@leo000001/claude-code-mcp 2.0.3 → 2.2.0

package/dist/index.js

@@ -15,37 +15,69 @@ function normalizePermissionUpdatedInput(input) {
   return { input };
 }
 
-// src/utils/normalize-tool-input.ts
-function normalizeMsysToWindowsPath(path2) {
-  if (/^[a-zA-Z]:[\\/]/.test(path2) || path2.startsWith("\\\\")) return void 0;
-  if (path2.startsWith("//")) {
-    const m2 = path2.match(/^\/\/([^/]{2,})\/(.*)$/);
+// src/utils/normalize-windows-path.ts
+import path from "path";
+import os from "os";
+function maybeAddWindowsLongPathPrefix(value) {
+  if (value.startsWith("\\\\?\\") || value.startsWith("\\\\.\\") || value.length < 240)
+    return value;
+  return path.win32.toNamespacedPath(value);
+}
+function expandTilde(value, platform) {
+  if (value === "~") return os.homedir();
+  if (!value.startsWith("~")) return value;
+  const next = value[1];
+  if (next !== "/" && next !== "\\") return value;
+  const rest = value.slice(2);
+  const join2 = platform === "win32" ? path.win32.join : path.posix.join;
+  return join2(os.homedir(), rest);
+}
+function normalizeMsysToWindowsPathInner(rawPath) {
+  if (/^[a-zA-Z]:[\\/]/.test(rawPath) || rawPath.startsWith("\\\\")) return void 0;
+  if (rawPath.startsWith("//")) {
+    const m2 = rawPath.match(/^\/\/([^/]{2,})\/(.*)$/);
     if (m2) {
       const host = m2[1];
       const rest2 = m2[2] ?? "";
       return `\\\\${host}\\${rest2.replace(/\//g, "\\")}`;
     }
   }
-  const cyg = path2.match(/^\/cygdrive\/([a-zA-Z])\/(.*)$/);
+  const cyg = rawPath.match(/^\/cygdrive\/([a-zA-Z])\/(.*)$/);
   if (cyg) {
     const drive2 = cyg[1].toUpperCase();
     const rest2 = cyg[2] ?? "";
     return `${drive2}:\\${rest2.replace(/\//g, "\\")}`;
   }
-  const m = path2.match(/^\/(?:mnt\/)?([a-zA-Z])\/(.*)$/);
+  const m = rawPath.match(/^\/(?:mnt\/)?([a-zA-Z])\/(.*)$/);
   if (!m) return void 0;
   const drive = m[1].toUpperCase();
   const rest = m[2] ?? "";
   return `${drive}:\\${rest.replace(/\//g, "\\")}`;
 }
-function normalizeToolInput(toolName, input, platform = process.platform) {
+function normalizeMsysToWindowsPath(rawPath) {
+  const converted = normalizeMsysToWindowsPathInner(rawPath);
+  if (!converted) return void 0;
+  return path.win32.normalize(converted);
+}
+function normalizeWindowsPathLike(value, platform = process.platform) {
+  const expanded = expandTilde(value, platform);
+  if (platform !== "win32") return expanded;
+  const converted = normalizeMsysToWindowsPath(expanded);
+  if (!converted && expanded.startsWith("/")) return expanded;
+  const normalized = path.win32.normalize(converted ?? expanded);
+  return maybeAddWindowsLongPathPrefix(normalized);
+}
+function normalizeWindowsPathArray(values, platform = process.platform) {
+  return values.map((v) => normalizeWindowsPathLike(v, platform));
+}
+
+// src/utils/normalize-tool-input.ts
+function normalizeToolInput(_toolName, input, platform = process.platform) {
   if (platform !== "win32") return input;
-  if (toolName !== "NotebookEdit") return input;
   const filePath = input.file_path;
   if (typeof filePath !== "string") return input;
-  const normalized = normalizeMsysToWindowsPath(filePath);
-  if (!normalized) return input;
-  return { ...input, file_path: normalized };
+  const normalized = normalizeWindowsPathLike(filePath, platform);
+  return normalized === filePath ? input : { ...input, file_path: normalized };
 }
 
 // src/session/manager.ts
@@ -54,20 +86,46 @@ var DEFAULT_RUNNING_SESSION_MAX_MS = 4 * 60 * 60 * 1e3;
 var DEFAULT_CLEANUP_INTERVAL_MS = 6e4;
 var DEFAULT_EVENT_BUFFER_MAX_SIZE = 1e3;
 var DEFAULT_EVENT_BUFFER_HARD_MAX_SIZE = 2e3;
+var DEFAULT_MAX_SESSIONS = 128;
+var DEFAULT_MAX_PENDING_PERMISSIONS_PER_SESSION = 64;
 var SessionManager = class _SessionManager {
   sessions = /* @__PURE__ */ new Map();
   runtime = /* @__PURE__ */ new Map();
+  drainingSessions = /* @__PURE__ */ new Map();
   cleanupTimer;
   sessionTtlMs = DEFAULT_SESSION_TTL_MS;
   runningSessionMaxMs = DEFAULT_RUNNING_SESSION_MAX_MS;
   platform;
+  maxSessions;
+  maxPendingPermissionsPerSession;
   constructor(opts) {
     this.platform = opts?.platform ?? process.platform;
+    const envRaw = process.env.CLAUDE_CODE_MCP_MAX_SESSIONS;
+    const envParsed = typeof envRaw === "string" && envRaw.trim() !== "" ? Number.parseInt(envRaw, 10) : NaN;
+    const configured = opts?.maxSessions ?? (Number.isFinite(envParsed) ? envParsed : void 0);
+    this.maxSessions = typeof configured === "number" ? configured <= 0 ? Number.POSITIVE_INFINITY : configured : DEFAULT_MAX_SESSIONS;
+    const maxPendingEnvRaw = process.env.CLAUDE_CODE_MCP_MAX_PENDING_PERMISSIONS;
+    const maxPendingEnvParsed = typeof maxPendingEnvRaw === "string" && maxPendingEnvRaw.trim() !== "" ? Number.parseInt(maxPendingEnvRaw, 10) : NaN;
+    const maxPendingConfigured = opts?.maxPendingPermissionsPerSession ?? (Number.isFinite(maxPendingEnvParsed) ? maxPendingEnvParsed : void 0);
+    this.maxPendingPermissionsPerSession = typeof maxPendingConfigured === "number" ? maxPendingConfigured <= 0 ? Number.POSITIVE_INFINITY : maxPendingConfigured : DEFAULT_MAX_PENDING_PERMISSIONS_PER_SESSION;
     this.cleanupTimer = setInterval(() => this.cleanup(), DEFAULT_CLEANUP_INTERVAL_MS);
     if (this.cleanupTimer.unref) {
       this.cleanupTimer.unref();
     }
   }
+  getSessionCount() {
+    return this.sessions.size;
+  }
+  getMaxSessions() {
+    return this.maxSessions;
+  }
+  getMaxPendingPermissionsPerSession() {
+    return this.maxPendingPermissionsPerSession;
+  }
+  hasCapacityFor(additionalSessions) {
+    if (additionalSessions <= 0) return true;
+    return this.sessions.size + additionalSessions <= this.maxSessions;
+  }
   create(params) {
     const now = (/* @__PURE__ */ new Date()).toISOString();
     const existing = this.sessions.get(params.sessionId);
@@ -160,7 +218,10 @@ var SessionManager = class _SessionManager {
     if (info.status === "waiting_permission") {
       this.finishAllPending(
         sessionId,
-        { behavior: "deny", message: "Session cancelled", interrupt: true },
+        // `cancel()` already aborts the running query below. Avoid sending an additional
+        // interrupt=true control response while the stream is being torn down, which can race
+        // into SDK-level "Operation aborted" write errors on stdio clients.
+        { behavior: "deny", message: "Session cancelled", interrupt: false },
         "cancel"
       );
     }
@@ -178,8 +239,10 @@ var SessionManager = class _SessionManager {
     this.finishAllPending(
       sessionId,
       { behavior: "deny", message: "Session deleted", interrupt: true },
-      "cleanup"
+      "cleanup",
+      { restoreRunning: false }
     );
+    this.drainingSessions.delete(sessionId);
     this.runtime.delete(sessionId);
     return this.sessions.delete(sessionId);
   }
@@ -235,7 +298,53 @@ var SessionManager = class _SessionManager {
     const state = this.runtime.get(sessionId);
     const info = this.sessions.get(sessionId);
     if (!state || !info) return false;
+    if (info.status !== "running" && info.status !== "waiting_permission") {
+      try {
+        finish({
+          behavior: "deny",
+          message: `Session is not accepting permission requests (status: ${info.status}).`,
+          interrupt: true
+        });
+      } catch {
+      }
+      return false;
+    }
+    if (this.isDraining(sessionId)) {
+      try {
+        finish({
+          behavior: "deny",
+          message: "Session is finishing pending permission requests.",
+          interrupt: true
+        });
+      } catch {
+      }
+      return false;
+    }
     if (!state.pendingPermissions.has(req.requestId)) {
+      if (state.pendingPermissions.size >= this.maxPendingPermissionsPerSession) {
+        const deny = {
+          behavior: "deny",
+          message: "Too many pending permission requests for this session.",
+          interrupt: false
+        };
+        this.pushEvent(sessionId, {
+          type: "permission_result",
+          data: {
+            requestId: req.requestId,
+            toolName: req.toolName,
+            behavior: "deny",
+            source: "policy",
+            message: deny.message,
+            interrupt: deny.interrupt
+          },
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        });
+        try {
+          finish(deny);
+        } catch {
+        }
+        return false;
+      }
       const inferredExpiresAt = new Date(Date.now() + timeoutMs).toISOString();
       const record = {
         ...req,
@@ -321,6 +430,11 @@ var SessionManager = class _SessionManager {
     if (finalResult.behavior === "deny") {
       eventData.message = finalResult.message;
       eventData.interrupt = finalResult.interrupt;
+    } else {
+      const allow = finalResult;
+      if (allow.updatedInput !== void 0) eventData.updatedInput = allow.updatedInput;
+      if (allow.updatedPermissions !== void 0)
+        eventData.updatedPermissions = allow.updatedPermissions;
     }
     this.pushEvent(sessionId, {
       type: "permission_result",
@@ -331,17 +445,41 @@ var SessionManager = class _SessionManager {
       pending.finish(finalResult);
     } catch {
     }
-    if (info.status === "waiting_permission" && state.pendingPermissions.size === 0) {
+    if (info.status === "waiting_permission" && state.pendingPermissions.size === 0 && !this.isDraining(sessionId)) {
       info.status = "running";
       info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     }
     return true;
   }
-  finishAllPending(sessionId, result, source) {
+  finishAllPending(sessionId, result, source, opts) {
     const state = this.runtime.get(sessionId);
     if (!state) return;
-    for (const requestId of Array.from(state.pendingPermissions.keys())) {
-      this.finishRequest(sessionId, requestId, result, source);
+    if (state.pendingPermissions.size === 0) return;
+    this.beginDraining(sessionId);
+    try {
+      while (state.pendingPermissions.size > 0) {
+        const next = state.pendingPermissions.keys().next();
+        if (next.done || typeof next.value !== "string") break;
+        const requestId = next.value;
+        const handled = this.finishRequest(sessionId, requestId, result, source);
+        if (!handled) {
+          const pending = state.pendingPermissions.get(requestId);
+          if (pending?.timeoutId) clearTimeout(pending.timeoutId);
+          state.pendingPermissions.delete(requestId);
+          try {
+            pending?.finish(result);
+          } catch {
+          }
+        }
+      }
+    } finally {
+      this.endDraining(sessionId);
+    }
+    const restoreRunning = opts?.restoreRunning ?? true;
+    const info = this.sessions.get(sessionId);
+    if (restoreRunning && info && info.status === "waiting_permission" && state.pendingPermissions.size === 0) {
+      info.status = "running";
+      info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     }
   }
   /** Remove sessions that have been idle for too long, or stuck running too long */
@@ -353,29 +491,40 @@ var SessionManager = class _SessionManager {
         this.finishAllPending(
           id,
           { behavior: "deny", message: "Session expired", interrupt: true },
-          "cleanup"
+          "cleanup",
+          { restoreRunning: false }
         );
+        this.drainingSessions.delete(id);
         this.sessions.delete(id);
         this.runtime.delete(id);
       } else if (info.status === "running" && now - lastActive > this.runningSessionMaxMs) {
         if (info.abortController) info.abortController.abort();
+        info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
+        info.cancelledReason = info.cancelledReason ?? "Session timed out";
+        info.cancelledSource = info.cancelledSource ?? "cleanup";
         info.status = "error";
         info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       } else if (info.status === "waiting_permission" && now - lastActive > this.runningSessionMaxMs) {
         this.finishAllPending(
           id,
           { behavior: "deny", message: "Session timed out", interrupt: true },
-          "cleanup"
+          "cleanup",
+          { restoreRunning: false }
         );
         if (info.abortController) info.abortController.abort();
+        info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
+        info.cancelledReason = info.cancelledReason ?? "Session timed out";
+        info.cancelledSource = info.cancelledSource ?? "cleanup";
         info.status = "error";
         info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       } else if (info.status !== "running" && info.status !== "waiting_permission" && now - lastActive > this.sessionTtlMs) {
         this.finishAllPending(
           id,
           { behavior: "deny", message: "Session expired", interrupt: true },
-          "cleanup"
+          "cleanup",
+          { restoreRunning: false }
         );
+        this.drainingSessions.delete(id);
         this.sessions.delete(id);
         this.runtime.delete(id);
       }
@@ -424,7 +573,8 @@ var SessionManager = class _SessionManager {
       this.finishAllPending(
         info.sessionId,
         { behavior: "deny", message: "Server shutting down", interrupt: true },
-        "destroy"
+        "destroy",
+        { restoreRunning: false }
       );
       if ((info.status === "running" || info.status === "waiting_permission") && info.abortController) {
         info.abortController.abort();
@@ -494,6 +644,20 @@ var SessionManager = class _SessionManager {
   static clearTerminalEvents(buffer) {
     buffer.events = buffer.events.filter((e) => e.type !== "result" && e.type !== "error");
   }
+  isDraining(sessionId) {
+    return (this.drainingSessions.get(sessionId) ?? 0) > 0;
+  }
+  beginDraining(sessionId) {
+    this.drainingSessions.set(sessionId, (this.drainingSessions.get(sessionId) ?? 0) + 1);
+  }
+  endDraining(sessionId) {
+    const current = this.drainingSessions.get(sessionId) ?? 0;
+    if (current <= 1) {
+      this.drainingSessions.delete(sessionId);
+      return;
+    }
+    this.drainingSessions.set(sessionId, current - 1);
+  }
 };
 
 // src/types.ts
@@ -510,23 +674,98 @@ import { AbortError, query } from "@anthropic-ai/claude-agent-sdk";
 // src/utils/windows.ts
 import { existsSync } from "fs";
 import { execSync } from "child_process";
-import path from "path";
-var { join, dirname, normalize } = path.win32;
+import path2 from "path";
+var { join, dirname, normalize, isAbsolute } = path2.win32;
+var LONG_PATH_PREFIX = "\\\\?\\";
+var UNC_LONG_PATH_PREFIX = "\\\\?\\UNC\\";
 function isWindows() {
   return process.platform === "win32";
 }
+function normalizeMaybeQuotedPath(raw) {
+  return normalize(raw.trim().replace(/^"|"$/g, ""));
+}
+function existsSyncSafe(candidate) {
+  try {
+    return existsSync(candidate);
+  } catch {
+    return false;
+  }
+}
+function ensureLongPathPrefix(normalized) {
+  if (!normalized || normalized.startsWith(LONG_PATH_PREFIX)) return normalized;
+  if (!isAbsolute(normalized)) return normalized;
+  if (normalized.startsWith("\\\\")) {
+    return `${UNC_LONG_PATH_PREFIX}${normalized.slice(2)}`;
+  }
+  return `${LONG_PATH_PREFIX}${normalized}`;
+}
+function existsPath(raw) {
+  if (!raw) return false;
+  const normalized = normalizeMaybeQuotedPath(raw);
+  if (existsSyncSafe(normalized)) return true;
+  const longPath = ensureLongPathPrefix(normalized);
+  if (longPath === normalized) return false;
+  return existsSyncSafe(longPath);
+}
+function tryWhere(exe) {
+  try {
+    const output = execSync(`where ${exe}`, {
+      encoding: "utf8",
+      timeout: 2e3,
+      windowsHide: true
+    });
+    return output.split(/\r?\n/).map((l) => l.trim()).filter(Boolean).map((p) => normalizeMaybeQuotedPath(p));
+  } catch {
+    return [];
+  }
+}
+function pathEntries() {
+  const raw = process.env.PATH;
+  if (typeof raw !== "string" || raw.trim() === "") return [];
+  return raw.split(path2.delimiter).map((p) => p.trim().replace(/^"|"$/g, "")).filter(Boolean).map((p) => normalizeMaybeQuotedPath(p));
+}
+function tryFromPath(exeNames) {
+  const results = [];
+  for (const dir of pathEntries()) {
+    for (const exe of exeNames) {
+      const full = normalize(path2.win32.join(dir, exe));
+      if (existsPath(full)) results.push(full);
+    }
+  }
+  return results;
+}
+function firstExisting(candidates) {
+  for (const p of candidates) {
+    if (p && existsPath(p)) return p;
+  }
+  return null;
+}
+function isWindowsSystemBash(pathLike) {
+  const p = normalizeMaybeQuotedPath(pathLike).toLowerCase();
+  return p.endsWith("\\windows\\system32\\bash.exe") || p.endsWith("\\windows\\syswow64\\bash.exe") || p.includes("\\windows\\system32\\bash.exe") || p.includes("\\windows\\syswow64\\bash.exe");
+}
 function findGitBash() {
   const envPathRaw = process.env.CLAUDE_CODE_GIT_BASH_PATH;
   if (envPathRaw && envPathRaw.trim() !== "") {
-    const envPath = normalize(envPathRaw.trim().replace(/^"|"$/g, ""));
-    if (existsSync(envPath)) return envPath;
-    return null;
-  }
+    const envPath = normalizeMaybeQuotedPath(envPathRaw);
+    if (existsPath(envPath)) return envPath;
+  }
+  const programFilesRoots = [
+    process.env.ProgramW6432,
+    process.env.ProgramFiles,
+    process.env["ProgramFiles(x86)"]
+  ].filter((v) => typeof v === "string" && v.trim() !== "");
+  const defaultCandidates = [];
+  for (const root of programFilesRoots) {
+    const base = join(normalizeMaybeQuotedPath(root), "Git");
+    defaultCandidates.push(join(base, "bin", "bash.exe"));
+    defaultCandidates.push(join(base, "usr", "bin", "bash.exe"));
+  }
+  const fromDefault = firstExisting(defaultCandidates);
+  if (fromDefault) return fromDefault;
   try {
-    const output = execSync("where git", { encoding: "utf8" });
-    const gitCandidates = output.split(/\r?\n/).map((l) => l.trim()).filter(Boolean);
-    for (const gitPathRaw of gitCandidates) {
-      const gitPath = normalize(gitPathRaw.replace(/^"|"$/g, ""));
+    const gitCandidates = [...tryFromPath(["git.exe", "git.cmd", "git.bat"]), ...tryWhere("git")];
+    for (const gitPath of gitCandidates) {
       if (!gitPath) continue;
       const gitDir = dirname(gitPath);
       const gitDirLower = gitDir.toLowerCase();
@@ -548,19 +787,38 @@ function findGitBash() {
         bashCandidates.push(join(root, "mingw64", "bin", "bash.exe"));
       }
       for (const bashPath of bashCandidates) {
-        const normalized = normalize(bashPath);
-        if (existsSync(normalized)) return normalized;
+        const normalizedPath = normalize(bashPath);
+        if (existsPath(normalizedPath)) return normalizedPath;
       }
     }
   } catch {
   }
+  const fromWhereBash = firstExisting(
+    [...tryFromPath(["bash.exe"]), ...tryWhere("bash")].filter(
+      (p) => p.toLowerCase().endsWith("\\bash.exe") && !isWindowsSystemBash(p)
+    )
+  );
+  if (fromWhereBash) return fromWhereBash;
   return null;
 }
 function checkWindowsBashAvailability() {
   if (!isWindows()) return;
+  const envPathRaw = process.env.CLAUDE_CODE_GIT_BASH_PATH;
+  const envPath = envPathRaw && envPathRaw.trim() !== "" ? normalizeMaybeQuotedPath(envPathRaw) : null;
+  const envValid = !!(envPath && existsPath(envPath));
   const bashPath = findGitBash();
   if (bashPath) {
-    console.error(`[windows] Git Bash detected: ${bashPath}`);
+    if (!envValid) {
+      process.env.CLAUDE_CODE_GIT_BASH_PATH = bashPath;
+      if (envPathRaw && envPathRaw.trim() !== "") {
+        console.error(
+          `[windows] WARNING: CLAUDE_CODE_GIT_BASH_PATH is set to "${envPathRaw}" but the file does not exist.`
+        );
+      }
+      console.error(`[windows] Git Bash detected: ${bashPath} (set CLAUDE_CODE_GIT_BASH_PATH)`);
+    } else {
+      console.error(`[windows] Git Bash detected: ${bashPath}`);
+    }
     return;
   }
   const hint = process.env.CLAUDE_CODE_GIT_BASH_PATH ? `CLAUDE_CODE_GIT_BASH_PATH is set to "${process.env.CLAUDE_CODE_GIT_BASH_PATH}" but the file does not exist.` : "CLAUDE_CODE_GIT_BASH_PATH is not set and git was not found in PATH.";
@@ -577,7 +835,9 @@ function checkWindowsBashAvailability() {
 var WINDOWS_BASH_HINT = '\n\n[Windows] The Claude Code CLI requires Git Bash. Set CLAUDE_CODE_GIT_BASH_PATH in your MCP server config or system environment. See README.md "Windows Support" section for details.';
 function enhanceWindowsError(errorMessage) {
   if (!isWindows()) return errorMessage;
-  if (errorMessage.includes("git-bash") || errorMessage.includes("bash.exe") || errorMessage.includes("CLAUDE_CODE_GIT_BASH_PATH")) {
+  const lower = errorMessage.toLowerCase();
+  const looksLikeMissingBash = lower.includes("enoent") && (lower.includes("bash") || lower.includes("git-bash")) || lower.includes("claude code on windows requires git-bash");
+  if (looksLikeMissingBash || lower.includes("claude_code_git_bash_path")) {
     return errorMessage + WINDOWS_BASH_HINT;
   }
   return errorMessage;
@@ -586,6 +846,13 @@ function enhanceWindowsError(errorMessage) {
 // src/tools/query-consumer.ts
 var MAX_TRANSIENT_RETRIES = 3;
 var INITIAL_RETRY_DELAY_MS = 1e3;
+var DEFAULT_PERMISSION_REQUEST_TIMEOUT_MS = 6e4;
+var MAX_PERMISSION_REQUEST_TIMEOUT_MS = 5 * 6e4;
+var MAX_PREINIT_BUFFER_MESSAGES = 200;
+function clampPermissionRequestTimeoutMs(ms) {
+  if (!Number.isFinite(ms) || ms <= 0) return DEFAULT_PERMISSION_REQUEST_TIMEOUT_MS;
+  return Math.min(ms, MAX_PERMISSION_REQUEST_TIMEOUT_MS);
+}
 function classifyError(err, abortSignal) {
   if (abortSignal.aborted) return "abort";
   if (err instanceof AbortError || err instanceof Error && err.name === "AbortError") {
@@ -610,12 +877,16 @@ function describeTool(toolName, toolCache) {
   return found?.description;
 }
 function sdkResultToAgentResult(result) {
+  const sessionTotalTurns = result.session_total_turns;
+  const sessionTotalCostUsd = result.session_total_cost_usd;
   const base = {
     sessionId: result.session_id,
     durationMs: result.duration_ms,
     durationApiMs: result.duration_api_ms,
     numTurns: result.num_turns,
     totalCostUsd: result.total_cost_usd,
+    sessionTotalTurns: typeof sessionTotalTurns === "number" ? sessionTotalTurns : void 0,
+    sessionTotalCostUsd: typeof sessionTotalCostUsd === "number" ? sessionTotalCostUsd : void 0,
     stopReason: result.stop_reason,
     usage: result.usage,
     modelUsage: result.modelUsage,
@@ -727,6 +998,9 @@ function consumeQuery(params) {
     return activeSessionId;
   };
   let initTimeoutId;
+  const permissionRequestTimeoutMs = clampPermissionRequestTimeoutMs(
+    params.permissionRequestTimeoutMs
+  );
   const canUseTool = async (toolName, input, options2) => {
     const sessionId = await getSessionId();
     const normalizedInput = normalizeToolInput(toolName, input, params.platform);
@@ -744,7 +1018,7 @@ function consumeQuery(params) {
     }
     const requestId = `${options2.toolUseID}:${toolName}:${Date.now()}:${Math.random().toString(16).slice(2)}`;
     const createdAt = (/* @__PURE__ */ new Date()).toISOString();
-    const timeoutMs = params.permissionRequestTimeoutMs;
+    const timeoutMs = permissionRequestTimeoutMs;
     const expiresAt = new Date(Date.now() + timeoutMs).toISOString();
     const record = {
       requestId,
@@ -781,10 +1055,14 @@ function consumeQuery(params) {
         sessionId,
         record,
         finish,
-        params.permissionRequestTimeoutMs
+        permissionRequestTimeoutMs
       );
       if (!registered) {
-        finish({ behavior: "deny", message: "Session no longer exists.", interrupt: true });
+        finish({
+          behavior: "deny",
+          message: "Session no longer exists.",
+          interrupt: true
+        });
         return;
       }
       options2.signal.addEventListener("abort", abortListener, { once: true });
@@ -819,6 +1097,7 @@ function consumeQuery(params) {
   };
   const done = (async () => {
     const preInit = [];
+    let preInitDropped = 0;
     if (shouldWaitForInit) {
       initTimeoutId = setTimeout(() => {
         close();
@@ -843,6 +1122,13 @@ function consumeQuery(params) {
               sessionIdResolved = true;
               resolveSessionId(activeSessionId);
               if (initTimeoutId) clearTimeout(initTimeoutId);
+              if (preInitDropped > 0) {
+                params.sessionManager.pushEvent(activeSessionId, {
+                  type: "progress",
+                  data: { type: "pre_init_dropped", dropped: preInitDropped },
+                  timestamp: (/* @__PURE__ */ new Date()).toISOString()
+                });
+              }
               for (const buffered of preInit) {
                 const event2 = messageToEvent(buffered);
                 if (!event2) continue;
@@ -858,35 +1144,50 @@ function consumeQuery(params) {
           }
           if (shouldWaitForInit && !sessionIdResolved) {
             preInit.push(message);
+            if (preInit.length > MAX_PREINIT_BUFFER_MESSAGES) {
+              preInit.shift();
+              preInitDropped++;
+            }
             continue;
           }
           if (message.type === "result") {
             const sessionId2 = message.session_id ?? await getSessionId();
             const agentResult = sdkResultToAgentResult(message);
+            const current = params.sessionManager.get(sessionId2);
+            const previousTotalTurns = current?.totalTurns ?? 0;
+            const previousTotalCostUsd = current?.totalCostUsd ?? 0;
+            const computedTotalTurns = previousTotalTurns + agentResult.numTurns;
+            const computedTotalCostUsd = previousTotalCostUsd + agentResult.totalCostUsd;
+            const sessionTotalTurns = typeof agentResult.sessionTotalTurns === "number" ? Math.max(agentResult.sessionTotalTurns, computedTotalTurns) : computedTotalTurns;
+            const sessionTotalCostUsd = typeof agentResult.sessionTotalCostUsd === "number" ? Math.max(agentResult.sessionTotalCostUsd, computedTotalCostUsd) : computedTotalCostUsd;
+            const resultWithSessionTotals = {
+              ...agentResult,
+              sessionTotalTurns,
+              sessionTotalCostUsd
+            };
             const stored = {
               type: agentResult.isError ? "error" : "result",
-              result: agentResult,
+              result: resultWithSessionTotals,
               createdAt: (/* @__PURE__ */ new Date()).toISOString()
             };
             params.sessionManager.setResult(sessionId2, stored);
             params.sessionManager.clearTerminalEvents(sessionId2);
             params.sessionManager.pushEvent(sessionId2, {
               type: agentResult.isError ? "error" : "result",
-              data: agentResult,
+              data: resultWithSessionTotals,
               timestamp: (/* @__PURE__ */ new Date()).toISOString()
             });
-            const current = params.sessionManager.get(sessionId2);
             if (current && current.status !== "cancelled") {
               params.sessionManager.update(sessionId2, {
                 status: agentResult.isError ? "error" : "idle",
-                totalTurns: agentResult.numTurns,
-                totalCostUsd: agentResult.totalCostUsd,
+                totalTurns: sessionTotalTurns,
+                totalCostUsd: sessionTotalCostUsd,
                 abortController: void 0
               });
             } else if (current) {
               params.sessionManager.update(sessionId2, {
-                totalTurns: agentResult.numTurns,
-                totalCostUsd: agentResult.totalCostUsd,
+                totalTurns: sessionTotalTurns,
+                totalCostUsd: sessionTotalCostUsd,
                 abortController: void 0
               });
             }
@@ -1035,15 +1336,23 @@ function consumeQuery(params) {
 
 // src/utils/resume-token.ts
 import { createHmac } from "crypto";
+function getResumeSecrets() {
+  const raw = process.env.CLAUDE_CODE_MCP_RESUME_SECRET;
+  if (typeof raw !== "string") return [];
+  return raw.split(",").map((s) => s.trim()).filter((s) => s.length > 0);
+}
 function getResumeSecret() {
-  const secret = process.env.CLAUDE_CODE_MCP_RESUME_SECRET;
-  if (typeof secret !== "string") return void 0;
-  const trimmed = secret.trim();
-  return trimmed.length > 0 ? trimmed : void 0;
+  return getResumeSecrets()[0];
 }
 function computeResumeToken(sessionId, secret) {
   return createHmac("sha256", secret).update(sessionId).digest("base64url");
 }
+function isValidResumeToken(sessionId, token, secrets) {
+  for (const secret of secrets) {
+    if (computeResumeToken(sessionId, secret) === token) return true;
+  }
+  return false;
+}
 
 // src/utils/race-with-abort.ts
 function raceWithAbort(promise, signal, onAbort) {
@@ -1070,7 +1379,7 @@ function raceWithAbort(promise, signal, onAbort) {
 
 // src/utils/build-options.ts
 function buildOptions(src) {
-  const opts = { cwd: src.cwd };
+  const opts = { cwd: normalizeWindowsPathLike(src.cwd) };
   if (src.allowedTools !== void 0) opts.allowedTools = src.allowedTools;
   if (src.disallowedTools !== void 0) opts.disallowedTools = src.disallowedTools;
   if (src.tools !== void 0) opts.tools = src.tools;
@@ -1082,13 +1391,13 @@ function buildOptions(src) {
   if (src.effort !== void 0) opts.effort = src.effort;
   if (src.betas !== void 0) opts.betas = src.betas;
   if (src.additionalDirectories !== void 0)
-    opts.additionalDirectories = src.additionalDirectories;
+    opts.additionalDirectories = normalizeWindowsPathArray(src.additionalDirectories);
   if (src.outputFormat !== void 0) opts.outputFormat = src.outputFormat;
   if (src.thinking !== void 0) opts.thinking = src.thinking;
   if (src.persistSession !== void 0) opts.persistSession = src.persistSession;
   if (src.resumeSessionAt !== void 0) opts.resumeSessionAt = src.resumeSessionAt;
   if (src.pathToClaudeCodeExecutable !== void 0)
-    opts.pathToClaudeCodeExecutable = src.pathToClaudeCodeExecutable;
+    opts.pathToClaudeCodeExecutable = normalizeWindowsPathLike(src.pathToClaudeCodeExecutable);
   if (src.agent !== void 0) opts.agent = src.agent;
   if (src.mcpServers !== void 0) opts.mcpServers = src.mcpServers;
   if (src.sandbox !== void 0) opts.sandbox = src.sandbox;
@@ -1101,11 +1410,48 @@ function buildOptions(src) {
   if (src.settingSources !== void 0) opts.settingSources = src.settingSources;
   else opts.settingSources = DEFAULT_SETTING_SOURCES;
   if (src.debug !== void 0) opts.debug = src.debug;
-  if (src.debugFile !== void 0) opts.debugFile = src.debugFile;
+  if (src.debugFile !== void 0) opts.debugFile = normalizeWindowsPathLike(src.debugFile);
   if (src.env !== void 0) opts.env = { ...process.env, ...src.env };
   return opts;
 }
 
+// src/utils/session-create.ts
+function toSessionCreateParams(input) {
+  const src = input.source;
+  return {
+    sessionId: input.sessionId,
+    cwd: src.cwd,
+    model: src.model,
+    permissionMode: input.permissionMode,
+    allowedTools: src.allowedTools,
+    disallowedTools: src.disallowedTools,
+    tools: src.tools,
+    maxTurns: src.maxTurns,
+    systemPrompt: src.systemPrompt,
+    agents: src.agents,
+    maxBudgetUsd: src.maxBudgetUsd,
+    effort: src.effort,
+    betas: src.betas,
+    additionalDirectories: src.additionalDirectories,
+    outputFormat: src.outputFormat,
+    thinking: src.thinking,
+    persistSession: src.persistSession,
+    pathToClaudeCodeExecutable: src.pathToClaudeCodeExecutable,
+    agent: src.agent,
+    mcpServers: src.mcpServers,
+    sandbox: src.sandbox,
+    fallbackModel: src.fallbackModel,
+    enableFileCheckpointing: src.enableFileCheckpointing,
+    includePartialMessages: src.includePartialMessages,
+    strictMcpConfig: src.strictMcpConfig,
+    settingSources: src.settingSources ?? DEFAULT_SETTING_SOURCES,
+    debug: src.debug,
+    debugFile: src.debugFile,
+    env: src.env,
+    abortController: input.abortController
+  };
+}
+
 // src/tools/claude-code.ts
 async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, requestSignal) {
   const cwd = input.cwd !== void 0 ? input.cwd : serverCwd;
@@ -1116,10 +1462,28 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
       error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd must be a non-empty string.`
     };
   }
+  if (!sessionManager.hasCapacityFor(1)) {
+    return {
+      sessionId: "",
+      status: "error",
+      error: `Error [${"RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */}]: Too many sessions (limit: ${sessionManager.getMaxSessions()}).`
+    };
+  }
   const abortController = new AbortController();
   const adv = input.advanced ?? {};
   const permissionRequestTimeoutMs = input.permissionRequestTimeoutMs ?? 6e4;
-  const sessionInitTimeoutMs = adv.sessionInitTimeoutMs ?? 1e4;
+  const sessionInitTimeoutMs = adv.sessionInitTimeoutMs ?? input.sessionInitTimeoutMs ?? 1e4;
+  const compatWarnings = [];
+  if (input.sessionInitTimeoutMs !== void 0) {
+    compatWarnings.push(
+      "Top-level sessionInitTimeoutMs for claude_code is a compatibility alias; prefer advanced.sessionInitTimeoutMs."
+    );
+  }
+  if (input.sessionInitTimeoutMs !== void 0 && adv.sessionInitTimeoutMs !== void 0 && input.sessionInitTimeoutMs !== adv.sessionInitTimeoutMs) {
+    compatWarnings.push(
+      `Both advanced.sessionInitTimeoutMs (${adv.sessionInitTimeoutMs}) and top-level sessionInitTimeoutMs (${input.sessionInitTimeoutMs}) were provided; using advanced.sessionInitTimeoutMs.`
+    );
+  }
   const flat = {
     cwd,
     allowedTools: input.allowedTools,
@@ -1127,52 +1491,37 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
     maxTurns: input.maxTurns,
     model: input.model,
     systemPrompt: input.systemPrompt,
-    ...adv
+    ...adv,
+    effort: input.effort ?? adv.effort,
+    thinking: input.thinking ?? adv.thinking
+  };
+  const normalizedFlat = {
+    ...flat,
+    cwd: normalizeWindowsPathLike(flat.cwd),
+    additionalDirectories: flat.additionalDirectories !== void 0 ? normalizeWindowsPathArray(flat.additionalDirectories) : void 0,
+    debugFile: flat.debugFile !== void 0 ? normalizeWindowsPathLike(flat.debugFile) : void 0,
+    pathToClaudeCodeExecutable: flat.pathToClaudeCodeExecutable !== void 0 ? normalizeWindowsPathLike(flat.pathToClaudeCodeExecutable) : void 0
   };
   try {
     const handle = consumeQuery({
       mode: "start",
       prompt: input.prompt,
       abortController,
-      options: buildOptions(flat),
+      options: buildOptions(normalizedFlat),
       permissionRequestTimeoutMs,
       sessionInitTimeoutMs,
       sessionManager,
       toolCache,
       onInit: (init) => {
         if (sessionManager.get(init.session_id)) return;
-        sessionManager.create({
-          sessionId: init.session_id,
-          cwd,
-          model: input.model,
-          permissionMode: "default",
-          allowedTools: input.allowedTools,
-          disallowedTools: input.disallowedTools,
-          tools: adv.tools,
-          maxTurns: input.maxTurns,
-          systemPrompt: input.systemPrompt,
-          agents: adv.agents,
-          maxBudgetUsd: adv.maxBudgetUsd,
-          effort: adv.effort,
-          betas: adv.betas,
-          additionalDirectories: adv.additionalDirectories,
-          outputFormat: adv.outputFormat,
-          thinking: adv.thinking,
-          persistSession: adv.persistSession,
-          pathToClaudeCodeExecutable: adv.pathToClaudeCodeExecutable,
-          agent: adv.agent,
-          mcpServers: adv.mcpServers,
-          sandbox: adv.sandbox,
-          fallbackModel: adv.fallbackModel,
-          enableFileCheckpointing: adv.enableFileCheckpointing,
-          includePartialMessages: adv.includePartialMessages,
-          strictMcpConfig: adv.strictMcpConfig,
-          settingSources: adv.settingSources ?? DEFAULT_SETTING_SOURCES,
-          debug: adv.debug,
-          debugFile: adv.debugFile,
-          env: adv.env,
-          abortController
-        });
+        sessionManager.create(
+          toSessionCreateParams({
+            sessionId: init.session_id,
+            source: normalizedFlat,
+            permissionMode: "default",
+            abortController
+          })
+        );
       }
     });
     const sessionId = await raceWithAbort(
@@ -1185,7 +1534,8 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
       sessionId,
       status: "running",
       pollInterval: 3e3,
-      resumeToken: resumeSecret ? computeResumeToken(sessionId, resumeSecret) : void 0
+      resumeToken: resumeSecret ? computeResumeToken(sessionId, resumeSecret) : void 0,
+      compatWarnings: compatWarnings.length > 0 ? compatWarnings : void 0
     };
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
@@ -1224,6 +1574,13 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
   const sessionInitTimeoutMs = input.sessionInitTimeoutMs ?? 1e4;
   const existing = sessionManager.get(input.sessionId);
   if (!existing) {
+    if (!sessionManager.hasCapacityFor(1)) {
+      return {
+        sessionId: input.sessionId,
+        status: "error",
+        error: `Error [${"RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */}]: Too many sessions (limit: ${sessionManager.getMaxSessions()}).`
+      };
+    }
     const allowDiskResume = process.env.CLAUDE_CODE_MCP_ALLOW_DISK_RESUME === "1";
     if (!allowDiskResume) {
       return {
@@ -1232,7 +1589,8 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         error: `Error [${"SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */}]: Session '${input.sessionId}' not found or expired.`
       };
     }
-    const resumeSecret = getResumeSecret();
+    const resumeSecrets = getResumeSecrets();
+    const resumeSecret = resumeSecrets[0];
     if (!resumeSecret) {
       return {
         sessionId: input.sessionId,
@@ -1248,8 +1606,7 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         error: `Error [${"PERMISSION_DENIED" /* PERMISSION_DENIED */}]: resumeToken is required for disk resume fallback.`
       };
     }
-    const expectedToken = computeResumeToken(input.sessionId, resumeSecret);
-    if (dr.resumeToken !== expectedToken) {
+    if (!isValidResumeToken(input.sessionId, dr.resumeToken, resumeSecrets)) {
       return {
         sessionId: input.sessionId,
         status: "error",
@@ -1259,38 +1616,27 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
     try {
       const abortController2 = new AbortController();
       const options2 = buildOptionsFromDiskResume(dr);
-      sessionManager.create({
-        sessionId: input.sessionId,
+      if (input.effort !== void 0) options2.effort = input.effort;
+      if (input.thinking !== void 0) options2.thinking = input.thinking;
+      const { resumeToken: _resumeToken, ...rest } = dr;
+      void _resumeToken;
+      const source = {
+        ...rest,
         cwd: options2.cwd ?? dr.cwd ?? "",
-        model: dr.model,
-        permissionMode: "default",
-        allowedTools: dr.allowedTools,
-        disallowedTools: dr.disallowedTools,
-        tools: dr.tools,
-        maxTurns: dr.maxTurns,
-        systemPrompt: dr.systemPrompt,
-        agents: dr.agents,
-        maxBudgetUsd: dr.maxBudgetUsd,
-        effort: dr.effort,
-        betas: dr.betas,
-        additionalDirectories: dr.additionalDirectories,
-        outputFormat: dr.outputFormat,
-        thinking: dr.thinking,
-        persistSession: dr.persistSession,
-        pathToClaudeCodeExecutable: dr.pathToClaudeCodeExecutable,
-        agent: dr.agent,
-        mcpServers: dr.mcpServers,
-        sandbox: dr.sandbox,
-        fallbackModel: dr.fallbackModel,
-        enableFileCheckpointing: dr.enableFileCheckpointing,
-        includePartialMessages: dr.includePartialMessages,
-        strictMcpConfig: dr.strictMcpConfig,
-        settingSources: dr.settingSources ?? DEFAULT_SETTING_SOURCES,
-        debug: dr.debug,
-        debugFile: dr.debugFile,
-        env: dr.env,
-        abortController: abortController2
-      });
+        additionalDirectories: options2.additionalDirectories ?? rest.additionalDirectories,
+        debugFile: options2.debugFile ?? rest.debugFile,
+        pathToClaudeCodeExecutable: options2.pathToClaudeCodeExecutable ?? rest.pathToClaudeCodeExecutable,
+        effort: input.effort ?? rest.effort,
+        thinking: input.thinking ?? rest.thinking
+      };
+      sessionManager.create(
+        toSessionCreateParams({
+          sessionId: input.sessionId,
+          source,
+          permissionMode: "default",
+          abortController: abortController2
+        })
+      );
       try {
         consumeQuery({
           mode: "disk-resume",
@@ -1371,8 +1717,29 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
       error: current ? `Error [${"SESSION_BUSY" /* SESSION_BUSY */}]: Session is not available (status: ${current.status}).` : `Error [${"SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */}]: Session '${input.sessionId}' not found or expired.`
     };
   }
-  const options = buildOptions(existing);
+  const session = acquired;
+  const options = buildOptions(session);
   if (input.forkSession) options.forkSession = true;
+  if (input.forkSession && !sessionManager.hasCapacityFor(1)) {
+    sessionManager.update(input.sessionId, { status: originalStatus, abortController: void 0 });
+    return {
+      sessionId: input.sessionId,
+      status: "error",
+      error: `Error [${"RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */}]: Too many sessions (limit: ${sessionManager.getMaxSessions()}).`
+    };
+  }
+  const sourceOverrides = {
+    effort: input.effort ?? session.effort,
+    thinking: input.thinking ?? session.thinking
+  };
+  if (input.effort !== void 0) options.effort = input.effort;
+  if (input.thinking !== void 0) options.thinking = input.thinking;
+  if (!input.forkSession && (input.effort !== void 0 || input.thinking !== void 0)) {
+    const patch = {};
+    if (input.effort !== void 0) patch.effort = input.effort;
+    if (input.thinking !== void 0) patch.thinking = input.thinking;
+    sessionManager.update(input.sessionId, patch);
+  }
   try {
     const handle = consumeQuery({
       mode: "resume",
@@ -1388,44 +1755,20 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
       onInit: (init) => {
         if (!input.forkSession) return;
         if (init.session_id === input.sessionId) return;
-        if (!sessionManager.get(init.session_id)) {
-          sessionManager.create({
-            sessionId: init.session_id,
-            cwd: existing.cwd,
-            model: existing.model,
-            permissionMode: "default",
-            allowedTools: existing.allowedTools,
-            disallowedTools: existing.disallowedTools,
-            tools: existing.tools,
-            maxTurns: existing.maxTurns,
-            systemPrompt: existing.systemPrompt,
-            agents: existing.agents,
-            maxBudgetUsd: existing.maxBudgetUsd,
-            effort: existing.effort,
-            betas: existing.betas,
-            additionalDirectories: existing.additionalDirectories,
-            outputFormat: existing.outputFormat,
-            thinking: existing.thinking,
-            persistSession: existing.persistSession,
-            pathToClaudeCodeExecutable: existing.pathToClaudeCodeExecutable,
-            agent: existing.agent,
-            mcpServers: existing.mcpServers,
-            sandbox: existing.sandbox,
-            fallbackModel: existing.fallbackModel,
-            enableFileCheckpointing: existing.enableFileCheckpointing,
-            includePartialMessages: existing.includePartialMessages,
-            strictMcpConfig: existing.strictMcpConfig,
-            settingSources: existing.settingSources ?? DEFAULT_SETTING_SOURCES,
-            debug: existing.debug,
-            debugFile: existing.debugFile,
-            env: existing.env,
-            abortController
-          });
-        }
         sessionManager.update(input.sessionId, {
           status: originalStatus,
           abortController: void 0
         });
+        if (!sessionManager.get(init.session_id)) {
+          sessionManager.create(
+            toSessionCreateParams({
+              sessionId: init.session_id,
+              source: { ...session, ...sourceOverrides },
+              permissionMode: "default",
+              abortController
+            })
+          );
+        }
       }
     });
     const sessionId = input.forkSession ? await raceWithAbort(
@@ -1478,54 +1821,54 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
 // src/tools/tool-discovery.ts
 var TOOL_CATALOG = {
   Bash: {
-    description: "Run shell commands (e.g. npm install, git commit, ls) in the project directory.",
+    description: "Run shell commands",
     category: "execute"
   },
   Read: {
-    description: "Read the contents of a file given its path (large files may hit per-call size caps; use offset/limit or Grep chunking).",
+    description: "Read file contents (large files: use offset/limit or Grep)",
     category: "file_read"
   },
   Write: {
-    description: "Create a new file or completely replace an existing file's contents.",
+    description: "Create or overwrite files",
     category: "file_write"
   },
   Edit: {
-    description: "Make targeted changes to specific parts of an existing file without rewriting the whole file (replace_all is substring-based).",
+    description: "Targeted edits (replace_all is substring-based)",
     category: "file_write"
   },
   Glob: {
-    description: "Find files by name pattern (e.g. '**/*.ts' finds all TypeScript files).",
+    description: "Find files by glob pattern",
     category: "file_read"
   },
   Grep: {
-    description: "Search inside files for text or regex patterns (like grep/ripgrep).",
+    description: "Search file contents (regex)",
     category: "file_read"
   },
   NotebookEdit: {
-    description: "Edit individual cells in Jupyter notebooks (.ipynb files) (expects native Windows paths; this server normalizes /d/... when possible).",
+    description: "Edit Jupyter notebook cells (Windows paths normalized)",
     category: "file_write"
   },
   WebFetch: {
-    description: "Download and read the content of a web page or API endpoint.",
+    description: "Fetch web page or API content",
     category: "network"
   },
-  WebSearch: { description: "Search the web and return relevant results.", category: "network" },
+  WebSearch: { description: "Web search", category: "network" },
   Task: {
-    description: "Spawn a subagent to handle a subtask independently (requires this tool to be in allowedTools).",
+    description: "Spawn subagent (must be in allowedTools)",
     category: "agent"
   },
-  TaskOutput: { description: "Get the output from a background subagent task.", category: "agent" },
-  TaskStop: { description: "Cancel a running background subagent task.", category: "agent" },
+  TaskOutput: { description: "Get subagent output", category: "agent" },
+  TaskStop: { description: "Cancel subagent", category: "agent" },
   TodoWrite: {
-    description: "Create and update a structured task/todo checklist.",
+    description: "Task/todo checklist",
     category: "agent"
   },
   AskUserQuestion: {
-    description: "Ask the user a question and wait for their answer before continuing.",
+    description: "Ask user a question",
     category: "interaction"
   },
   TeamDelete: {
-    description: "Delete a team and its resources (may require all active members to shutdown_approved; cleanup may complete asynchronously).",
+    description: "Delete team (may need shutdown_approved first)",
     category: "agent"
   }
 };
@@ -1545,8 +1888,10 @@ function defaultCatalogTools() {
 }
 var ToolDiscoveryCache = class {
   cached;
-  constructor(initial) {
+  onUpdated;
+  constructor(initial, onUpdated) {
     this.cached = initial ?? defaultCatalogTools();
+    this.onUpdated = onUpdated;
   }
   getTools() {
     return this.cached;
@@ -1555,7 +1900,13 @@ var ToolDiscoveryCache = class {
     const discovered = discoverToolsFromInit(initTools);
     const next = mergeToolLists(discovered, defaultCatalogTools());
     const updated = JSON.stringify(next) !== JSON.stringify(this.cached);
-    if (updated) this.cached = next;
+    if (updated) {
+      this.cached = next;
+      try {
+        this.onUpdated?.(this.cached);
+      } catch {
+      }
+    }
     return { updated, tools: this.cached };
   }
 };
@@ -1580,9 +1931,8 @@ function groupByCategory(tools) {
 function buildInternalToolsDescription(tools) {
   const grouped = groupByCategory(tools);
   const categories = Object.keys(grouped).sort((a, b) => a.localeCompare(b));
-  let desc = 'Start a new Claude Code agent session.\n\nLaunches an autonomous coding agent that can read/write files, run shell commands, search code, manage git, access the web, and more. Returns immediately with a sessionId \u2014 the agent runs asynchronously in the background.\n\nWorkflow:\n1. Call claude_code with a prompt \u2192 returns { sessionId, status: "running", pollInterval }\n2. Poll with claude_code_check (action="poll") to receive progress events and the final result\n3. If the agent needs permission for a tool call, approve or deny via claude_code_check (action="respond_permission")\n\n';
-  desc += "Defaults:\n- settingSources: ['user', 'project', 'local'] (loads ~/.claude/settings.json, .claude/settings.json, .claude/settings.local.json, and CLAUDE.md)\n- persistSession: true\n- sessionInitTimeoutMs: 10000\n- permissionRequestTimeoutMs: 60000\n- allowedTools/disallowedTools: [] (none)\n- resumeToken: omitted unless CLAUDE_CODE_MCP_RESUME_SECRET is set on the server\n- Permission prompts auto-deny on timeout; use claude_code_check actions[].expiresAt/remainingMs\n\n";
-  desc += "Internal tools available to the agent (use allowedTools/disallowedTools to control approval policy; authoritative list returned by claude_code_check with includeTools=true):\n";
+  let desc = "Start a Claude Code session and return sessionId.\nUse claude_code_check to poll events/results and handle permissions.\n\n";
+  desc += "Internal tools (authoritative list: includeTools=true in claude_code_check):\n";
   for (const category of categories) {
     desc += `
 [${category}]
@@ -1592,8 +1942,7 @@ function buildInternalToolsDescription(tools) {
 `;
     }
   }
-  desc += "\nSecurity: You MUST configure allowedTools/disallowedTools based on your own permission scope. Only allow tools that you yourself are authorized to perform \u2014 do not grant the agent broader permissions than you have. For example, if you lack write access to a directory, do not include Write/Edit in allowedTools. When in doubt, leave both lists empty and review each permission request individually via claude_code_check.\n\n";
-  desc += 'Use `allowedTools` to pre-approve tools (no permission prompts). Use `disallowedTools` to permanently block specific tools. Any tool not in either list will pause the session (status: "waiting_permission") until approved or denied via claude_code_check.\n';
+  desc += "\nPermission control: allowedTools auto-approves; disallowedTools always denies; others require approval.\n";
   return desc;
 }
 
@@ -1652,6 +2001,117 @@ function toEvents(events, opts) {
     return { id: e.id, type: e.type, data: e.data, timestamp: e.timestamp };
   });
 }
+function uniqSorted(values) {
+  if (!Array.isArray(values) || values.length === 0) return [];
+  const filtered = values.filter((v) => typeof v === "string").map((v) => v.trim()).filter(Boolean);
+  return Array.from(new Set(filtered)).sort((a, b) => a.localeCompare(b));
+}
+function detectPathCompatibilityWarnings(session) {
+  if (!session) return [];
+  const cwd = session.cwd;
+  if (typeof cwd !== "string" || cwd.trim() === "") return [];
+  const warnings = [];
+  if (process.platform === "win32" && cwd.startsWith("/") && !cwd.startsWith("//")) {
+    warnings.push(
+      `cwd '${cwd}' looks POSIX-style on Windows. Consider using a Windows path (e.g. C:\\\\repo) to avoid path compatibility issues.`
+    );
+  }
+  if (process.platform !== "win32" && /^[a-zA-Z]:[\\/]/.test(cwd)) {
+    warnings.push(
+      `cwd '${cwd}' looks Windows-style on ${process.platform}. This may indicate cross-platform path mismatch (for example WSL boundary).`
+    );
+  }
+  if (process.platform !== "win32" && cwd.startsWith("\\\\")) {
+    warnings.push(
+      `cwd '${cwd}' looks like a Windows UNC path on ${process.platform}. Confirm MCP client/server run on the same platform.`
+    );
+  }
+  return warnings;
+}
+function isPosixHomePath(value) {
+  return /^\/home\/[^/]+(?:\/|$)/.test(value);
+}
+function detectPendingPermissionPathWarnings(pending, session) {
+  if (process.platform !== "win32" || pending.length === 0) return [];
+  const cwd = session?.cwd;
+  const cwdHint = typeof cwd === "string" && cwd.trim() !== "" ? ` under cwd '${cwd}'` : " under the current cwd";
+  const warnings = [];
+  for (const req of pending) {
+    const candidates = [];
+    if (typeof req.blockedPath === "string") candidates.push(req.blockedPath);
+    const filePath = req.input.file_path;
+    if (typeof filePath === "string") candidates.push(filePath);
+    const badPath = candidates.find((p) => isPosixHomePath(p));
+    if (!badPath) continue;
+    warnings.push(
+      `Permission request '${req.requestId}' uses POSIX home path '${badPath}' on Windows. Prefer an absolute Windows path${cwdHint} to avoid out-of-bounds permission prompts.`
+    );
+  }
+  return warnings;
+}
+function computeToolValidation(session, initTools) {
+  if (!session) return { summary: void 0, warnings: [] };
+  const allowedTools = uniqSorted(session.allowedTools);
+  const disallowedTools = uniqSorted(session.disallowedTools);
+  if (allowedTools.length === 0 && disallowedTools.length === 0) {
+    return { summary: void 0, warnings: [] };
+  }
+  if (!Array.isArray(initTools) || initTools.length === 0) {
+    return {
+      summary: {
+        runtimeToolsKnown: false,
+        unknownAllowedTools: [],
+        unknownDisallowedTools: []
+      },
+      warnings: [
+        "Runtime tool list is not available yet; unknown allowedTools/disallowedTools names cannot be validated until system/init tools arrive."
+      ]
+    };
+  }
+  const runtime = new Set(
+    initTools.filter((name) => typeof name === "string").map((name) => name.trim()).filter(Boolean)
+  );
+  const unknownAllowedTools = allowedTools.filter((name) => !runtime.has(name));
+  const unknownDisallowedTools = disallowedTools.filter((name) => !runtime.has(name));
+  const warnings = [];
+  if (unknownAllowedTools.length > 0) {
+    warnings.push(
+      `Unknown allowedTools (not present in runtime tools): ${unknownAllowedTools.join(", ")}.`
+    );
+  }
+  if (unknownDisallowedTools.length > 0) {
+    warnings.push(
+      `Unknown disallowedTools (not present in runtime tools): ${unknownDisallowedTools.join(", ")}.`
+    );
+  }
+  return {
+    summary: {
+      runtimeToolsKnown: true,
+      unknownAllowedTools,
+      unknownDisallowedTools
+    },
+    warnings
+  };
+}
+function byteLength(value) {
+  return new TextEncoder().encode(JSON.stringify(value)).length;
+}
+function capEventsByBytes(events, maxBytes) {
+  if (!Number.isFinite(maxBytes) || typeof maxBytes !== "number" || maxBytes <= 0) {
+    return { events, truncated: false };
+  }
+  const budget = Math.floor(maxBytes);
+  const kept = [];
+  let bytes = 2;
+  for (const evt of events) {
+    const evtBytes = byteLength(evt);
+    const separatorBytes = kept.length === 0 ? 0 : 1;
+    if (bytes + separatorBytes + evtBytes > budget) break;
+    kept.push(evt);
+    bytes += separatorBytes + evtBytes;
+  }
+  return { events: kept, truncated: kept.length < events.length };
+}
 function buildResult(sessionManager, toolCache, input) {
   const responseMode = input.responseMode ?? "minimal";
   const po = input.pollOptions ?? {};
@@ -1664,6 +2124,7 @@ function buildResult(sessionManager, toolCache, input) {
   const includeStructuredOutput = po.includeStructuredOutput ?? responseMode === "full";
   const includeTerminalEvents = po.includeTerminalEvents ?? responseMode === "full";
   const includeProgressEvents = po.includeProgressEvents ?? responseMode === "full";
+  const maxBytes = po.maxBytes;
   const maxEvents = input.maxEvents ?? (responseMode === "minimal" ? 200 : void 0);
   const sessionId = input.sessionId;
   const session = sessionManager.get(sessionId);
@@ -1676,7 +2137,7 @@ function buildResult(sessionManager, toolCache, input) {
   let truncated = false;
   const truncatedFields = [];
   const windowEvents = maxEvents !== void 0 && rawEvents.length > maxEvents ? rawEvents.slice(0, maxEvents) : rawEvents;
-  const nextCursor = maxEvents !== void 0 && rawEvents.length > maxEvents ? windowEvents.length > 0 ? windowEvents[windowEvents.length - 1].id + 1 : rawNextCursor : rawNextCursor;
+  let nextCursor = maxEvents !== void 0 && rawEvents.length > maxEvents ? windowEvents.length > 0 ? windowEvents[windowEvents.length - 1].id + 1 : rawNextCursor : rawNextCursor;
   if (maxEvents !== void 0 && rawEvents.length > maxEvents) {
     truncated = true;
     truncatedFields.push("events");
@@ -1699,8 +2160,28 @@ function buildResult(sessionManager, toolCache, input) {
   })();
   const pending = status === "waiting_permission" ? sessionManager.listPendingPermissions(sessionId) : [];
   const stored = status === "idle" || status === "error" ? sessionManager.getResult(sessionId) : void 0;
-  const initTools = includeTools ? sessionManager.getInitTools(sessionId) : void 0;
+  const initTools = sessionManager.getInitTools(sessionId);
   const availableTools = includeTools && initTools ? discoverToolsFromInit(initTools) : void 0;
+  const toolValidation = computeToolValidation(session, initTools);
+  const compatWarnings = Array.from(
+    /* @__PURE__ */ new Set([
+      ...toolValidation.warnings,
+      ...detectPathCompatibilityWarnings(session),
+      ...detectPendingPermissionPathWarnings(pending, session)
+    ])
+  );
+  const shapedEvents = toEvents(outputEvents, {
+    includeUsage,
+    includeModelUsage,
+    includeStructuredOutput,
+    slim: responseMode === "minimal"
+  });
+  const cappedEvents = capEventsByBytes(shapedEvents, maxBytes);
+  if (cappedEvents.truncated) {
+    truncated = true;
+    truncatedFields.push("events_bytes");
+    nextCursor = cappedEvents.events.length > 0 ? cappedEvents.events[cappedEvents.events.length - 1].id + 1 : cursorResetTo ?? input.cursor ?? 0;
+  }
   return {
     sessionId,
     status,
@@ -1708,14 +2189,11 @@ function buildResult(sessionManager, toolCache, input) {
     cursorResetTo,
     truncated: truncated ? true : void 0,
     truncatedFields: truncatedFields.length > 0 ? truncatedFields : void 0,
-    events: toEvents(outputEvents, {
-      includeUsage,
-      includeModelUsage,
-      includeStructuredOutput,
-      slim: responseMode === "minimal"
-    }),
+    events: cappedEvents.events,
     nextCursor,
     availableTools,
+    toolValidation: toolValidation.summary,
+    compatWarnings: compatWarnings.length > 0 ? compatWarnings : void 0,
     actions: includeActions && status === "waiting_permission" ? pending.map((req) => {
       const expiresMs = req.expiresAt ? Date.parse(req.expiresAt) : Number.NaN;
       const remainingMs = Number.isFinite(expiresMs) ? Math.max(0, expiresMs - Date.now()) : void 0;
@@ -1775,7 +2253,14 @@ function redactAgentResult(result, opts) {
     structuredOutput: opts.includeStructuredOutput ? structuredOutput : void 0
   };
 }
-function executeClaudeCodeCheck(input, sessionManager, toolCache) {
+function executeClaudeCodeCheck(input, sessionManager, toolCache, requestSignal) {
+  if (requestSignal?.aborted) {
+    return {
+      sessionId: input.sessionId ?? "",
+      error: `Error [${"CANCELLED" /* CANCELLED */}]: request was cancelled.`,
+      isError: true
+    };
+  }
   if (typeof input.sessionId !== "string" || input.sessionId.trim() === "") {
     return {
       sessionId: "",
@@ -1831,7 +2316,14 @@ function executeClaudeCodeCheck(input, sessionManager, toolCache) {
 }
 
 // src/tools/claude-code-session.ts
-function executeClaudeCodeSession(input, sessionManager) {
+function executeClaudeCodeSession(input, sessionManager, requestSignal) {
+  if (requestSignal?.aborted) {
+    return {
+      sessions: [],
+      message: `Error [${"CANCELLED" /* CANCELLED */}]: request was cancelled.`,
+      isError: true
+    };
+  }
   const toSessionJson = (s) => input.includeSensitive ? sessionManager.toSensitiveJSON(s) : sessionManager.toPublicJSON(s);
   switch (input.action) {
     case "list": {
@@ -1903,7 +2395,8 @@ var RESOURCE_SCHEME = "claude-code-mcp";
 var RESOURCE_URIS = {
   serverInfo: `${RESOURCE_SCHEME}:///server-info`,
   internalTools: `${RESOURCE_SCHEME}:///internal-tools`,
-  gotchas: `${RESOURCE_SCHEME}:///gotchas`
+  gotchas: `${RESOURCE_SCHEME}:///gotchas`,
+  compatReport: `${RESOURCE_SCHEME}:///compat-report`
 };
 function asTextResource(uri, text, mimeType) {
   return {
@@ -1923,7 +2416,7 @@ function registerResources(server, deps) {
     serverInfoUri.toString(),
     {
       title: "Server Info",
-      description: "Static server metadata (version/platform/runtime).",
+      description: "Server metadata (version/platform/runtime).",
       mimeType: "application/json"
     },
     () => asTextResource(
@@ -1949,7 +2442,7 @@ function registerResources(server, deps) {
     toolsUri.toString(),
     {
       title: "Internal Tools",
-      description: "Claude Code internal tool catalog (static + runtime-discovered).",
+      description: "Claude Code internal tool catalog (runtime-aware).",
       mimeType: "application/json"
     },
     () => asTextResource(
@@ -1972,10 +2465,10 @@ function registerResources(server, deps) {
       [
         "# claude-code-mcp: gotchas",
         "",
-        "- Permission approvals have a timeout (default 60s) and auto-deny (`actions[].expiresAt`/`remainingMs`).",
+        "- Permission approvals have a timeout (default 60s, server-clamped to 5min) and auto-deny (`actions[].expiresAt`/`remainingMs`).",
         "- `Read` has a per-call size cap in practice (often ~256KB); for large files use `offset`/`limit` or chunk with `Grep`.",
         "- `Edit` with `replace_all=true` is substring replacement; if no match is found the tool returns an error.",
-        "- `NotebookEdit` expects native Windows paths; this server normalizes MSYS paths like `/d/...` when possible.",
+        "- On Windows, this server normalizes common MSYS-style paths (e.g. `/d/...`, `/mnt/c/...`, `/cygdrive/c/...`, `//server/share/...`) for `cwd`, `additionalDirectories`, and tool inputs that include `file_path`.",
         "- `TeamDelete` may require members to reach `shutdown_approved`; cleanup can be asynchronous during shutdown.",
         '- Skills may become available later in the same session (early calls may show "Unknown").',
         "- Some internal features (e.g. ToolSearch) may not appear in `availableTools` because it is derived from SDK `system/init.tools`.",
@@ -1984,34 +2477,105 @@ function registerResources(server, deps) {
       "text/markdown"
     )
   );
+  const compatReportUri = new URL(RESOURCE_URIS.compatReport);
+  server.registerResource(
+    "compat_report",
+    compatReportUri.toString(),
+    {
+      title: "Compatibility Report",
+      description: "Compatibility diagnostics for MCP clients and local runtime assumptions.",
+      mimeType: "application/json"
+    },
+    () => {
+      const runtimeWarnings = [];
+      if (process.platform === "win32" && !process.env.CLAUDE_CODE_GIT_BASH_PATH) {
+        runtimeWarnings.push(
+          "CLAUDE_CODE_GIT_BASH_PATH is not set. Auto-detection exists, but explicit path is more reliable for GUI-launched MCP clients."
+        );
+      }
+      return asTextResource(
+        compatReportUri,
+        JSON.stringify(
+          {
+            transport: "stdio",
+            samePlatformRequired: true,
+            runtime: {
+              node: process.version,
+              platform: process.platform,
+              arch: process.arch
+            },
+            features: {
+              resources: true,
+              toolsListChanged: true,
+              resourcesListChanged: true,
+              prompts: false,
+              completions: false
+            },
+            guidance: [
+              "Some clients cache tool descriptions at connect time. Prefer claude_code_check(pollOptions.includeTools=true) for runtime-authoritative tool lists.",
+              "Use allowedTools/disallowedTools only with exact runtime tool names.",
+              "This server assumes MCP client and server run on the same machine/platform."
+            ],
+            toolCatalogCount: deps.toolCache.getTools().length,
+            runtimeWarnings
+          },
+          null,
+          2
+        ),
+        "application/json"
+      );
+    }
+  );
 }
 
 // src/server.ts
-var SERVER_VERSION = true ? "2.0.3" : "0.0.0-dev";
-function createServer(serverCwd) {
+var SERVER_VERSION = true ? "2.2.0" : "0.0.0-dev";
+function createServerContext(serverCwd) {
   const sessionManager = new SessionManager();
-  const toolCache = new ToolDiscoveryCache();
-  const server = new McpServer({
-    name: "claude-code-mcp",
-    version: SERVER_VERSION
+  const server = new McpServer(
+    {
+      name: "claude-code-mcp",
+      version: SERVER_VERSION,
+      title: "Claude Code MCP",
+      description: "MCP server that runs Claude Code via the Claude Agent SDK with async polling and interactive permissions.",
+      websiteUrl: "https://github.com/xihuai18/claude-code-mcp",
+      icons: []
+    },
+    {
+      capabilities: {
+        logging: {},
+        tools: { listChanged: true },
+        resources: { listChanged: true }
+      }
+    }
+  );
+  const claudeCodeToolRef = {};
+  const toolCache = new ToolDiscoveryCache(void 0, (tools) => {
+    try {
+      claudeCodeToolRef.current?.update({ description: buildInternalToolsDescription(tools) });
+      if (server.isConnected()) {
+        server.sendToolListChanged();
+      }
+    } catch {
+    }
   });
   const agentDefinitionSchema = z.object({
     description: z.string(),
     prompt: z.string(),
-    tools: z.array(z.string()).optional(),
-    disallowedTools: z.array(z.string()).optional(),
-    model: z.enum(AGENT_MODELS).optional(),
-    maxTurns: z.number().int().positive().optional(),
-    mcpServers: z.array(z.union([z.string(), z.record(z.string(), z.unknown())])).optional(),
-    skills: z.array(z.string()).optional(),
-    criticalSystemReminder_EXPERIMENTAL: z.string().optional()
+    tools: z.array(z.string()).optional().describe("Default: inherit"),
+    disallowedTools: z.array(z.string()).optional().describe("Default: none"),
+    model: z.enum(AGENT_MODELS).optional().describe("Default: inherit"),
+    maxTurns: z.number().int().positive().optional().describe("Default: none"),
+    mcpServers: z.array(z.union([z.string(), z.record(z.string(), z.unknown())])).optional().describe("Default: inherit"),
+    skills: z.array(z.string()).optional().describe("Default: none"),
+    criticalSystemReminder_EXPERIMENTAL: z.string().optional().describe("Default: none")
   });
   const systemPromptSchema = z.union([
     z.string(),
     z.object({
       type: z.literal("preset"),
       preset: z.literal("claude_code"),
-      append: z.string().optional().describe("Appended to preset prompt")
+      append: z.string().optional().describe("Default: none")
     })
   ]);
   const toolsConfigSchema = z.union([
@@ -2029,47 +2593,135 @@ function createServer(serverCwd) {
     }),
     z.object({ type: z.literal("disabled") })
   ]);
+  const effortOptionSchema = z.enum(EFFORT_LEVELS).optional();
+  const thinkingOptionSchema = thinkingSchema.optional();
   const outputFormatSchema = z.object({
     type: z.literal("json_schema"),
     schema: z.record(z.string(), z.unknown())
   });
-  const advancedOptionsSchema = z.object({
-    tools: toolsConfigSchema.optional().describe("Visible tool set. Default: SDK"),
+  const sharedOptionFieldsSchemaShape = {
+    tools: toolsConfigSchema.optional().describe("Tool set. Default: SDK"),
     persistSession: z.boolean().optional().describe("Default: true"),
-    sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000"),
-    agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Sub-agent definitions. Default: none"),
-    agent: z.string().optional().describe("Primary agent name (from 'agents'). Default: none"),
+    agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Default: none"),
+    agent: z.string().optional().describe("Default: none"),
     maxBudgetUsd: z.number().positive().optional().describe("Default: none"),
-    effort: z.enum(EFFORT_LEVELS).optional().describe("Default: SDK"),
     betas: z.array(z.string()).optional().describe("Default: none"),
     additionalDirectories: z.array(z.string()).optional().describe("Default: none"),
-    outputFormat: outputFormatSchema.optional().describe("Default: none (plain text)"),
-    thinking: thinkingSchema.optional().describe("Default: SDK"),
+    outputFormat: outputFormatSchema.optional().describe("Default: none"),
     pathToClaudeCodeExecutable: z.string().optional().describe("Default: SDK-bundled"),
     mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("Default: none"),
     sandbox: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
     fallbackModel: z.string().optional().describe("Default: none"),
     enableFileCheckpointing: z.boolean().optional().describe("Default: false"),
-    includePartialMessages: z.boolean().optional().describe("Stream events to claude_code_check. Default: false"),
+    includePartialMessages: z.boolean().optional().describe("Default: false"),
     strictMcpConfig: z.boolean().optional().describe("Default: false"),
-    settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. [] = isolation mode"),
+    settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. []=isolation"),
     debug: z.boolean().optional().describe("Default: false"),
-    debugFile: z.string().optional().describe("Enables debug. Default: none"),
-    env: z.record(z.string(), z.string().optional()).optional().describe("Merged with process.env. Default: none")
-  }).optional().describe("Low-frequency SDK options (all optional)");
-  server.tool(
+    debugFile: z.string().optional().describe("Default: none"),
+    env: z.record(z.string(), z.string().optional()).optional().describe("Default: none")
+  };
+  const advancedOptionFieldsSchemaShape = {
+    ...sharedOptionFieldsSchemaShape,
+    effort: effortOptionSchema.describe("Deprecated, use top-level. Default: SDK"),
+    thinking: thinkingOptionSchema.describe("Deprecated, use top-level. Default: SDK")
+  };
+  const diskResumeOptionFieldsSchemaShape = {
+    ...sharedOptionFieldsSchemaShape,
+    effort: effortOptionSchema.describe("Default: SDK"),
+    thinking: thinkingOptionSchema.describe("Default: SDK")
+  };
+  const advancedOptionsSchema = z.object({
+    ...advancedOptionFieldsSchemaShape,
+    sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000")
+  }).optional().describe("Default: none");
+  const diskResumeConfigSchema = z.object({
+    resumeToken: z.string(),
+    cwd: z.string(),
+    allowedTools: z.array(z.string()).optional().describe("Default: []"),
+    disallowedTools: z.array(z.string()).optional().describe("Default: []"),
+    maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
+    model: z.string().optional().describe("Default: SDK"),
+    systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
+    resumeSessionAt: z.string().optional().describe("Default: none"),
+    ...diskResumeOptionFieldsSchemaShape
+  }).optional().describe("Default: none");
+  const startResultSchema = z.object({
+    sessionId: z.string(),
+    status: z.enum(["running", "error"]),
+    pollInterval: z.number().optional(),
+    resumeToken: z.string().optional(),
+    compatWarnings: z.array(z.string()).optional(),
+    error: z.string().optional()
+  }).passthrough();
+  const sessionResultSchema = z.object({
+    sessions: z.array(z.record(z.string(), z.unknown())),
+    message: z.string().optional(),
+    isError: z.boolean().optional()
+  }).passthrough();
+  const checkEventSchema = z.object({
+    id: z.number().int().nonnegative(),
+    type: z.string(),
+    data: z.unknown(),
+    timestamp: z.string()
+  }).passthrough();
+  const checkActionSchema = z.object({
+    type: z.string(),
+    requestId: z.string().optional(),
+    toolName: z.string().optional(),
+    input: z.record(z.string(), z.unknown()).optional(),
+    summary: z.string().optional()
+  }).passthrough();
+  const checkResultSchema = z.object({
+    sessionId: z.string(),
+    status: z.string(),
+    pollInterval: z.number().optional(),
+    cursorResetTo: z.number().optional(),
+    truncated: z.boolean().optional(),
+    truncatedFields: z.array(z.string()).optional(),
+    events: z.array(checkEventSchema),
+    nextCursor: z.number().optional(),
+    availableTools: z.array(z.record(z.string(), z.unknown())).optional(),
+    toolValidation: z.object({
+      runtimeToolsKnown: z.boolean(),
+      unknownAllowedTools: z.array(z.string()),
+      unknownDisallowedTools: z.array(z.string())
+    }).optional(),
+    compatWarnings: z.array(z.string()).optional(),
+    actions: z.array(checkActionSchema).optional(),
+    result: z.unknown().optional(),
+    cancelledAt: z.string().optional(),
+    cancelledReason: z.string().optional(),
+    cancelledSource: z.string().optional(),
+    lastEventId: z.number().optional(),
+    lastToolUseId: z.string().optional(),
+    isError: z.boolean().optional(),
+    error: z.string().optional()
+  }).passthrough();
+  claudeCodeToolRef.current = server.registerTool(
     "claude_code",
-    buildInternalToolsDescription(toolCache.getTools()),
     {
-      prompt: z.string().describe("Task or question"),
-      cwd: z.string().optional().describe("Working directory. Default: server cwd"),
-      allowedTools: z.array(z.string()).optional().describe("Auto-approved tools, e.g. ['Bash','Read','Write','Edit']. Default: []"),
-      disallowedTools: z.array(z.string()).optional().describe("Forbidden tools (priority over allowedTools). Default: []"),
-      maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
-      model: z.string().optional().describe("e.g. 'opus'. Default: SDK"),
-      systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
-      permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Auto-deny timeout (ms). Default: 60000"),
-      advanced: advancedOptionsSchema
+      description: buildInternalToolsDescription(toolCache.getTools()),
+      inputSchema: {
+        prompt: z.string().describe("Prompt"),
+        cwd: z.string().optional().describe("Working dir. Default: server cwd"),
+        allowedTools: z.array(z.string()).optional().describe("Default: []"),
+        disallowedTools: z.array(z.string()).optional().describe("Default: []"),
+        maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
+        model: z.string().optional().describe("Default: SDK"),
+        effort: effortOptionSchema.describe("Default: SDK"),
+        thinking: thinkingOptionSchema.describe("Default: SDK"),
+        systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
+        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000"),
+        sessionInitTimeoutMs: z.number().int().positive().optional().describe("Deprecated, use advanced.sessionInitTimeoutMs. Default: 10000"),
+        advanced: advancedOptionsSchema
+      },
+      outputSchema: startResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: true
+      }
     },
     async (args, extra) => {
       try {
@@ -2088,76 +2740,50 @@ function createServer(serverCwd) {
               text: JSON.stringify(result, null, 2)
             }
           ],
+          structuredContent: result,
           isError
         };
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessionId: "",
+          status: "error",
+          error: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+        };
         return {
           content: [
             {
               type: "text",
-              text: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+              text: JSON.stringify(errorResult, null, 2)
             }
           ],
+          structuredContent: errorResult,
           isError: true
         };
       }
     }
   );
-  server.tool(
+  server.registerTool(
     "claude_code_reply",
-    `Send a follow-up message to an existing Claude Code session.
-
-The agent retains full context from previous turns (files read, code analyzed, conversation history). Returns immediately \u2014 use claude_code_check to poll for the result.
-
-Supports session forking (forkSession=true) to explore alternative approaches without modifying the original session.
-
-Defaults:
-- forkSession: false
-- sessionInitTimeoutMs: 10000 (only used when forkSession=true)
-- permissionRequestTimeoutMs: 60000
-- Disk resume: disabled unless CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1
-
-Disk resume: If the server restarted and the session is no longer in memory, set CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1 to let the agent resume from its on-disk transcript. Pass diskResumeConfig with resumeToken and session parameters.`,
     {
-      sessionId: z.string().describe("Session ID from claude_code"),
-      prompt: z.string().describe("Follow-up message"),
-      forkSession: z.boolean().optional().describe("Branch into new session copy. Default: false"),
-      sessionInitTimeoutMs: z.number().int().positive().optional().describe("Fork init timeout (ms). Default: 10000"),
-      permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Auto-deny timeout (ms). Default: 60000"),
-      diskResumeConfig: z.object({
-        resumeToken: z.string().optional().describe("Required"),
-        cwd: z.string().optional().describe("Required"),
-        allowedTools: z.array(z.string()).optional().describe("Default: []"),
-        disallowedTools: z.array(z.string()).optional().describe("Default: []"),
-        tools: toolsConfigSchema.optional().describe("Default: SDK"),
-        persistSession: z.boolean().optional().describe("Default: true"),
-        maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
-        model: z.string().optional().describe("Default: SDK"),
-        systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
-        agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Default: none"),
-        agent: z.string().optional().describe("Default: none"),
-        maxBudgetUsd: z.number().positive().optional().describe("Default: none"),
-        effort: z.enum(EFFORT_LEVELS).optional().describe("Default: SDK"),
-        betas: z.array(z.string()).optional().describe("Default: none"),
-        additionalDirectories: z.array(z.string()).optional().describe("Default: none"),
-        outputFormat: outputFormatSchema.optional().describe("Default: none"),
-        thinking: thinkingSchema.optional().describe("Default: SDK"),
-        resumeSessionAt: z.string().optional().describe("Resume to specific message UUID. Default: none"),
-        pathToClaudeCodeExecutable: z.string().optional().describe("Default: SDK-bundled"),
-        mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("Default: none"),
-        sandbox: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
-        fallbackModel: z.string().optional().describe("Default: none"),
-        enableFileCheckpointing: z.boolean().optional().describe("Default: false"),
-        includePartialMessages: z.boolean().optional().describe("Stream events to claude_code_check. Default: false"),
-        strictMcpConfig: z.boolean().optional().describe("Default: false"),
-        settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. [] = isolation mode"),
-        debug: z.boolean().optional().describe("Default: false"),
-        debugFile: z.string().optional().describe("Enables debug. Default: none"),
-        env: z.record(z.string(), z.string().optional()).optional().describe("Default: none")
-      }).optional().describe(
-        "Disk resume config (needs CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1). Requires resumeToken + cwd."
-      )
+      description: "Send a follow-up to an existing session. Returns immediately; use claude_code_check to poll.",
+      inputSchema: {
+        sessionId: z.string().describe("Session ID"),
+        prompt: z.string().describe("Prompt"),
+        forkSession: z.boolean().optional().describe("Default: false"),
+        effort: effortOptionSchema.describe("Default: SDK"),
+        thinking: thinkingOptionSchema.describe("Default: SDK"),
+        sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000"),
+        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000"),
+        diskResumeConfig: diskResumeConfigSchema
+      },
+      outputSchema: startResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: true
+      }
     },
     async (args, extra) => {
       try {
@@ -2170,137 +2796,339 @@ Disk resume: If the server restarted and the session is no longer in memory, set
               text: JSON.stringify(result, null, 2)
             }
           ],
+          structuredContent: result,
           isError
         };
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessionId: "",
+          status: "error",
+          error: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+        };
         return {
           content: [
             {
               type: "text",
-              text: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+              text: JSON.stringify(errorResult, null, 2)
             }
           ],
+          structuredContent: errorResult,
           isError: true
         };
       }
     }
   );
-  server.tool(
+  server.registerTool(
     "claude_code_session",
-    `List, inspect, or cancel Claude Code sessions.
-
-- action="list": Get all sessions with their status, cost, turn count, and settings.
-- action="get": Get full details for one session (pass sessionId). Add includeSensitive=true to also see cwd, systemPrompt, agents, and additionalDirectories.
-- action="cancel": Stop a running session immediately (pass sessionId).`,
     {
-      action: z.enum(SESSION_ACTIONS),
-      sessionId: z.string().optional().describe("Required for 'get' and 'cancel'"),
-      includeSensitive: z.boolean().optional().describe("Include cwd/systemPrompt/agents/additionalDirectories. Default: false")
+      description: "List, inspect, or cancel sessions.",
+      inputSchema: {
+        action: z.enum(SESSION_ACTIONS),
+        sessionId: z.string().optional().describe("Required for get/cancel"),
+        includeSensitive: z.boolean().optional().describe("Default: false")
+      },
+      outputSchema: sessionResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: false
+      }
     },
-    async (args) => {
-      const result = executeClaudeCodeSession(args, sessionManager);
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify(result, null, 2)
-          }
-        ],
-        isError: result.isError ?? false
-      };
+    async (args, extra) => {
+      try {
+        const result = executeClaudeCodeSession(args, sessionManager, extra.signal);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(result, null, 2)
+            }
+          ],
+          structuredContent: result,
+          isError: result.isError ?? false
+        };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessions: [],
+          message: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`,
+          isError: true
+        };
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(errorResult, null, 2)
+            }
+          ],
+          structuredContent: errorResult,
+          isError: true
+        };
+      }
     }
   );
-  server.tool(
+  server.registerTool(
     "claude_code_check",
-    `Query a running session for new events, retrieve the final result, or respond to permission requests.
-
-Two actions:
-
-Defaults (poll):
-- responseMode: "minimal"
-- minimal mode strips verbose fields from assistant messages (usage, model, id, cache_control) and filters out noisy progress events (tool_progress, auth_status)
-- maxEvents: 200 in minimal mode (unlimited in full mode unless maxEvents is set)
-
-action="poll" \u2014 Retrieve events since the last poll.
-  Returns events (agent output, progress updates, permission requests, errors, final result).
-  Pass the cursor from the previous poll's nextCursor for incremental updates. Omit cursor to get all buffered events.
-  If the agent is waiting for permission, the response includes an "actions" array with pending requests.
-
-action="respond_permission" \u2014 Approve or deny a pending permission request.
-  Pass the requestId from the actions array, plus decision="allow" or decision="deny".
-  Approving resumes agent execution. Denying (with optional interrupt=true) can halt the entire session.
-  The response also includes the latest poll state (events, status, etc.), so a separate poll call is not needed.`,
     {
-      action: z.enum(CHECK_ACTIONS),
-      sessionId: z.string().describe("Target session ID"),
-      cursor: z.number().int().nonnegative().optional().describe("Event offset for incremental poll. Default: 0"),
-      responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Default: 'minimal'"),
-      maxEvents: z.number().int().positive().optional().describe("Events per poll. Default: 200 (minimal)"),
-      requestId: z.string().optional().describe("Permission request ID (from actions[])"),
-      decision: z.enum(["allow", "deny"]).optional().describe("For respond_permission"),
-      denyMessage: z.string().optional().describe("Reason shown to agent on deny. Default: 'Permission denied by caller'"),
-      interrupt: z.boolean().optional().describe("Stop session on deny. Default: false"),
-      pollOptions: z.object({
-        includeTools: z.boolean().optional().describe("Default: false"),
-        includeEvents: z.boolean().optional().describe("Default: true"),
-        includeActions: z.boolean().optional().describe("Default: true"),
-        includeResult: z.boolean().optional().describe("Default: true"),
-        includeUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeModelUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeStructuredOutput: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeTerminalEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeProgressEvents: z.boolean().optional().describe("Default: full=true, minimal=false")
-      }).optional().describe("Override responseMode defaults"),
-      permissionOptions: z.object({
-        updatedInput: z.record(z.string(), z.unknown()).optional().describe("Replace tool input on allow. Default: none"),
-        updatedPermissions: z.array(z.record(z.string(), z.unknown())).optional().describe("Update permission rules on allow. Default: none")
-      }).optional().describe("Allow-only: modify tool input or update rules")
+      description: "Poll session events or respond to permission requests.",
+      inputSchema: {
+        action: z.enum(CHECK_ACTIONS),
+        sessionId: z.string().describe("Session ID"),
+        cursor: z.number().int().nonnegative().optional().describe("Default: 0"),
+        responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Default: 'minimal'"),
+        maxEvents: z.number().int().positive().optional().describe("Default: 200 (minimal), unlimited (full)"),
+        requestId: z.string().optional().describe("Permission request ID"),
+        decision: z.enum(["allow", "deny"]).optional().describe("Decision"),
+        denyMessage: z.string().optional().describe("Default: 'Permission denied by caller'"),
+        interrupt: z.boolean().optional().describe("Default: false"),
+        pollOptions: z.object({
+          includeTools: z.boolean().optional().describe("Default: false"),
+          includeEvents: z.boolean().optional().describe("Default: true"),
+          includeActions: z.boolean().optional().describe("Default: true"),
+          includeResult: z.boolean().optional().describe("Default: true"),
+          includeUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          includeModelUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          includeStructuredOutput: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          includeTerminalEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          includeProgressEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          maxBytes: z.number().int().positive().optional().describe("Default: unlimited")
+        }).optional().describe("Default: none"),
+        permissionOptions: z.object({
+          updatedInput: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
+          updatedPermissions: z.array(z.record(z.string(), z.unknown())).optional().describe("Default: none")
+        }).optional().describe("Default: none")
+      },
+      outputSchema: checkResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: false
+      }
     },
-    async (args) => {
-      const result = executeClaudeCodeCheck(args, sessionManager, toolCache);
-      const isError = result.isError === true;
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify(result, null, 2)
-          }
-        ],
-        isError
-      };
+    async (args, extra) => {
+      try {
+        const result = executeClaudeCodeCheck(args, sessionManager, toolCache, extra.signal);
+        const isError = result.isError === true;
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(result, null, 2)
+            }
+          ],
+          structuredContent: result,
+          isError
+        };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessionId: args.sessionId ?? "",
+          status: "error",
+          events: [],
+          isError: true,
+          error: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+        };
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(errorResult, null, 2)
+            }
+          ],
+          structuredContent: errorResult,
+          isError: true
+        };
+      }
     }
   );
   registerResources(server, { toolCache });
-  const originalClose = server.close.bind(server);
-  server.close = async () => {
-    sessionManager.destroy();
-    await originalClose();
-  };
-  return server;
+  return { server, sessionManager, toolCache };
+}
+
+// src/utils/runtime-errors.ts
+var BENIGN_CODES = /* @__PURE__ */ new Set([
+  "EPIPE",
+  "ECONNRESET",
+  "ERR_STREAM_WRITE_AFTER_END",
+  "ERR_STREAM_DESTROYED",
+  "ABORT_ERR"
+]);
+var BENIGN_MESSAGE_PATTERNS = [
+  "operation aborted",
+  "request was cancelled",
+  "transport closed",
+  "write after end",
+  "stream was destroyed",
+  "cannot call write after a stream was destroyed",
+  "the pipe is being closed"
+];
+function isBenignRuntimeError(error) {
+  if (!(error instanceof Error)) return false;
+  const withCode = error;
+  const code = typeof withCode.code === "string" ? withCode.code : void 0;
+  if (code && BENIGN_CODES.has(code)) return true;
+  if (error.name === "AbortError") return true;
+  const message = error.message.toLowerCase();
+  return BENIGN_MESSAGE_PATTERNS.some((pattern) => message.includes(pattern));
 }
 
 // src/index.ts
+var STDIN_SHUTDOWN_CHECK_MS = 750;
+var STDIN_SHUTDOWN_MAX_WAIT_MS = process.platform === "win32" ? 15e3 : 1e4;
+function summarizeSessions(ctx) {
+  const sessions = ctx.sessionManager.list();
+  const running = sessions.filter((s) => s.status === "running").length;
+  const waitingPermission = sessions.filter((s) => s.status === "waiting_permission").length;
+  return {
+    total: sessions.length,
+    running,
+    waitingPermission,
+    terminal: sessions.length - running - waitingPermission
+  };
+}
 async function main() {
   const serverCwd = process.cwd();
-  const server = createServer(serverCwd);
+  const ctx = createServerContext(serverCwd);
+  const server = ctx.server;
+  const sessionManager = ctx.sessionManager;
   const transport = new StdioServerTransport();
   let closing = false;
-  const shutdown = async () => {
+  let lastExitCode = 0;
+  let stdinClosedAt;
+  let stdinClosedReason;
+  let stdinShutdownTimer;
+  const onStdinEnd = () => handleStdinTerminated("end");
+  const onStdinClose = () => handleStdinTerminated("close");
+  const clearStdinShutdownTimer = () => {
+    if (stdinShutdownTimer) {
+      clearTimeout(stdinShutdownTimer);
+      stdinShutdownTimer = void 0;
+    }
+  };
+  const shutdown = async (reason = "unknown") => {
     if (closing) return;
     closing = true;
+    clearStdinShutdownTimer();
+    if (typeof process.stdin.off === "function") {
+      process.stdin.off("error", handleStdinError);
+      process.stdin.off("end", onStdinEnd);
+      process.stdin.off("close", onStdinClose);
+    }
+    const forceExitMs = process.platform === "win32" ? 1e4 : 5e3;
+    const forceExitTimer = setTimeout(() => process.exit(lastExitCode), forceExitMs);
+    if (forceExitTimer.unref) forceExitTimer.unref();
+    const sessionSummary = summarizeSessions(ctx);
     try {
+      if (server?.isConnected()) {
+        await server.sendLoggingMessage({
+          level: "info",
+          data: { event: "server_stopping", reason, ...sessionSummary }
+        });
+      }
+      sessionManager.destroy();
       await server.close();
     } catch {
     }
-    process.exitCode = 0;
-    setTimeout(() => process.exit(0), 100);
+    process.exitCode = lastExitCode;
+    try {
+      await new Promise((resolve) => process.stderr.write("", () => resolve()));
+    } catch {
+    } finally {
+      clearTimeout(forceExitTimer);
+    }
+  };
+  function handleStdinError(error) {
+    console.error("stdin error:", error);
+    lastExitCode = 1;
+    void shutdown("stdin_error");
+  }
+  function hasActiveSessions() {
+    return sessionManager.list().some((s) => s.status === "running" || s.status === "waiting_permission");
+  }
+  const evaluateStdinTermination = () => {
+    if (closing || stdinClosedAt === void 0) return;
+    const stdinUnavailable = process.stdin.destroyed || process.stdin.readableEnded || !process.stdin.readable;
+    if (!stdinUnavailable) {
+      stdinClosedAt = void 0;
+      stdinClosedReason = void 0;
+      return;
+    }
+    const elapsedMs = Date.now() - stdinClosedAt;
+    const active = hasActiveSessions();
+    const connected = server.isConnected();
+    if (!active && !connected) {
+      void shutdown(`stdin_${stdinClosedReason ?? "closed"}`);
+      return;
+    }
+    if (elapsedMs >= STDIN_SHUTDOWN_MAX_WAIT_MS) {
+      void shutdown(`stdin_${stdinClosedReason ?? "closed"}_timeout`);
+      return;
+    }
+    stdinShutdownTimer = setTimeout(evaluateStdinTermination, STDIN_SHUTDOWN_CHECK_MS);
+    if (stdinShutdownTimer.unref) stdinShutdownTimer.unref();
   };
-  process.on("SIGINT", shutdown);
-  process.on("SIGTERM", shutdown);
+  function handleStdinTerminated(event) {
+    if (closing) return;
+    if (stdinClosedAt === void 0) {
+      stdinClosedAt = Date.now();
+      stdinClosedReason = event;
+      console.error(`[lifecycle] stdin ${event} observed; entering guarded shutdown checks`);
+    }
+    clearStdinShutdownTimer();
+    stdinShutdownTimer = setTimeout(evaluateStdinTermination, STDIN_SHUTDOWN_CHECK_MS);
+    if (stdinShutdownTimer.unref) stdinShutdownTimer.unref();
+  }
+  const handleUnexpectedError = (error) => {
+    if (isBenignRuntimeError(error)) {
+      console.error("Ignored benign runtime abort:", error);
+      return;
+    }
+    console.error("Unhandled runtime error:", error);
+    lastExitCode = 1;
+    void shutdown("runtime_error");
+  };
+  process.on("SIGINT", () => {
+    void shutdown("SIGINT");
+  });
+  process.on("SIGTERM", () => {
+    void shutdown("SIGTERM");
+  });
+  process.on("SIGHUP", () => {
+    void shutdown("SIGHUP");
+  });
+  process.on("beforeExit", () => {
+    void shutdown("beforeExit");
+  });
+  process.on("uncaughtException", handleUnexpectedError);
+  process.on("unhandledRejection", handleUnexpectedError);
+  if (process.platform === "win32") {
+    process.on("SIGBREAK", () => {
+      void shutdown("SIGBREAK");
+    });
+  }
+  if (typeof process.stdin.resume === "function") {
+    process.stdin.resume();
+  }
+  process.stdin.on("error", handleStdinError);
+  process.stdin.on("end", onStdinEnd);
+  process.stdin.on("close", onStdinClose);
   await server.connect(transport);
+  server.sendToolListChanged();
+  server.sendResourceListChanged();
   checkWindowsBashAvailability();
-  console.error(`claude-code-mcp server started (cwd: ${serverCwd})`);
+  try {
+    if (transport && server) {
+      await server.sendLoggingMessage({
+        level: "info",
+        data: { event: "server_started", cwd: serverCwd }
+      });
+    }
+  } catch {
+  }
+  console.error(`claude-code-mcp server started (transport=stdio, cwd: ${serverCwd})`);
 }
 main().catch((err) => {
   console.error("Fatal error:", err);