__PURE__ */ new Date()).toISOString()
             };
             params.sessionManager.setResult(sessionId2, stored);
             params.sessionManager.clearTerminalEvents(sessionId2);
             params.sessionManager.pushEvent(sessionId2, {
               type: agentResult.isError ? "error" : "result",
-              data: agentResult,
+              data: resultWithSessionTotals,
               timestamp: (/* @__PURE__ */ new Date()).toISOString()
             });
-            const current = params.sessionManager.get(sessionId2);
             if (current && current.status !== "cancelled") {
               params.sessionManager.update(sessionId2, {
                 status: agentResult.isError ? "error" : "idle",
-                totalTurns: agentResult.numTurns,
-                totalCostUsd: agentResult.totalCostUsd,
+                totalTurns: sessionTotalTurns,
+                totalCostUsd: sessionTotalCostUsd,
                 abortController: void 0
               });
             } else if (current) {
               params.sessionManager.update(sessionId2, {
-                totalTurns: agentResult.numTurns,
-                totalCostUsd: agentResult.totalCostUsd,
+                totalTurns: sessionTotalTurns,
+                totalCostUsd: sessionTotalCostUsd,
                 abortController: void 0
               });
             }
@@ -948,15 +1336,23 @@ function consumeQuery(params) {
 
 // src/utils/resume-token.ts
 import { createHmac } from "crypto";
+function getResumeSecrets() {
+  const raw = process.env.CLAUDE_CODE_MCP_RESUME_SECRET;
+  if (typeof raw !== "string") return [];
+  return raw.split(",").map((s) => s.trim()).filter((s) => s.length > 0);
+}
 function getResumeSecret() {
-  const secret = process.env.CLAUDE_CODE_MCP_RESUME_SECRET;
-  if (typeof secret !== "string") return void 0;
-  const trimmed = secret.trim();
-  return trimmed.length > 0 ? trimmed : void 0;
+  return getResumeSecrets()[0];
 }
 function computeResumeToken(sessionId, secret) {
   return createHmac("sha256", secret).update(sessionId).digest("base64url");
 }
+function isValidResumeToken(sessionId, token, secrets) {
+  for (const secret of secrets) {
+    if (computeResumeToken(sessionId, secret) === token) return true;
+  }
+  return false;
+}
 
 // src/utils/race-with-abort.ts
 function raceWithAbort(promise, signal, onAbort) {
@@ -983,7 +1379,7 @@ function raceWithAbort(promise, signal, onAbort) {
 
 // src/utils/build-options.ts
 function buildOptions(src) {
-  const opts = { cwd: src.cwd };
+  const opts = { cwd: normalizeWindowsPathLike(src.cwd) };
   if (src.allowedTools !== void 0) opts.allowedTools = src.allowedTools;
   if (src.disallowedTools !== void 0) opts.disallowedTools = src.disallowedTools;
   if (src.tools !== void 0) opts.tools = src.tools;
@@ -995,13 +1391,13 @@ function buildOptions(src) {
   if (src.effort !== void 0) opts.effort = src.effort;
   if (src.betas !== void 0) opts.betas = src.betas;
   if (src.additionalDirectories !== void 0)
-    opts.additionalDirectories = src.additionalDirectories;
+    opts.additionalDirectories = normalizeWindowsPathArray(src.additionalDirectories);
   if (src.outputFormat !== void 0) opts.outputFormat = src.outputFormat;
   if (src.thinking !== void 0) opts.thinking = src.thinking;
   if (src.persistSession !== void 0) opts.persistSession = src.persistSession;
   if (src.resumeSessionAt !== void 0) opts.resumeSessionAt = src.resumeSessionAt;
   if (src.pathToClaudeCodeExecutable !== void 0)
-    opts.pathToClaudeCodeExecutable = src.pathToClaudeCodeExecutable;
+    opts.pathToClaudeCodeExecutable = normalizeWindowsPathLike(src.pathToClaudeCodeExecutable);
   if (src.agent !== void 0) opts.agent = src.agent;
   if (src.mcpServers !== void 0) opts.mcpServers = src.mcpServers;
   if (src.sandbox !== void 0) opts.sandbox = src.sandbox;
@@ -1014,11 +1410,48 @@ function buildOptions(src) {
   if (src.settingSources !== void 0) opts.settingSources = src.settingSources;
   else opts.settingSources = DEFAULT_SETTING_SOURCES;
   if (src.debug !== void 0) opts.debug = src.debug;
-  if (src.debugFile !== void 0) opts.debugFile = src.debugFile;
+  if (src.debugFile !== void 0) opts.debugFile = normalizeWindowsPathLike(src.debugFile);
   if (src.env !== void 0) opts.env = { ...process.env, ...src.env };
   return opts;
 }
 
+// src/utils/session-create.ts
+function toSessionCreateParams(input) {
+  const src = input.source;
+  return {
+    sessionId: input.sessionId,
+    cwd: src.cwd,
+    model: src.model,
+    permissionMode: input.permissionMode,
+    allowedTools: src.allowedTools,
+    disallowedTools: src.disallowedTools,
+    tools: src.tools,
+    maxTurns: src.maxTurns,
+    systemPrompt: src.systemPrompt,
+    agents: src.agents,
+    maxBudgetUsd: src.maxBudgetUsd,
+    effort: src.effort,
+    betas: src.betas,
+    additionalDirectories: src.additionalDirectories,
+    outputFormat: src.outputFormat,
+    thinking: src.thinking,
+    persistSession: src.persistSession,
+    pathToClaudeCodeExecutable: src.pathToClaudeCodeExecutable,
+    agent: src.agent,
+    mcpServers: src.mcpServers,
+    sandbox: src.sandbox,
+    fallbackModel: src.fallbackModel,
+    enableFileCheckpointing: src.enableFileCheckpointing,
+    includePartialMessages: src.includePartialMessages,
+    strictMcpConfig: src.strictMcpConfig,
+    settingSources: src.settingSources ?? DEFAULT_SETTING_SOURCES,
+    debug: src.debug,
+    debugFile: src.debugFile,
+    env: src.env,
+    abortController: input.abortController
+  };
+}
+
 // src/tools/claude-code.ts
 async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, requestSignal) {
   const cwd = input.cwd !== void 0 ? input.cwd : serverCwd;
@@ -1029,10 +1462,28 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
       error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd must be a non-empty string.`
     };
   }
+  if (!sessionManager.hasCapacityFor(1)) {
+    return {
+      sessionId: "",
+      status: "error",
+      error: `Error [${"RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */}]: Too many sessions (limit: ${sessionManager.getMaxSessions()}).`
+    };
+  }
   const abortController = new AbortController();
   const adv = input.advanced ?? {};
   const permissionRequestTimeoutMs = input.permissionRequestTimeoutMs ?? 6e4;
-  const sessionInitTimeoutMs = adv.sessionInitTimeoutMs ?? 1e4;
+  const sessionInitTimeoutMs = adv.sessionInitTimeoutMs ?? input.sessionInitTimeoutMs ?? 1e4;
+  const compatWarnings = [];
+  if (input.sessionInitTimeoutMs !== void 0) {
+    compatWarnings.push(
+      "Top-level sessionInitTimeoutMs for claude_code is a compatibility alias; prefer advanced.sessionInitTimeoutMs."
+    );
+  }
+  if (input.sessionInitTimeoutMs !== void 0 && adv.sessionInitTimeoutMs !== void 0 && input.sessionInitTimeoutMs !== adv.sessionInitTimeoutMs) {
+    compatWarnings.push(
+      `Both advanced.sessionInitTimeoutMs (${adv.sessionInitTimeoutMs}) and top-level sessionInitTimeoutMs (${input.sessionInitTimeoutMs}) were provided; using advanced.sessionInitTimeoutMs.`
+    );
+  }
   const flat = {
     cwd,
     allowedTools: input.allowedTools,
@@ -1040,52 +1491,37 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
     maxTurns: input.maxTurns,
     model: input.model,
     systemPrompt: input.systemPrompt,
-    ...adv
+    ...adv,
+    effort: input.effort ?? adv.effort,
+    thinking: input.thinking ?? adv.thinking
+  };
+  const normalizedFlat = {
+    ...flat,
+    cwd: normalizeWindowsPathLike(flat.cwd),
+    additionalDirectories: flat.additionalDirectories !== void 0 ? normalizeWindowsPathArray(flat.additionalDirectories) : void 0,
+    debugFile: flat.debugFile !== void 0 ? normalizeWindowsPathLike(flat.debugFile) : void 0,
+    pathToClaudeCodeExecutable: flat.pathToClaudeCodeExecutable !== void 0 ? normalizeWindowsPathLike(flat.pathToClaudeCodeExecutable) : void 0
   };
   try {
     const handle = consumeQuery({
       mode: "start",
       prompt: input.prompt,
       abortController,
-      options: buildOptions(flat),
+      options: buildOptions(normalizedFlat),
       permissionRequestTimeoutMs,
       sessionInitTimeoutMs,
       sessionManager,
       toolCache,
       onInit: (init) => {
         if (sessionManager.get(init.session_id)) return;
-        sessionManager.create({
-          sessionId: init.session_id,
-          cwd,
-          model: input.model,
-          permissionMode: "default",
-          allowedTools: input.allowedTools,
-          disallowedTools: input.disallowedTools,
-          tools: adv.tools,
-          maxTurns: input.maxTurns,
-          systemPrompt: input.systemPrompt,
-          agents: adv.agents,
-          maxBudgetUsd: adv.maxBudgetUsd,
-          effort: adv.effort,
-          betas: adv.betas,
-          additionalDirectories: adv.additionalDirectories,
-          outputFormat: adv.outputFormat,
-          thinking: adv.thinking,
-          persistSession: adv.persistSession,
-          pathToClaudeCodeExecutable: adv.pathToClaudeCodeExecutable,
-          agent: adv.agent,
-          mcpServers: adv.mcpServers,
-          sandbox: adv.sandbox,
-          fallbackModel: adv.fallbackModel,
-          enableFileCheckpointing: adv.enableFileCheckpointing,
-          includePartialMessages: adv.includePartialMessages,
-          strictMcpConfig: adv.strictMcpConfig,
-          settingSources: adv.settingSources ?? DEFAULT_SETTING_SOURCES,
-          debug: adv.debug,
-          debugFile: adv.debugFile,
-          env: adv.env,
-          abortController
-        });
+        sessionManager.create(
+          toSessionCreateParams({
+            sessionId: init.session_id,
+            source: normalizedFlat,
+            permissionMode: "default",
+            abortController
+          })
+        );
       }
     });
     const sessionId = await raceWithAbort(
@@ -1098,7 +1534,8 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
       sessionId,
       status: "running",
       pollInterval: 3e3,
-      resumeToken: resumeSecret ? computeResumeToken(sessionId, resumeSecret) : void 0
+      resumeToken: resumeSecret ? computeResumeToken(sessionId, resumeSecret) : void 0,
+      compatWarnings: compatWarnings.length > 0 ? compatWarnings : void 0
     };
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
@@ -1137,6 +1574,13 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
   const sessionInitTimeoutMs = input.sessionInitTimeoutMs ?? 1e4;
   const existing = sessionManager.get(input.sessionId);
   if (!existing) {
+    if (!sessionManager.hasCapacityFor(1)) {
+      return {
+        sessionId: input.sessionId,
+        status: "error",
+        error: `Error [${"RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */}]: Too many sessions (limit: ${sessionManager.getMaxSessions()}).`
+      };
+    }
     const allowDiskResume = process.env.CLAUDE_CODE_MCP_ALLOW_DISK_RESUME === "1";
     if (!allowDiskResume) {
       return {
@@ -1145,7 +1589,8 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         error: `Error [${"SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */}]: Session '${input.sessionId}' not found or expired.`
       };
     }
-    const resumeSecret = getResumeSecret();
+    const resumeSecrets = getResumeSecrets();
+    const resumeSecret = resumeSecrets[0];
     if (!resumeSecret) {
       return {
         sessionId: input.sessionId,
@@ -1161,8 +1606,7 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         error: `Error [${"PERMISSION_DENIED" /* PERMISSION_DENIED */}]: resumeToken is required for disk resume fallback.`
       };
     }
-    const expectedToken = computeResumeToken(input.sessionId, resumeSecret);
-    if (dr.resumeToken !== expectedToken) {
+    if (!isValidResumeToken(input.sessionId, dr.resumeToken, resumeSecrets)) {
       return {
         sessionId: input.sessionId,
         status: "error",
@@ -1172,38 +1616,27 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
     try {
       const abortController2 = new AbortController();
       const options2 = buildOptionsFromDiskResume(dr);
-      sessionManager.create({
-        sessionId: input.sessionId,
+      if (input.effort !== void 0) options2.effort = input.effort;
+      if (input.thinking !== void 0) options2.thinking = input.thinking;
+      const { resumeToken: _resumeToken, ...rest } = dr;
+      void _resumeToken;
+      const source = {
+        ...rest,
         cwd: options2.cwd ?? dr.cwd ?? "",
-        model: dr.model,
-        permissionMode: "default",
-        allowedTools: dr.allowedTools,
-        disallowedTools: dr.disallowedTools,
-        tools: dr.tools,
-        maxTurns: dr.maxTurns,
-        systemPrompt: dr.systemPrompt,
-        agents: dr.agents,
-        maxBudgetUsd: dr.maxBudgetUsd,
-        effort: dr.effort,
-        betas: dr.betas,
-        additionalDirectories: dr.additionalDirectories,
-        outputFormat: dr.outputFormat,
-        thinking: dr.thinking,
-        persistSession: dr.persistSession,
-        pathToClaudeCodeExecutable: dr.pathToClaudeCodeExecutable,
-        agent: dr.agent,
-        mcpServers: dr.mcpServers,
-        sandbox: dr.sandbox,
-        fallbackModel: dr.fallbackModel,
-        enableFileCheckpointing: dr.enableFileCheckpointing,
-        includePartialMessages: dr.includePartialMessages,
-        strictMcpConfig: dr.strictMcpConfig,
-        settingSources: dr.settingSources ?? DEFAULT_SETTING_SOURCES,
-        debug: dr.debug,
-        debugFile: dr.debugFile,
-        env: dr.env,
-        abortController: abortController2
-      });
+        additionalDirectories: options2.additionalDirectories ?? rest.additionalDirectories,
+        debugFile: options2.debugFile ?? rest.debugFile,
+        pathToClaudeCodeExecutable: options2.pathToClaudeCodeExecutable ?? rest.pathToClaudeCodeExecutable,
+        effort: input.effort ?? rest.effort,
+        thinking: input.thinking ?? rest.thinking
+      };
+      sessionManager.create(
+        toSessionCreateParams({
+          sessionId: input.sessionId,
+          source,
+          permissionMode: "default",
+          abortController: abortController2
+        })
+      );
       try {
         consumeQuery({
           mode: "disk-resume",
@@ -1284,8 +1717,29 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
       error: current ? `Error [${"SESSION_BUSY" /* SESSION_BUSY */}]: Session is not available (status: ${current.status}).` : `Error [${"SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */}]: Session '${input.sessionId}' not found or expired.`
     };
   }
-  const options = buildOptions(existing);
+  const session = acquired;
+  const options = buildOptions(session);
   if (input.forkSession) options.forkSession = true;
+  if (input.forkSession && !sessionManager.hasCapacityFor(1)) {
+    sessionManager.update(input.sessionId, { status: originalStatus, abortController: void 0 });
+    return {
+      sessionId: input.sessionId,
+      status: "error",
+      error: `Error [${"RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */}]: Too many sessions (limit: ${sessionManager.getMaxSessions()}).`
+    };
+  }
+  const sourceOverrides = {
+    effort: input.effort ?? session.effort,
+    thinking: input.thinking ?? session.thinking
+  };
+  if (input.effort !== void 0) options.effort = input.effort;
+  if (input.thinking !== void 0) options.thinking = input.thinking;
+  if (!input.forkSession && (input.effort !== void 0 || input.thinking !== void 0)) {
+    const patch = {};
+    if (input.effort !== void 0) patch.effort = input.effort;
+    if (input.thinking !== void 0) patch.thinking = input.thinking;
+    sessionManager.update(input.sessionId, patch);
+  }
   try {
     const handle = consumeQuery({
       mode: "resume",
@@ -1301,44 +1755,20 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
       onInit: (init) => {
         if (!input.forkSession) return;
         if (init.session_id === input.sessionId) return;
-        if (!sessionManager.get(init.session_id)) {
-          sessionManager.create({
-            sessionId: init.session_id,
-            cwd: existing.cwd,
-            model: existing.model,
-            permissionMode: "default",
-            allowedTools: existing.allowedTools,
-            disallowedTools: existing.disallowedTools,
-            tools: existing.tools,
-            maxTurns: existing.maxTurns,
-            systemPrompt: existing.systemPrompt,
-            agents: existing.agents,
-            maxBudgetUsd: existing.maxBudgetUsd,
-            effort: existing.effort,
-            betas: existing.betas,
-            additionalDirectories: existing.additionalDirectories,
-            outputFormat: existing.outputFormat,
-            thinking: existing.thinking,
-            persistSession: existing.persistSession,
-            pathToClaudeCodeExecutable: existing.pathToClaudeCodeExecutable,
-            agent: existing.agent,
-            mcpServers: existing.mcpServers,
-            sandbox: existing.sandbox,
-            fallbackModel: existing.fallbackModel,
-            enableFileCheckpointing: existing.enableFileCheckpointing,
-            includePartialMessages: existing.includePartialMessages,
-            strictMcpConfig: existing.strictMcpConfig,
-            settingSources: existing.settingSources ?? DEFAULT_SETTING_SOURCES,
-            debug: existing.debug,
-            debugFile: existing.debugFile,
-            env: existing.env,
-            abortController
-          });
-        }
         sessionManager.update(input.sessionId, {
           status: originalStatus,
           abortController: void 0
         });
+        if (!sessionManager.get(init.session_id)) {
+          sessionManager.create(
+            toSessionCreateParams({
+              sessionId: init.session_id,
+              source: { ...session, ...sourceOverrides },
+              permissionMode: "default",
+              abortController
+            })
+          );
+        }
       }
     });
     const sessionId = input.forkSession ? await raceWithAbort(
@@ -1391,48 +1821,55 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
 // src/tools/tool-discovery.ts
 var TOOL_CATALOG = {
   Bash: {
-    description: "Run shell commands (e.g. npm install, git commit, ls) in the project directory.",
+    description: "Run shell commands",
     category: "execute"
   },
-  Read: { description: "Read the contents of a file given its path.", category: "file_read" },
+  Read: {
+    description: "Read file contents (large files: use offset/limit or Grep)",
+    category: "file_read"
+  },
   Write: {
-    description: "Create a new file or completely replace an existing file's contents.",
+    description: "Create or overwrite files",
     category: "file_write"
   },
   Edit: {
-    description: "Make targeted changes to specific parts of an existing file without rewriting the whole file.",
+    description: "Targeted edits (replace_all is substring-based)",
     category: "file_write"
   },
   Glob: {
-    description: "Find files by name pattern (e.g. '**/*.ts' finds all TypeScript files).",
+    description: "Find files by glob pattern",
     category: "file_read"
   },
   Grep: {
-    description: "Search inside files for text or regex patterns (like grep/ripgrep).",
+    description: "Search file contents (regex)",
     category: "file_read"
   },
   NotebookEdit: {
-    description: "Edit individual cells in Jupyter notebooks (.ipynb files).",
+    description: "Edit Jupyter notebook cells (Windows paths normalized)",
     category: "file_write"
   },
   WebFetch: {
-    description: "Download and read the content of a web page or API endpoint.",
+    description: "Fetch web page or API content",
     category: "network"
   },
-  WebSearch: { description: "Search the web and return relevant results.", category: "network" },
+  WebSearch: { description: "Web search", category: "network" },
   Task: {
-    description: "Spawn a subagent to handle a subtask independently (requires this tool to be in allowedTools).",
+    description: "Spawn subagent (must be in allowedTools)",
     category: "agent"
   },
-  TaskOutput: { description: "Get the output from a background subagent task.", category: "agent" },
-  TaskStop: { description: "Cancel a running background subagent task.", category: "agent" },
+  TaskOutput: { description: "Get subagent output", category: "agent" },
+  TaskStop: { description: "Cancel subagent", category: "agent" },
   TodoWrite: {
-    description: "Create and update a structured task/todo checklist.",
+    description: "Task/todo checklist",
     category: "agent"
   },
   AskUserQuestion: {
-    description: "Ask the user a question and wait for their answer before continuing.",
+    description: "Ask user a question",
     category: "interaction"
+  },
+  TeamDelete: {
+    description: "Delete team (may need shutdown_approved first)",
+    category: "agent"
   }
 };
 function uniq(items) {
@@ -1451,8 +1888,10 @@ function defaultCatalogTools() {
 }
 var ToolDiscoveryCache = class {
   cached;
-  constructor(initial) {
+  onUpdated;
+  constructor(initial, onUpdated) {
     this.cached = initial ?? defaultCatalogTools();
+    this.onUpdated = onUpdated;
   }
   getTools() {
     return this.cached;
@@ -1461,7 +1900,13 @@ var ToolDiscoveryCache = class {
     const discovered = discoverToolsFromInit(initTools);
     const next = mergeToolLists(discovered, defaultCatalogTools());
     const updated = JSON.stringify(next) !== JSON.stringify(this.cached);
-    if (updated) this.cached = next;
+    if (updated) {
+      this.cached = next;
+      try {
+        this.onUpdated?.(this.cached);
+      } catch {
+      }
+    }
     return { updated, tools: this.cached };
   }
 };
@@ -1486,9 +1931,8 @@ function groupByCategory(tools) {
 function buildInternalToolsDescription(tools) {
   const grouped = groupByCategory(tools);
   const categories = Object.keys(grouped).sort((a, b) => a.localeCompare(b));
-  let desc = 'Start a new Claude Code agent session.\n\nLaunches an autonomous coding agent that can read/write files, run shell commands, search code, manage git, access the web, and more. Returns immediately with a sessionId \u2014 the agent runs asynchronously in the background.\n\nWorkflow:\n1. Call claude_code with a prompt \u2192 returns { sessionId, status: "running", pollInterval }\n2. Poll with claude_code_check (action="poll") to receive progress events and the final result\n3. If the agent needs permission for a tool call, approve or deny via claude_code_check (action="respond_permission")\n\n';
-  desc += "Defaults:\n- settingSources: ['user', 'project', 'local'] (loads ~/.claude/settings.json, .claude/settings.json, .claude/settings.local.json, and CLAUDE.md)\n- persistSession: true\n- sessionInitTimeoutMs: 10000\n- permissionRequestTimeoutMs: 60000\n- allowedTools/disallowedTools: [] (none)\n- resumeToken: omitted unless CLAUDE_CODE_MCP_RESUME_SECRET is set on the server\n\n";
-  desc += "Internal tools available to the agent (use allowedTools/disallowedTools to control approval policy; authoritative list returned by claude_code_check with includeTools=true):\n";
+  let desc = "Start a Claude Code session and return sessionId.\nUse claude_code_check to poll events/results and handle permissions.\n\n";
+  desc += "Internal tools (authoritative list: includeTools=true in claude_code_check):\n";
   for (const category of categories) {
     desc += `
 [${category}]
@@ -1498,7 +1942,7 @@ function buildInternalToolsDescription(tools) {
 `;
     }
   }
-  desc += '\nUse `allowedTools` to pre-approve tools (no permission prompts). Use `disallowedTools` to permanently block specific tools. Any tool not in either list will pause the session (status: "waiting_permission") until approved or denied via claude_code_check.\n';
+  desc += "\nPermission control: allowedTools auto-approves; disallowedTools always denies; others require approval.\n";
   return desc;
 }
 
@@ -1557,6 +2001,117 @@ function toEvents(events, opts) {
     return { id: e.id, type: e.type, data: e.data, timestamp: e.timestamp };
   });
 }
+function uniqSorted(values) {
+  if (!Array.isArray(values) || values.length === 0) return [];
+  const filtered = values.filter((v) => typeof v === "string").map((v) => v.trim()).filter(Boolean);
+  return Array.from(new Set(filtered)).sort((a, b) => a.localeCompare(b));
+}
+function detectPathCompatibilityWarnings(session) {
+  if (!session) return [];
+  const cwd = session.cwd;
+  if (typeof cwd !== "string" || cwd.trim() === "") return [];
+  const warnings = [];
+  if (process.platform === "win32" && cwd.startsWith("/") && !cwd.startsWith("//")) {
+    warnings.push(
+      `cwd '${cwd}' looks POSIX-style on Windows. Consider using a Windows path (e.g. C:\\\\repo) to avoid path compatibility issues.`
+    );
+  }
+  if (process.platform !== "win32" && /^[a-zA-Z]:[\\/]/.test(cwd)) {
+    warnings.push(
+      `cwd '${cwd}' looks Windows-style on ${process.platform}. This may indicate cross-platform path mismatch (for example WSL boundary).`
+    );
+  }
+  if (process.platform !== "win32" && cwd.startsWith("\\\\")) {
+    warnings.push(
+      `cwd '${cwd}' looks like a Windows UNC path on ${process.platform}. Confirm MCP client/server run on the same platform.`
+    );
+  }
+  return warnings;
+}
+function isPosixHomePath(value) {
+  return /^\/home\/[^/]+(?:\/|$)/.test(value);
+}
+function detectPendingPermissionPathWarnings(pending, session) {
+  if (process.platform !== "win32" || pending.length === 0) return [];
+  const cwd = session?.cwd;
+  const cwdHint = typeof cwd === "string" && cwd.trim() !== "" ? ` under cwd '${cwd}'` : " under the current cwd";
+  const warnings = [];
+  for (const req of pending) {
+    const candidates = [];
+    if (typeof req.blockedPath === "string") candidates.push(req.blockedPath);
+    const filePath = req.input.file_path;
+    if (typeof filePath === "string") candidates.push(filePath);
+    const badPath = candidates.find((p) => isPosixHomePath(p));
+    if (!badPath) continue;
+    warnings.push(
+      `Permission request '${req.requestId}' uses POSIX home path '${badPath}' on Windows. Prefer an absolute Windows path${cwdHint} to avoid out-of-bounds permission prompts.`
+    );
+  }
+  return warnings;
+}
+function computeToolValidation(session, initTools) {
+  if (!session) return { summary: void 0, warnings: [] };
+  const allowedTools = uniqSorted(session.allowedTools);
+  const disallowedTools = uniqSorted(session.disallowedTools);
+  if (allowedTools.length === 0 && disallowedTools.length === 0) {
+    return { summary: void 0, warnings: [] };
+  }
+  if (!Array.isArray(initTools) || initTools.length === 0) {
+    return {
+      summary: {
+        runtimeToolsKnown: false,
+        unknownAllowedTools: [],
+        unknownDisallowedTools: []
+      },
+      warnings: [
+        "Runtime tool list is not available yet; unknown allowedTools/disallowedTools names cannot be validated until system/init tools arrive."
+      ]
+    };
+  }
+  const runtime = new Set(
+    initTools.filter((name) => typeof name === "string").map((name) => name.trim()).filter(Boolean)
+  );
+  const unknownAllowedTools = allowedTools.filter((name) => !runtime.has(name));
+  const unknownDisallowedTools = disallowedTools.filter((name) => !runtime.has(name));
+  const warnings = [];
+  if (unknownAllowedTools.length > 0) {
+    warnings.push(
+      `Unknown allowedTools (not present in runtime tools): ${unknownAllowedTools.join(", ")}.`
+    );
+  }
+  if (unknownDisallowedTools.length > 0) {
+    warnings.push(
+      `Unknown disallowedTools (not present in runtime tools): ${unknownDisallowedTools.join(", ")}.`
+    );
+  }
+  return {
+    summary: {
+      runtimeToolsKnown: true,
+      unknownAllowedTools,
+      unknownDisallowedTools
+    },
+    warnings
+  };
+}
+function byteLength(value) {
+  return new TextEncoder().encode(JSON.stringify(value)).length;
+}
+function capEventsByBytes(events, maxBytes) {
+  if (!Number.isFinite(maxBytes) || typeof maxBytes !== "number" || maxBytes <= 0) {
+    return { events, truncated: false };
+  }
+  const budget = Math.floor(maxBytes);
+  const kept = [];
+  let bytes = 2;
+  for (const evt of events) {
+    const evtBytes = byteLength(evt);
+    const separatorBytes = kept.length === 0 ? 0 : 1;
+    if (bytes + separatorBytes + evtBytes > budget) break;
+    kept.push(evt);
+    bytes += separatorBytes + evtBytes;
+  }
+  return { events: kept, truncated: kept.length < events.length };
+}
 function buildResult(sessionManager, toolCache, input) {
   const responseMode = input.responseMode ?? "minimal";
   const po = input.pollOptions ?? {};
@@ -1569,6 +2124,7 @@ function buildResult(sessionManager, toolCache, input) {
   const includeStructuredOutput = po.includeStructuredOutput ?? responseMode === "full";
   const includeTerminalEvents = po.includeTerminalEvents ?? responseMode === "full";
   const includeProgressEvents = po.includeProgressEvents ?? responseMode === "full";
+  const maxBytes = po.maxBytes;
   const maxEvents = input.maxEvents ?? (responseMode === "minimal" ? 200 : void 0);
   const sessionId = input.sessionId;
   const session = sessionManager.get(sessionId);
@@ -1581,7 +2137,7 @@ function buildResult(sessionManager, toolCache, input) {
   let truncated = false;
   const truncatedFields = [];
   const windowEvents = maxEvents !== void 0 && rawEvents.length > maxEvents ? rawEvents.slice(0, maxEvents) : rawEvents;
-  const nextCursor = maxEvents !== void 0 && rawEvents.length > maxEvents ? windowEvents.length > 0 ? windowEvents[windowEvents.length - 1].id + 1 : rawNextCursor : rawNextCursor;
+  let nextCursor = maxEvents !== void 0 && rawEvents.length > maxEvents ? windowEvents.length > 0 ? windowEvents[windowEvents.length - 1].id + 1 : rawNextCursor : rawNextCursor;
   if (maxEvents !== void 0 && rawEvents.length > maxEvents) {
     truncated = true;
     truncatedFields.push("events");
@@ -1604,8 +2160,28 @@ function buildResult(sessionManager, toolCache, input) {
   })();
   const pending = status === "waiting_permission" ? sessionManager.listPendingPermissions(sessionId) : [];
   const stored = status === "idle" || status === "error" ? sessionManager.getResult(sessionId) : void 0;
-  const initTools = includeTools ? sessionManager.getInitTools(sessionId) : void 0;
+  const initTools = sessionManager.getInitTools(sessionId);
   const availableTools = includeTools && initTools ? discoverToolsFromInit(initTools) : void 0;
+  const toolValidation = computeToolValidation(session, initTools);
+  const compatWarnings = Array.from(
+    /* @__PURE__ */ new Set([
+      ...toolValidation.warnings,
+      ...detectPathCompatibilityWarnings(session),
+      ...detectPendingPermissionPathWarnings(pending, session)
+    ])
+  );
+  const shapedEvents = toEvents(outputEvents, {
+    includeUsage,
+    includeModelUsage,
+    includeStructuredOutput,
+    slim: responseMode === "minimal"
+  });
+  const cappedEvents = capEventsByBytes(shapedEvents, maxBytes);
+  if (cappedEvents.truncated) {
+    truncated = true;
+    truncatedFields.push("events_bytes");
+    nextCursor = cappedEvents.events.length > 0 ? cappedEvents.events[cappedEvents.events.length - 1].id + 1 : cursorResetTo ?? input.cursor ?? 0;
+  }
   return {
     sessionId,
     status,
@@ -1613,28 +2189,32 @@ function buildResult(sessionManager, toolCache, input) {
     cursorResetTo,
     truncated: truncated ? true : void 0,
     truncatedFields: truncatedFields.length > 0 ? truncatedFields : void 0,
-    events: toEvents(outputEvents, {
-      includeUsage,
-      includeModelUsage,
-      includeStructuredOutput,
-      slim: responseMode === "minimal"
-    }),
+    events: cappedEvents.events,
     nextCursor,
     availableTools,
-    actions: includeActions && status === "waiting_permission" ? pending.map((req) => ({
-      type: "permission",
-      requestId: req.requestId,
-      toolName: req.toolName,
-      input: req.input,
-      summary: req.summary,
-      decisionReason: req.decisionReason,
-      blockedPath: req.blockedPath,
-      toolUseID: req.toolUseID,
-      agentID: req.agentID,
-      suggestions: req.suggestions,
-      description: req.description,
-      createdAt: req.createdAt
-    })) : void 0,
+    toolValidation: toolValidation.summary,
+    compatWarnings: compatWarnings.length > 0 ? compatWarnings : void 0,
+    actions: includeActions && status === "waiting_permission" ? pending.map((req) => {
+      const expiresMs = req.expiresAt ? Date.parse(req.expiresAt) : Number.NaN;
+      const remainingMs = Number.isFinite(expiresMs) ? Math.max(0, expiresMs - Date.now()) : void 0;
+      return {
+        type: "permission",
+        requestId: req.requestId,
+        toolName: req.toolName,
+        input: req.input,
+        summary: req.summary,
+        decisionReason: req.decisionReason,
+        blockedPath: req.blockedPath,
+        toolUseID: req.toolUseID,
+        agentID: req.agentID,
+        suggestions: req.suggestions,
+        description: req.description,
+        createdAt: req.createdAt,
+        timeoutMs: req.timeoutMs,
+        expiresAt: req.expiresAt,
+        remainingMs
+      };
+    }) : void 0,
     result: includeResult && stored?.result ? redactAgentResult(stored.result, {
       includeUsage,
       includeModelUsage,
@@ -1673,7 +2253,14 @@ function redactAgentResult(result, opts) {
     structuredOutput: opts.includeStructuredOutput ? structuredOutput : void 0
   };
 }
-function executeClaudeCodeCheck(input, sessionManager, toolCache) {
+function executeClaudeCodeCheck(input, sessionManager, toolCache, requestSignal) {
+  if (requestSignal?.aborted) {
+    return {
+      sessionId: input.sessionId ?? "",
+      error: `Error [${"CANCELLED" /* CANCELLED */}]: request was cancelled.`,
+      isError: true
+    };
+  }
   if (typeof input.sessionId !== "string" || input.sessionId.trim() === "") {
     return {
       sessionId: "",
@@ -1729,7 +2316,14 @@ function executeClaudeCodeCheck(input, sessionManager, toolCache) {
 }
 
 // src/tools/claude-code-session.ts
-function executeClaudeCodeSession(input, sessionManager) {
+function executeClaudeCodeSession(input, sessionManager, requestSignal) {
+  if (requestSignal?.aborted) {
+    return {
+      sessions: [],
+      message: `Error [${"CANCELLED" /* CANCELLED */}]: request was cancelled.`,
+      isError: true
+    };
+  }
   const toSessionJson = (s) => input.includeSensitive ? sessionManager.toSensitiveJSON(s) : sessionManager.toPublicJSON(s);
   switch (input.action) {
     case "list": {
@@ -1796,32 +2390,192 @@ function executeClaudeCodeSession(input, sessionManager) {
   }
 }
 
+// src/resources/register-resources.ts
+var RESOURCE_SCHEME = "claude-code-mcp";
+var RESOURCE_URIS = {
+  serverInfo: `${RESOURCE_SCHEME}:///server-info`,
+  internalTools: `${RESOURCE_SCHEME}:///internal-tools`,
+  gotchas: `${RESOURCE_SCHEME}:///gotchas`,
+  compatReport: `${RESOURCE_SCHEME}:///compat-report`
+};
+function asTextResource(uri, text, mimeType) {
+  return {
+    contents: [
+      {
+        uri: uri.toString(),
+        text,
+        mimeType
+      }
+    ]
+  };
+}
+function registerResources(server, deps) {
+  const serverInfoUri = new URL(RESOURCE_URIS.serverInfo);
+  server.registerResource(
+    "server_info",
+    serverInfoUri.toString(),
+    {
+      title: "Server Info",
+      description: "Server metadata (version/platform/runtime).",
+      mimeType: "application/json"
+    },
+    () => asTextResource(
+      serverInfoUri,
+      JSON.stringify(
+        {
+          name: "claude-code-mcp",
+          node: process.version,
+          platform: process.platform,
+          arch: process.arch,
+          resources: Object.values(RESOURCE_URIS),
+          toolCatalogCount: deps.toolCache.getTools().length
+        },
+        null,
+        2
+      ),
+      "application/json"
+    )
+  );
+  const toolsUri = new URL(RESOURCE_URIS.internalTools);
+  server.registerResource(
+    "internal_tools",
+    toolsUri.toString(),
+    {
+      title: "Internal Tools",
+      description: "Claude Code internal tool catalog (runtime-aware).",
+      mimeType: "application/json"
+    },
+    () => asTextResource(
+      toolsUri,
+      JSON.stringify({ tools: deps.toolCache.getTools() }, null, 2),
+      "application/json"
+    )
+  );
+  const gotchasUri = new URL(RESOURCE_URIS.gotchas);
+  server.registerResource(
+    "gotchas",
+    gotchasUri.toString(),
+    {
+      title: "Gotchas",
+      description: "Practical limits and gotchas when using Claude Code via this MCP server.",
+      mimeType: "text/markdown"
+    },
+    () => asTextResource(
+      gotchasUri,
+      [
+        "# claude-code-mcp: gotchas",
+        "",
+        "- Permission approvals have a timeout (default 60s, server-clamped to 5min) and auto-deny (`actions[].expiresAt`/`remainingMs`).",
+        "- `Read` has a per-call size cap in practice (often ~256KB); for large files use `offset`/`limit` or chunk with `Grep`.",
+        "- `Edit` with `replace_all=true` is substring replacement; if no match is found the tool returns an error.",
+        "- On Windows, this server normalizes common MSYS-style paths (e.g. `/d/...`, `/mnt/c/...`, `/cygdrive/c/...`, `//server/share/...`) for `cwd`, `additionalDirectories`, and tool inputs that include `file_path`.",
+        "- `TeamDelete` may require members to reach `shutdown_approved`; cleanup can be asynchronous during shutdown.",
+        '- Skills may become available later in the same session (early calls may show "Unknown").',
+        "- Some internal features (e.g. ToolSearch) may not appear in `availableTools` because it is derived from SDK `system/init.tools`.",
+        ""
+      ].join("\n"),
+      "text/markdown"
+    )
+  );
+  const compatReportUri = new URL(RESOURCE_URIS.compatReport);
+  server.registerResource(
+    "compat_report",
+    compatReportUri.toString(),
+    {
+      title: "Compatibility Report",
+      description: "Compatibility diagnostics for MCP clients and local runtime assumptions.",
+      mimeType: "application/json"
+    },
+    () => {
+      const runtimeWarnings = [];
+      if (process.platform === "win32" && !process.env.CLAUDE_CODE_GIT_BASH_PATH) {
+        runtimeWarnings.push(
+          "CLAUDE_CODE_GIT_BASH_PATH is not set. Auto-detection exists, but explicit path is more reliable for GUI-launched MCP clients."
+        );
+      }
+      return asTextResource(
+        compatReportUri,
+        JSON.stringify(
+          {
+            transport: "stdio",
+            samePlatformRequired: true,
+            runtime: {
+              node: process.version,
+              platform: process.platform,
+              arch: process.arch
+            },
+            features: {
+              resources: true,
+              toolsListChanged: true,
+              resourcesListChanged: true,
+              prompts: false,
+              completions: false
+            },
+            guidance: [
+              "Some clients cache tool descriptions at connect time. Prefer claude_code_check(pollOptions.includeTools=true) for runtime-authoritative tool lists.",
+              "Use allowedTools/disallowedTools only with exact runtime tool names.",
+              "This server assumes MCP client and server run on the same machine/platform."
+            ],
+            toolCatalogCount: deps.toolCache.getTools().length,
+            runtimeWarnings
+          },
+          null,
+          2
+        ),
+        "application/json"
+      );
+    }
+  );
+}
+
 // src/server.ts
-var SERVER_VERSION = true ? "2.0.1" : "0.0.0-dev";
-function createServer(serverCwd) {
+var SERVER_VERSION = true ? "2.2.0" : "0.0.0-dev";
+function createServerContext(serverCwd) {
   const sessionManager = new SessionManager();
-  const toolCache = new ToolDiscoveryCache();
-  const server = new McpServer({
-    name: "claude-code-mcp",
-    version: SERVER_VERSION
+  const server = new McpServer(
+    {
+      name: "claude-code-mcp",
+      version: SERVER_VERSION,
+      title: "Claude Code MCP",
+      description: "MCP server that runs Claude Code via the Claude Agent SDK with async polling and interactive permissions.",
+      websiteUrl: "https://github.com/xihuai18/claude-code-mcp",
+      icons: []
+    },
+    {
+      capabilities: {
+        logging: {},
+        tools: { listChanged: true },
+        resources: { listChanged: true }
+      }
+    }
+  );
+  const claudeCodeToolRef = {};
+  const toolCache = new ToolDiscoveryCache(void 0, (tools) => {
+    try {
+      claudeCodeToolRef.current?.update({ description: buildInternalToolsDescription(tools) });
+      if (server.isConnected()) {
+        server.sendToolListChanged();
+      }
+    } catch {
+    }
   });
   const agentDefinitionSchema = z.object({
     description: z.string(),
     prompt: z.string(),
-    tools: z.array(z.string()).optional(),
-    disallowedTools: z.array(z.string()).optional(),
-    model: z.enum(AGENT_MODELS).optional(),
-    maxTurns: z.number().int().positive().optional(),
-    mcpServers: z.array(z.union([z.string(), z.record(z.string(), z.unknown())])).optional(),
-    skills: z.array(z.string()).optional(),
-    criticalSystemReminder_EXPERIMENTAL: z.string().optional()
+    tools: z.array(z.string()).optional().describe("Default: inherit"),
+    disallowedTools: z.array(z.string()).optional().describe("Default: none"),
+    model: z.enum(AGENT_MODELS).optional().describe("Default: inherit"),
+    maxTurns: z.number().int().positive().optional().describe("Default: none"),
+    mcpServers: z.array(z.union([z.string(), z.record(z.string(), z.unknown())])).optional().describe("Default: inherit"),
+    skills: z.array(z.string()).optional().describe("Default: none"),
+    criticalSystemReminder_EXPERIMENTAL: z.string().optional().describe("Default: none")
   });
   const systemPromptSchema = z.union([
     z.string(),
     z.object({
       type: z.literal("preset"),
       preset: z.literal("claude_code"),
-      append: z.string().optional().describe("Appended to preset prompt")
+      append: z.string().optional().describe("Default: none")
     })
   ]);
   const toolsConfigSchema = z.union([
@@ -1839,47 +2593,135 @@ function createServer(serverCwd) {
     }),
     z.object({ type: z.literal("disabled") })
   ]);
+  const effortOptionSchema = z.enum(EFFORT_LEVELS).optional();
+  const thinkingOptionSchema = thinkingSchema.optional();
   const outputFormatSchema = z.object({
     type: z.literal("json_schema"),
     schema: z.record(z.string(), z.unknown())
   });
-  const advancedOptionsSchema = z.object({
-    tools: toolsConfigSchema.optional().describe("Visible tool set. Default: SDK"),
+  const sharedOptionFieldsSchemaShape = {
+    tools: toolsConfigSchema.optional().describe("Tool set. Default: SDK"),
     persistSession: z.boolean().optional().describe("Default: true"),
-    sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000"),
-    agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Sub-agent definitions. Default: none"),
-    agent: z.string().optional().describe("Primary agent name (from 'agents'). Default: none"),
+    agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Default: none"),
+    agent: z.string().optional().describe("Default: none"),
     maxBudgetUsd: z.number().positive().optional().describe("Default: none"),
-    effort: z.enum(EFFORT_LEVELS).optional().describe("Default: SDK"),
     betas: z.array(z.string()).optional().describe("Default: none"),
     additionalDirectories: z.array(z.string()).optional().describe("Default: none"),
-    outputFormat: outputFormatSchema.optional().describe("Default: none (plain text)"),
-    thinking: thinkingSchema.optional().describe("Default: SDK"),
+    outputFormat: outputFormatSchema.optional().describe("Default: none"),
     pathToClaudeCodeExecutable: z.string().optional().describe("Default: SDK-bundled"),
     mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("Default: none"),
     sandbox: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
     fallbackModel: z.string().optional().describe("Default: none"),
     enableFileCheckpointing: z.boolean().optional().describe("Default: false"),
-    includePartialMessages: z.boolean().optional().describe("Stream events to claude_code_check. Default: false"),
+    includePartialMessages: z.boolean().optional().describe("Default: false"),
     strictMcpConfig: z.boolean().optional().describe("Default: false"),
-    settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. [] = isolation mode"),
+    settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. []=isolation"),
     debug: z.boolean().optional().describe("Default: false"),
-    debugFile: z.string().optional().describe("Enables debug. Default: none"),
-    env: z.record(z.string(), z.string().optional()).optional().describe("Merged with process.env. Default: none")
-  }).optional().describe("Low-frequency SDK options (all optional)");
-  server.tool(
+    debugFile: z.string().optional().describe("Default: none"),
+    env: z.record(z.string(), z.string().optional()).optional().describe("Default: none")
+  };
+  const advancedOptionFieldsSchemaShape = {
+    ...sharedOptionFieldsSchemaShape,
+    effort: effortOptionSchema.describe("Deprecated, use top-level. Default: SDK"),
+    thinking: thinkingOptionSchema.describe("Deprecated, use top-level. Default: SDK")
+  };
+  const diskResumeOptionFieldsSchemaShape = {
+    ...sharedOptionFieldsSchemaShape,
+    effort: effortOptionSchema.describe("Default: SDK"),
+    thinking: thinkingOptionSchema.describe("Default: SDK")
+  };
+  const advancedOptionsSchema = z.object({
+    ...advancedOptionFieldsSchemaShape,
+    sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000")
+  }).optional().describe("Default: none");
+  const diskResumeConfigSchema = z.object({
+    resumeToken: z.string(),
+    cwd: z.string(),
+    allowedTools: z.array(z.string()).optional().describe("Default: []"),
+    disallowedTools: z.array(z.string()).optional().describe("Default: []"),
+    maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
+    model: z.string().optional().describe("Default: SDK"),
+    systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
+    resumeSessionAt: z.string().optional().describe("Default: none"),
+    ...diskResumeOptionFieldsSchemaShape
+  }).optional().describe("Default: none");
+  const startResultSchema = z.object({
+    sessionId: z.string(),
+    status: z.enum(["running", "error"]),
+    pollInterval: z.number().optional(),
+    resumeToken: z.string().optional(),
+    compatWarnings: z.array(z.string()).optional(),
+    error: z.string().optional()
+  }).passthrough();
+  const sessionResultSchema = z.object({
+    sessions: z.array(z.record(z.string(), z.unknown())),
+    message: z.string().optional(),
+    isError: z.boolean().optional()
+  }).passthrough();
+  const checkEventSchema = z.object({
+    id: z.number().int().nonnegative(),
+    type: z.string(),
+    data: z.unknown(),
+    timestamp: z.string()
+  }).passthrough();
+  const checkActionSchema = z.object({
+    type: z.string(),
+    requestId: z.string().optional(),
+    toolName: z.string().optional(),
+    input: z.record(z.string(), z.unknown()).optional(),
+    summary: z.string().optional()
+  }).passthrough();
+  const checkResultSchema = z.object({
+    sessionId: z.string(),
+    status: z.string(),
+    pollInterval: z.number().optional(),
+    cursorResetTo: z.number().optional(),
+    truncated: z.boolean().optional(),
+    truncatedFields: z.array(z.string()).optional(),
+    events: z.array(checkEventSchema),
+    nextCursor: z.number().optional(),
+    availableTools: z.array(z.record(z.string(), z.unknown())).optional(),
+    toolValidation: z.object({
+      runtimeToolsKnown: z.boolean(),
+      unknownAllowedTools: z.array(z.string()),
+      unknownDisallowedTools: z.array(z.string())
+    }).optional(),
+    compatWarnings: z.array(z.string()).optional(),
+    actions: z.array(checkActionSchema).optional(),
+    result: z.unknown().optional(),
+    cancelledAt: z.string().optional(),
+    cancelledReason: z.string().optional(),
+    cancelledSource: z.string().optional(),
+    lastEventId: z.number().optional(),
+    lastToolUseId: z.string().optional(),
+    isError: z.boolean().optional(),
+    error: z.string().optional()
+  }).passthrough();
+  claudeCodeToolRef.current = server.registerTool(
     "claude_code",
-    buildInternalToolsDescription(toolCache.getTools()),
     {
-      prompt: z.string().describe("Task or question"),
-      cwd: z.string().optional().describe("Working directory. Default: server cwd"),
-      allowedTools: z.array(z.string()).optional().describe("Auto-approved tools, e.g. ['Bash','Read','Write','Edit']. Default: []"),
-      disallowedTools: z.array(z.string()).optional().describe("Forbidden tools (priority over allowedTools). Default: []"),
-      maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
-      model: z.string().optional().describe("e.g. 'opus'. Default: SDK"),
-      systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
-      permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Auto-deny timeout (ms). Default: 60000"),
-      advanced: advancedOptionsSchema
+      description: buildInternalToolsDescription(toolCache.getTools()),
+      inputSchema: {
+        prompt: z.string().describe("Prompt"),
+        cwd: z.string().optional().describe("Working dir. Default: server cwd"),
+        allowedTools: z.array(z.string()).optional().describe("Default: []"),
+        disallowedTools: z.array(z.string()).optional().describe("Default: []"),
+        maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
+        model: z.string().optional().describe("Default: SDK"),
+        effort: effortOptionSchema.describe("Default: SDK"),
+        thinking: thinkingOptionSchema.describe("Default: SDK"),
+        systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
+        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000"),
+        sessionInitTimeoutMs: z.number().int().positive().optional().describe("Deprecated, use advanced.sessionInitTimeoutMs. Default: 10000"),
+        advanced: advancedOptionsSchema
+      },
+      outputSchema: startResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: true
+      }
     },
     async (args, extra) => {
       try {
@@ -1898,76 +2740,50 @@ function createServer(serverCwd) {
               text: JSON.stringify(result, null, 2)
             }
           ],
+          structuredContent: result,
           isError
         };
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessionId: "",
+          status: "error",
+          error: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+        };
         return {
           content: [
             {
               type: "text",
-              text: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+              text: JSON.stringify(errorResult, null, 2)
             }
           ],
+          structuredContent: errorResult,
           isError: true
         };
       }
     }
   );
-  server.tool(
+  server.registerTool(
     "claude_code_reply",
-    `Send a follow-up message to an existing Claude Code session.
-
-The agent retains full context from previous turns (files read, code analyzed, conversation history). Returns immediately \u2014 use claude_code_check to poll for the result.
-
-Supports session forking (forkSession=true) to explore alternative approaches without modifying the original session.
-
-Defaults:
-- forkSession: false
-- sessionInitTimeoutMs: 10000 (only used when forkSession=true)
-- permissionRequestTimeoutMs: 60000
-- Disk resume: disabled unless CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1
-
-Disk resume: If the server restarted and the session is no longer in memory, set CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1 to let the agent resume from its on-disk transcript. Pass diskResumeConfig with resumeToken and session parameters.`,
     {
-      sessionId: z.string().describe("Session ID from claude_code"),
-      prompt: z.string().describe("Follow-up message"),
-      forkSession: z.boolean().optional().describe("Branch into new session copy. Default: false"),
-      sessionInitTimeoutMs: z.number().int().positive().optional().describe("Fork init timeout (ms). Default: 10000"),
-      permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Auto-deny timeout (ms). Default: 60000"),
-      diskResumeConfig: z.object({
-        resumeToken: z.string().optional().describe("Required"),
-        cwd: z.string().optional().describe("Required"),
-        allowedTools: z.array(z.string()).optional().describe("Default: []"),
-        disallowedTools: z.array(z.string()).optional().describe("Default: []"),
-        tools: toolsConfigSchema.optional().describe("Default: SDK"),
-        persistSession: z.boolean().optional().describe("Default: true"),
-        maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
-        model: z.string().optional().describe("Default: SDK"),
-        systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
-        agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Default: none"),
-        agent: z.string().optional().describe("Default: none"),
-        maxBudgetUsd: z.number().positive().optional().describe("Default: none"),
-        effort: z.enum(EFFORT_LEVELS).optional().describe("Default: SDK"),
-        betas: z.array(z.string()).optional().describe("Default: none"),
-        additionalDirectories: z.array(z.string()).optional().describe("Default: none"),
-        outputFormat: outputFormatSchema.optional().describe("Default: none"),
-        thinking: thinkingSchema.optional().describe("Default: SDK"),
-        resumeSessionAt: z.string().optional().describe("Resume to specific message UUID. Default: none"),
-        pathToClaudeCodeExecutable: z.string().optional().describe("Default: SDK-bundled"),
-        mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("Default: none"),
-        sandbox: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
-        fallbackModel: z.string().optional().describe("Default: none"),
-        enableFileCheckpointing: z.boolean().optional().describe("Default: false"),
-        includePartialMessages: z.boolean().optional().describe("Stream events to claude_code_check. Default: false"),
-        strictMcpConfig: z.boolean().optional().describe("Default: false"),
-        settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. [] = isolation mode"),
-        debug: z.boolean().optional().describe("Default: false"),
-        debugFile: z.string().optional().describe("Enables debug. Default: none"),
-        env: z.record(z.string(), z.string().optional()).optional().describe("Default: none")
-      }).optional().describe(
-        "Disk resume config (needs CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1). Requires resumeToken + cwd."
-      )
+      description: "Send a follow-up to an existing session. Returns immediately; use claude_code_check to poll.",
+      inputSchema: {
+        sessionId: z.string().describe("Session ID"),
+        prompt: z.string().describe("Prompt"),
+        forkSession: z.boolean().optional().describe("Default: false"),
+        effort: effortOptionSchema.describe("Default: SDK"),
+        thinking: thinkingOptionSchema.describe("Default: SDK"),
+        sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000"),
+        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000"),
+        diskResumeConfig: diskResumeConfigSchema
+      },
+      outputSchema: startResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: true
+      }
     },
     async (args, extra) => {
       try {
@@ -1980,136 +2796,339 @@ Disk resume: If the server restarted and the session is no longer in memory, set
               text: JSON.stringify(result, null, 2)
             }
           ],
+          structuredContent: result,
           isError
         };
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessionId: "",
+          status: "error",
+          error: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+        };
         return {
           content: [
             {
               type: "text",
-              text: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+              text: JSON.stringify(errorResult, null, 2)
             }
           ],
+          structuredContent: errorResult,
           isError: true
         };
       }
     }
   );
-  server.tool(
+  server.registerTool(
     "claude_code_session",
-    `List, inspect, or cancel Claude Code sessions.
-
-- action="list": Get all sessions with their status, cost, turn count, and settings.
-- action="get": Get full details for one session (pass sessionId). Add includeSensitive=true to also see cwd, systemPrompt, agents, and additionalDirectories.
-- action="cancel": Stop a running session immediately (pass sessionId).`,
     {
-      action: z.enum(SESSION_ACTIONS),
-      sessionId: z.string().optional().describe("Required for 'get' and 'cancel'"),
-      includeSensitive: z.boolean().optional().describe("Include cwd/systemPrompt/agents/additionalDirectories. Default: false")
+      description: "List, inspect, or cancel sessions.",
+      inputSchema: {
+        action: z.enum(SESSION_ACTIONS),
+        sessionId: z.string().optional().describe("Required for get/cancel"),
+        includeSensitive: z.boolean().optional().describe("Default: false")
+      },
+      outputSchema: sessionResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: false
+      }
     },
-    async (args) => {
-      const result = executeClaudeCodeSession(args, sessionManager);
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify(result, null, 2)
-          }
-        ],
-        isError: result.isError ?? false
-      };
+    async (args, extra) => {
+      try {
+        const result = executeClaudeCodeSession(args, sessionManager, extra.signal);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(result, null, 2)
+            }
+          ],
+          structuredContent: result,
+          isError: result.isError ?? false
+        };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessions: [],
+          message: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`,
+          isError: true
+        };
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(errorResult, null, 2)
+            }
+          ],
+          structuredContent: errorResult,
+          isError: true
+        };
+      }
     }
   );
-  server.tool(
+  server.registerTool(
     "claude_code_check",
-    `Query a running session for new events, retrieve the final result, or respond to permission requests.
-
-Two actions:
-
-Defaults (poll):
-- responseMode: "minimal"
-- minimal mode strips verbose fields from assistant messages (usage, model, id, cache_control) and filters out noisy progress events (tool_progress, auth_status)
-- maxEvents: 200 in minimal mode (unlimited in full mode unless maxEvents is set)
-
-action="poll" \u2014 Retrieve events since the last poll.
-  Returns events (agent output, progress updates, permission requests, errors, final result).
-  Pass the cursor from the previous poll's nextCursor for incremental updates. Omit cursor to get all buffered events.
-  If the agent is waiting for permission, the response includes an "actions" array with pending requests.
-
-action="respond_permission" \u2014 Approve or deny a pending permission request.
-  Pass the requestId from the actions array, plus decision="allow" or decision="deny".
-  Approving resumes agent execution. Denying (with optional interrupt=true) can halt the entire session.
-  The response also includes the latest poll state (events, status, etc.), so a separate poll call is not needed.`,
     {
-      action: z.enum(CHECK_ACTIONS),
-      sessionId: z.string().describe("Target session ID"),
-      cursor: z.number().int().nonnegative().optional().describe("Event offset for incremental poll. Default: 0"),
-      responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Default: 'minimal'"),
-      maxEvents: z.number().int().positive().optional().describe("Events per poll. Default: 200 (minimal)"),
-      requestId: z.string().optional().describe("Permission request ID (from actions[])"),
-      decision: z.enum(["allow", "deny"]).optional().describe("For respond_permission"),
-      denyMessage: z.string().optional().describe("Reason shown to agent on deny. Default: 'Permission denied by caller'"),
-      interrupt: z.boolean().optional().describe("Stop session on deny. Default: false"),
-      pollOptions: z.object({
-        includeTools: z.boolean().optional().describe("Default: false"),
-        includeEvents: z.boolean().optional().describe("Default: true"),
-        includeActions: z.boolean().optional().describe("Default: true"),
-        includeResult: z.boolean().optional().describe("Default: true"),
-        includeUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeModelUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeStructuredOutput: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeTerminalEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeProgressEvents: z.boolean().optional().describe("Default: full=true, minimal=false")
-      }).optional().describe("Override responseMode defaults"),
-      permissionOptions: z.object({
-        updatedInput: z.record(z.string(), z.unknown()).optional().describe("Replace tool input on allow. Default: none"),
-        updatedPermissions: z.array(z.record(z.string(), z.unknown())).optional().describe("Update permission rules on allow. Default: none")
-      }).optional().describe("Allow-only: modify tool input or update rules")
+      description: "Poll session events or respond to permission requests.",
+      inputSchema: {
+        action: z.enum(CHECK_ACTIONS),
+        sessionId: z.string().describe("Session ID"),
+        cursor: z.number().int().nonnegative().optional().describe("Default: 0"),
+        responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Default: 'minimal'"),
+        maxEvents: z.number().int().positive().optional().describe("Default: 200 (minimal), unlimited (full)"),
+        requestId: z.string().optional().describe("Permission request ID"),
+        decision: z.enum(["allow", "deny"]).optional().describe("Decision"),
+        denyMessage: z.string().optional().describe("Default: 'Permission denied by caller'"),
+        interrupt: z.boolean().optional().describe("Default: false"),
+        pollOptions: z.object({
+          includeTools: z.boolean().optional().describe("Default: false"),
+          includeEvents: z.boolean().optional().describe("Default: true"),
+          includeActions: z.boolean().optional().describe("Default: true"),
+          includeResult: z.boolean().optional().describe("Default: true"),
+          includeUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          includeModelUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          includeStructuredOutput: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          includeTerminalEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          includeProgressEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          maxBytes: z.number().int().positive().optional().describe("Default: unlimited")
+        }).optional().describe("Default: none"),
+        permissionOptions: z.object({
+          updatedInput: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
+          updatedPermissions: z.array(z.record(z.string(), z.unknown())).optional().describe("Default: none")
+        }).optional().describe("Default: none")
+      },
+      outputSchema: checkResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: false
+      }
     },
-    async (args) => {
-      const result = executeClaudeCodeCheck(args, sessionManager, toolCache);
-      const isError = result.isError === true;
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify(result, null, 2)
-          }
-        ],
-        isError
-      };
+    async (args, extra) => {
+      try {
+        const result = executeClaudeCodeCheck(args, sessionManager, toolCache, extra.signal);
+        const isError = result.isError === true;
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(result, null, 2)
+            }
+          ],
+          structuredContent: result,
+          isError
+        };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessionId: args.sessionId ?? "",
+          status: "error",
+          events: [],
+          isError: true,
+          error: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+        };
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(errorResult, null, 2)
+            }
+          ],
+          structuredContent: errorResult,
+          isError: true
+        };
+      }
     }
   );
-  const originalClose = server.close.bind(server);
-  server.close = async () => {
-    sessionManager.destroy();
-    await originalClose();
-  };
-  return server;
+  registerResources(server, { toolCache });
+  return { server, sessionManager, toolCache };
+}
+
+// src/utils/runtime-errors.ts
+var BENIGN_CODES = /* @__PURE__ */ new Set([
+  "EPIPE",
+  "ECONNRESET",
+  "ERR_STREAM_WRITE_AFTER_END",
+  "ERR_STREAM_DESTROYED",
+  "ABORT_ERR"
+]);
+var BENIGN_MESSAGE_PATTERNS = [
+  "operation aborted",
+  "request was cancelled",
+  "transport closed",
+  "write after end",
+  "stream was destroyed",
+  "cannot call write after a stream was destroyed",
+  "the pipe is being closed"
+];
+function isBenignRuntimeError(error) {
+  if (!(error instanceof Error)) return false;
+  const withCode = error;
+  const code = typeof withCode.code === "string" ? withCode.code : void 0;
+  if (code && BENIGN_CODES.has(code)) return true;
+  if (error.name === "AbortError") return true;
+  const message = error.message.toLowerCase();
+  return BENIGN_MESSAGE_PATTERNS.some((pattern) => message.includes(pattern));
 }
 
 // src/index.ts
+var STDIN_SHUTDOWN_CHECK_MS = 750;
+var STDIN_SHUTDOWN_MAX_WAIT_MS = process.platform === "win32" ? 15e3 : 1e4;
+function summarizeSessions(ctx) {
+  const sessions = ctx.sessionManager.list();
+  const running = sessions.filter((s) => s.status === "running").length;
+  const waitingPermission = sessions.filter((s) => s.status === "waiting_permission").length;
+  return {
+    total: sessions.length,
+    running,
+    waitingPermission,
+    terminal: sessions.length - running - waitingPermission
+  };
+}
 async function main() {
   const serverCwd = process.cwd();
-  const server = createServer(serverCwd);
+  const ctx = createServerContext(serverCwd);
+  const server = ctx.server;
+  const sessionManager = ctx.sessionManager;
   const transport = new StdioServerTransport();
   let closing = false;
-  const shutdown = async () => {
+  let lastExitCode = 0;
+  let stdinClosedAt;
+  let stdinClosedReason;
+  let stdinShutdownTimer;
+  const onStdinEnd = () => handleStdinTerminated("end");
+  const onStdinClose = () => handleStdinTerminated("close");
+  const clearStdinShutdownTimer = () => {
+    if (stdinShutdownTimer) {
+      clearTimeout(stdinShutdownTimer);
+      stdinShutdownTimer = void 0;
+    }
+  };
+  const shutdown = async (reason = "unknown") => {
     if (closing) return;
     closing = true;
+    clearStdinShutdownTimer();
+    if (typeof process.stdin.off === "function") {
+      process.stdin.off("error", handleStdinError);
+      process.stdin.off("end", onStdinEnd);
+      process.stdin.off("close", onStdinClose);
+    }
+    const forceExitMs = process.platform === "win32" ? 1e4 : 5e3;
+    const forceExitTimer = setTimeout(() => process.exit(lastExitCode), forceExitMs);
+    if (forceExitTimer.unref) forceExitTimer.unref();
+    const sessionSummary = summarizeSessions(ctx);
     try {
+      if (server?.isConnected()) {
+        await server.sendLoggingMessage({
+          level: "info",
+          data: { event: "server_stopping", reason, ...sessionSummary }
+        });
+      }
+      sessionManager.destroy();
       await server.close();
     } catch {
     }
-    process.exitCode = 0;
-    setTimeout(() => process.exit(0), 100);
+    process.exitCode = lastExitCode;
+    try {
+      await new Promise((resolve) => process.stderr.write("", () => resolve()));
+    } catch {
+    } finally {
+      clearTimeout(forceExitTimer);
+    }
+  };
+  function handleStdinError(error) {
+    console.error("stdin error:", error);
+    lastExitCode = 1;
+    void shutdown("stdin_error");
+  }
+  function hasActiveSessions() {
+    return sessionManager.list().some((s) => s.status === "running" || s.status === "waiting_permission");
+  }
+  const evaluateStdinTermination = () => {
+    if (closing || stdinClosedAt === void 0) return;
+    const stdinUnavailable = process.stdin.destroyed || process.stdin.readableEnded || !process.stdin.readable;
+    if (!stdinUnavailable) {
+      stdinClosedAt = void 0;
+      stdinClosedReason = void 0;
+      return;
+    }
+    const elapsedMs = Date.now() - stdinClosedAt;
+    const active = hasActiveSessions();
+    const connected = server.isConnected();
+    if (!active && !connected) {
+      void shutdown(`stdin_${stdinClosedReason ?? "closed"}`);
+      return;
+    }
+    if (elapsedMs >= STDIN_SHUTDOWN_MAX_WAIT_MS) {
+      void shutdown(`stdin_${stdinClosedReason ?? "closed"}_timeout`);
+      return;
+    }
+    stdinShutdownTimer = setTimeout(evaluateStdinTermination, STDIN_SHUTDOWN_CHECK_MS);
+    if (stdinShutdownTimer.unref) stdinShutdownTimer.unref();
+  };
+  function handleStdinTerminated(event) {
+    if (closing) return;
+    if (stdinClosedAt === void 0) {
+      stdinClosedAt = Date.now();
+      stdinClosedReason = event;
+      console.error(`[lifecycle] stdin ${event} observed; entering guarded shutdown checks`);
+    }
+    clearStdinShutdownTimer();
+    stdinShutdownTimer = setTimeout(evaluateStdinTermination, STDIN_SHUTDOWN_CHECK_MS);
+    if (stdinShutdownTimer.unref) stdinShutdownTimer.unref();
+  }
+  const handleUnexpectedError = (error) => {
+    if (isBenignRuntimeError(error)) {
+      console.error("Ignored benign runtime abort:", error);
+      return;
+    }
+    console.error("Unhandled runtime error:", error);
+    lastExitCode = 1;
+    void shutdown("runtime_error");
   };
-  process.on("SIGINT", shutdown);
-  process.on("SIGTERM", shutdown);
+  process.on("SIGINT", () => {
+    void shutdown("SIGINT");
+  });
+  process.on("SIGTERM", () => {
+    void shutdown("SIGTERM");
+  });
+  process.on("SIGHUP", () => {
+    void shutdown("SIGHUP");
+  });
+  process.on("beforeExit", () => {
+    void shutdown("beforeExit");
+  });
+  process.on("uncaughtException", handleUnexpectedError);
+  process.on("unhandledRejection", handleUnexpectedError);
+  if (process.platform === "win32") {
+    process.on("SIGBREAK", () => {
+      void shutdown("SIGBREAK");
+    });
+  }
+  if (typeof process.stdin.resume === "function") {
+    process.stdin.resume();
+  }
+  process.stdin.on("error", handleStdinError);
+  process.stdin.on("end", onStdinEnd);
+  process.stdin.on("close", onStdinClose);
   await server.connect(transport);
+  server.sendToolListChanged();
+  server.sendResourceListChanged();
   checkWindowsBashAvailability();
-  console.error(`claude-code-mcp server started (cwd: ${serverCwd})`);
+  try {
+    if (transport && server) {
+      await server.sendLoggingMessage({
+        level: "info",
+        data: { event: "server_started", cwd: serverCwd }
+      });
+    }
+  } catch {
+  }
+  console.error(`claude-code-mcp server started (transport=stdio, cwd: ${serverCwd})`);
 }
 main().catch((err) => {
   console.error("Fatal error:", err);