@leo000001/claude-code-mcp 2.0.3 → 2.4.0

package/dist/index.js

@@ -7,45 +7,102 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { z } from "zod";
 
-// src/utils/permission-updated-input.ts
-function normalizePermissionUpdatedInput(input) {
-  if (input && typeof input === "object" && !Array.isArray(input)) {
-    return input;
-  }
-  return { input };
+// src/utils/normalize-windows-path.ts
+import path from "path";
+import os from "os";
+var TOOL_INPUT_PATH_FIELDS = [
+  "file_path",
+  "path",
+  "directory",
+  "folder",
+  "cwd",
+  "dest",
+  "destination",
+  "source",
+  "target"
+];
+function maybeAddWindowsLongPathPrefix(value) {
+  if (value.startsWith("\\\\?\\") || value.startsWith("\\\\.\\") || value.length < 240)
+    return value;
+  return path.win32.toNamespacedPath(value);
 }
-
-// src/utils/normalize-tool-input.ts
-function normalizeMsysToWindowsPath(path2) {
-  if (/^[a-zA-Z]:[\\/]/.test(path2) || path2.startsWith("\\\\")) return void 0;
-  if (path2.startsWith("//")) {
-    const m2 = path2.match(/^\/\/([^/]{2,})\/(.*)$/);
+function expandTilde(value, platform) {
+  if (value === "~") return os.homedir();
+  if (!value.startsWith("~")) return value;
+  const next = value[1];
+  if (next !== "/" && next !== "\\") return value;
+  const rest = value.slice(2);
+  const join2 = platform === "win32" ? path.win32.join : path.posix.join;
+  return join2(os.homedir(), rest);
+}
+function convertMsysToWindowsPath(rawPath) {
+  if (/^[a-zA-Z]:[\\/]/.test(rawPath) || rawPath.startsWith("\\\\")) return void 0;
+  if (rawPath.startsWith("//")) {
+    const m2 = rawPath.match(/^\/\/([^/]{2,})\/(.*)$/);
     if (m2) {
       const host = m2[1];
       const rest2 = m2[2] ?? "";
       return `\\\\${host}\\${rest2.replace(/\//g, "\\")}`;
     }
   }
-  const cyg = path2.match(/^\/cygdrive\/([a-zA-Z])\/(.*)$/);
+  const cyg = rawPath.match(/^\/cygdrive\/([a-zA-Z])\/(.*)$/);
   if (cyg) {
     const drive2 = cyg[1].toUpperCase();
     const rest2 = cyg[2] ?? "";
     return `${drive2}:\\${rest2.replace(/\//g, "\\")}`;
   }
-  const m = path2.match(/^\/(?:mnt\/)?([a-zA-Z])\/(.*)$/);
+  const m = rawPath.match(/^\/(?:mnt\/)?([a-zA-Z])\/(.*)$/);
   if (!m) return void 0;
   const drive = m[1].toUpperCase();
   const rest = m[2] ?? "";
   return `${drive}:\\${rest.replace(/\//g, "\\")}`;
 }
-function normalizeToolInput(toolName, input, platform = process.platform) {
+function normalizeMsysToWindowsPath(rawPath) {
+  const converted = convertMsysToWindowsPath(rawPath);
+  if (!converted) return void 0;
+  return path.win32.normalize(converted);
+}
+function isUnsupportedPosixAbsolutePath(value, platform = process.platform) {
+  if (platform !== "win32") return false;
+  if (!value.startsWith("/")) return false;
+  return convertMsysToWindowsPath(value) === void 0;
+}
+function extractPosixHomePathFromCommand(command) {
+  const match = command.match(/\/home\/[^/\s"'`]+(?:\/[^\s"'`]*)?/);
+  return match?.[0];
+}
+function findUnsupportedPosixPathInToolInput(input, platform = process.platform) {
+  if (platform !== "win32") return void 0;
+  for (const key of TOOL_INPUT_PATH_FIELDS) {
+    const value = input[key];
+    if (typeof value !== "string") continue;
+    if (isUnsupportedPosixAbsolutePath(value, platform)) return value;
+  }
+  const command = input.command;
+  if (typeof command !== "string") return void 0;
+  const embeddedHomePath = extractPosixHomePathFromCommand(command);
+  if (!embeddedHomePath) return void 0;
+  return isUnsupportedPosixAbsolutePath(embeddedHomePath, platform) ? embeddedHomePath : void 0;
+}
+function normalizeWindowsPathLike(value, platform = process.platform) {
+  const expanded = expandTilde(value, platform);
+  if (platform !== "win32") return expanded;
+  const converted = normalizeMsysToWindowsPath(expanded);
+  if (!converted && expanded.startsWith("/")) return expanded;
+  const normalized = path.win32.normalize(converted ?? expanded);
+  return maybeAddWindowsLongPathPrefix(normalized);
+}
+function normalizeWindowsPathArray(values, platform = process.platform) {
+  return values.map((v) => normalizeWindowsPathLike(v, platform));
+}
+
+// src/utils/normalize-tool-input.ts
+function normalizeToolInput(_toolName, input, platform = process.platform) {
   if (platform !== "win32") return input;
-  if (toolName !== "NotebookEdit") return input;
   const filePath = input.file_path;
   if (typeof filePath !== "string") return input;
-  const normalized = normalizeMsysToWindowsPath(filePath);
-  if (!normalized) return input;
-  return { ...input, file_path: normalized };
+  const normalized = normalizeWindowsPathLike(filePath, platform);
+  return normalized === filePath ? input : { ...input, file_path: normalized };
 }
 
 // src/session/manager.ts
@@ -54,21 +111,91 @@ var DEFAULT_RUNNING_SESSION_MAX_MS = 4 * 60 * 60 * 1e3;
 var DEFAULT_CLEANUP_INTERVAL_MS = 6e4;
 var DEFAULT_EVENT_BUFFER_MAX_SIZE = 1e3;
 var DEFAULT_EVENT_BUFFER_HARD_MAX_SIZE = 2e3;
+var DEFAULT_MAX_SESSIONS = 128;
+var DEFAULT_MAX_PENDING_PERMISSIONS_PER_SESSION = 64;
+function parsePositiveInt(raw) {
+  if (typeof raw !== "string" || raw.trim() === "") return void 0;
+  const parsed = Number.parseInt(raw, 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) return void 0;
+  return parsed;
+}
+function normalizePositiveNumber(value) {
+  if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) return void 0;
+  return Math.trunc(value);
+}
+function normalizeToolPolicyNames(values) {
+  if (!Array.isArray(values) || values.length === 0) return [];
+  return values.filter((value) => typeof value === "string").map((value) => value.trim()).filter((value) => value !== "");
+}
 var SessionManager = class _SessionManager {
   sessions = /* @__PURE__ */ new Map();
   runtime = /* @__PURE__ */ new Map();
+  drainingSessions = /* @__PURE__ */ new Map();
   cleanupTimer;
   sessionTtlMs = DEFAULT_SESSION_TTL_MS;
   runningSessionMaxMs = DEFAULT_RUNNING_SESSION_MAX_MS;
   platform;
+  maxSessions;
+  maxPendingPermissionsPerSession;
+  eventBufferMaxSize;
+  eventBufferHardMaxSize;
+  destroyed = false;
   constructor(opts) {
     this.platform = opts?.platform ?? process.platform;
+    const envRaw = process.env.CLAUDE_CODE_MCP_MAX_SESSIONS;
+    const envParsed = typeof envRaw === "string" && envRaw.trim() !== "" ? Number.parseInt(envRaw, 10) : NaN;
+    const configured = opts?.maxSessions ?? (Number.isFinite(envParsed) ? envParsed : void 0);
+    this.maxSessions = typeof configured === "number" ? configured <= 0 ? Number.POSITIVE_INFINITY : configured : DEFAULT_MAX_SESSIONS;
+    const maxPendingEnvRaw = process.env.CLAUDE_CODE_MCP_MAX_PENDING_PERMISSIONS;
+    const maxPendingEnvParsed = typeof maxPendingEnvRaw === "string" && maxPendingEnvRaw.trim() !== "" ? Number.parseInt(maxPendingEnvRaw, 10) : NaN;
+    const maxPendingConfigured = opts?.maxPendingPermissionsPerSession ?? (Number.isFinite(maxPendingEnvParsed) ? maxPendingEnvParsed : void 0);
+    this.maxPendingPermissionsPerSession = typeof maxPendingConfigured === "number" ? maxPendingConfigured <= 0 ? Number.POSITIVE_INFINITY : maxPendingConfigured : DEFAULT_MAX_PENDING_PERMISSIONS_PER_SESSION;
+    const configuredEventBufferMaxSize = normalizePositiveNumber(opts?.eventBufferMaxSize) ?? parsePositiveInt(process.env.CLAUDE_CODE_MCP_EVENT_BUFFER_MAX_SIZE);
+    const configuredEventBufferHardMaxSize = normalizePositiveNumber(opts?.eventBufferHardMaxSize) ?? parsePositiveInt(process.env.CLAUDE_CODE_MCP_EVENT_BUFFER_HARD_MAX_SIZE);
+    this.eventBufferMaxSize = configuredEventBufferMaxSize ?? DEFAULT_EVENT_BUFFER_MAX_SIZE;
+    const initialHardMaxSize = configuredEventBufferHardMaxSize ?? DEFAULT_EVENT_BUFFER_HARD_MAX_SIZE;
+    this.eventBufferHardMaxSize = Math.max(this.eventBufferMaxSize, initialHardMaxSize);
+    if (initialHardMaxSize < this.eventBufferMaxSize) {
+      console.error(
+        `[config] CLAUDE_CODE_MCP_EVENT_BUFFER_HARD_MAX_SIZE (${initialHardMaxSize}) is smaller than maxSize (${this.eventBufferMaxSize}); clamped to ${this.eventBufferHardMaxSize}.`
+      );
+    }
     this.cleanupTimer = setInterval(() => this.cleanup(), DEFAULT_CLEANUP_INTERVAL_MS);
     if (this.cleanupTimer.unref) {
       this.cleanupTimer.unref();
     }
   }
+  getSessionCount() {
+    if (this.destroyed) return 0;
+    return this.sessions.size;
+  }
+  getMaxSessions() {
+    return this.maxSessions;
+  }
+  getMaxPendingPermissionsPerSession() {
+    return this.maxPendingPermissionsPerSession;
+  }
+  getEventBufferConfig() {
+    return {
+      maxSize: this.eventBufferMaxSize,
+      hardMaxSize: this.eventBufferHardMaxSize
+    };
+  }
+  getSessionTtlMs() {
+    return this.sessionTtlMs;
+  }
+  getRunningSessionMaxMs() {
+    return this.runningSessionMaxMs;
+  }
+  hasCapacityFor(additionalSessions) {
+    if (this.destroyed) return false;
+    if (additionalSessions <= 0) return true;
+    return this.sessions.size + additionalSessions <= this.maxSessions;
+  }
   create(params) {
+    if (this.destroyed) {
+      throw new Error("SessionManager is destroyed and no longer accepts new sessions.");
+    }
     const now = (/* @__PURE__ */ new Date()).toISOString();
     const existing = this.sessions.get(params.sessionId);
     if (existing) {
@@ -86,6 +213,7 @@ var SessionManager = class _SessionManager {
       permissionMode: params.permissionMode ?? "default",
       allowedTools: params.allowedTools,
       disallowedTools: params.disallowedTools,
+      strictAllowedTools: params.strictAllowedTools,
       tools: params.tools,
       maxTurns: params.maxTurns,
       systemPrompt: params.systemPrompt,
@@ -109,14 +237,15 @@ var SessionManager = class _SessionManager {
       debug: params.debug,
       debugFile: params.debugFile,
       env: params.env,
-      abortController: params.abortController
+      abortController: params.abortController,
+      queryInterrupt: params.queryInterrupt
     };
     this.sessions.set(params.sessionId, info);
     this.runtime.set(params.sessionId, {
       buffer: {
         events: [],
-        maxSize: DEFAULT_EVENT_BUFFER_MAX_SIZE,
-        hardMaxSize: DEFAULT_EVENT_BUFFER_HARD_MAX_SIZE,
+        maxSize: this.eventBufferMaxSize,
+        hardMaxSize: this.eventBufferHardMaxSize,
         nextId: 0
       },
       pendingPermissions: /* @__PURE__ */ new Map()
@@ -124,46 +253,62 @@ var SessionManager = class _SessionManager {
     return info;
   }
   get(sessionId) {
+    if (this.destroyed) return void 0;
     return this.sessions.get(sessionId);
   }
   updateStatus(sessionId, status) {
     return this.update(sessionId, { status });
   }
   list() {
+    if (this.destroyed) return [];
     return Array.from(this.sessions.values());
   }
   update(sessionId, patch) {
+    if (this.destroyed) return void 0;
     const info = this.sessions.get(sessionId);
     if (!info) return void 0;
     Object.assign(info, patch, { lastActiveAt: (/* @__PURE__ */ new Date()).toISOString() });
     return info;
   }
   /**
-   * Atomically transition a session from an expected status to "running".
+   * Atomically transition a session's status from expectedStatus to "running".
+   * This only covers synchronous state mutation within SessionManager.
    * Returns the session if successful, undefined if the session doesn't exist
    * or its current status doesn't match `expectedStatus`.
    */
   tryAcquire(sessionId, expectedStatus, abortController) {
+    if (this.destroyed) return void 0;
     if (expectedStatus !== "idle" && expectedStatus !== "error") return void 0;
     const info = this.sessions.get(sessionId);
     if (!info || info.status !== expectedStatus) return void 0;
     info.status = "running";
     info.abortController = abortController;
+    info.queryInterrupt = void 0;
     info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     this.clearTerminalEvents(sessionId);
     return info;
   }
   cancel(sessionId, opts) {
+    if (this.destroyed) return false;
     const info = this.sessions.get(sessionId);
     if (!info) return false;
     if (info.status !== "running" && info.status !== "waiting_permission") return false;
     if (info.status === "waiting_permission") {
       this.finishAllPending(
         sessionId,
-        { behavior: "deny", message: "Session cancelled", interrupt: true },
+        // `cancel()` already aborts the running query below. Avoid sending an additional
+        // interrupt=true control response while the stream is being torn down, which can race
+        // into SDK-level "Operation aborted" write errors on stdio clients.
+        { behavior: "deny", message: "Session cancelled", interrupt: false },
         "cancel"
       );
     }
+    if (info.queryInterrupt) {
+      try {
+        info.queryInterrupt();
+      } catch {
+      }
+    }
     if (info.abortController) {
       info.abortController.abort();
     }
@@ -171,35 +316,77 @@ var SessionManager = class _SessionManager {
     info.cancelledAt = (/* @__PURE__ */ new Date()).toISOString();
     info.cancelledReason = opts?.reason ?? "Session cancelled";
     info.cancelledSource = opts?.source ?? "cancel";
+    info.queryInterrupt = void 0;
+    info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
+    return true;
+  }
+  interrupt(sessionId, opts) {
+    if (this.destroyed) return false;
+    const info = this.sessions.get(sessionId);
+    if (!info) return false;
+    if (info.status !== "running" && info.status !== "waiting_permission") return false;
+    if (info.status === "waiting_permission") {
+      this.finishAllPending(
+        sessionId,
+        { behavior: "deny", message: opts?.reason ?? "Session interrupted", interrupt: true },
+        "interrupt"
+      );
+    }
+    if (info.queryInterrupt) {
+      try {
+        info.queryInterrupt();
+      } catch {
+      }
+    }
+    if (info.abortController) {
+      info.abortController.abort();
+    }
+    this.pushEvent(sessionId, {
+      type: "progress",
+      data: {
+        type: "interrupted",
+        reason: opts?.reason ?? "Session interrupted",
+        source: opts?.source ?? "interrupt"
+      },
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    });
     info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     return true;
   }
   delete(sessionId) {
+    if (this.destroyed) return false;
     this.finishAllPending(
       sessionId,
       { behavior: "deny", message: "Session deleted", interrupt: true },
-      "cleanup"
+      "cleanup",
+      { restoreRunning: false }
     );
+    this.drainingSessions.delete(sessionId);
     this.runtime.delete(sessionId);
     return this.sessions.delete(sessionId);
   }
   setResult(sessionId, result) {
+    if (this.destroyed) return;
     const state = this.runtime.get(sessionId);
     if (!state) return;
     state.storedResult = result;
   }
   getResult(sessionId) {
+    if (this.destroyed) return void 0;
     return this.runtime.get(sessionId)?.storedResult;
   }
   setInitTools(sessionId, tools) {
+    if (this.destroyed) return;
     const state = this.runtime.get(sessionId);
     if (!state) return;
     state.initTools = tools;
   }
   getInitTools(sessionId) {
+    if (this.destroyed) return void 0;
     return this.runtime.get(sessionId)?.initTools;
   }
   pushEvent(sessionId, event) {
+    if (this.destroyed) return void 0;
     const state = this.runtime.get(sessionId);
     if (!state) return void 0;
     const full = _SessionManager.pushEvent(
@@ -217,25 +404,75 @@ var SessionManager = class _SessionManager {
     return full;
   }
   getLastEventId(sessionId) {
+    if (this.destroyed) return void 0;
     const state = this.runtime.get(sessionId);
     if (!state) return void 0;
     return state.buffer.nextId > 0 ? state.buffer.nextId - 1 : void 0;
   }
   readEvents(sessionId, cursor) {
+    if (this.destroyed) return { events: [], nextCursor: cursor ?? 0 };
     const state = this.runtime.get(sessionId);
     if (!state) return { events: [], nextCursor: cursor ?? 0 };
     return _SessionManager.readEvents(state.buffer, cursor);
   }
   clearTerminalEvents(sessionId) {
+    if (this.destroyed) return;
     const state = this.runtime.get(sessionId);
     if (!state) return;
     _SessionManager.clearTerminalEvents(state.buffer);
   }
   setPendingPermission(sessionId, req, finish, timeoutMs) {
+    if (this.destroyed) return false;
     const state = this.runtime.get(sessionId);
     const info = this.sessions.get(sessionId);
     if (!state || !info) return false;
+    if (info.status !== "running" && info.status !== "waiting_permission") {
+      try {
+        finish({
+          behavior: "deny",
+          message: `Session is not accepting permission requests (status: ${info.status}).`,
+          interrupt: true
+        });
+      } catch {
+      }
+      return false;
+    }
+    if (this.isDraining(sessionId)) {
+      try {
+        finish({
+          behavior: "deny",
+          message: "Session is finishing pending permission requests.",
+          interrupt: true
+        });
+      } catch {
+      }
+      return false;
+    }
     if (!state.pendingPermissions.has(req.requestId)) {
+      if (state.pendingPermissions.size >= this.maxPendingPermissionsPerSession) {
+        const deny = {
+          behavior: "deny",
+          message: "Too many pending permission requests for this session.",
+          interrupt: false
+        };
+        this.pushEvent(sessionId, {
+          type: "permission_result",
+          data: {
+            requestId: req.requestId,
+            toolName: req.toolName,
+            behavior: "deny",
+            source: "policy",
+            message: deny.message,
+            interrupt: deny.interrupt
+          },
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        });
+        try {
+          finish(deny);
+        } catch {
+        }
+        return false;
+      }
       const inferredExpiresAt = new Date(Date.now() + timeoutMs).toISOString();
       const record = {
         ...req,
@@ -267,14 +504,79 @@ var SessionManager = class _SessionManager {
     return false;
   }
   getPendingPermissionCount(sessionId) {
+    if (this.destroyed) return 0;
     return this.runtime.get(sessionId)?.pendingPermissions.size ?? 0;
   }
+  getEventCount(sessionId) {
+    if (this.destroyed) return 0;
+    return this.runtime.get(sessionId)?.buffer.events.length ?? 0;
+  }
+  getCurrentCursor(sessionId) {
+    if (this.destroyed) return void 0;
+    const state = this.runtime.get(sessionId);
+    if (!state) return void 0;
+    return state.buffer.nextId;
+  }
+  getRemainingTtlMs(sessionId) {
+    if (this.destroyed) return void 0;
+    const session = this.sessions.get(sessionId);
+    if (!session) return void 0;
+    const lastActiveMs = Date.parse(session.lastActiveAt);
+    if (!Number.isFinite(lastActiveMs)) return void 0;
+    const limitMs = session.status === "running" || session.status === "waiting_permission" ? this.runningSessionMaxMs : this.sessionTtlMs;
+    return Math.max(0, limitMs - (Date.now() - lastActiveMs));
+  }
+  getRuntimeToolStats() {
+    if (this.destroyed) {
+      return { sessionsWithInitTools: 0, runtimeDiscoveredUniqueCount: 0 };
+    }
+    const unique = /* @__PURE__ */ new Set();
+    let sessionsWithInitTools = 0;
+    for (const state of this.runtime.values()) {
+      if (!Array.isArray(state.initTools) || state.initTools.length === 0) continue;
+      sessionsWithInitTools += 1;
+      for (const tool of state.initTools) {
+        if (typeof tool === "string" && tool.trim() !== "") {
+          unique.add(tool);
+        }
+      }
+    }
+    return {
+      sessionsWithInitTools,
+      runtimeDiscoveredUniqueCount: unique.size
+    };
+  }
   listPendingPermissions(sessionId) {
+    if (this.destroyed) return [];
     const state = this.runtime.get(sessionId);
     if (!state) return [];
     return Array.from(state.pendingPermissions.values()).map((p) => p.record).sort((a, b) => a.createdAt.localeCompare(b.createdAt));
   }
+  getPendingPermission(sessionId, requestId) {
+    if (this.destroyed) return void 0;
+    const state = this.runtime.get(sessionId);
+    return state?.pendingPermissions.get(requestId)?.record;
+  }
+  allowToolForSession(sessionId, toolName) {
+    if (this.destroyed) return false;
+    const info = this.sessions.get(sessionId);
+    if (!info) return false;
+    const normalized = toolName.trim();
+    if (normalized === "") return false;
+    const disallowed = normalizeToolPolicyNames(info.disallowedTools);
+    if (disallowed.includes(normalized)) {
+      return false;
+    }
+    const allowed = Array.isArray(info.allowedTools) ? [...info.allowedTools] : [];
+    if (!allowed.includes(normalized)) {
+      allowed.push(normalized);
+      info.allowedTools = allowed;
+      info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
+    }
+    return true;
+  }
   finishRequest(sessionId, requestId, result, source) {
+    if (this.destroyed) return false;
     const state = this.runtime.get(sessionId);
     const info = this.sessions.get(sessionId);
     if (!state || !info) return false;
@@ -282,11 +584,12 @@ var SessionManager = class _SessionManager {
     if (!pending) return false;
     let finalResult = result;
     if (finalResult.behavior === "allow") {
-      const disallowed = info.disallowedTools;
-      if (Array.isArray(disallowed) && disallowed.includes(pending.record.toolName) && pending.record.toolName.trim() !== "") {
+      const disallowed = normalizeToolPolicyNames(info.disallowedTools);
+      const pendingToolName = pending.record.toolName.trim();
+      if (pendingToolName !== "" && disallowed.includes(pendingToolName)) {
         finalResult = {
           behavior: "deny",
-          message: `Tool '${pending.record.toolName}' is disallowed by session policy.`,
+          message: `Tool '${pendingToolName}' is disallowed by session policy.`,
           interrupt: false
         };
       }
@@ -294,19 +597,25 @@ var SessionManager = class _SessionManager {
     if (finalResult.behavior === "allow") {
       const updatedInput = finalResult.updatedInput;
       const validRecord = updatedInput !== null && updatedInput !== void 0 && typeof updatedInput === "object" && !Array.isArray(updatedInput);
-      if (!validRecord) {
+      const normalizedUpdatedInput = validRecord ? normalizeToolInput(
+        pending.record.toolName,
+        updatedInput,
+        this.platform
+      ) : normalizeToolInput(pending.record.toolName, pending.record.input, this.platform);
+      const unsupportedPath = findUnsupportedPosixPathInToolInput(
+        normalizedUpdatedInput,
+        this.platform
+      );
+      if (unsupportedPath) {
         finalResult = {
-          ...finalResult,
-          updatedInput: normalizePermissionUpdatedInput(pending.record.input)
+          behavior: "deny",
+          message: `Tool '${pending.record.toolName}' attempted to allow an unsupported POSIX path '${unsupportedPath}' on Windows.`,
+          interrupt: false
         };
       } else {
         finalResult = {
           ...finalResult,
-          updatedInput: normalizeToolInput(
-            pending.record.toolName,
-            updatedInput,
-            this.platform
-          )
+          updatedInput: normalizedUpdatedInput
         };
       }
     }
@@ -321,6 +630,11 @@ var SessionManager = class _SessionManager {
     if (finalResult.behavior === "deny") {
       eventData.message = finalResult.message;
       eventData.interrupt = finalResult.interrupt;
+    } else {
+      const allow = finalResult;
+      if (allow.updatedInput !== void 0) eventData.updatedInput = allow.updatedInput;
+      if (allow.updatedPermissions !== void 0)
+        eventData.updatedPermissions = allow.updatedPermissions;
     }
     this.pushEvent(sessionId, {
       type: "permission_result",
@@ -331,21 +645,47 @@ var SessionManager = class _SessionManager {
       pending.finish(finalResult);
     } catch {
     }
-    if (info.status === "waiting_permission" && state.pendingPermissions.size === 0) {
+    if (info.status === "waiting_permission" && state.pendingPermissions.size === 0 && !this.isDraining(sessionId)) {
       info.status = "running";
       info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     }
     return true;
   }
-  finishAllPending(sessionId, result, source) {
+  finishAllPending(sessionId, result, source, opts) {
+    if (this.destroyed) return;
     const state = this.runtime.get(sessionId);
     if (!state) return;
-    for (const requestId of Array.from(state.pendingPermissions.keys())) {
-      this.finishRequest(sessionId, requestId, result, source);
+    if (state.pendingPermissions.size === 0) return;
+    this.beginDraining(sessionId);
+    try {
+      while (state.pendingPermissions.size > 0) {
+        const next = state.pendingPermissions.keys().next();
+        if (next.done || typeof next.value !== "string") break;
+        const requestId = next.value;
+        const handled = this.finishRequest(sessionId, requestId, result, source);
+        if (!handled) {
+          const pending = state.pendingPermissions.get(requestId);
+          if (pending?.timeoutId) clearTimeout(pending.timeoutId);
+          state.pendingPermissions.delete(requestId);
+          try {
+            pending?.finish(result);
+          } catch {
+          }
+        }
+      }
+    } finally {
+      this.endDraining(sessionId);
+    }
+    const restoreRunning = opts?.restoreRunning ?? true;
+    const info = this.sessions.get(sessionId);
+    if (restoreRunning && info && info.status === "waiting_permission" && state.pendingPermissions.size === 0) {
+      info.status = "running";
+      info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     }
   }
   /** Remove sessions that have been idle for too long, or stuck running too long */
   cleanup() {
+    if (this.destroyed) return;
     const now = Date.now();
     for (const [id, info] of this.sessions) {
       const lastActive = new Date(info.lastActiveAt).getTime();
@@ -353,29 +693,42 @@ var SessionManager = class _SessionManager {
         this.finishAllPending(
           id,
           { behavior: "deny", message: "Session expired", interrupt: true },
-          "cleanup"
+          "cleanup",
+          { restoreRunning: false }
         );
+        this.drainingSessions.delete(id);
         this.sessions.delete(id);
         this.runtime.delete(id);
       } else if (info.status === "running" && now - lastActive > this.runningSessionMaxMs) {
         if (info.abortController) info.abortController.abort();
-        info.status = "error";
+        info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
+        info.cancelledReason = info.cancelledReason ?? "Session timed out";
+        info.cancelledSource = info.cancelledSource ?? "cleanup";
+        info.queryInterrupt = void 0;
+        info.status = "cancelled";
         info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       } else if (info.status === "waiting_permission" && now - lastActive > this.runningSessionMaxMs) {
         this.finishAllPending(
           id,
           { behavior: "deny", message: "Session timed out", interrupt: true },
-          "cleanup"
+          "cleanup",
+          { restoreRunning: false }
         );
         if (info.abortController) info.abortController.abort();
-        info.status = "error";
+        info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
+        info.cancelledReason = info.cancelledReason ?? "Session timed out";
+        info.cancelledSource = info.cancelledSource ?? "cleanup";
+        info.queryInterrupt = void 0;
+        info.status = "cancelled";
         info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       } else if (info.status !== "running" && info.status !== "waiting_permission" && now - lastActive > this.sessionTtlMs) {
         this.finishAllPending(
           id,
           { behavior: "deny", message: "Session expired", interrupt: true },
-          "cleanup"
+          "cleanup",
+          { restoreRunning: false }
         );
+        this.drainingSessions.delete(id);
         this.sessions.delete(id);
         this.runtime.delete(id);
       }
@@ -404,6 +757,7 @@ var SessionManager = class _SessionManager {
   toPublicJSON(info) {
     const {
       abortController: _abortController,
+      queryInterrupt: _queryInterrupt,
       cwd: _cwd,
       systemPrompt: _systemPrompt,
       agents: _agents,
@@ -419,22 +773,29 @@ var SessionManager = class _SessionManager {
     return rest;
   }
   destroy() {
+    if (this.destroyed) return;
     clearInterval(this.cleanupTimer);
     for (const info of this.sessions.values()) {
       this.finishAllPending(
         info.sessionId,
         { behavior: "deny", message: "Server shutting down", interrupt: true },
-        "destroy"
+        "destroy",
+        { restoreRunning: false }
       );
       if ((info.status === "running" || info.status === "waiting_permission") && info.abortController) {
         info.abortController.abort();
       }
+      info.queryInterrupt = void 0;
       info.status = "cancelled";
       info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
       info.cancelledReason = info.cancelledReason ?? "Server shutting down";
       info.cancelledSource = info.cancelledSource ?? "destroy";
       info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     }
+    this.drainingSessions.clear();
+    this.runtime.clear();
+    this.sessions.clear();
+    this.destroyed = true;
   }
   static pushEvent(buffer, event, isActivePermissionRequest) {
     const pinned = event.pinned ?? (event.type === "permission_request" || event.type === "permission_result" || event.type === "result" || event.type === "error");
@@ -446,38 +807,61 @@ var SessionManager = class _SessionManager {
       pinned
     };
     buffer.events.push(full);
-    while (buffer.events.length > buffer.maxSize) {
-      const idx = buffer.events.findIndex((e) => !e.pinned);
-      if (idx !== -1) {
-        buffer.events.splice(idx, 1);
-        continue;
+    _SessionManager.evictEventsToLimits(buffer, isActivePermissionRequest);
+    return full;
+  }
+  static evictEventsToLimits(buffer, isActivePermissionRequest) {
+    if (buffer.events.length <= buffer.maxSize && buffer.events.length <= buffer.hardMaxSize) {
+      return;
+    }
+    const droppedIds = /* @__PURE__ */ new Set();
+    let remaining = buffer.events.length;
+    const dropOldestMatching = (count, predicate) => {
+      if (count <= 0) return 0;
+      let dropped = 0;
+      for (const event of buffer.events) {
+        if (dropped >= count) break;
+        if (droppedIds.has(event.id)) continue;
+        if (!predicate(event)) continue;
+        droppedIds.add(event.id);
+        dropped += 1;
       }
-      const pinnedDropIdx = buffer.events.findIndex((e) => {
-        if (e.type === "permission_result") return true;
-        if (e.type === "permission_request") {
-          const requestId = e.data?.requestId;
-          if (typeof requestId !== "string") return true;
-          return isActivePermissionRequest ? !isActivePermissionRequest(requestId) : true;
-        }
-        return false;
-      });
-      if (pinnedDropIdx === -1) break;
-      buffer.events.splice(pinnedDropIdx, 1);
-    }
-    while (buffer.events.length > buffer.hardMaxSize) {
-      const idx = buffer.events.findIndex((e) => {
-        if (e.type === "permission_request") {
-          const requestId = e.data?.requestId;
-          if (typeof requestId !== "string") return true;
-          return isActivePermissionRequest ? !isActivePermissionRequest(requestId) : true;
-        }
-        if (e.type === "permission_result") return true;
-        return false;
-      });
-      if (idx === -1) break;
-      buffer.events.splice(idx, 1);
+      if (dropped > 0) {
+        remaining -= dropped;
+      }
+      return dropped;
+    };
+    const isDroppablePermissionEvent = (event) => {
+      if (event.type === "permission_result") return true;
+      if (event.type !== "permission_request") return false;
+      const requestId = event.data?.requestId;
+      if (typeof requestId !== "string") return true;
+      return isActivePermissionRequest ? !isActivePermissionRequest(requestId) : true;
+    };
+    let toDropForSoftLimit = remaining - buffer.maxSize;
+    if (toDropForSoftLimit > 0) {
+      toDropForSoftLimit -= dropOldestMatching(toDropForSoftLimit, (event) => !event.pinned);
+    }
+    if (toDropForSoftLimit > 0) {
+      toDropForSoftLimit -= dropOldestMatching(toDropForSoftLimit, isDroppablePermissionEvent);
+    }
+    let toDropForHardLimit = remaining - buffer.hardMaxSize;
+    if (toDropForHardLimit > 0) {
+      toDropForHardLimit -= dropOldestMatching(toDropForHardLimit, isDroppablePermissionEvent);
+    }
+    if (droppedIds.size > 0) {
+      buffer.events = buffer.events.filter((event) => !droppedIds.has(event.id));
     }
-    return full;
+  }
+  static lowerBoundByEventId(events, startFrom) {
+    let left = 0;
+    let right = events.length;
+    while (left < right) {
+      const mid = Math.floor((left + right) / 2);
+      if (events[mid].id < startFrom) left = mid + 1;
+      else right = mid;
+    }
+    return left;
   }
   static readEvents(buffer, cursor) {
     let cursorResetTo;
@@ -487,22 +871,52 @@ var SessionManager = class _SessionManager {
       if (earliest == null && buffer.nextId > cursor) cursorResetTo = buffer.nextId;
     }
     const startFrom = cursorResetTo ?? cursor ?? 0;
-    const filtered = buffer.events.filter((e) => e.id >= startFrom);
+    const startIndex = _SessionManager.lowerBoundByEventId(buffer.events, startFrom);
+    const filtered = buffer.events.slice(startIndex);
     const nextCursor = filtered.length > 0 ? filtered[filtered.length - 1].id + 1 : startFrom;
     return { events: filtered, nextCursor, cursorResetTo };
   }
   static clearTerminalEvents(buffer) {
     buffer.events = buffer.events.filter((e) => e.type !== "result" && e.type !== "error");
   }
+  isDraining(sessionId) {
+    return (this.drainingSessions.get(sessionId) ?? 0) > 0;
+  }
+  beginDraining(sessionId) {
+    this.drainingSessions.set(sessionId, (this.drainingSessions.get(sessionId) ?? 0) + 1);
+  }
+  endDraining(sessionId) {
+    const current = this.drainingSessions.get(sessionId) ?? 0;
+    if (current <= 1) {
+      this.drainingSessions.delete(sessionId);
+      return;
+    }
+    this.drainingSessions.set(sessionId, current - 1);
+  }
 };
 
+// src/tools/claude-code.ts
+import { existsSync as existsSync2, statSync } from "fs";
+
 // src/types.ts
 var EFFORT_LEVELS = ["low", "medium", "high", "max"];
 var AGENT_MODELS = ["sonnet", "opus", "haiku", "inherit"];
-var SESSION_ACTIONS = ["list", "get", "cancel"];
+var SESSION_ACTIONS = ["list", "get", "cancel", "interrupt"];
 var DEFAULT_SETTING_SOURCES = ["user", "project", "local"];
 var CHECK_ACTIONS = ["poll", "respond_permission"];
-var CHECK_RESPONSE_MODES = ["minimal", "full"];
+var CHECK_RESPONSE_MODES = ["minimal", "full", "delta_compact"];
+var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
+  ErrorCode2["INVALID_ARGUMENT"] = "INVALID_ARGUMENT";
+  ErrorCode2["SESSION_NOT_FOUND"] = "SESSION_NOT_FOUND";
+  ErrorCode2["SESSION_BUSY"] = "SESSION_BUSY";
+  ErrorCode2["PERMISSION_REQUEST_NOT_FOUND"] = "PERMISSION_REQUEST_NOT_FOUND";
+  ErrorCode2["PERMISSION_DENIED"] = "PERMISSION_DENIED";
+  ErrorCode2["RESOURCE_EXHAUSTED"] = "RESOURCE_EXHAUSTED";
+  ErrorCode2["TIMEOUT"] = "TIMEOUT";
+  ErrorCode2["CANCELLED"] = "CANCELLED";
+  ErrorCode2["INTERNAL"] = "INTERNAL";
+  return ErrorCode2;
+})(ErrorCode || {});
 
 // src/tools/query-consumer.ts
 import { AbortError, query } from "@anthropic-ai/claude-agent-sdk";
@@ -510,23 +924,98 @@ import { AbortError, query } from "@anthropic-ai/claude-agent-sdk";
 // src/utils/windows.ts
 import { existsSync } from "fs";
 import { execSync } from "child_process";
-import path from "path";
-var { join, dirname, normalize } = path.win32;
+import path2 from "path";
+var { join, dirname, normalize, isAbsolute } = path2.win32;
+var LONG_PATH_PREFIX = "\\\\?\\";
+var UNC_LONG_PATH_PREFIX = "\\\\?\\UNC\\";
 function isWindows() {
   return process.platform === "win32";
 }
+function normalizeMaybeQuotedPath(raw) {
+  return normalize(raw.trim().replace(/^"|"$/g, ""));
+}
+function existsSyncSafe(candidate) {
+  try {
+    return existsSync(candidate);
+  } catch {
+    return false;
+  }
+}
+function ensureLongPathPrefix(normalized) {
+  if (!normalized || normalized.startsWith(LONG_PATH_PREFIX)) return normalized;
+  if (!isAbsolute(normalized)) return normalized;
+  if (normalized.startsWith("\\\\")) {
+    return `${UNC_LONG_PATH_PREFIX}${normalized.slice(2)}`;
+  }
+  return `${LONG_PATH_PREFIX}${normalized}`;
+}
+function existsPath(raw) {
+  if (!raw) return false;
+  const normalized = normalizeMaybeQuotedPath(raw);
+  if (existsSyncSafe(normalized)) return true;
+  const longPath = ensureLongPathPrefix(normalized);
+  if (longPath === normalized) return false;
+  return existsSyncSafe(longPath);
+}
+function tryWhere(exe) {
+  try {
+    const output = execSync(`where ${exe}`, {
+      encoding: "utf8",
+      timeout: 2e3,
+      windowsHide: true
+    });
+    return output.split(/\r?\n/).map((l) => l.trim()).filter(Boolean).map((p) => normalizeMaybeQuotedPath(p));
+  } catch {
+    return [];
+  }
+}
+function pathEntries() {
+  const raw = process.env.PATH;
+  if (typeof raw !== "string" || raw.trim() === "") return [];
+  return raw.split(path2.delimiter).map((p) => p.trim().replace(/^"|"$/g, "")).filter(Boolean).map((p) => normalizeMaybeQuotedPath(p));
+}
+function tryFromPath(exeNames) {
+  const results = [];
+  for (const dir of pathEntries()) {
+    for (const exe of exeNames) {
+      const full = normalize(path2.win32.join(dir, exe));
+      if (existsPath(full)) results.push(full);
+    }
+  }
+  return results;
+}
+function firstExisting(candidates) {
+  for (const p of candidates) {
+    if (p && existsPath(p)) return p;
+  }
+  return null;
+}
+function isWindowsSystemBash(pathLike) {
+  const p = normalizeMaybeQuotedPath(pathLike).toLowerCase();
+  return p.endsWith("\\windows\\system32\\bash.exe") || p.endsWith("\\windows\\syswow64\\bash.exe") || p.includes("\\windows\\system32\\bash.exe") || p.includes("\\windows\\syswow64\\bash.exe");
+}
 function findGitBash() {
   const envPathRaw = process.env.CLAUDE_CODE_GIT_BASH_PATH;
   if (envPathRaw && envPathRaw.trim() !== "") {
-    const envPath = normalize(envPathRaw.trim().replace(/^"|"$/g, ""));
-    if (existsSync(envPath)) return envPath;
-    return null;
+    const envPath = normalizeMaybeQuotedPath(envPathRaw);
+    if (existsPath(envPath)) return envPath;
+  }
+  const programFilesRoots = [
+    process.env.ProgramW6432,
+    process.env.ProgramFiles,
+    process.env["ProgramFiles(x86)"]
+  ].filter((v) => typeof v === "string" && v.trim() !== "");
+  const defaultCandidates = [];
+  for (const root of programFilesRoots) {
+    const base = join(normalizeMaybeQuotedPath(root), "Git");
+    defaultCandidates.push(join(base, "bin", "bash.exe"));
+    defaultCandidates.push(join(base, "usr", "bin", "bash.exe"));
   }
+  const fromDefault = firstExisting(defaultCandidates);
+  if (fromDefault) return fromDefault;
   try {
-    const output = execSync("where git", { encoding: "utf8" });
-    const gitCandidates = output.split(/\r?\n/).map((l) => l.trim()).filter(Boolean);
-    for (const gitPathRaw of gitCandidates) {
-      const gitPath = normalize(gitPathRaw.replace(/^"|"$/g, ""));
+    const gitCandidates = [...tryFromPath(["git.exe", "git.cmd", "git.bat"]), ...tryWhere("git")];
+    for (const gitPath of gitCandidates) {
       if (!gitPath) continue;
       const gitDir = dirname(gitPath);
       const gitDirLower = gitDir.toLowerCase();
@@ -548,19 +1037,38 @@ function findGitBash() {
         bashCandidates.push(join(root, "mingw64", "bin", "bash.exe"));
       }
       for (const bashPath of bashCandidates) {
-        const normalized = normalize(bashPath);
-        if (existsSync(normalized)) return normalized;
+        const normalizedPath = normalize(bashPath);
+        if (existsPath(normalizedPath)) return normalizedPath;
       }
     }
   } catch {
   }
+  const fromWhereBash = firstExisting(
+    [...tryFromPath(["bash.exe"]), ...tryWhere("bash")].filter(
+      (p) => p.toLowerCase().endsWith("\\bash.exe") && !isWindowsSystemBash(p)
+    )
+  );
+  if (fromWhereBash) return fromWhereBash;
   return null;
 }
 function checkWindowsBashAvailability() {
   if (!isWindows()) return;
+  const envPathRaw = process.env.CLAUDE_CODE_GIT_BASH_PATH;
+  const envPath = envPathRaw && envPathRaw.trim() !== "" ? normalizeMaybeQuotedPath(envPathRaw) : null;
+  const envValid = !!(envPath && existsPath(envPath));
   const bashPath = findGitBash();
   if (bashPath) {
-    console.error(`[windows] Git Bash detected: ${bashPath}`);
+    if (!envValid) {
+      process.env.CLAUDE_CODE_GIT_BASH_PATH = bashPath;
+      if (envPathRaw && envPathRaw.trim() !== "") {
+        console.error(
+          `[windows] WARNING: CLAUDE_CODE_GIT_BASH_PATH is set to "${envPathRaw}" but the file does not exist.`
+        );
+      }
+      console.error(`[windows] Git Bash detected: ${bashPath} (set CLAUDE_CODE_GIT_BASH_PATH)`);
+    } else {
+      console.error(`[windows] Git Bash detected: ${bashPath}`);
+    }
     return;
   }
   const hint = process.env.CLAUDE_CODE_GIT_BASH_PATH ? `CLAUDE_CODE_GIT_BASH_PATH is set to "${process.env.CLAUDE_CODE_GIT_BASH_PATH}" but the file does not exist.` : "CLAUDE_CODE_GIT_BASH_PATH is not set and git was not found in PATH.";
@@ -577,15 +1085,32 @@ function checkWindowsBashAvailability() {
 var WINDOWS_BASH_HINT = '\n\n[Windows] The Claude Code CLI requires Git Bash. Set CLAUDE_CODE_GIT_BASH_PATH in your MCP server config or system environment. See README.md "Windows Support" section for details.';
 function enhanceWindowsError(errorMessage) {
   if (!isWindows()) return errorMessage;
-  if (errorMessage.includes("git-bash") || errorMessage.includes("bash.exe") || errorMessage.includes("CLAUDE_CODE_GIT_BASH_PATH")) {
+  const lower = errorMessage.toLowerCase();
+  const looksLikeMissingBash = lower.includes("enoent") && (lower.includes("bash") || lower.includes("git-bash")) || lower.includes("claude code on windows requires git-bash");
+  if (looksLikeMissingBash || lower.includes("claude_code_git_bash_path")) {
     return errorMessage + WINDOWS_BASH_HINT;
   }
   return errorMessage;
 }
 
+// src/utils/permission-updated-input.ts
+function normalizePermissionUpdatedInput(input) {
+  if (input && typeof input === "object" && !Array.isArray(input)) {
+    return input;
+  }
+  return { input };
+}
+
 // src/tools/query-consumer.ts
 var MAX_TRANSIENT_RETRIES = 3;
 var INITIAL_RETRY_DELAY_MS = 1e3;
+var DEFAULT_PERMISSION_REQUEST_TIMEOUT_MS = 6e4;
+var MAX_PERMISSION_REQUEST_TIMEOUT_MS = 5 * 6e4;
+var MAX_PREINIT_BUFFER_MESSAGES = 200;
+function clampPermissionRequestTimeoutMs(ms) {
+  if (!Number.isFinite(ms) || ms <= 0) return DEFAULT_PERMISSION_REQUEST_TIMEOUT_MS;
+  return Math.min(ms, MAX_PERMISSION_REQUEST_TIMEOUT_MS);
+}
 function classifyError(err, abortSignal) {
   if (abortSignal.aborted) return "abort";
   if (err instanceof AbortError || err instanceof Error && err.name === "AbortError") {
@@ -609,13 +1134,21 @@ function describeTool(toolName, toolCache) {
   const found = tools?.find((t) => t.name === toolName);
   return found?.description;
 }
+function normalizePolicyToolNames(tools) {
+  if (!Array.isArray(tools) || tools.length === 0) return [];
+  return tools.filter((tool) => typeof tool === "string").map((tool) => tool.trim()).filter((tool) => tool !== "");
+}
 function sdkResultToAgentResult(result) {
+  const sessionTotalTurns = result.session_total_turns;
+  const sessionTotalCostUsd = result.session_total_cost_usd;
   const base = {
     sessionId: result.session_id,
     durationMs: result.duration_ms,
     durationApiMs: result.duration_api_ms,
     numTurns: result.num_turns,
     totalCostUsd: result.total_cost_usd,
+    sessionTotalTurns: typeof sessionTotalTurns === "number" ? sessionTotalTurns : void 0,
+    sessionTotalCostUsd: typeof sessionTotalCostUsd === "number" ? sessionTotalCostUsd : void 0,
     stopReason: result.stop_reason,
     usage: result.usage,
     modelUsage: result.modelUsage,
@@ -727,15 +1260,46 @@ function consumeQuery(params) {
     return activeSessionId;
   };
   let initTimeoutId;
+  const permissionRequestTimeoutMs = clampPermissionRequestTimeoutMs(
+    params.permissionRequestTimeoutMs
+  );
   const canUseTool = async (toolName, input, options2) => {
     const sessionId = await getSessionId();
+    const normalizedToolName = toolName.trim();
     const normalizedInput = normalizeToolInput(toolName, input, params.platform);
+    const unsupportedPath = findUnsupportedPosixPathInToolInput(normalizedInput, params.platform);
+    if (unsupportedPath) {
+      return {
+        behavior: "deny",
+        message: `Tool '${normalizedToolName || toolName}' requested unsupported POSIX path '${unsupportedPath}' on Windows.`,
+        interrupt: false
+      };
+    }
+    if (typeof options2.blockedPath === "string" && isUnsupportedPosixAbsolutePath(options2.blockedPath, params.platform)) {
+      return {
+        behavior: "deny",
+        message: `Tool '${normalizedToolName || toolName}' requested blocked path '${options2.blockedPath}' that is unsupported on Windows.`,
+        interrupt: false
+      };
+    }
     const sessionInfo = params.sessionManager.get(sessionId);
     if (sessionInfo) {
-      if (Array.isArray(sessionInfo.disallowedTools) && sessionInfo.disallowedTools.includes(toolName)) {
-        return { behavior: "deny", message: `Tool '${toolName}' is disallowed by session policy.` };
+      const disallowedTools = normalizePolicyToolNames(sessionInfo.disallowedTools);
+      const allowedTools = normalizePolicyToolNames(sessionInfo.allowedTools);
+      if (normalizedToolName !== "" && disallowedTools.includes(normalizedToolName)) {
+        return {
+          behavior: "deny",
+          message: `Tool '${normalizedToolName}' is disallowed by session policy.`
+        };
+      }
+      if (sessionInfo.strictAllowedTools === true && normalizedToolName !== "" && allowedTools.length > 0 && !allowedTools.includes(normalizedToolName)) {
+        return {
+          behavior: "deny",
+          message: `Tool '${normalizedToolName}' is not in allowedTools under strictAllowedTools policy.`,
+          interrupt: false
+        };
       }
-      if (!options2.blockedPath && Array.isArray(sessionInfo.allowedTools) && sessionInfo.allowedTools.includes(toolName)) {
+      if (!options2.blockedPath && normalizedToolName !== "" && allowedTools.includes(normalizedToolName)) {
         return {
           behavior: "allow",
           updatedInput: normalizePermissionUpdatedInput(normalizedInput)
@@ -744,7 +1308,7 @@ function consumeQuery(params) {
     }
     const requestId = `${options2.toolUseID}:${toolName}:${Date.now()}:${Math.random().toString(16).slice(2)}`;
     const createdAt = (/* @__PURE__ */ new Date()).toISOString();
-    const timeoutMs = params.permissionRequestTimeoutMs;
+    const timeoutMs = permissionRequestTimeoutMs;
     const expiresAt = new Date(Date.now() + timeoutMs).toISOString();
     const record = {
       requestId,
@@ -781,10 +1345,14 @@ function consumeQuery(params) {
         sessionId,
         record,
         finish,
-        params.permissionRequestTimeoutMs
+        permissionRequestTimeoutMs
       );
       if (!registered) {
-        finish({ behavior: "deny", message: "Session no longer exists.", interrupt: true });
+        finish({
+          behavior: "deny",
+          message: "Session no longer exists.",
+          interrupt: true
+        });
         return;
       }
       options2.signal.addEventListener("abort", abortListener, { once: true });
@@ -819,6 +1387,7 @@ function consumeQuery(params) {
   };
   const done = (async () => {
     const preInit = [];
+    let preInitDropped = 0;
     if (shouldWaitForInit) {
       initTimeoutId = setTimeout(() => {
         close();
@@ -843,6 +1412,13 @@ function consumeQuery(params) {
               sessionIdResolved = true;
               resolveSessionId(activeSessionId);
               if (initTimeoutId) clearTimeout(initTimeoutId);
+              if (preInitDropped > 0) {
+                params.sessionManager.pushEvent(activeSessionId, {
+                  type: "progress",
+                  data: { type: "pre_init_dropped", dropped: preInitDropped },
+                  timestamp: (/* @__PURE__ */ new Date()).toISOString()
+                });
+              }
               for (const buffered of preInit) {
                 const event2 = messageToEvent(buffered);
                 if (!event2) continue;
@@ -858,36 +1434,53 @@ function consumeQuery(params) {
           }
           if (shouldWaitForInit && !sessionIdResolved) {
             preInit.push(message);
+            if (preInit.length > MAX_PREINIT_BUFFER_MESSAGES) {
+              preInit.shift();
+              preInitDropped++;
+            }
             continue;
           }
           if (message.type === "result") {
             const sessionId2 = message.session_id ?? await getSessionId();
             const agentResult = sdkResultToAgentResult(message);
+            const current = params.sessionManager.get(sessionId2);
+            const previousTotalTurns = current?.totalTurns ?? 0;
+            const previousTotalCostUsd = current?.totalCostUsd ?? 0;
+            const computedTotalTurns = previousTotalTurns + agentResult.numTurns;
+            const computedTotalCostUsd = previousTotalCostUsd + agentResult.totalCostUsd;
+            const sessionTotalTurns = typeof agentResult.sessionTotalTurns === "number" ? Math.max(agentResult.sessionTotalTurns, computedTotalTurns) : computedTotalTurns;
+            const sessionTotalCostUsd = typeof agentResult.sessionTotalCostUsd === "number" ? Math.max(agentResult.sessionTotalCostUsd, computedTotalCostUsd) : computedTotalCostUsd;
+            const resultWithSessionTotals = {
+              ...agentResult,
+              sessionTotalTurns,
+              sessionTotalCostUsd
+            };
             const stored = {
               type: agentResult.isError ? "error" : "result",
-              result: agentResult,
+              result: resultWithSessionTotals,
               createdAt: (/* @__PURE__ */ new Date()).toISOString()
             };
             params.sessionManager.setResult(sessionId2, stored);
             params.sessionManager.clearTerminalEvents(sessionId2);
             params.sessionManager.pushEvent(sessionId2, {
               type: agentResult.isError ? "error" : "result",
-              data: agentResult,
+              data: resultWithSessionTotals,
               timestamp: (/* @__PURE__ */ new Date()).toISOString()
             });
-            const current = params.sessionManager.get(sessionId2);
             if (current && current.status !== "cancelled") {
               params.sessionManager.update(sessionId2, {
                 status: agentResult.isError ? "error" : "idle",
-                totalTurns: agentResult.numTurns,
-                totalCostUsd: agentResult.totalCostUsd,
-                abortController: void 0
+                totalTurns: sessionTotalTurns,
+                totalCostUsd: sessionTotalCostUsd,
+                abortController: void 0,
+                queryInterrupt: void 0
               });
             } else if (current) {
               params.sessionManager.update(sessionId2, {
-                totalTurns: agentResult.numTurns,
-                totalCostUsd: agentResult.totalCostUsd,
-                abortController: void 0
+                totalTurns: sessionTotalTurns,
+                totalCostUsd: sessionTotalCostUsd,
+                abortController: void 0,
+                queryInterrupt: void 0
               });
             }
             return;
@@ -939,7 +1532,8 @@ function consumeQuery(params) {
             });
             params.sessionManager.update(sessionId, {
               status: "error",
-              abortController: void 0
+              abortController: void 0,
+              queryInterrupt: void 0
             });
           }
         }
@@ -1022,7 +1616,11 @@ function consumeQuery(params) {
             data: agentResult,
             timestamp: (/* @__PURE__ */ new Date()).toISOString()
           });
-          params.sessionManager.update(sessionId, { status: "error", abortController: void 0 });
+          params.sessionManager.update(sessionId, {
+            status: "error",
+            abortController: void 0,
+            queryInterrupt: void 0
+          });
         }
         return;
       } finally {
@@ -1034,16 +1632,33 @@ function consumeQuery(params) {
 }
 
 // src/utils/resume-token.ts
-import { createHmac } from "crypto";
+import { createHmac, timingSafeEqual } from "crypto";
+function getResumeSecrets() {
+  const raw = process.env.CLAUDE_CODE_MCP_RESUME_SECRET;
+  if (typeof raw !== "string") return [];
+  return raw.split(",").map((s) => s.trim()).filter((s) => s.length > 0);
+}
 function getResumeSecret() {
-  const secret = process.env.CLAUDE_CODE_MCP_RESUME_SECRET;
-  if (typeof secret !== "string") return void 0;
-  const trimmed = secret.trim();
-  return trimmed.length > 0 ? trimmed : void 0;
+  return getResumeSecrets()[0];
 }
 function computeResumeToken(sessionId, secret) {
   return createHmac("sha256", secret).update(sessionId).digest("base64url");
 }
+function timingSafeEqualText(a, b) {
+  const left = Buffer.from(a, "utf8");
+  const rightRaw = Buffer.from(b, "utf8");
+  const right = Buffer.alloc(left.length);
+  rightRaw.copy(right, 0, 0, left.length);
+  const sameLength = rightRaw.length === left.length;
+  return timingSafeEqual(left, right) && sameLength;
+}
+function isValidResumeToken(sessionId, token, secrets) {
+  for (const secret of secrets) {
+    const computed = computeResumeToken(sessionId, secret);
+    if (timingSafeEqualText(computed, token)) return true;
+  }
+  return false;
+}
 
 // src/utils/race-with-abort.ts
 function raceWithAbort(promise, signal, onAbort) {
@@ -1070,7 +1685,7 @@ function raceWithAbort(promise, signal, onAbort) {
 
 // src/utils/build-options.ts
 function buildOptions(src) {
-  const opts = { cwd: src.cwd };
+  const opts = { cwd: normalizeWindowsPathLike(src.cwd) };
   if (src.allowedTools !== void 0) opts.allowedTools = src.allowedTools;
   if (src.disallowedTools !== void 0) opts.disallowedTools = src.disallowedTools;
   if (src.tools !== void 0) opts.tools = src.tools;
@@ -1082,13 +1697,13 @@ function buildOptions(src) {
   if (src.effort !== void 0) opts.effort = src.effort;
   if (src.betas !== void 0) opts.betas = src.betas;
   if (src.additionalDirectories !== void 0)
-    opts.additionalDirectories = src.additionalDirectories;
+    opts.additionalDirectories = normalizeWindowsPathArray(src.additionalDirectories);
   if (src.outputFormat !== void 0) opts.outputFormat = src.outputFormat;
   if (src.thinking !== void 0) opts.thinking = src.thinking;
   if (src.persistSession !== void 0) opts.persistSession = src.persistSession;
   if (src.resumeSessionAt !== void 0) opts.resumeSessionAt = src.resumeSessionAt;
   if (src.pathToClaudeCodeExecutable !== void 0)
-    opts.pathToClaudeCodeExecutable = src.pathToClaudeCodeExecutable;
+    opts.pathToClaudeCodeExecutable = normalizeWindowsPathLike(src.pathToClaudeCodeExecutable);
   if (src.agent !== void 0) opts.agent = src.agent;
   if (src.mcpServers !== void 0) opts.mcpServers = src.mcpServers;
   if (src.sandbox !== void 0) opts.sandbox = src.sandbox;
@@ -1101,14 +1716,54 @@ function buildOptions(src) {
   if (src.settingSources !== void 0) opts.settingSources = src.settingSources;
   else opts.settingSources = DEFAULT_SETTING_SOURCES;
   if (src.debug !== void 0) opts.debug = src.debug;
-  if (src.debugFile !== void 0) opts.debugFile = src.debugFile;
+  if (src.debugFile !== void 0) opts.debugFile = normalizeWindowsPathLike(src.debugFile);
   if (src.env !== void 0) opts.env = { ...process.env, ...src.env };
   return opts;
 }
 
+// src/utils/session-create.ts
+function toSessionCreateParams(input) {
+  const src = input.source;
+  return {
+    sessionId: input.sessionId,
+    cwd: src.cwd,
+    model: src.model,
+    permissionMode: input.permissionMode,
+    allowedTools: src.allowedTools,
+    disallowedTools: src.disallowedTools,
+    strictAllowedTools: src.strictAllowedTools,
+    tools: src.tools,
+    maxTurns: src.maxTurns,
+    systemPrompt: src.systemPrompt,
+    agents: src.agents,
+    maxBudgetUsd: src.maxBudgetUsd,
+    effort: src.effort,
+    betas: src.betas,
+    additionalDirectories: src.additionalDirectories,
+    outputFormat: src.outputFormat,
+    thinking: src.thinking,
+    persistSession: src.persistSession,
+    pathToClaudeCodeExecutable: src.pathToClaudeCodeExecutable,
+    agent: src.agent,
+    mcpServers: src.mcpServers,
+    sandbox: src.sandbox,
+    fallbackModel: src.fallbackModel,
+    enableFileCheckpointing: src.enableFileCheckpointing,
+    includePartialMessages: src.includePartialMessages,
+    strictMcpConfig: src.strictMcpConfig,
+    settingSources: src.settingSources ?? DEFAULT_SETTING_SOURCES,
+    debug: src.debug,
+    debugFile: src.debugFile,
+    env: src.env,
+    abortController: input.abortController,
+    queryInterrupt: input.queryInterrupt
+  };
+}
+
 // src/tools/claude-code.ts
 async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, requestSignal) {
-  const cwd = input.cwd !== void 0 ? input.cwd : serverCwd;
+  const cwdProvided = input.cwd !== void 0;
+  const cwd = cwdProvided ? input.cwd : serverCwd;
   if (typeof cwd !== "string" || cwd.trim() === "") {
     return {
       sessionId: "",
@@ -1116,63 +1771,96 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
       error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd must be a non-empty string.`
     };
   }
+  const normalizedCwd = normalizeWindowsPathLike(cwd);
+  if (cwdProvided && !existsSync2(normalizedCwd)) {
+    return {
+      sessionId: "",
+      status: "error",
+      error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd path does not exist: ${normalizedCwd}`
+    };
+  }
+  if (cwdProvided) {
+    try {
+      if (!statSync(normalizedCwd).isDirectory()) {
+        return {
+          sessionId: "",
+          status: "error",
+          error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd must be a directory: ${normalizedCwd}`
+        };
+      }
+    } catch (err) {
+      const detail = err instanceof Error ? ` (${err.message})` : "";
+      return {
+        sessionId: "",
+        status: "error",
+        error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd is not accessible: ${normalizedCwd}${detail}`
+      };
+    }
+  }
+  if (!sessionManager.hasCapacityFor(1)) {
+    return {
+      sessionId: "",
+      status: "error",
+      error: `Error [${"RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */}]: Too many sessions (limit: ${sessionManager.getMaxSessions()}).`
+    };
+  }
   const abortController = new AbortController();
   const adv = input.advanced ?? {};
   const permissionRequestTimeoutMs = input.permissionRequestTimeoutMs ?? 6e4;
-  const sessionInitTimeoutMs = adv.sessionInitTimeoutMs ?? 1e4;
+  const sessionInitTimeoutMs = adv.sessionInitTimeoutMs ?? input.sessionInitTimeoutMs ?? 1e4;
+  const compatWarnings = [];
+  if (input.sessionInitTimeoutMs !== void 0) {
+    compatWarnings.push(
+      "Top-level sessionInitTimeoutMs for claude_code is a compatibility alias; prefer advanced.sessionInitTimeoutMs."
+    );
+  }
+  if (input.sessionInitTimeoutMs !== void 0 && adv.sessionInitTimeoutMs !== void 0 && input.sessionInitTimeoutMs !== adv.sessionInitTimeoutMs) {
+    compatWarnings.push(
+      `Both advanced.sessionInitTimeoutMs (${adv.sessionInitTimeoutMs}) and top-level sessionInitTimeoutMs (${input.sessionInitTimeoutMs}) were provided; using advanced.sessionInitTimeoutMs.`
+    );
+  }
   const flat = {
-    cwd,
+    cwd: normalizedCwd,
     allowedTools: input.allowedTools,
     disallowedTools: input.disallowedTools,
+    strictAllowedTools: input.strictAllowedTools ?? adv.strictAllowedTools,
     maxTurns: input.maxTurns,
     model: input.model,
     systemPrompt: input.systemPrompt,
-    ...adv
+    ...adv,
+    effort: input.effort ?? adv.effort,
+    thinking: input.thinking ?? adv.thinking
+  };
+  const normalizedFlat = {
+    ...flat,
+    cwd: normalizeWindowsPathLike(flat.cwd),
+    additionalDirectories: flat.additionalDirectories !== void 0 ? normalizeWindowsPathArray(flat.additionalDirectories) : void 0,
+    debugFile: flat.debugFile !== void 0 ? normalizeWindowsPathLike(flat.debugFile) : void 0,
+    pathToClaudeCodeExecutable: flat.pathToClaudeCodeExecutable !== void 0 ? normalizeWindowsPathLike(flat.pathToClaudeCodeExecutable) : void 0
   };
   try {
     const handle = consumeQuery({
       mode: "start",
       prompt: input.prompt,
       abortController,
-      options: buildOptions(flat),
+      options: buildOptions(normalizedFlat),
       permissionRequestTimeoutMs,
       sessionInitTimeoutMs,
       sessionManager,
       toolCache,
       onInit: (init) => {
         if (sessionManager.get(init.session_id)) return;
-        sessionManager.create({
-          sessionId: init.session_id,
-          cwd,
-          model: input.model,
-          permissionMode: "default",
-          allowedTools: input.allowedTools,
-          disallowedTools: input.disallowedTools,
-          tools: adv.tools,
-          maxTurns: input.maxTurns,
-          systemPrompt: input.systemPrompt,
-          agents: adv.agents,
-          maxBudgetUsd: adv.maxBudgetUsd,
-          effort: adv.effort,
-          betas: adv.betas,
-          additionalDirectories: adv.additionalDirectories,
-          outputFormat: adv.outputFormat,
-          thinking: adv.thinking,
-          persistSession: adv.persistSession,
-          pathToClaudeCodeExecutable: adv.pathToClaudeCodeExecutable,
-          agent: adv.agent,
-          mcpServers: adv.mcpServers,
-          sandbox: adv.sandbox,
-          fallbackModel: adv.fallbackModel,
-          enableFileCheckpointing: adv.enableFileCheckpointing,
-          includePartialMessages: adv.includePartialMessages,
-          strictMcpConfig: adv.strictMcpConfig,
-          settingSources: adv.settingSources ?? DEFAULT_SETTING_SOURCES,
-          debug: adv.debug,
-          debugFile: adv.debugFile,
-          env: adv.env,
-          abortController
-        });
+        sessionManager.create(
+          toSessionCreateParams({
+            sessionId: init.session_id,
+            source: normalizedFlat,
+            permissionMode: "default",
+            abortController,
+            queryInterrupt: () => {
+              handle.interrupt();
+            }
+          })
+        );
       }
     });
     const sessionId = await raceWithAbort(
@@ -1185,7 +1873,8 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
       sessionId,
       status: "running",
       pollInterval: 3e3,
-      resumeToken: resumeSecret ? computeResumeToken(sessionId, resumeSecret) : void 0
+      resumeToken: resumeSecret ? computeResumeToken(sessionId, resumeSecret) : void 0,
+      compatWarnings: compatWarnings.length > 0 ? compatWarnings : void 0
     };
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
@@ -1198,9 +1887,45 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
 }
 
 // src/tools/claude-code-reply.ts
-function toStartError(sessionId, err) {
-  const message = err instanceof Error ? err.message : String(err);
-  const errorText = message.includes("Error [") ? message : `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`;
+import { existsSync as existsSync3, statSync as statSync2 } from "fs";
+import os2 from "os";
+import path3 from "path";
+function normalizeAndAssertCwd(cwd, contextLabel) {
+  const normalizedCwd = normalizeWindowsPathLike(cwd);
+  const resolvedCwd = resolvePortableTmpAlias(normalizedCwd);
+  if (!existsSync3(resolvedCwd)) {
+    throw new Error(
+      `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: ${contextLabel} path does not exist: ${resolvedCwd}`
+    );
+  }
+  try {
+    const stat = statSync2(resolvedCwd);
+    if (!stat.isDirectory()) {
+      throw new Error(
+        `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: ${contextLabel} must be a directory: ${resolvedCwd}`
+      );
+    }
+  } catch (err) {
+    if (err instanceof Error && err.message.includes("Error [")) throw err;
+    const detail = err instanceof Error ? ` (${err.message})` : "";
+    throw new Error(
+      `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: ${contextLabel} is not accessible: ${resolvedCwd}${detail}`
+    );
+  }
+  return resolvedCwd;
+}
+function resolvePortableTmpAlias(cwd) {
+  if (process.platform !== "win32") return cwd;
+  const normalized = cwd.replace(/\\/g, "/");
+  if (normalized === "/tmp") return os2.tmpdir();
+  if (normalized.startsWith("/tmp/")) {
+    return path3.join(os2.tmpdir(), normalized.slice("/tmp/".length));
+  }
+  return cwd;
+}
+function toStartError(sessionId, err) {
+  const message = err instanceof Error ? err.message : String(err);
+  const errorText = message.includes("Error [") ? message : `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`;
   return {
     agentResult: {
       sessionId,
@@ -1217,13 +1942,24 @@ function buildOptionsFromDiskResume(dr) {
   if (dr.cwd === void 0 || typeof dr.cwd !== "string" || dr.cwd.trim() === "") {
     throw new Error(`Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd must be provided for disk resume.`);
   }
-  return buildOptions(dr);
+  const normalizedCwd = normalizeAndAssertCwd(dr.cwd, "disk resume cwd");
+  return buildOptions({
+    ...dr,
+    cwd: normalizedCwd
+  });
 }
 async function executeClaudeCodeReply(input, sessionManager, toolCache, requestSignal) {
   const permissionRequestTimeoutMs = input.permissionRequestTimeoutMs ?? 6e4;
   const sessionInitTimeoutMs = input.sessionInitTimeoutMs ?? 1e4;
   const existing = sessionManager.get(input.sessionId);
   if (!existing) {
+    if (!sessionManager.hasCapacityFor(1)) {
+      return {
+        sessionId: input.sessionId,
+        status: "error",
+        error: `Error [${"RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */}]: Too many sessions (limit: ${sessionManager.getMaxSessions()}).`
+      };
+    }
     const allowDiskResume = process.env.CLAUDE_CODE_MCP_ALLOW_DISK_RESUME === "1";
     if (!allowDiskResume) {
       return {
@@ -1232,7 +1968,8 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         error: `Error [${"SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */}]: Session '${input.sessionId}' not found or expired.`
       };
     }
-    const resumeSecret = getResumeSecret();
+    const resumeSecrets = getResumeSecrets();
+    const resumeSecret = resumeSecrets[0];
     if (!resumeSecret) {
       return {
         sessionId: input.sessionId,
@@ -1248,8 +1985,7 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         error: `Error [${"PERMISSION_DENIED" /* PERMISSION_DENIED */}]: resumeToken is required for disk resume fallback.`
       };
     }
-    const expectedToken = computeResumeToken(input.sessionId, resumeSecret);
-    if (dr.resumeToken !== expectedToken) {
+    if (!isValidResumeToken(input.sessionId, dr.resumeToken, resumeSecrets)) {
       return {
         sessionId: input.sessionId,
         status: "error",
@@ -1259,40 +1995,29 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
     try {
       const abortController2 = new AbortController();
       const options2 = buildOptionsFromDiskResume(dr);
-      sessionManager.create({
-        sessionId: input.sessionId,
+      if (input.effort !== void 0) options2.effort = input.effort;
+      if (input.thinking !== void 0) options2.thinking = input.thinking;
+      const { resumeToken: _resumeToken, ...rest } = dr;
+      void _resumeToken;
+      const source = {
+        ...rest,
         cwd: options2.cwd ?? dr.cwd ?? "",
-        model: dr.model,
-        permissionMode: "default",
-        allowedTools: dr.allowedTools,
-        disallowedTools: dr.disallowedTools,
-        tools: dr.tools,
-        maxTurns: dr.maxTurns,
-        systemPrompt: dr.systemPrompt,
-        agents: dr.agents,
-        maxBudgetUsd: dr.maxBudgetUsd,
-        effort: dr.effort,
-        betas: dr.betas,
-        additionalDirectories: dr.additionalDirectories,
-        outputFormat: dr.outputFormat,
-        thinking: dr.thinking,
-        persistSession: dr.persistSession,
-        pathToClaudeCodeExecutable: dr.pathToClaudeCodeExecutable,
-        agent: dr.agent,
-        mcpServers: dr.mcpServers,
-        sandbox: dr.sandbox,
-        fallbackModel: dr.fallbackModel,
-        enableFileCheckpointing: dr.enableFileCheckpointing,
-        includePartialMessages: dr.includePartialMessages,
-        strictMcpConfig: dr.strictMcpConfig,
-        settingSources: dr.settingSources ?? DEFAULT_SETTING_SOURCES,
-        debug: dr.debug,
-        debugFile: dr.debugFile,
-        env: dr.env,
-        abortController: abortController2
-      });
+        additionalDirectories: options2.additionalDirectories ?? rest.additionalDirectories,
+        debugFile: options2.debugFile ?? rest.debugFile,
+        pathToClaudeCodeExecutable: options2.pathToClaudeCodeExecutable ?? rest.pathToClaudeCodeExecutable,
+        effort: input.effort ?? rest.effort,
+        thinking: input.thinking ?? rest.thinking
+      };
+      sessionManager.create(
+        toSessionCreateParams({
+          sessionId: input.sessionId,
+          source,
+          permissionMode: "default",
+          abortController: abortController2
+        })
+      );
       try {
-        consumeQuery({
+        const handle = consumeQuery({
           mode: "disk-resume",
           sessionId: input.sessionId,
           prompt: input.prompt,
@@ -1303,6 +2028,11 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
           sessionManager,
           toolCache
         });
+        sessionManager.update(input.sessionId, {
+          queryInterrupt: () => {
+            handle.interrupt();
+          }
+        });
       } catch (err) {
         const { agentResult, errorText } = toStartError(input.sessionId, err);
         sessionManager.setResult(input.sessionId, {
@@ -1315,7 +2045,11 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
           data: agentResult,
           timestamp: (/* @__PURE__ */ new Date()).toISOString()
         });
-        sessionManager.update(input.sessionId, { status: "error", abortController: void 0 });
+        sessionManager.update(input.sessionId, {
+          status: "error",
+          abortController: void 0,
+          queryInterrupt: void 0
+        });
         return { sessionId: input.sessionId, status: "error", error: errorText };
       }
       return {
@@ -1337,7 +2071,11 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
           data: agentResult,
           timestamp: (/* @__PURE__ */ new Date()).toISOString()
         });
-        sessionManager.update(input.sessionId, { status: "error", abortController: void 0 });
+        sessionManager.update(input.sessionId, {
+          status: "error",
+          abortController: void 0,
+          queryInterrupt: void 0
+        });
       }
       return {
         sessionId: input.sessionId,
@@ -1371,8 +2109,31 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
       error: current ? `Error [${"SESSION_BUSY" /* SESSION_BUSY */}]: Session is not available (status: ${current.status}).` : `Error [${"SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */}]: Session '${input.sessionId}' not found or expired.`
     };
   }
-  const options = buildOptions(existing);
+  const session = acquired;
+  const normalizedCwd = normalizeAndAssertCwd(session.cwd, "session cwd");
+  const options = buildOptions(session);
+  options.cwd = normalizedCwd;
   if (input.forkSession) options.forkSession = true;
+  if (input.forkSession && !sessionManager.hasCapacityFor(1)) {
+    sessionManager.update(input.sessionId, { status: originalStatus, abortController: void 0 });
+    return {
+      sessionId: input.sessionId,
+      status: "error",
+      error: `Error [${"RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */}]: Too many sessions (limit: ${sessionManager.getMaxSessions()}).`
+    };
+  }
+  const sourceOverrides = {
+    effort: input.effort ?? session.effort,
+    thinking: input.thinking ?? session.thinking
+  };
+  if (input.effort !== void 0) options.effort = input.effort;
+  if (input.thinking !== void 0) options.thinking = input.thinking;
+  if (!input.forkSession && (input.effort !== void 0 || input.thinking !== void 0)) {
+    const patch = {};
+    if (input.effort !== void 0) patch.effort = input.effort;
+    if (input.thinking !== void 0) patch.thinking = input.thinking;
+    sessionManager.update(input.sessionId, patch);
+  }
   try {
     const handle = consumeQuery({
       mode: "resume",
@@ -1388,46 +2149,33 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
       onInit: (init) => {
         if (!input.forkSession) return;
         if (init.session_id === input.sessionId) return;
-        if (!sessionManager.get(init.session_id)) {
-          sessionManager.create({
-            sessionId: init.session_id,
-            cwd: existing.cwd,
-            model: existing.model,
-            permissionMode: "default",
-            allowedTools: existing.allowedTools,
-            disallowedTools: existing.disallowedTools,
-            tools: existing.tools,
-            maxTurns: existing.maxTurns,
-            systemPrompt: existing.systemPrompt,
-            agents: existing.agents,
-            maxBudgetUsd: existing.maxBudgetUsd,
-            effort: existing.effort,
-            betas: existing.betas,
-            additionalDirectories: existing.additionalDirectories,
-            outputFormat: existing.outputFormat,
-            thinking: existing.thinking,
-            persistSession: existing.persistSession,
-            pathToClaudeCodeExecutable: existing.pathToClaudeCodeExecutable,
-            agent: existing.agent,
-            mcpServers: existing.mcpServers,
-            sandbox: existing.sandbox,
-            fallbackModel: existing.fallbackModel,
-            enableFileCheckpointing: existing.enableFileCheckpointing,
-            includePartialMessages: existing.includePartialMessages,
-            strictMcpConfig: existing.strictMcpConfig,
-            settingSources: existing.settingSources ?? DEFAULT_SETTING_SOURCES,
-            debug: existing.debug,
-            debugFile: existing.debugFile,
-            env: existing.env,
-            abortController
-          });
-        }
         sessionManager.update(input.sessionId, {
           status: originalStatus,
-          abortController: void 0
+          abortController: void 0,
+          queryInterrupt: void 0
         });
+        if (!sessionManager.get(init.session_id)) {
+          sessionManager.create(
+            toSessionCreateParams({
+              sessionId: init.session_id,
+              source: { ...session, ...sourceOverrides },
+              permissionMode: "default",
+              abortController,
+              queryInterrupt: () => {
+                handle.interrupt();
+              }
+            })
+          );
+        }
       }
     });
+    if (!input.forkSession) {
+      sessionManager.update(input.sessionId, {
+        queryInterrupt: () => {
+          handle.interrupt();
+        }
+      });
+    }
     const sessionId = input.forkSession ? await raceWithAbort(
       handle.sdkSessionIdPromise,
       requestSignal,
@@ -1452,7 +2200,8 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
     if (input.forkSession) {
       sessionManager.update(input.sessionId, {
         status: originalStatus,
-        abortController: void 0
+        abortController: void 0,
+        queryInterrupt: void 0
       });
     } else {
       sessionManager.setResult(input.sessionId, {
@@ -1465,7 +2214,11 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         data: agentResult,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
-      sessionManager.update(input.sessionId, { status: "error", abortController: void 0 });
+      sessionManager.update(input.sessionId, {
+        status: "error",
+        abortController: void 0,
+        queryInterrupt: void 0
+      });
     }
     return {
       sessionId: input.sessionId,
@@ -1476,77 +2229,97 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
 }
 
 // src/tools/tool-discovery.ts
+var DEFAULT_PERMISSION_MODEL = "policy_controlled";
+var DEFAULT_SCHEMA_AVAILABILITY = "none";
 var TOOL_CATALOG = {
   Bash: {
-    description: "Run shell commands (e.g. npm install, git commit, ls) in the project directory.",
-    category: "execute"
+    description: "Run shell commands",
+    category: "execute",
+    notes: ["Execution may require permission approval depending on session policy."]
   },
   Read: {
-    description: "Read the contents of a file given its path (large files may hit per-call size caps; use offset/limit or Grep chunking).",
-    category: "file_read"
+    description: "Read file contents (large files: use offset/limit or Grep)",
+    category: "file_read",
+    notes: ["Large reads are often capped by the backend; use offset/limit when needed."]
   },
   Write: {
-    description: "Create a new file or completely replace an existing file's contents.",
+    description: "Create or overwrite files",
     category: "file_write"
   },
   Edit: {
-    description: "Make targeted changes to specific parts of an existing file without rewriting the whole file (replace_all is substring-based).",
+    description: "Targeted edits (replace_all is substring-based)",
     category: "file_write"
   },
   Glob: {
-    description: "Find files by name pattern (e.g. '**/*.ts' finds all TypeScript files).",
+    description: "Find files by glob pattern",
     category: "file_read"
   },
   Grep: {
-    description: "Search inside files for text or regex patterns (like grep/ripgrep).",
+    description: "Search file contents (regex)",
     category: "file_read"
   },
   NotebookEdit: {
-    description: "Edit individual cells in Jupyter notebooks (.ipynb files) (expects native Windows paths; this server normalizes /d/... when possible).",
+    description: "Edit Jupyter notebook cells (Windows paths normalized)",
     category: "file_write"
   },
   WebFetch: {
-    description: "Download and read the content of a web page or API endpoint.",
+    description: "Fetch web page or API content",
     category: "network"
   },
-  WebSearch: { description: "Search the web and return relevant results.", category: "network" },
+  WebSearch: { description: "Web search", category: "network" },
   Task: {
-    description: "Spawn a subagent to handle a subtask independently (requires this tool to be in allowedTools).",
-    category: "agent"
+    description: "Spawn subagent (must be in allowedTools)",
+    category: "agent",
+    availabilityConditions: ["Requires Task to be visible and approved by session policy."]
   },
-  TaskOutput: { description: "Get the output from a background subagent task.", category: "agent" },
-  TaskStop: { description: "Cancel a running background subagent task.", category: "agent" },
+  TaskOutput: { description: "Get subagent output", category: "agent" },
+  TaskStop: { description: "Cancel subagent", category: "agent" },
   TodoWrite: {
-    description: "Create and update a structured task/todo checklist.",
+    description: "Task/todo checklist",
     category: "agent"
   },
   AskUserQuestion: {
-    description: "Ask the user a question and wait for their answer before continuing.",
+    description: "Ask user a question",
     category: "interaction"
   },
   TeamDelete: {
-    description: "Delete a team and its resources (may require all active members to shutdown_approved; cleanup may complete asynchronously).",
-    category: "agent"
+    description: "Delete team (may need shutdown_approved first)",
+    category: "agent",
+    notes: ["Team cleanup can be asynchronous during shutdown."]
   }
 };
 function uniq(items) {
   return Array.from(new Set(items));
 }
+function withToolDefaults(tool) {
+  return {
+    ...tool,
+    permissionModel: tool.permissionModel ?? DEFAULT_PERMISSION_MODEL,
+    schemaAvailability: tool.schemaAvailability ?? DEFAULT_SCHEMA_AVAILABILITY
+  };
+}
 function discoverToolsFromInit(initTools) {
   const names = uniq(initTools.filter((t) => typeof t === "string" && t.trim() !== ""));
-  return names.map((name) => ({
-    name,
-    description: TOOL_CATALOG[name]?.description ?? name,
-    category: TOOL_CATALOG[name]?.category
-  }));
+  return names.map(
+    (name) => withToolDefaults({
+      name,
+      description: TOOL_CATALOG[name]?.description ?? name,
+      category: TOOL_CATALOG[name]?.category,
+      availabilityConditions: TOOL_CATALOG[name]?.availabilityConditions,
+      platformConstraints: TOOL_CATALOG[name]?.platformConstraints,
+      notes: TOOL_CATALOG[name]?.notes
+    })
+  );
 }
 function defaultCatalogTools() {
-  return Object.keys(TOOL_CATALOG).sort((a, b) => a.localeCompare(b)).map((name) => ({ name, ...TOOL_CATALOG[name] }));
+  return Object.keys(TOOL_CATALOG).sort((a, b) => a.localeCompare(b)).map((name) => withToolDefaults({ name, ...TOOL_CATALOG[name] }));
 }
 var ToolDiscoveryCache = class {
   cached;
-  constructor(initial) {
+  onUpdated;
+  constructor(initial, onUpdated) {
     this.cached = initial ?? defaultCatalogTools();
+    this.onUpdated = onUpdated;
   }
   getTools() {
     return this.cached;
@@ -1555,7 +2328,13 @@ var ToolDiscoveryCache = class {
     const discovered = discoverToolsFromInit(initTools);
     const next = mergeToolLists(discovered, defaultCatalogTools());
     const updated = JSON.stringify(next) !== JSON.stringify(this.cached);
-    if (updated) this.cached = next;
+    if (updated) {
+      this.cached = next;
+      try {
+        this.onUpdated?.(this.cached);
+      } catch {
+      }
+    }
     return { updated, tools: this.cached };
   }
 };
@@ -1580,9 +2359,8 @@ function groupByCategory(tools) {
 function buildInternalToolsDescription(tools) {
   const grouped = groupByCategory(tools);
   const categories = Object.keys(grouped).sort((a, b) => a.localeCompare(b));
-  let desc = 'Start a new Claude Code agent session.\n\nLaunches an autonomous coding agent that can read/write files, run shell commands, search code, manage git, access the web, and more. Returns immediately with a sessionId \u2014 the agent runs asynchronously in the background.\n\nWorkflow:\n1. Call claude_code with a prompt \u2192 returns { sessionId, status: "running", pollInterval }\n2. Poll with claude_code_check (action="poll") to receive progress events and the final result\n3. If the agent needs permission for a tool call, approve or deny via claude_code_check (action="respond_permission")\n\n';
-  desc += "Defaults:\n- settingSources: ['user', 'project', 'local'] (loads ~/.claude/settings.json, .claude/settings.json, .claude/settings.local.json, and CLAUDE.md)\n- persistSession: true\n- sessionInitTimeoutMs: 10000\n- permissionRequestTimeoutMs: 60000\n- allowedTools/disallowedTools: [] (none)\n- resumeToken: omitted unless CLAUDE_CODE_MCP_RESUME_SECRET is set on the server\n- Permission prompts auto-deny on timeout; use claude_code_check actions[].expiresAt/remainingMs\n\n";
-  desc += "Internal tools available to the agent (use allowedTools/disallowedTools to control approval policy; authoritative list returned by claude_code_check with includeTools=true):\n";
+  let desc = "Start a Claude Code session and return sessionId.\nUse claude_code_check to poll events/results and handle permissions.\n\n";
+  desc += "Internal tools (authoritative list: includeTools=true in claude_code_check):\n";
   for (const category of categories) {
     desc += `
 [${category}]
@@ -1592,8 +2370,7 @@ function buildInternalToolsDescription(tools) {
 `;
     }
   }
-  desc += "\nSecurity: You MUST configure allowedTools/disallowedTools based on your own permission scope. Only allow tools that you yourself are authorized to perform \u2014 do not grant the agent broader permissions than you have. For example, if you lack write access to a directory, do not include Write/Edit in allowedTools. When in doubt, leave both lists empty and review each permission request individually via claude_code_check.\n\n";
-  desc += 'Use `allowedTools` to pre-approve tools (no permission prompts). Use `disallowedTools` to permanently block specific tools. Any tool not in either list will pause the session (status: "waiting_permission") until approved or denied via claude_code_check.\n';
+  desc += "\nPermission control: allowedTools auto-approves; disallowedTools always denies; others require approval.\n";
   return desc;
 }
 
@@ -1604,7 +2381,7 @@ function pollIntervalForStatus(status) {
   return void 0;
 }
 function toPermissionResult(params) {
-  if (params.decision === "allow") {
+  if (params.decision === "allow" || params.decision === "allow_for_session") {
     return {
       behavior: "allow",
       updatedInput: params.updatedInput,
@@ -1617,6 +2394,19 @@ function toPermissionResult(params) {
     interrupt: params.interrupt
   };
 }
+function appendAllowForSessionUpdate(updates, toolName) {
+  const normalizedToolName = toolName?.trim();
+  if (!normalizedToolName) return updates;
+  return [
+    ...updates ?? [],
+    {
+      type: "addRules",
+      behavior: "allow",
+      destination: "session",
+      rules: [{ toolName: normalizedToolName }]
+    }
+  ];
+}
 function slimAssistantData(data) {
   if (!data || typeof data !== "object") return data;
   const d = data;
@@ -1652,18 +2442,169 @@ function toEvents(events, opts) {
     return { id: e.id, type: e.type, data: e.data, timestamp: e.timestamp };
   });
 }
+function uniqSorted(values) {
+  if (!Array.isArray(values) || values.length === 0) return [];
+  const filtered = values.filter((v) => typeof v === "string").map((v) => v.trim()).filter(Boolean);
+  return Array.from(new Set(filtered)).sort((a, b) => a.localeCompare(b));
+}
+function detectPathCompatibilityWarnings(session) {
+  if (!session) return [];
+  const cwd = session.cwd;
+  if (typeof cwd !== "string" || cwd.trim() === "") return [];
+  const warnings = [];
+  if (process.platform === "win32" && cwd.startsWith("/") && !cwd.startsWith("//")) {
+    warnings.push(
+      `cwd '${cwd}' looks POSIX-style on Windows. Consider using a Windows path (e.g. C:\\\\repo) to avoid path compatibility issues.`
+    );
+  }
+  if (process.platform !== "win32" && /^[a-zA-Z]:[\\/]/.test(cwd)) {
+    warnings.push(
+      `cwd '${cwd}' looks Windows-style on ${process.platform}. This may indicate cross-platform path mismatch (for example WSL boundary).`
+    );
+  }
+  if (process.platform !== "win32" && cwd.startsWith("\\\\")) {
+    warnings.push(
+      `cwd '${cwd}' looks like a Windows UNC path on ${process.platform}. Confirm MCP client/server run on the same platform.`
+    );
+  }
+  if (process.platform === "win32" && Array.isArray(session.additionalDirectories)) {
+    for (const dir of session.additionalDirectories) {
+      if (typeof dir === "string" && dir.startsWith("/") && !dir.startsWith("//")) {
+        warnings.push(
+          `additionalDirectories contains POSIX-style path '${dir}' on Windows. Consider using a Windows path to avoid path compatibility issues.`
+        );
+      }
+    }
+  }
+  return warnings;
+}
+function isPosixHomePath(value) {
+  return /^\/home\/[^/\s]+(?:\/|$)/.test(value);
+}
+function extractPosixHomePath(value) {
+  const match = value.match(/\/home\/[^/\s"'`]+(?:\/[^\s"'`]*)?/);
+  return match?.[0];
+}
+function detectPendingPermissionPathWarnings(pending, session) {
+  if (process.platform !== "win32" || pending.length === 0) return [];
+  const cwd = session?.cwd;
+  const cwdHint = typeof cwd === "string" && cwd.trim() !== "" ? ` under cwd '${cwd}'` : " under the current cwd";
+  const warnings = [];
+  for (const req of pending) {
+    const candidates = [];
+    if (typeof req.blockedPath === "string") candidates.push(req.blockedPath);
+    const filePath = req.input.file_path;
+    if (typeof filePath === "string") candidates.push(filePath);
+    const pathFields = [
+      "path",
+      "directory",
+      "folder",
+      "cwd",
+      "dest",
+      "destination",
+      "source",
+      "target"
+    ];
+    for (const field of pathFields) {
+      const val = req.input[field];
+      if (typeof val === "string") candidates.push(val);
+    }
+    const command = req.input.command;
+    if (typeof command === "string") {
+      const embeddedPath = extractPosixHomePath(command);
+      if (embeddedPath) candidates.push(embeddedPath);
+    }
+    const badPath = candidates.find((p) => isPosixHomePath(p));
+    if (!badPath) continue;
+    warnings.push(
+      `Permission request '${req.requestId}' uses POSIX home path '${badPath}' on Windows. Prefer an absolute Windows path${cwdHint} to avoid out-of-bounds permission prompts.`
+    );
+  }
+  return warnings;
+}
+function computeToolValidation(session, initTools) {
+  if (!session) return { summary: void 0, warnings: [] };
+  const allowedTools = uniqSorted(session.allowedTools);
+  const disallowedTools = uniqSorted(session.disallowedTools);
+  const warnings = [];
+  if (allowedTools.length > 0 && session.strictAllowedTools !== true) {
+    warnings.push(
+      "allowedTools currently acts as pre-approval only. Set strictAllowedTools=true to enforce a strict allowlist."
+    );
+  }
+  if (allowedTools.length === 0 && disallowedTools.length === 0) {
+    return { summary: void 0, warnings };
+  }
+  if (!Array.isArray(initTools) || initTools.length === 0) {
+    return {
+      summary: {
+        runtimeToolsKnown: false,
+        unknownAllowedTools: [],
+        unknownDisallowedTools: []
+      },
+      warnings: [
+        ...warnings,
+        "Runtime tool list is not available yet; unknown allowedTools/disallowedTools names cannot be validated until system/init tools arrive."
+      ]
+    };
+  }
+  const runtime = new Set(
+    initTools.filter((name) => typeof name === "string").map((name) => name.trim()).filter(Boolean)
+  );
+  const unknownAllowedTools = allowedTools.filter((name) => !runtime.has(name));
+  const unknownDisallowedTools = disallowedTools.filter((name) => !runtime.has(name));
+  if (unknownAllowedTools.length > 0) {
+    warnings.push(
+      `Unknown allowedTools (not present in runtime tools): ${unknownAllowedTools.join(", ")}.`
+    );
+  }
+  if (unknownDisallowedTools.length > 0) {
+    warnings.push(
+      `Unknown disallowedTools (not present in runtime tools): ${unknownDisallowedTools.join(", ")}.`
+    );
+  }
+  return {
+    summary: {
+      runtimeToolsKnown: true,
+      unknownAllowedTools,
+      unknownDisallowedTools
+    },
+    warnings
+  };
+}
+function byteLength(value) {
+  return new TextEncoder().encode(JSON.stringify(value)).length;
+}
+function capEventsByBytes(events, maxBytes) {
+  if (!Number.isFinite(maxBytes) || typeof maxBytes !== "number" || maxBytes <= 0) {
+    return { events, truncated: false };
+  }
+  const budget = Math.floor(maxBytes);
+  const kept = [];
+  let bytes = 2;
+  for (const evt of events) {
+    const evtBytes = byteLength(evt);
+    const separatorBytes = kept.length === 0 ? 0 : 1;
+    if (bytes + separatorBytes + evtBytes > budget) break;
+    kept.push(evt);
+    bytes += separatorBytes + evtBytes;
+  }
+  return { events: kept, truncated: kept.length < events.length };
+}
 function buildResult(sessionManager, toolCache, input) {
   const responseMode = input.responseMode ?? "minimal";
+  const compactMode = responseMode === "delta_compact";
   const po = input.pollOptions ?? {};
   const includeTools = po.includeTools;
-  const includeEvents = po.includeEvents ?? true;
+  const includeEvents = po.includeEvents ?? !compactMode;
   const includeActions = po.includeActions ?? true;
-  const includeResult = po.includeResult ?? true;
+  const includeResult = po.includeResult ?? !compactMode;
   const includeUsage = po.includeUsage ?? responseMode === "full";
   const includeModelUsage = po.includeModelUsage ?? responseMode === "full";
   const includeStructuredOutput = po.includeStructuredOutput ?? responseMode === "full";
   const includeTerminalEvents = po.includeTerminalEvents ?? responseMode === "full";
   const includeProgressEvents = po.includeProgressEvents ?? responseMode === "full";
+  const maxBytes = po.maxBytes;
   const maxEvents = input.maxEvents ?? (responseMode === "minimal" ? 200 : void 0);
   const sessionId = input.sessionId;
   const session = sessionManager.get(sessionId);
@@ -1676,7 +2617,7 @@ function buildResult(sessionManager, toolCache, input) {
   let truncated = false;
   const truncatedFields = [];
   const windowEvents = maxEvents !== void 0 && rawEvents.length > maxEvents ? rawEvents.slice(0, maxEvents) : rawEvents;
-  const nextCursor = maxEvents !== void 0 && rawEvents.length > maxEvents ? windowEvents.length > 0 ? windowEvents[windowEvents.length - 1].id + 1 : rawNextCursor : rawNextCursor;
+  let nextCursor = maxEvents !== void 0 && rawEvents.length > maxEvents ? windowEvents.length > 0 ? windowEvents[windowEvents.length - 1].id + 1 : rawNextCursor : rawNextCursor;
   if (maxEvents !== void 0 && rawEvents.length > maxEvents) {
     truncated = true;
     truncatedFields.push("events");
@@ -1699,8 +2640,28 @@ function buildResult(sessionManager, toolCache, input) {
   })();
   const pending = status === "waiting_permission" ? sessionManager.listPendingPermissions(sessionId) : [];
   const stored = status === "idle" || status === "error" ? sessionManager.getResult(sessionId) : void 0;
-  const initTools = includeTools ? sessionManager.getInitTools(sessionId) : void 0;
+  const initTools = sessionManager.getInitTools(sessionId);
   const availableTools = includeTools && initTools ? discoverToolsFromInit(initTools) : void 0;
+  const toolValidation = computeToolValidation(session, initTools);
+  const compatWarnings = Array.from(
+    /* @__PURE__ */ new Set([
+      ...toolValidation.warnings,
+      ...detectPathCompatibilityWarnings(session),
+      ...detectPendingPermissionPathWarnings(pending, session)
+    ])
+  );
+  const shapedEvents = toEvents(outputEvents, {
+    includeUsage,
+    includeModelUsage,
+    includeStructuredOutput,
+    slim: responseMode === "minimal" || responseMode === "delta_compact"
+  });
+  const cappedEvents = capEventsByBytes(shapedEvents, maxBytes);
+  if (cappedEvents.truncated) {
+    truncated = true;
+    truncatedFields.push("events_bytes");
+    nextCursor = cappedEvents.events.length > 0 ? cappedEvents.events[cappedEvents.events.length - 1].id + 1 : cursorResetTo ?? input.cursor ?? 0;
+  }
   return {
     sessionId,
     status,
@@ -1708,14 +2669,11 @@ function buildResult(sessionManager, toolCache, input) {
     cursorResetTo,
     truncated: truncated ? true : void 0,
     truncatedFields: truncatedFields.length > 0 ? truncatedFields : void 0,
-    events: toEvents(outputEvents, {
-      includeUsage,
-      includeModelUsage,
-      includeStructuredOutput,
-      slim: responseMode === "minimal"
-    }),
+    events: cappedEvents.events,
     nextCursor,
     availableTools,
+    toolValidation: toolValidation.summary,
+    compatWarnings: compatWarnings.length > 0 ? compatWarnings : void 0,
     actions: includeActions && status === "waiting_permission" ? pending.map((req) => {
       const expiresMs = req.expiresAt ? Date.parse(req.expiresAt) : Number.NaN;
       const remainingMs = Number.isFinite(expiresMs) ? Math.max(0, expiresMs - Date.now()) : void 0;
@@ -1741,7 +2699,7 @@ function buildResult(sessionManager, toolCache, input) {
       includeUsage,
       includeModelUsage,
       includeStructuredOutput,
-      slim: responseMode === "minimal"
+      slim: responseMode === "minimal" || responseMode === "delta_compact"
     }) : void 0,
     cancelledAt: session?.cancelledAt,
     cancelledReason: session?.cancelledReason,
@@ -1775,7 +2733,14 @@ function redactAgentResult(result, opts) {
     structuredOutput: opts.includeStructuredOutput ? structuredOutput : void 0
   };
 }
-function executeClaudeCodeCheck(input, sessionManager, toolCache) {
+function executeClaudeCodeCheck(input, sessionManager, toolCache, requestSignal) {
+  if (requestSignal?.aborted) {
+    return {
+      sessionId: input.sessionId ?? "",
+      error: `Error [${"CANCELLED" /* CANCELLED */}]: request was cancelled.`,
+      isError: true
+    };
+  }
   if (typeof input.sessionId !== "string" || input.sessionId.trim() === "") {
     return {
       sessionId: "",
@@ -1801,20 +2766,25 @@ function executeClaudeCodeCheck(input, sessionManager, toolCache) {
       isError: true
     };
   }
-  if (input.decision !== "allow" && input.decision !== "deny") {
+  if (input.decision !== "allow" && input.decision !== "deny" && input.decision !== "allow_for_session") {
     return {
       sessionId: input.sessionId,
-      error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: decision must be 'allow' or 'deny'.`,
+      error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: decision must be 'allow', 'deny', or 'allow_for_session'.`,
       isError: true
     };
   }
+  const pendingRequest = input.decision === "allow_for_session" ? sessionManager.getPendingPermission(input.sessionId, input.requestId) : void 0;
+  const updatedPermissions = input.decision === "allow_for_session" ? appendAllowForSessionUpdate(
+    input.permissionOptions?.updatedPermissions,
+    pendingRequest?.toolName
+  ) : input.permissionOptions?.updatedPermissions;
   const ok = sessionManager.finishRequest(
     input.sessionId,
     input.requestId,
     toPermissionResult({
       decision: input.decision,
       updatedInput: input.permissionOptions?.updatedInput,
-      updatedPermissions: input.permissionOptions?.updatedPermissions,
+      updatedPermissions,
       denyMessage: input.denyMessage,
       interrupt: input.interrupt
     }),
@@ -1827,12 +2797,63 @@ function executeClaudeCodeCheck(input, sessionManager, toolCache) {
       isError: true
     };
   }
+  if (input.decision === "allow_for_session" && pendingRequest?.toolName) {
+    sessionManager.allowToolForSession(input.sessionId, pendingRequest.toolName);
+  }
   return buildResult(sessionManager, toolCache, input);
 }
 
 // src/tools/claude-code-session.ts
-function executeClaudeCodeSession(input, sessionManager) {
-  const toSessionJson = (s) => input.includeSensitive ? sessionManager.toSensitiveJSON(s) : sessionManager.toPublicJSON(s);
+var ALWAYS_REDACTED_FIELDS = [
+  "env",
+  "mcpServers",
+  "sandbox",
+  "debugFile",
+  "pathToClaudeCodeExecutable"
+];
+var CONDITIONAL_REDACTED_FIELDS = [
+  "cwd",
+  "systemPrompt",
+  "agents",
+  "additionalDirectories"
+];
+function buildRedactions(includeSensitive) {
+  const redactions = [];
+  for (const field of ALWAYS_REDACTED_FIELDS) {
+    redactions?.push({ field, reason: "secret_or_internal" });
+  }
+  if (!includeSensitive) {
+    for (const field of CONDITIONAL_REDACTED_FIELDS) {
+      redactions?.push({ field, reason: "sensitive_by_default" });
+    }
+  }
+  return redactions;
+}
+function executeClaudeCodeSession(input, sessionManager, requestSignal) {
+  if (requestSignal?.aborted) {
+    return {
+      sessions: [],
+      message: `Error [${"CANCELLED" /* CANCELLED */}]: request was cancelled.`,
+      isError: true
+    };
+  }
+  const toSessionJson = (s) => {
+    const base = input.includeSensitive ? sessionManager.toSensitiveJSON(s) : sessionManager.toPublicJSON(s);
+    const stored = sessionManager.getResult(s.sessionId);
+    const lastError = stored?.type === "error" ? stored.result.result : void 0;
+    const lastErrorAt = stored?.type === "error" ? stored.createdAt : void 0;
+    return {
+      ...base,
+      pendingPermissionCount: sessionManager.getPendingPermissionCount(s.sessionId),
+      eventCount: sessionManager.getEventCount(s.sessionId),
+      currentCursor: sessionManager.getCurrentCursor(s.sessionId),
+      lastEventId: sessionManager.getLastEventId(s.sessionId),
+      ttlMs: sessionManager.getRemainingTtlMs(s.sessionId),
+      lastError,
+      lastErrorAt,
+      redactions: buildRedactions(input.includeSensitive)
+    };
+  };
   switch (input.action) {
     case "list": {
       const sessions = sessionManager.list().map((s) => toSessionJson(s));
@@ -1889,21 +2910,64 @@ function executeClaudeCodeSession(input, sessionManager) {
         message: `Session '${input.sessionId}' cancelled.`
       };
     }
+    case "interrupt": {
+      if (!input.sessionId) {
+        return {
+          sessions: [],
+          message: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: sessionId is required for 'interrupt' action.`,
+          isError: true
+        };
+      }
+      const interrupted = sessionManager.interrupt(input.sessionId, {
+        reason: "Interrupted by caller",
+        source: "claude_code_session"
+      });
+      if (!interrupted) {
+        const session = sessionManager.get(input.sessionId);
+        if (!session) {
+          return {
+            sessions: [],
+            message: `Error [${"SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */}]: Session '${input.sessionId}' not found.`,
+            isError: true
+          };
+        }
+        return {
+          sessions: [toSessionJson(session)],
+          message: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Session '${input.sessionId}' is not running (status: ${session.status}).`,
+          isError: true
+        };
+      }
+      const updated = sessionManager.get(input.sessionId);
+      return {
+        sessions: updated ? [toSessionJson(updated)] : [],
+        message: `Session '${input.sessionId}' interrupted.`
+      };
+    }
     default:
       return {
         sessions: [],
-        message: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Unknown action '${input.action}'. Use 'list', 'get', or 'cancel'.`,
+        message: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Unknown action '${input.action}'. Use 'list', 'get', 'cancel', or 'interrupt'.`,
         isError: true
       };
   }
 }
 
 // src/resources/register-resources.ts
+import { ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { createHash } from "crypto";
 var RESOURCE_SCHEME = "claude-code-mcp";
 var RESOURCE_URIS = {
   serverInfo: `${RESOURCE_SCHEME}:///server-info`,
   internalTools: `${RESOURCE_SCHEME}:///internal-tools`,
-  gotchas: `${RESOURCE_SCHEME}:///gotchas`
+  gotchas: `${RESOURCE_SCHEME}:///gotchas`,
+  quickstart: `${RESOURCE_SCHEME}:///quickstart`,
+  errors: `${RESOURCE_SCHEME}:///errors`,
+  compatReport: `${RESOURCE_SCHEME}:///compat-report`
+};
+var RESOURCE_TEMPLATES = {
+  sessionById: `${RESOURCE_SCHEME}:///session/{sessionId}`,
+  runtimeTools: `${RESOURCE_SCHEME}:///tools/runtime{?sessionId}`,
+  compatDiff: `${RESOURCE_SCHEME}:///compat/diff{?client}`
 };
 function asTextResource(uri, text, mimeType) {
   return {
@@ -1916,31 +2980,189 @@ function asTextResource(uri, text, mimeType) {
     ]
   };
 }
+function asJsonResource(uri, value) {
+  return asTextResource(uri, JSON.stringify(value, null, 2), "application/json");
+}
+function serializeLimit(limit) {
+  return Number.isFinite(limit) ? limit : "unlimited";
+}
+function computeEtag(value) {
+  return createHash("sha256").update(JSON.stringify(value)).digest("hex").slice(0, 16);
+}
+function extractSingleVariable(value) {
+  if (typeof value === "string" && value.trim() !== "") return value;
+  if (Array.isArray(value) && typeof value[0] === "string" && value[0].trim() !== "")
+    return value[0];
+  return void 0;
+}
+function buildSessionRedactions(includeSensitive) {
+  const redactions = [
+    { field: "env", reason: "secret_or_internal" },
+    { field: "mcpServers", reason: "secret_or_internal" },
+    { field: "sandbox", reason: "secret_or_internal" },
+    { field: "debugFile", reason: "secret_or_internal" },
+    { field: "pathToClaudeCodeExecutable", reason: "secret_or_internal" }
+  ];
+  if (!includeSensitive) {
+    redactions.push(
+      { field: "cwd", reason: "sensitive_by_default" },
+      { field: "systemPrompt", reason: "sensitive_by_default" },
+      { field: "agents", reason: "sensitive_by_default" },
+      { field: "additionalDirectories", reason: "sensitive_by_default" }
+    );
+  }
+  return redactions;
+}
+function buildGotchasEntries() {
+  return [
+    {
+      id: "permission-timeout",
+      title: "Permission requests auto-deny on timeout",
+      severity: "high",
+      appliesTo: ["claude_code_check.actions", "permission workflow"],
+      symptom: "Session waits for approval, then tool call is denied without explicit caller decision.",
+      detection: "Observe actions[].expiresAt/remainingMs and permission_result with source=timeout.",
+      remedy: "Poll more frequently and respond before timeout; increase permissionRequestTimeoutMs if needed.",
+      example: "Default timeout is 60000ms and server-clamped to 300000ms."
+    },
+    {
+      id: "read-size-cap",
+      title: "Read may cap response size",
+      severity: "medium",
+      appliesTo: ["Read tool"],
+      symptom: "Large file reads are truncated or fail.",
+      detection: "Read responses are incomplete for large files.",
+      remedy: "Use offset/limit paging or chunk with Grep."
+    },
+    {
+      id: "edit-replace-all",
+      title: "Edit replace_all uses substring matching",
+      severity: "medium",
+      appliesTo: ["Edit tool"],
+      symptom: "replace_all=true fails unexpectedly.",
+      detection: "Tool returns error when no exact substring match is found.",
+      remedy: "Validate exact match text first; prefer smaller targeted replacements."
+    },
+    {
+      id: "windows-path-normalization",
+      title: "Windows path normalization applies to common MSYS-style paths",
+      severity: "medium",
+      appliesTo: ["Windows", "cwd", "additionalDirectories", "file_path"],
+      symptom: "Permission/path behavior differs from raw input path text.",
+      detection: "Compare submitted path with effective path in logs/permission prompts.",
+      remedy: "Use absolute native Windows paths when possible; avoid relying on implicit conversion behavior.",
+      example: "/d/... /mnt/c/... /cygdrive/c/... //server/share/... are normalized on Windows."
+    },
+    {
+      id: "team-delete-async-cleanup",
+      title: "TeamDelete cleanup can be asynchronous",
+      severity: "low",
+      appliesTo: ["TeamDelete"],
+      symptom: "Immediate follow-up calls still see active members.",
+      detection: "TeamDelete reports shutdown_approved or active member transitions.",
+      remedy: "Retry after short delay; wait for shutdown state to settle."
+    },
+    {
+      id: "skills-late-availability",
+      title: "Skills may become available later in a session",
+      severity: "low",
+      appliesTo: ["Skills"],
+      symptom: "Early calls show unknown skill/tool errors.",
+      detection: "Later calls in same session succeed without config changes.",
+      remedy: "Retry after initialization events are complete."
+    },
+    {
+      id: "tool-count-sources-differ",
+      title: "toolCatalogCount and availableTools have different sources",
+      severity: "medium",
+      appliesTo: ["internal-tools", "claude_code_check.availableTools", "compat-report"],
+      symptom: "Tool counts appear inconsistent (for example 15 vs 28).",
+      detection: "Compare compat-report.toolCounts and session-level availableTools.",
+      remedy: "Treat catalog count as server-known baseline and availableTools as session runtime view from system/init.tools."
+    },
+    {
+      id: "available-tools-not-exhaustive",
+      title: "availableTools may omit internal features",
+      severity: "low",
+      appliesTo: ["claude_code_check.availableTools"],
+      symptom: "A known feature is callable but not listed in availableTools.",
+      detection: "Feature works while missing from availableTools list.",
+      remedy: "Use availableTools as runtime hint, not exhaustive capability proof.",
+      example: "Some internal features (e.g. ToolSearch) may not appear."
+    }
+  ];
+}
+function asVersionedPayload(params) {
+  const updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    ...params.payload,
+    schemaVersion: params.schemaVersion,
+    updatedAt,
+    etag: computeEtag(params.payload),
+    stability: params.stability
+  };
+}
 function registerResources(server, deps) {
+  const startedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const resourceSchemaVersion = "1.3";
+  const mcpProtocolVersion = "2025-03-26";
+  const gotchasEntries = buildGotchasEntries();
+  const catalogToolNames = new Set(defaultCatalogTools().map((tool) => tool.name));
+  const staticResourceUris = Object.values(RESOURCE_URIS);
+  const templateUris = Object.values(RESOURCE_TEMPLATES);
   const serverInfoUri = new URL(RESOURCE_URIS.serverInfo);
   server.registerResource(
     "server_info",
     serverInfoUri.toString(),
     {
       title: "Server Info",
-      description: "Static server metadata (version/platform/runtime).",
+      description: "Server metadata (version/platform/runtime).",
       mimeType: "application/json"
     },
-    () => asTextResource(
+    () => asJsonResource(
       serverInfoUri,
-      JSON.stringify(
-        {
+      (() => {
+        const base = {
           name: "claude-code-mcp",
+          version: deps.version,
           node: process.version,
           platform: process.platform,
           arch: process.arch,
-          resources: Object.values(RESOURCE_URIS),
-          toolCatalogCount: deps.toolCache.getTools().length
-        },
-        null,
-        2
-      ),
-      "application/json"
+          mcpProtocolVersion,
+          startedAt,
+          uptimeSec: Math.floor(process.uptime()),
+          resources: staticResourceUris,
+          resourceTemplates: templateUris,
+          toolCatalogCount: deps.toolCache.getTools().length,
+          capabilities: {
+            resources: true,
+            toolsListChanged: true,
+            resourcesListChanged: true,
+            prompts: false,
+            completions: false
+          },
+          limits: {
+            maxSessions: serializeLimit(deps.sessionManager.getMaxSessions()),
+            maxPendingPermissionsPerSession: serializeLimit(
+              deps.sessionManager.getMaxPendingPermissionsPerSession()
+            ),
+            eventBuffer: deps.sessionManager.getEventBufferConfig(),
+            pollDefaults: {
+              runningMs: 3e3,
+              waitingPermissionMs: 1e3
+            }
+          }
+        };
+        if (typeof process.env.CLAUDE_CODE_MCP_BUILD_COMMIT === "string") {
+          const commit = process.env.CLAUDE_CODE_MCP_BUILD_COMMIT.trim();
+          if (commit !== "") base.buildCommit = commit;
+        }
+        return asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload: base
+        });
+      })()
     )
   );
   const toolsUri = new URL(RESOURCE_URIS.internalTools);
@@ -1949,13 +3171,22 @@ function registerResources(server, deps) {
     toolsUri.toString(),
     {
       title: "Internal Tools",
-      description: "Claude Code internal tool catalog (static + runtime-discovered).",
+      description: "Claude Code internal tool catalog (runtime-aware).",
       mimeType: "application/json"
     },
-    () => asTextResource(
+    () => asJsonResource(
       toolsUri,
-      JSON.stringify({ tools: deps.toolCache.getTools() }, null, 2),
-      "application/json"
+      (() => {
+        const base = {
+          tools: deps.toolCache.getTools(),
+          toolCatalogCount: deps.toolCache.getTools().length
+        };
+        return asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload: base
+        });
+      })()
     )
   );
   const gotchasUri = new URL(RESOURCE_URIS.gotchas);
@@ -1972,46 +3203,429 @@ function registerResources(server, deps) {
       [
         "# claude-code-mcp: gotchas",
         "",
-        "- Permission approvals have a timeout (default 60s) and auto-deny (`actions[].expiresAt`/`remainingMs`).",
-        "- `Read` has a per-call size cap in practice (often ~256KB); for large files use `offset`/`limit` or chunk with `Grep`.",
-        "- `Edit` with `replace_all=true` is substring replacement; if no match is found the tool returns an error.",
-        "- `NotebookEdit` expects native Windows paths; this server normalizes MSYS paths like `/d/...` when possible.",
-        "- `TeamDelete` may require members to reach `shutdown_approved`; cleanup can be asynchronous during shutdown.",
-        '- Skills may become available later in the same session (early calls may show "Unknown").',
-        "- Some internal features (e.g. ToolSearch) may not appear in `availableTools` because it is derived from SDK `system/init.tools`.",
+        ...gotchasEntries.map((entry) => `- ${entry.title}. ${entry.remedy}`),
         ""
       ].join("\n"),
       "text/markdown"
     )
   );
+  const compatReportUri = new URL(RESOURCE_URIS.compatReport);
+  const quickstartUri = new URL(RESOURCE_URIS.quickstart);
+  server.registerResource(
+    "quickstart",
+    quickstartUri.toString(),
+    {
+      title: "Quickstart",
+      description: "Minimal async polling flow for claude_code / claude_code_check.",
+      mimeType: "text/markdown"
+    },
+    () => asTextResource(
+      quickstartUri,
+      [
+        "# claude-code-mcp quickstart",
+        "",
+        "1. Call `claude_code` with `{ prompt }` and keep `sessionId`.",
+        "2. Poll with `claude_code_check(action='poll')` using `nextCursor`.",
+        "3. If actions are returned, respond with `claude_code_check(action='respond_permission')`.",
+        "4. Continue polling until status becomes `idle` / `error` / `cancelled`.",
+        "",
+        "Notes:",
+        "- `respond_user_input` is not supported on this backend.",
+        "- `allowedTools` is pre-approval by default; set `strictAllowedTools=true` for strict allowlist behavior.",
+        "- Prefer `responseMode='delta_compact'` for high-frequency polling."
+      ].join("\n"),
+      "text/markdown"
+    )
+  );
+  const errorsUri = new URL(RESOURCE_URIS.errors);
+  server.registerResource(
+    "errors",
+    errorsUri.toString(),
+    {
+      title: "Errors",
+      description: "Structured error codes and remediation hints.",
+      mimeType: "application/json"
+    },
+    () => {
+      const codes = Object.values(ErrorCode);
+      const hints = {
+        ["INVALID_ARGUMENT" /* INVALID_ARGUMENT */]: "Validate required fields and enum values.",
+        ["SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */]: "Session may be expired or server-restarted.",
+        ["SESSION_BUSY" /* SESSION_BUSY */]: "Wait for running/waiting_permission session to settle.",
+        ["PERMISSION_REQUEST_NOT_FOUND" /* PERMISSION_REQUEST_NOT_FOUND */]: "The permission request was already finished/expired.",
+        ["PERMISSION_DENIED" /* PERMISSION_DENIED */]: "Check token/secrets/policy restrictions.",
+        ["RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */]: "Reduce session count or increase server limits.",
+        ["TIMEOUT" /* TIMEOUT */]: "Increase timeout or poll/respond more frequently.",
+        ["CANCELLED" /* CANCELLED */]: "Request/session was cancelled by caller or shutdown.",
+        ["INTERNAL" /* INTERNAL */]: "Inspect server logs and runtime environment."
+      };
+      return asJsonResource(
+        errorsUri,
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload: {
+            codes,
+            hints
+          }
+        })
+      );
+    }
+  );
+  server.registerResource(
+    "compat_report",
+    compatReportUri.toString(),
+    {
+      title: "Compatibility Report",
+      description: "Compatibility diagnostics for MCP clients and local runtime assumptions.",
+      mimeType: "application/json"
+    },
+    () => {
+      const runtimeWarnings = [];
+      if (process.platform === "win32" && !process.env.CLAUDE_CODE_GIT_BASH_PATH) {
+        runtimeWarnings.push(
+          "CLAUDE_CODE_GIT_BASH_PATH is not set. Auto-detection exists, but explicit path is more reliable for GUI-launched MCP clients."
+        );
+      }
+      const diskResumeEnabled = process.env.CLAUDE_CODE_MCP_ALLOW_DISK_RESUME === "1";
+      const resumeSecretConfigured = typeof process.env.CLAUDE_CODE_MCP_RESUME_SECRET === "string" && process.env.CLAUDE_CODE_MCP_RESUME_SECRET.trim() !== "";
+      const runtimeToolStats = deps.sessionManager.getRuntimeToolStats();
+      const toolCatalogCount = deps.toolCache.getTools().length;
+      const detectedMismatches = [];
+      if (runtimeToolStats.sessionsWithInitTools > 0 && runtimeToolStats.runtimeDiscoveredUniqueCount < toolCatalogCount) {
+        detectedMismatches.push(
+          "Runtime discovered tools are fewer than catalog tools; some features may be hidden or not surfaced in system/init.tools."
+        );
+      }
+      const updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+      const base = {
+        transport: "stdio",
+        samePlatformRequired: true,
+        packageVersion: deps.version,
+        runtime: {
+          node: process.version,
+          platform: process.platform,
+          arch: process.arch
+        },
+        limits: {
+          maxSessions: serializeLimit(deps.sessionManager.getMaxSessions()),
+          maxPendingPermissionsPerSession: serializeLimit(
+            deps.sessionManager.getMaxPendingPermissionsPerSession()
+          ),
+          eventBuffer: deps.sessionManager.getEventBufferConfig()
+        },
+        diskResume: {
+          enabled: diskResumeEnabled,
+          resumeSecretConfigured
+        },
+        features: {
+          resources: true,
+          resourceTemplates: true,
+          toolsListChanged: true,
+          resourcesListChanged: true,
+          sessionInterrupt: true,
+          allowForSessionDecision: true,
+          respondUserInput: false,
+          prompts: false,
+          completions: false
+        },
+        recommendedSettings: {
+          responseMode: "delta_compact",
+          poll: {
+            runningMs: 3e3,
+            waitingPermissionMs: 1e3,
+            cursorStrategy: "Persist nextCursor and de-duplicate by event.id."
+          },
+          timeouts: {
+            sessionInitTimeoutMs: 1e4,
+            permissionRequestTimeoutMs: 6e4,
+            permissionRequestTimeoutMaxMs: 3e5
+          }
+        },
+        guidance: [
+          "Some clients cache tool descriptions at connect time. Prefer claude_code_check(pollOptions.includeTools=true) for runtime-authoritative tool lists.",
+          "Use allowedTools/disallowedTools only with exact runtime tool names.",
+          "Set strictAllowedTools=true when you need allowedTools to behave as a strict allowlist.",
+          "This server assumes MCP client and server run on the same machine/platform.",
+          "For high-frequency status checks, prefer responseMode='delta_compact'.",
+          "respond_user_input is not supported on this backend; use poll/respond_permission flow."
+        ],
+        toolCounts: {
+          catalogCount: toolCatalogCount,
+          sessionsWithInitTools: runtimeToolStats.sessionsWithInitTools,
+          runtimeDiscoveredUniqueCount: runtimeToolStats.runtimeDiscoveredUniqueCount,
+          explain: "catalogCount is server catalog size; runtimeDiscoveredUniqueCount is union of system/init.tools across active sessions."
+        },
+        toolCatalogCount,
+        detectedMismatches,
+        runtimeWarnings,
+        resourceTemplates: templateUris
+      };
+      const healthScore = Math.max(
+        0,
+        100 - runtimeWarnings.length * 10 - detectedMismatches.length * 15
+      );
+      return asJsonResource(
+        compatReportUri,
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload: {
+            ...base,
+            healthScore,
+            updatedAt
+          }
+        })
+      );
+    }
+  );
+  server.registerResource(
+    "session_snapshot_template",
+    new ResourceTemplate(RESOURCE_TEMPLATES.sessionById, { list: void 0 }),
+    {
+      title: "Session Snapshot Template",
+      description: "Read lightweight session diagnostics by sessionId.",
+      mimeType: "application/json"
+    },
+    (uri, variables) => {
+      const sessionId = extractSingleVariable(variables.sessionId) ?? extractSingleVariable(uri.searchParams.get("sessionId"));
+      const payload = typeof sessionId !== "string" || sessionId.trim() === "" ? {
+        found: false,
+        message: "sessionId is required in URI template variable."
+      } : (() => {
+        const session = deps.sessionManager.get(sessionId);
+        if (!session) {
+          return {
+            sessionId,
+            found: false,
+            message: `Session '${sessionId}' not found.`
+          };
+        }
+        const base = deps.sessionManager.toPublicJSON(session);
+        const stored = deps.sessionManager.getResult(sessionId);
+        return {
+          sessionId,
+          found: true,
+          session: {
+            ...base,
+            pendingPermissionCount: deps.sessionManager.getPendingPermissionCount(sessionId),
+            eventCount: deps.sessionManager.getEventCount(sessionId),
+            currentCursor: deps.sessionManager.getCurrentCursor(sessionId),
+            lastEventId: deps.sessionManager.getLastEventId(sessionId),
+            ttlMs: deps.sessionManager.getRemainingTtlMs(sessionId),
+            lastError: stored?.type === "error" ? stored.result.result : void 0,
+            lastErrorAt: stored?.type === "error" ? stored.createdAt : void 0,
+            redactions: buildSessionRedactions(false)
+          }
+        };
+      })();
+      return asJsonResource(
+        uri,
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload
+        })
+      );
+    }
+  );
+  server.registerResource(
+    "runtime_tools_template",
+    new ResourceTemplate(RESOURCE_TEMPLATES.runtimeTools, { list: void 0 }),
+    {
+      title: "Runtime Tools Template",
+      description: "Read runtime tool view globally or for a specific sessionId.",
+      mimeType: "application/json"
+    },
+    (uri, variables) => {
+      const sessionId = extractSingleVariable(variables.sessionId) ?? extractSingleVariable(uri.searchParams.get("sessionId"));
+      const internalToolCount = catalogToolNames.size;
+      const payload = (() => {
+        if (typeof sessionId === "string" && sessionId.trim() !== "") {
+          const session = deps.sessionManager.get(sessionId);
+          if (!session) {
+            return {
+              sessionId,
+              source: "session_not_found",
+              availableTools: [],
+              toolCounts: {
+                internalToolCount,
+                runtimeAvailableCount: 0,
+                sessionAugmentedToolCount: 0
+              }
+            };
+          }
+          const initTools = deps.sessionManager.getInitTools(sessionId) ?? [];
+          const discovered = discoverToolsFromInit(initTools);
+          const sessionAugmentedToolCount2 = discovered.filter(
+            (tool) => !catalogToolNames.has(tool.name)
+          ).length;
+          return {
+            sessionId,
+            source: initTools.length > 0 ? "session_runtime" : "session_without_init",
+            availableTools: discovered,
+            toolCounts: {
+              internalToolCount,
+              runtimeAvailableCount: discovered.length,
+              sessionAugmentedToolCount: sessionAugmentedToolCount2
+            }
+          };
+        }
+        const catalog = deps.toolCache.getTools();
+        const sessionAugmentedToolCount = catalog.filter(
+          (tool) => !catalogToolNames.has(tool.name)
+        ).length;
+        return {
+          source: "catalog",
+          availableTools: catalog,
+          toolCounts: {
+            internalToolCount,
+            runtimeAvailableCount: catalog.length,
+            sessionAugmentedToolCount
+          }
+        };
+      })();
+      return asJsonResource(
+        uri,
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload
+        })
+      );
+    }
+  );
+  server.registerResource(
+    "compat_diff_template",
+    new ResourceTemplate(RESOURCE_TEMPLATES.compatDiff, { list: void 0 }),
+    {
+      title: "Compatibility Diff Template",
+      description: "Returns client-specific compatibility guidance and recommended settings.",
+      mimeType: "application/json"
+    },
+    (uri, variables) => {
+      const clientRaw = extractSingleVariable(variables.client) ?? extractSingleVariable(uri.searchParams.get("client"));
+      const clientFingerprint = (clientRaw ?? "unknown").trim();
+      const key = clientFingerprint.toLowerCase();
+      const profile = (() => {
+        if (key.includes("codex")) {
+          return {
+            clientFamily: "codex",
+            detectedMismatches: [],
+            recommendations: [
+              "Prefer responseMode='delta_compact' for fast status loops.",
+              "Enable pollOptions.includeTools=true when exact runtime tool names are required."
+            ]
+          };
+        }
+        if (key.includes("claude")) {
+          return {
+            clientFamily: "claude",
+            detectedMismatches: [],
+            recommendations: [
+              "Use resources and resource templates for low-latency diagnostics.",
+              "Use allowedTools/disallowedTools with exact runtime names.",
+              "Enable strictAllowedTools when running in locked-down governance mode."
+            ]
+          };
+        }
+        if (key.includes("cursor")) {
+          return {
+            clientFamily: "cursor",
+            detectedMismatches: [
+              "Verify that resources/list and resourceTemplates/list are refreshed after list_changed notifications."
+            ],
+            recommendations: [
+              "Prefer claude_code_check polling as source of truth for runtime state.",
+              "Fallback to tool calls if resource template support is partial."
+            ]
+          };
+        }
+        return {
+          clientFamily: "generic",
+          detectedMismatches: [],
+          recommendations: [
+            "Persist nextCursor and de-duplicate by event.id.",
+            "Use responseMode='delta_compact' for high-frequency polling, full mode only for diagnostics."
+          ]
+        };
+      })();
+      return asJsonResource(
+        uri,
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "experimental",
+          payload: {
+            clientFingerprint,
+            ...profile,
+            recommendedSettings: {
+              responseMode: "delta_compact",
+              poll: {
+                runningMs: 3e3,
+                waitingPermissionMs: 1e3,
+                cursorStrategy: "Persist nextCursor and de-duplicate by event.id."
+              }
+            }
+          }
+        })
+      );
+    }
+  );
 }
 
 // src/server.ts
-var SERVER_VERSION = true ? "2.0.3" : "0.0.0-dev";
-function createServer(serverCwd) {
+var SERVER_VERSION = true ? "2.4.0" : "0.0.0-dev";
+function createServerContext(serverCwd) {
   const sessionManager = new SessionManager();
-  const toolCache = new ToolDiscoveryCache();
-  const server = new McpServer({
-    name: "claude-code-mcp",
-    version: SERVER_VERSION
+  const server = new McpServer(
+    {
+      name: "claude-code-mcp",
+      version: SERVER_VERSION,
+      title: "Claude Code MCP",
+      description: "MCP server that runs Claude Code via the Claude Agent SDK with async polling and interactive permissions.",
+      websiteUrl: "https://github.com/xihuai18/claude-code-mcp",
+      icons: []
+    },
+    {
+      capabilities: {
+        logging: {},
+        tools: { listChanged: true },
+        resources: { listChanged: true }
+      }
+    }
+  );
+  const claudeCodeToolRef = {};
+  const notifyInternalToolsResourceChanged = () => {
+    if (!server.isConnected()) return;
+    server.sendResourceListChanged();
+  };
+  const toolCache = new ToolDiscoveryCache(void 0, (tools) => {
+    try {
+      claudeCodeToolRef.current?.update({ description: buildInternalToolsDescription(tools) });
+      if (server.isConnected()) {
+        server.sendToolListChanged();
+      }
+      notifyInternalToolsResourceChanged();
+    } catch {
+    }
   });
   const agentDefinitionSchema = z.object({
     description: z.string(),
     prompt: z.string(),
-    tools: z.array(z.string()).optional(),
-    disallowedTools: z.array(z.string()).optional(),
-    model: z.enum(AGENT_MODELS).optional(),
-    maxTurns: z.number().int().positive().optional(),
-    mcpServers: z.array(z.union([z.string(), z.record(z.string(), z.unknown())])).optional(),
-    skills: z.array(z.string()).optional(),
-    criticalSystemReminder_EXPERIMENTAL: z.string().optional()
+    tools: z.array(z.string()).optional().describe("Default: inherit"),
+    disallowedTools: z.array(z.string()).optional().describe("Default: none"),
+    model: z.enum(AGENT_MODELS).optional().describe("Default: inherit"),
+    maxTurns: z.number().int().positive().optional().describe("Default: none"),
+    mcpServers: z.array(z.union([z.string(), z.record(z.string(), z.unknown())])).optional().describe("Default: inherit"),
+    skills: z.array(z.string()).optional().describe("Default: none"),
+    criticalSystemReminder_EXPERIMENTAL: z.string().optional().describe("Default: none")
   });
   const systemPromptSchema = z.union([
     z.string(),
     z.object({
       type: z.literal("preset"),
       preset: z.literal("claude_code"),
-      append: z.string().optional().describe("Appended to preset prompt")
+      append: z.string().optional().describe("Default: none")
     })
   ]);
   const toolsConfigSchema = z.union([
@@ -2029,47 +3643,137 @@ function createServer(serverCwd) {
     }),
     z.object({ type: z.literal("disabled") })
   ]);
+  const effortOptionSchema = z.enum(EFFORT_LEVELS).optional();
+  const thinkingOptionSchema = thinkingSchema.optional();
   const outputFormatSchema = z.object({
     type: z.literal("json_schema"),
     schema: z.record(z.string(), z.unknown())
   });
-  const advancedOptionsSchema = z.object({
-    tools: toolsConfigSchema.optional().describe("Visible tool set. Default: SDK"),
+  const sharedOptionFieldsSchemaShape = {
+    tools: toolsConfigSchema.optional().describe("Tool set. Default: SDK"),
     persistSession: z.boolean().optional().describe("Default: true"),
-    sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000"),
-    agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Sub-agent definitions. Default: none"),
-    agent: z.string().optional().describe("Primary agent name (from 'agents'). Default: none"),
+    agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Default: none"),
+    agent: z.string().optional().describe("Default: none"),
     maxBudgetUsd: z.number().positive().optional().describe("Default: none"),
-    effort: z.enum(EFFORT_LEVELS).optional().describe("Default: SDK"),
     betas: z.array(z.string()).optional().describe("Default: none"),
     additionalDirectories: z.array(z.string()).optional().describe("Default: none"),
-    outputFormat: outputFormatSchema.optional().describe("Default: none (plain text)"),
-    thinking: thinkingSchema.optional().describe("Default: SDK"),
+    outputFormat: outputFormatSchema.optional().describe("Default: none"),
     pathToClaudeCodeExecutable: z.string().optional().describe("Default: SDK-bundled"),
     mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("Default: none"),
     sandbox: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
     fallbackModel: z.string().optional().describe("Default: none"),
     enableFileCheckpointing: z.boolean().optional().describe("Default: false"),
-    includePartialMessages: z.boolean().optional().describe("Stream events to claude_code_check. Default: false"),
+    includePartialMessages: z.boolean().optional().describe("Default: false"),
     strictMcpConfig: z.boolean().optional().describe("Default: false"),
-    settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. [] = isolation mode"),
+    settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. []=isolation"),
     debug: z.boolean().optional().describe("Default: false"),
-    debugFile: z.string().optional().describe("Enables debug. Default: none"),
-    env: z.record(z.string(), z.string().optional()).optional().describe("Merged with process.env. Default: none")
-  }).optional().describe("Low-frequency SDK options (all optional)");
-  server.tool(
+    debugFile: z.string().optional().describe("Default: none"),
+    env: z.record(z.string(), z.string().optional()).optional().describe("Default: none")
+  };
+  const advancedOptionFieldsSchemaShape = {
+    ...sharedOptionFieldsSchemaShape,
+    effort: effortOptionSchema.describe("Deprecated, use top-level. Default: SDK"),
+    thinking: thinkingOptionSchema.describe("Deprecated, use top-level. Default: SDK")
+  };
+  const diskResumeOptionFieldsSchemaShape = {
+    ...sharedOptionFieldsSchemaShape,
+    effort: effortOptionSchema.describe("Default: SDK"),
+    thinking: thinkingOptionSchema.describe("Default: SDK")
+  };
+  const advancedOptionsSchema = z.object({
+    ...advancedOptionFieldsSchemaShape,
+    sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000")
+  }).optional().describe("Default: none");
+  const diskResumeConfigSchema = z.object({
+    resumeToken: z.string(),
+    cwd: z.string(),
+    allowedTools: z.array(z.string()).optional().describe("Default: []"),
+    disallowedTools: z.array(z.string()).optional().describe("Default: []"),
+    strictAllowedTools: z.boolean().optional().describe("Default: false"),
+    maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
+    model: z.string().optional().describe("Default: SDK"),
+    systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
+    resumeSessionAt: z.string().optional().describe("Default: none"),
+    ...diskResumeOptionFieldsSchemaShape
+  }).optional().describe("Default: none");
+  const startResultSchema = z.object({
+    sessionId: z.string(),
+    status: z.enum(["running", "error"]),
+    pollInterval: z.number().optional(),
+    resumeToken: z.string().optional(),
+    compatWarnings: z.array(z.string()).optional(),
+    error: z.string().optional()
+  }).passthrough();
+  const sessionResultSchema = z.object({
+    sessions: z.array(z.record(z.string(), z.unknown())),
+    message: z.string().optional(),
+    isError: z.boolean().optional()
+  }).passthrough();
+  const checkEventSchema = z.object({
+    id: z.number().int().nonnegative(),
+    type: z.string(),
+    data: z.unknown(),
+    timestamp: z.string()
+  }).passthrough();
+  const checkActionSchema = z.object({
+    type: z.string(),
+    requestId: z.string().optional(),
+    toolName: z.string().optional(),
+    input: z.record(z.string(), z.unknown()).optional(),
+    summary: z.string().optional()
+  }).passthrough();
+  const checkResultSchema = z.object({
+    sessionId: z.string(),
+    status: z.string(),
+    pollInterval: z.number().optional(),
+    cursorResetTo: z.number().optional(),
+    truncated: z.boolean().optional(),
+    truncatedFields: z.array(z.string()).optional(),
+    events: z.array(checkEventSchema),
+    nextCursor: z.number().optional(),
+    availableTools: z.array(z.record(z.string(), z.unknown())).optional(),
+    toolValidation: z.object({
+      runtimeToolsKnown: z.boolean(),
+      unknownAllowedTools: z.array(z.string()),
+      unknownDisallowedTools: z.array(z.string())
+    }).optional(),
+    compatWarnings: z.array(z.string()).optional(),
+    actions: z.array(checkActionSchema).optional(),
+    result: z.unknown().optional(),
+    cancelledAt: z.string().optional(),
+    cancelledReason: z.string().optional(),
+    cancelledSource: z.string().optional(),
+    lastEventId: z.number().optional(),
+    lastToolUseId: z.string().optional(),
+    isError: z.boolean().optional(),
+    error: z.string().optional()
+  }).passthrough();
+  claudeCodeToolRef.current = server.registerTool(
     "claude_code",
-    buildInternalToolsDescription(toolCache.getTools()),
     {
-      prompt: z.string().describe("Task or question"),
-      cwd: z.string().optional().describe("Working directory. Default: server cwd"),
-      allowedTools: z.array(z.string()).optional().describe("Auto-approved tools, e.g. ['Bash','Read','Write','Edit']. Default: []"),
-      disallowedTools: z.array(z.string()).optional().describe("Forbidden tools (priority over allowedTools). Default: []"),
-      maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
-      model: z.string().optional().describe("e.g. 'opus'. Default: SDK"),
-      systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
-      permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Auto-deny timeout (ms). Default: 60000"),
-      advanced: advancedOptionsSchema
+      description: buildInternalToolsDescription(toolCache.getTools()),
+      inputSchema: {
+        prompt: z.string().describe("Prompt"),
+        cwd: z.string().optional().describe("Working dir. Default: server cwd"),
+        allowedTools: z.array(z.string()).optional().describe("Default: []"),
+        disallowedTools: z.array(z.string()).optional().describe("Default: []"),
+        strictAllowedTools: z.boolean().optional().describe("Default: false"),
+        maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
+        model: z.string().optional().describe("Default: SDK"),
+        effort: effortOptionSchema.describe("Default: SDK"),
+        thinking: thinkingOptionSchema.describe("Default: SDK"),
+        systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
+        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000, clamped to 300000"),
+        sessionInitTimeoutMs: z.number().int().positive().optional().describe("Deprecated, use advanced.sessionInitTimeoutMs. Default: 10000"),
+        advanced: advancedOptionsSchema
+      },
+      outputSchema: startResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: true
+      }
     },
     async (args, extra) => {
       try {
@@ -2088,76 +3792,50 @@ function createServer(serverCwd) {
               text: JSON.stringify(result, null, 2)
             }
           ],
+          structuredContent: result,
           isError
         };
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessionId: "",
+          status: "error",
+          error: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+        };
         return {
           content: [
             {
               type: "text",
-              text: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+              text: JSON.stringify(errorResult, null, 2)
             }
           ],
+          structuredContent: errorResult,
           isError: true
         };
       }
     }
   );
-  server.tool(
+  server.registerTool(
     "claude_code_reply",
-    `Send a follow-up message to an existing Claude Code session.
-
-The agent retains full context from previous turns (files read, code analyzed, conversation history). Returns immediately \u2014 use claude_code_check to poll for the result.
-
-Supports session forking (forkSession=true) to explore alternative approaches without modifying the original session.
-
-Defaults:
-- forkSession: false
-- sessionInitTimeoutMs: 10000 (only used when forkSession=true)
-- permissionRequestTimeoutMs: 60000
-- Disk resume: disabled unless CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1
-
-Disk resume: If the server restarted and the session is no longer in memory, set CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1 to let the agent resume from its on-disk transcript. Pass diskResumeConfig with resumeToken and session parameters.`,
     {
-      sessionId: z.string().describe("Session ID from claude_code"),
-      prompt: z.string().describe("Follow-up message"),
-      forkSession: z.boolean().optional().describe("Branch into new session copy. Default: false"),
-      sessionInitTimeoutMs: z.number().int().positive().optional().describe("Fork init timeout (ms). Default: 10000"),
-      permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Auto-deny timeout (ms). Default: 60000"),
-      diskResumeConfig: z.object({
-        resumeToken: z.string().optional().describe("Required"),
-        cwd: z.string().optional().describe("Required"),
-        allowedTools: z.array(z.string()).optional().describe("Default: []"),
-        disallowedTools: z.array(z.string()).optional().describe("Default: []"),
-        tools: toolsConfigSchema.optional().describe("Default: SDK"),
-        persistSession: z.boolean().optional().describe("Default: true"),
-        maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
-        model: z.string().optional().describe("Default: SDK"),
-        systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
-        agents: z.record(z.string(), agentDefinitionSchema).optional().describe("Default: none"),
-        agent: z.string().optional().describe("Default: none"),
-        maxBudgetUsd: z.number().positive().optional().describe("Default: none"),
-        effort: z.enum(EFFORT_LEVELS).optional().describe("Default: SDK"),
-        betas: z.array(z.string()).optional().describe("Default: none"),
-        additionalDirectories: z.array(z.string()).optional().describe("Default: none"),
-        outputFormat: outputFormatSchema.optional().describe("Default: none"),
-        thinking: thinkingSchema.optional().describe("Default: SDK"),
-        resumeSessionAt: z.string().optional().describe("Resume to specific message UUID. Default: none"),
-        pathToClaudeCodeExecutable: z.string().optional().describe("Default: SDK-bundled"),
-        mcpServers: z.record(z.string(), z.record(z.string(), z.unknown())).optional().describe("Default: none"),
-        sandbox: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
-        fallbackModel: z.string().optional().describe("Default: none"),
-        enableFileCheckpointing: z.boolean().optional().describe("Default: false"),
-        includePartialMessages: z.boolean().optional().describe("Stream events to claude_code_check. Default: false"),
-        strictMcpConfig: z.boolean().optional().describe("Default: false"),
-        settingSources: z.array(z.enum(["user", "project", "local"])).optional().describe("Default: ['user','project','local']. [] = isolation mode"),
-        debug: z.boolean().optional().describe("Default: false"),
-        debugFile: z.string().optional().describe("Enables debug. Default: none"),
-        env: z.record(z.string(), z.string().optional()).optional().describe("Default: none")
-      }).optional().describe(
-        "Disk resume config (needs CLAUDE_CODE_MCP_ALLOW_DISK_RESUME=1). Requires resumeToken + cwd."
-      )
+      description: "Send a follow-up to an existing session. Returns immediately; use claude_code_check to poll.",
+      inputSchema: {
+        sessionId: z.string().describe("Session ID"),
+        prompt: z.string().describe("Prompt"),
+        forkSession: z.boolean().optional().describe("Default: false"),
+        effort: effortOptionSchema.describe("Default: SDK"),
+        thinking: thinkingOptionSchema.describe("Default: SDK"),
+        sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000"),
+        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000, clamped to 300000"),
+        diskResumeConfig: diskResumeConfigSchema
+      },
+      outputSchema: startResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: true
+      }
     },
     async (args, extra) => {
       try {
@@ -2170,137 +3848,339 @@ Disk resume: If the server restarted and the session is no longer in memory, set
               text: JSON.stringify(result, null, 2)
             }
           ],
+          structuredContent: result,
           isError
         };
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessionId: "",
+          status: "error",
+          error: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+        };
         return {
           content: [
             {
               type: "text",
-              text: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+              text: JSON.stringify(errorResult, null, 2)
             }
           ],
+          structuredContent: errorResult,
           isError: true
         };
       }
     }
   );
-  server.tool(
+  server.registerTool(
     "claude_code_session",
-    `List, inspect, or cancel Claude Code sessions.
-
-- action="list": Get all sessions with their status, cost, turn count, and settings.
-- action="get": Get full details for one session (pass sessionId). Add includeSensitive=true to also see cwd, systemPrompt, agents, and additionalDirectories.
-- action="cancel": Stop a running session immediately (pass sessionId).`,
     {
-      action: z.enum(SESSION_ACTIONS),
-      sessionId: z.string().optional().describe("Required for 'get' and 'cancel'"),
-      includeSensitive: z.boolean().optional().describe("Include cwd/systemPrompt/agents/additionalDirectories. Default: false")
+      description: "List, inspect, cancel, or interrupt sessions.",
+      inputSchema: {
+        action: z.enum(SESSION_ACTIONS),
+        sessionId: z.string().optional().describe("Required for get/cancel/interrupt"),
+        includeSensitive: z.boolean().optional().describe("Default: false")
+      },
+      outputSchema: sessionResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: false
+      }
     },
-    async (args) => {
-      const result = executeClaudeCodeSession(args, sessionManager);
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify(result, null, 2)
-          }
-        ],
-        isError: result.isError ?? false
-      };
+    async (args, extra) => {
+      try {
+        const result = executeClaudeCodeSession(args, sessionManager, extra.signal);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(result, null, 2)
+            }
+          ],
+          structuredContent: result,
+          isError: result.isError ?? false
+        };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessions: [],
+          message: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`,
+          isError: true
+        };
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(errorResult, null, 2)
+            }
+          ],
+          structuredContent: errorResult,
+          isError: true
+        };
+      }
     }
   );
-  server.tool(
+  server.registerTool(
     "claude_code_check",
-    `Query a running session for new events, retrieve the final result, or respond to permission requests.
-
-Two actions:
-
-Defaults (poll):
-- responseMode: "minimal"
-- minimal mode strips verbose fields from assistant messages (usage, model, id, cache_control) and filters out noisy progress events (tool_progress, auth_status)
-- maxEvents: 200 in minimal mode (unlimited in full mode unless maxEvents is set)
-
-action="poll" \u2014 Retrieve events since the last poll.
-  Returns events (agent output, progress updates, permission requests, errors, final result).
-  Pass the cursor from the previous poll's nextCursor for incremental updates. Omit cursor to get all buffered events.
-  If the agent is waiting for permission, the response includes an "actions" array with pending requests.
-
-action="respond_permission" \u2014 Approve or deny a pending permission request.
-  Pass the requestId from the actions array, plus decision="allow" or decision="deny".
-  Approving resumes agent execution. Denying (with optional interrupt=true) can halt the entire session.
-  The response also includes the latest poll state (events, status, etc.), so a separate poll call is not needed.`,
     {
-      action: z.enum(CHECK_ACTIONS),
-      sessionId: z.string().describe("Target session ID"),
-      cursor: z.number().int().nonnegative().optional().describe("Event offset for incremental poll. Default: 0"),
-      responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Default: 'minimal'"),
-      maxEvents: z.number().int().positive().optional().describe("Events per poll. Default: 200 (minimal)"),
-      requestId: z.string().optional().describe("Permission request ID (from actions[])"),
-      decision: z.enum(["allow", "deny"]).optional().describe("For respond_permission"),
-      denyMessage: z.string().optional().describe("Reason shown to agent on deny. Default: 'Permission denied by caller'"),
-      interrupt: z.boolean().optional().describe("Stop session on deny. Default: false"),
-      pollOptions: z.object({
-        includeTools: z.boolean().optional().describe("Default: false"),
-        includeEvents: z.boolean().optional().describe("Default: true"),
-        includeActions: z.boolean().optional().describe("Default: true"),
-        includeResult: z.boolean().optional().describe("Default: true"),
-        includeUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeModelUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeStructuredOutput: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeTerminalEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
-        includeProgressEvents: z.boolean().optional().describe("Default: full=true, minimal=false")
-      }).optional().describe("Override responseMode defaults"),
-      permissionOptions: z.object({
-        updatedInput: z.record(z.string(), z.unknown()).optional().describe("Replace tool input on allow. Default: none"),
-        updatedPermissions: z.array(z.record(z.string(), z.unknown())).optional().describe("Update permission rules on allow. Default: none")
-      }).optional().describe("Allow-only: modify tool input or update rules")
+      description: "Poll session events or respond to permission requests.",
+      inputSchema: {
+        action: z.enum(CHECK_ACTIONS),
+        sessionId: z.string().describe("Session ID"),
+        cursor: z.number().int().nonnegative().optional().describe("Default: 0"),
+        responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Default: 'minimal'. Use 'delta_compact' for lightweight polling."),
+        maxEvents: z.number().int().positive().optional().describe("Default: 200 (minimal), unlimited (full/delta_compact)"),
+        requestId: z.string().optional().describe("Default: none"),
+        decision: z.enum(["allow", "deny", "allow_for_session"]).optional().describe("Default: none"),
+        denyMessage: z.string().optional().describe("Default: 'Permission denied by caller'"),
+        interrupt: z.boolean().optional().describe("Default: false"),
+        pollOptions: z.object({
+          includeTools: z.boolean().optional().describe("Default: false"),
+          includeEvents: z.boolean().optional().describe("Default: true"),
+          includeActions: z.boolean().optional().describe("Default: true"),
+          includeResult: z.boolean().optional().describe("Default: true"),
+          includeUsage: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
+          includeModelUsage: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
+          includeStructuredOutput: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
+          includeTerminalEvents: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
+          includeProgressEvents: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
+          maxBytes: z.number().int().positive().optional().describe("Default: unlimited")
+        }).optional().describe("Default: none"),
+        permissionOptions: z.object({
+          updatedInput: z.record(z.string(), z.unknown()).optional().describe("Default: none"),
+          updatedPermissions: z.array(z.record(z.string(), z.unknown())).optional().describe("Default: none")
+        }).optional().describe("Default: none")
+      },
+      outputSchema: checkResultSchema,
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: false
+      }
     },
-    async (args) => {
-      const result = executeClaudeCodeCheck(args, sessionManager, toolCache);
-      const isError = result.isError === true;
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify(result, null, 2)
-          }
-        ],
-        isError
-      };
+    async (args, extra) => {
+      try {
+        const result = executeClaudeCodeCheck(args, sessionManager, toolCache, extra.signal);
+        const isError = result.isError === true;
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(result, null, 2)
+            }
+          ],
+          structuredContent: result,
+          isError
+        };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        const errorResult = {
+          sessionId: args.sessionId ?? "",
+          status: "error",
+          events: [],
+          isError: true,
+          error: `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`
+        };
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(errorResult, null, 2)
+            }
+          ],
+          structuredContent: errorResult,
+          isError: true
+        };
+      }
     }
   );
-  registerResources(server, { toolCache });
-  const originalClose = server.close.bind(server);
-  server.close = async () => {
-    sessionManager.destroy();
-    await originalClose();
-  };
-  return server;
+  registerResources(server, { toolCache, version: SERVER_VERSION, sessionManager });
+  return { server, sessionManager, toolCache };
+}
+
+// src/utils/runtime-errors.ts
+var BENIGN_CODES = /* @__PURE__ */ new Set([
+  "EPIPE",
+  "ECONNRESET",
+  "ERR_STREAM_WRITE_AFTER_END",
+  "ERR_STREAM_DESTROYED",
+  "ABORT_ERR"
+]);
+var BENIGN_MESSAGE_PATTERNS = [
+  "operation aborted",
+  "request was cancelled",
+  "transport closed",
+  "write after end",
+  "stream was destroyed",
+  "cannot call write after a stream was destroyed",
+  "the pipe is being closed"
+];
+function isBenignRuntimeError(error) {
+  if (!(error instanceof Error)) return false;
+  const withCode = error;
+  const code = typeof withCode.code === "string" ? withCode.code : void 0;
+  if (code && BENIGN_CODES.has(code)) return true;
+  if (error.name === "AbortError") return true;
+  const message = error.message.toLowerCase();
+  return BENIGN_MESSAGE_PATTERNS.some((pattern) => message.includes(pattern));
 }
 
 // src/index.ts
+var STDIN_SHUTDOWN_CHECK_MS = 750;
+var STDIN_SHUTDOWN_MAX_WAIT_MS = process.platform === "win32" ? 15e3 : 1e4;
+function summarizeSessions(ctx) {
+  const sessions = ctx.sessionManager.list();
+  const running = sessions.filter((s) => s.status === "running").length;
+  const waitingPermission = sessions.filter((s) => s.status === "waiting_permission").length;
+  return {
+    total: sessions.length,
+    running,
+    waitingPermission,
+    terminal: sessions.length - running - waitingPermission
+  };
+}
 async function main() {
   const serverCwd = process.cwd();
-  const server = createServer(serverCwd);
+  const ctx = createServerContext(serverCwd);
+  const server = ctx.server;
+  const sessionManager = ctx.sessionManager;
   const transport = new StdioServerTransport();
   let closing = false;
-  const shutdown = async () => {
+  let lastExitCode = 0;
+  let stdinClosedAt;
+  let stdinClosedReason;
+  let stdinShutdownTimer;
+  const onStdinEnd = () => handleStdinTerminated("end");
+  const onStdinClose = () => handleStdinTerminated("close");
+  const clearStdinShutdownTimer = () => {
+    if (stdinShutdownTimer) {
+      clearTimeout(stdinShutdownTimer);
+      stdinShutdownTimer = void 0;
+    }
+  };
+  const shutdown = async (reason = "unknown") => {
     if (closing) return;
     closing = true;
+    clearStdinShutdownTimer();
+    if (typeof process.stdin.off === "function") {
+      process.stdin.off("error", handleStdinError);
+      process.stdin.off("end", onStdinEnd);
+      process.stdin.off("close", onStdinClose);
+    }
+    const forceExitMs = process.platform === "win32" ? 1e4 : 5e3;
+    const forceExitTimer = setTimeout(() => process.exit(lastExitCode), forceExitMs);
+    if (forceExitTimer.unref) forceExitTimer.unref();
+    const sessionSummary = summarizeSessions(ctx);
     try {
+      if (server?.isConnected()) {
+        await server.sendLoggingMessage({
+          level: "info",
+          data: { event: "server_stopping", reason, ...sessionSummary }
+        });
+      }
+      sessionManager.destroy();
       await server.close();
     } catch {
     }
-    process.exitCode = 0;
-    setTimeout(() => process.exit(0), 100);
+    process.exitCode = lastExitCode;
+    try {
+      await new Promise((resolve) => process.stderr.write("", () => resolve()));
+    } catch {
+    } finally {
+      clearTimeout(forceExitTimer);
+    }
+  };
+  function handleStdinError(error) {
+    console.error("stdin error:", error);
+    lastExitCode = 1;
+    void shutdown("stdin_error");
+  }
+  function hasActiveSessions() {
+    return sessionManager.list().some((s) => s.status === "running" || s.status === "waiting_permission");
+  }
+  const evaluateStdinTermination = () => {
+    if (closing || stdinClosedAt === void 0) return;
+    const stdinUnavailable = process.stdin.destroyed || process.stdin.readableEnded || !process.stdin.readable;
+    if (!stdinUnavailable) {
+      stdinClosedAt = void 0;
+      stdinClosedReason = void 0;
+      return;
+    }
+    const elapsedMs = Date.now() - stdinClosedAt;
+    const active = hasActiveSessions();
+    const connected = server.isConnected();
+    if (!active && !connected) {
+      void shutdown(`stdin_${stdinClosedReason ?? "closed"}`);
+      return;
+    }
+    if (elapsedMs >= STDIN_SHUTDOWN_MAX_WAIT_MS) {
+      void shutdown(`stdin_${stdinClosedReason ?? "closed"}_timeout`);
+      return;
+    }
+    stdinShutdownTimer = setTimeout(evaluateStdinTermination, STDIN_SHUTDOWN_CHECK_MS);
+    if (stdinShutdownTimer.unref) stdinShutdownTimer.unref();
+  };
+  function handleStdinTerminated(event) {
+    if (closing) return;
+    if (stdinClosedAt === void 0) {
+      stdinClosedAt = Date.now();
+      stdinClosedReason = event;
+      console.error(`[lifecycle] stdin ${event} observed; entering guarded shutdown checks`);
+    }
+    clearStdinShutdownTimer();
+    stdinShutdownTimer = setTimeout(evaluateStdinTermination, STDIN_SHUTDOWN_CHECK_MS);
+    if (stdinShutdownTimer.unref) stdinShutdownTimer.unref();
+  }
+  const handleUnexpectedError = (error) => {
+    if (isBenignRuntimeError(error)) {
+      console.error("Ignored benign runtime abort:", error);
+      return;
+    }
+    console.error("Unhandled runtime error:", error);
+    lastExitCode = 1;
+    void shutdown("runtime_error");
   };
-  process.on("SIGINT", shutdown);
-  process.on("SIGTERM", shutdown);
+  process.on("SIGINT", () => {
+    void shutdown("SIGINT");
+  });
+  process.on("SIGTERM", () => {
+    void shutdown("SIGTERM");
+  });
+  process.on("SIGHUP", () => {
+    void shutdown("SIGHUP");
+  });
+  process.on("beforeExit", () => {
+    void shutdown("beforeExit");
+  });
+  process.on("uncaughtException", handleUnexpectedError);
+  process.on("unhandledRejection", handleUnexpectedError);
+  if (process.platform === "win32") {
+    process.on("SIGBREAK", () => {
+      void shutdown("SIGBREAK");
+    });
+  }
+  if (typeof process.stdin.resume === "function") {
+    process.stdin.resume();
+  }
+  process.stdin.on("error", handleStdinError);
+  process.stdin.on("end", onStdinEnd);
+  process.stdin.on("close", onStdinClose);
   await server.connect(transport);
+  server.sendToolListChanged();
+  server.sendResourceListChanged();
   checkWindowsBashAvailability();
-  console.error(`claude-code-mcp server started (cwd: ${serverCwd})`);
+  try {
+    if (transport && server) {
+      await server.sendLoggingMessage({
+        level: "info",
+        data: { event: "server_started", cwd: serverCwd }
+      });
+    }
+  } catch {
+  }
+  console.error(`claude-code-mcp server started (transport=stdio, cwd: ${serverCwd})`);
 }
 main().catch((err) => {
   console.error("Fatal error:", err);