@leo000001/claude-code-mcp 2.2.0 → 2.4.0

package/dist/index.js

@@ -7,17 +7,20 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { z } from "zod";
 
-// src/utils/permission-updated-input.ts
-function normalizePermissionUpdatedInput(input) {
-  if (input && typeof input === "object" && !Array.isArray(input)) {
-    return input;
-  }
-  return { input };
-}
-
 // src/utils/normalize-windows-path.ts
 import path from "path";
 import os from "os";
+var TOOL_INPUT_PATH_FIELDS = [
+  "file_path",
+  "path",
+  "directory",
+  "folder",
+  "cwd",
+  "dest",
+  "destination",
+  "source",
+  "target"
+];
 function maybeAddWindowsLongPathPrefix(value) {
   if (value.startsWith("\\\\?\\") || value.startsWith("\\\\.\\") || value.length < 240)
     return value;
@@ -32,7 +35,7 @@ function expandTilde(value, platform) {
   const join2 = platform === "win32" ? path.win32.join : path.posix.join;
   return join2(os.homedir(), rest);
 }
-function normalizeMsysToWindowsPathInner(rawPath) {
+function convertMsysToWindowsPath(rawPath) {
   if (/^[a-zA-Z]:[\\/]/.test(rawPath) || rawPath.startsWith("\\\\")) return void 0;
   if (rawPath.startsWith("//")) {
     const m2 = rawPath.match(/^\/\/([^/]{2,})\/(.*)$/);
@@ -55,10 +58,32 @@ function normalizeMsysToWindowsPathInner(rawPath) {
   return `${drive}:\\${rest.replace(/\//g, "\\")}`;
 }
 function normalizeMsysToWindowsPath(rawPath) {
-  const converted = normalizeMsysToWindowsPathInner(rawPath);
+  const converted = convertMsysToWindowsPath(rawPath);
   if (!converted) return void 0;
   return path.win32.normalize(converted);
 }
+function isUnsupportedPosixAbsolutePath(value, platform = process.platform) {
+  if (platform !== "win32") return false;
+  if (!value.startsWith("/")) return false;
+  return convertMsysToWindowsPath(value) === void 0;
+}
+function extractPosixHomePathFromCommand(command) {
+  const match = command.match(/\/home\/[^/\s"'`]+(?:\/[^\s"'`]*)?/);
+  return match?.[0];
+}
+function findUnsupportedPosixPathInToolInput(input, platform = process.platform) {
+  if (platform !== "win32") return void 0;
+  for (const key of TOOL_INPUT_PATH_FIELDS) {
+    const value = input[key];
+    if (typeof value !== "string") continue;
+    if (isUnsupportedPosixAbsolutePath(value, platform)) return value;
+  }
+  const command = input.command;
+  if (typeof command !== "string") return void 0;
+  const embeddedHomePath = extractPosixHomePathFromCommand(command);
+  if (!embeddedHomePath) return void 0;
+  return isUnsupportedPosixAbsolutePath(embeddedHomePath, platform) ? embeddedHomePath : void 0;
+}
 function normalizeWindowsPathLike(value, platform = process.platform) {
   const expanded = expandTilde(value, platform);
   if (platform !== "win32") return expanded;
@@ -88,6 +113,20 @@ var DEFAULT_EVENT_BUFFER_MAX_SIZE = 1e3;
 var DEFAULT_EVENT_BUFFER_HARD_MAX_SIZE = 2e3;
 var DEFAULT_MAX_SESSIONS = 128;
 var DEFAULT_MAX_PENDING_PERMISSIONS_PER_SESSION = 64;
+function parsePositiveInt(raw) {
+  if (typeof raw !== "string" || raw.trim() === "") return void 0;
+  const parsed = Number.parseInt(raw, 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) return void 0;
+  return parsed;
+}
+function normalizePositiveNumber(value) {
+  if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) return void 0;
+  return Math.trunc(value);
+}
+function normalizeToolPolicyNames(values) {
+  if (!Array.isArray(values) || values.length === 0) return [];
+  return values.filter((value) => typeof value === "string").map((value) => value.trim()).filter((value) => value !== "");
+}
 var SessionManager = class _SessionManager {
   sessions = /* @__PURE__ */ new Map();
   runtime = /* @__PURE__ */ new Map();
@@ -98,6 +137,9 @@ var SessionManager = class _SessionManager {
   platform;
   maxSessions;
   maxPendingPermissionsPerSession;
+  eventBufferMaxSize;
+  eventBufferHardMaxSize;
+  destroyed = false;
   constructor(opts) {
     this.platform = opts?.platform ?? process.platform;
     const envRaw = process.env.CLAUDE_CODE_MCP_MAX_SESSIONS;
@@ -108,12 +150,23 @@ var SessionManager = class _SessionManager {
     const maxPendingEnvParsed = typeof maxPendingEnvRaw === "string" && maxPendingEnvRaw.trim() !== "" ? Number.parseInt(maxPendingEnvRaw, 10) : NaN;
     const maxPendingConfigured = opts?.maxPendingPermissionsPerSession ?? (Number.isFinite(maxPendingEnvParsed) ? maxPendingEnvParsed : void 0);
     this.maxPendingPermissionsPerSession = typeof maxPendingConfigured === "number" ? maxPendingConfigured <= 0 ? Number.POSITIVE_INFINITY : maxPendingConfigured : DEFAULT_MAX_PENDING_PERMISSIONS_PER_SESSION;
+    const configuredEventBufferMaxSize = normalizePositiveNumber(opts?.eventBufferMaxSize) ?? parsePositiveInt(process.env.CLAUDE_CODE_MCP_EVENT_BUFFER_MAX_SIZE);
+    const configuredEventBufferHardMaxSize = normalizePositiveNumber(opts?.eventBufferHardMaxSize) ?? parsePositiveInt(process.env.CLAUDE_CODE_MCP_EVENT_BUFFER_HARD_MAX_SIZE);
+    this.eventBufferMaxSize = configuredEventBufferMaxSize ?? DEFAULT_EVENT_BUFFER_MAX_SIZE;
+    const initialHardMaxSize = configuredEventBufferHardMaxSize ?? DEFAULT_EVENT_BUFFER_HARD_MAX_SIZE;
+    this.eventBufferHardMaxSize = Math.max(this.eventBufferMaxSize, initialHardMaxSize);
+    if (initialHardMaxSize < this.eventBufferMaxSize) {
+      console.error(
+        `[config] CLAUDE_CODE_MCP_EVENT_BUFFER_HARD_MAX_SIZE (${initialHardMaxSize}) is smaller than maxSize (${this.eventBufferMaxSize}); clamped to ${this.eventBufferHardMaxSize}.`
+      );
+    }
     this.cleanupTimer = setInterval(() => this.cleanup(), DEFAULT_CLEANUP_INTERVAL_MS);
     if (this.cleanupTimer.unref) {
       this.cleanupTimer.unref();
     }
   }
   getSessionCount() {
+    if (this.destroyed) return 0;
     return this.sessions.size;
   }
   getMaxSessions() {
@@ -122,11 +175,27 @@ var SessionManager = class _SessionManager {
   getMaxPendingPermissionsPerSession() {
     return this.maxPendingPermissionsPerSession;
   }
+  getEventBufferConfig() {
+    return {
+      maxSize: this.eventBufferMaxSize,
+      hardMaxSize: this.eventBufferHardMaxSize
+    };
+  }
+  getSessionTtlMs() {
+    return this.sessionTtlMs;
+  }
+  getRunningSessionMaxMs() {
+    return this.runningSessionMaxMs;
+  }
   hasCapacityFor(additionalSessions) {
+    if (this.destroyed) return false;
     if (additionalSessions <= 0) return true;
     return this.sessions.size + additionalSessions <= this.maxSessions;
   }
   create(params) {
+    if (this.destroyed) {
+      throw new Error("SessionManager is destroyed and no longer accepts new sessions.");
+    }
     const now = (/* @__PURE__ */ new Date()).toISOString();
     const existing = this.sessions.get(params.sessionId);
     if (existing) {
@@ -144,6 +213,7 @@ var SessionManager = class _SessionManager {
       permissionMode: params.permissionMode ?? "default",
       allowedTools: params.allowedTools,
       disallowedTools: params.disallowedTools,
+      strictAllowedTools: params.strictAllowedTools,
       tools: params.tools,
       maxTurns: params.maxTurns,
       systemPrompt: params.systemPrompt,
@@ -167,14 +237,15 @@ var SessionManager = class _SessionManager {
       debug: params.debug,
       debugFile: params.debugFile,
       env: params.env,
-      abortController: params.abortController
+      abortController: params.abortController,
+      queryInterrupt: params.queryInterrupt
     };
     this.sessions.set(params.sessionId, info);
     this.runtime.set(params.sessionId, {
       buffer: {
         events: [],
-        maxSize: DEFAULT_EVENT_BUFFER_MAX_SIZE,
-        hardMaxSize: DEFAULT_EVENT_BUFFER_HARD_MAX_SIZE,
+        maxSize: this.eventBufferMaxSize,
+        hardMaxSize: this.eventBufferHardMaxSize,
         nextId: 0
       },
       pendingPermissions: /* @__PURE__ */ new Map()
@@ -182,36 +253,43 @@ var SessionManager = class _SessionManager {
     return info;
   }
   get(sessionId) {
+    if (this.destroyed) return void 0;
     return this.sessions.get(sessionId);
   }
   updateStatus(sessionId, status) {
     return this.update(sessionId, { status });
   }
   list() {
+    if (this.destroyed) return [];
     return Array.from(this.sessions.values());
   }
   update(sessionId, patch) {
+    if (this.destroyed) return void 0;
     const info = this.sessions.get(sessionId);
     if (!info) return void 0;
     Object.assign(info, patch, { lastActiveAt: (/* @__PURE__ */ new Date()).toISOString() });
     return info;
   }
   /**
-   * Atomically transition a session from an expected status to "running".
+   * Atomically transition a session's status from expectedStatus to "running".
+   * This only covers synchronous state mutation within SessionManager.
    * Returns the session if successful, undefined if the session doesn't exist
    * or its current status doesn't match `expectedStatus`.
    */
   tryAcquire(sessionId, expectedStatus, abortController) {
+    if (this.destroyed) return void 0;
     if (expectedStatus !== "idle" && expectedStatus !== "error") return void 0;
     const info = this.sessions.get(sessionId);
     if (!info || info.status !== expectedStatus) return void 0;
     info.status = "running";
     info.abortController = abortController;
+    info.queryInterrupt = void 0;
     info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     this.clearTerminalEvents(sessionId);
     return info;
   }
   cancel(sessionId, opts) {
+    if (this.destroyed) return false;
     const info = this.sessions.get(sessionId);
     if (!info) return false;
     if (info.status !== "running" && info.status !== "waiting_permission") return false;
@@ -225,6 +303,12 @@ var SessionManager = class _SessionManager {
         "cancel"
       );
     }
+    if (info.queryInterrupt) {
+      try {
+        info.queryInterrupt();
+      } catch {
+      }
+    }
     if (info.abortController) {
       info.abortController.abort();
     }
@@ -232,10 +316,45 @@ var SessionManager = class _SessionManager {
     info.cancelledAt = (/* @__PURE__ */ new Date()).toISOString();
     info.cancelledReason = opts?.reason ?? "Session cancelled";
     info.cancelledSource = opts?.source ?? "cancel";
+    info.queryInterrupt = void 0;
+    info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
+    return true;
+  }
+  interrupt(sessionId, opts) {
+    if (this.destroyed) return false;
+    const info = this.sessions.get(sessionId);
+    if (!info) return false;
+    if (info.status !== "running" && info.status !== "waiting_permission") return false;
+    if (info.status === "waiting_permission") {
+      this.finishAllPending(
+        sessionId,
+        { behavior: "deny", message: opts?.reason ?? "Session interrupted", interrupt: true },
+        "interrupt"
+      );
+    }
+    if (info.queryInterrupt) {
+      try {
+        info.queryInterrupt();
+      } catch {
+      }
+    }
+    if (info.abortController) {
+      info.abortController.abort();
+    }
+    this.pushEvent(sessionId, {
+      type: "progress",
+      data: {
+        type: "interrupted",
+        reason: opts?.reason ?? "Session interrupted",
+        source: opts?.source ?? "interrupt"
+      },
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    });
     info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     return true;
   }
   delete(sessionId) {
+    if (this.destroyed) return false;
     this.finishAllPending(
       sessionId,
       { behavior: "deny", message: "Session deleted", interrupt: true },
@@ -247,22 +366,27 @@ var SessionManager = class _SessionManager {
     return this.sessions.delete(sessionId);
   }
   setResult(sessionId, result) {
+    if (this.destroyed) return;
     const state = this.runtime.get(sessionId);
     if (!state) return;
     state.storedResult = result;
   }
   getResult(sessionId) {
+    if (this.destroyed) return void 0;
     return this.runtime.get(sessionId)?.storedResult;
   }
   setInitTools(sessionId, tools) {
+    if (this.destroyed) return;
     const state = this.runtime.get(sessionId);
     if (!state) return;
     state.initTools = tools;
   }
   getInitTools(sessionId) {
+    if (this.destroyed) return void 0;
     return this.runtime.get(sessionId)?.initTools;
   }
   pushEvent(sessionId, event) {
+    if (this.destroyed) return void 0;
     const state = this.runtime.get(sessionId);
     if (!state) return void 0;
     const full = _SessionManager.pushEvent(
@@ -280,21 +404,25 @@ var SessionManager = class _SessionManager {
     return full;
   }
   getLastEventId(sessionId) {
+    if (this.destroyed) return void 0;
     const state = this.runtime.get(sessionId);
     if (!state) return void 0;
     return state.buffer.nextId > 0 ? state.buffer.nextId - 1 : void 0;
   }
   readEvents(sessionId, cursor) {
+    if (this.destroyed) return { events: [], nextCursor: cursor ?? 0 };
     const state = this.runtime.get(sessionId);
     if (!state) return { events: [], nextCursor: cursor ?? 0 };
     return _SessionManager.readEvents(state.buffer, cursor);
   }
   clearTerminalEvents(sessionId) {
+    if (this.destroyed) return;
     const state = this.runtime.get(sessionId);
     if (!state) return;
     _SessionManager.clearTerminalEvents(state.buffer);
   }
   setPendingPermission(sessionId, req, finish, timeoutMs) {
+    if (this.destroyed) return false;
     const state = this.runtime.get(sessionId);
     const info = this.sessions.get(sessionId);
     if (!state || !info) return false;
@@ -376,14 +504,79 @@ var SessionManager = class _SessionManager {
     return false;
   }
   getPendingPermissionCount(sessionId) {
+    if (this.destroyed) return 0;
     return this.runtime.get(sessionId)?.pendingPermissions.size ?? 0;
   }
+  getEventCount(sessionId) {
+    if (this.destroyed) return 0;
+    return this.runtime.get(sessionId)?.buffer.events.length ?? 0;
+  }
+  getCurrentCursor(sessionId) {
+    if (this.destroyed) return void 0;
+    const state = this.runtime.get(sessionId);
+    if (!state) return void 0;
+    return state.buffer.nextId;
+  }
+  getRemainingTtlMs(sessionId) {
+    if (this.destroyed) return void 0;
+    const session = this.sessions.get(sessionId);
+    if (!session) return void 0;
+    const lastActiveMs = Date.parse(session.lastActiveAt);
+    if (!Number.isFinite(lastActiveMs)) return void 0;
+    const limitMs = session.status === "running" || session.status === "waiting_permission" ? this.runningSessionMaxMs : this.sessionTtlMs;
+    return Math.max(0, limitMs - (Date.now() - lastActiveMs));
+  }
+  getRuntimeToolStats() {
+    if (this.destroyed) {
+      return { sessionsWithInitTools: 0, runtimeDiscoveredUniqueCount: 0 };
+    }
+    const unique = /* @__PURE__ */ new Set();
+    let sessionsWithInitTools = 0;
+    for (const state of this.runtime.values()) {
+      if (!Array.isArray(state.initTools) || state.initTools.length === 0) continue;
+      sessionsWithInitTools += 1;
+      for (const tool of state.initTools) {
+        if (typeof tool === "string" && tool.trim() !== "") {
+          unique.add(tool);
+        }
+      }
+    }
+    return {
+      sessionsWithInitTools,
+      runtimeDiscoveredUniqueCount: unique.size
+    };
+  }
   listPendingPermissions(sessionId) {
+    if (this.destroyed) return [];
     const state = this.runtime.get(sessionId);
     if (!state) return [];
     return Array.from(state.pendingPermissions.values()).map((p) => p.record).sort((a, b) => a.createdAt.localeCompare(b.createdAt));
   }
+  getPendingPermission(sessionId, requestId) {
+    if (this.destroyed) return void 0;
+    const state = this.runtime.get(sessionId);
+    return state?.pendingPermissions.get(requestId)?.record;
+  }
+  allowToolForSession(sessionId, toolName) {
+    if (this.destroyed) return false;
+    const info = this.sessions.get(sessionId);
+    if (!info) return false;
+    const normalized = toolName.trim();
+    if (normalized === "") return false;
+    const disallowed = normalizeToolPolicyNames(info.disallowedTools);
+    if (disallowed.includes(normalized)) {
+      return false;
+    }
+    const allowed = Array.isArray(info.allowedTools) ? [...info.allowedTools] : [];
+    if (!allowed.includes(normalized)) {
+      allowed.push(normalized);
+      info.allowedTools = allowed;
+      info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
+    }
+    return true;
+  }
   finishRequest(sessionId, requestId, result, source) {
+    if (this.destroyed) return false;
     const state = this.runtime.get(sessionId);
     const info = this.sessions.get(sessionId);
     if (!state || !info) return false;
@@ -391,11 +584,12 @@ var SessionManager = class _SessionManager {
     if (!pending) return false;
     let finalResult = result;
     if (finalResult.behavior === "allow") {
-      const disallowed = info.disallowedTools;
-      if (Array.isArray(disallowed) && disallowed.includes(pending.record.toolName) && pending.record.toolName.trim() !== "") {
+      const disallowed = normalizeToolPolicyNames(info.disallowedTools);
+      const pendingToolName = pending.record.toolName.trim();
+      if (pendingToolName !== "" && disallowed.includes(pendingToolName)) {
         finalResult = {
           behavior: "deny",
-          message: `Tool '${pending.record.toolName}' is disallowed by session policy.`,
+          message: `Tool '${pendingToolName}' is disallowed by session policy.`,
           interrupt: false
         };
       }
@@ -403,19 +597,25 @@ var SessionManager = class _SessionManager {
     if (finalResult.behavior === "allow") {
       const updatedInput = finalResult.updatedInput;
       const validRecord = updatedInput !== null && updatedInput !== void 0 && typeof updatedInput === "object" && !Array.isArray(updatedInput);
-      if (!validRecord) {
+      const normalizedUpdatedInput = validRecord ? normalizeToolInput(
+        pending.record.toolName,
+        updatedInput,
+        this.platform
+      ) : normalizeToolInput(pending.record.toolName, pending.record.input, this.platform);
+      const unsupportedPath = findUnsupportedPosixPathInToolInput(
+        normalizedUpdatedInput,
+        this.platform
+      );
+      if (unsupportedPath) {
         finalResult = {
-          ...finalResult,
-          updatedInput: normalizePermissionUpdatedInput(pending.record.input)
+          behavior: "deny",
+          message: `Tool '${pending.record.toolName}' attempted to allow an unsupported POSIX path '${unsupportedPath}' on Windows.`,
+          interrupt: false
         };
       } else {
         finalResult = {
           ...finalResult,
-          updatedInput: normalizeToolInput(
-            pending.record.toolName,
-            updatedInput,
-            this.platform
-          )
+          updatedInput: normalizedUpdatedInput
         };
       }
     }
@@ -452,6 +652,7 @@ var SessionManager = class _SessionManager {
     return true;
   }
   finishAllPending(sessionId, result, source, opts) {
+    if (this.destroyed) return;
     const state = this.runtime.get(sessionId);
     if (!state) return;
     if (state.pendingPermissions.size === 0) return;
@@ -484,6 +685,7 @@ var SessionManager = class _SessionManager {
   }
   /** Remove sessions that have been idle for too long, or stuck running too long */
   cleanup() {
+    if (this.destroyed) return;
     const now = Date.now();
     for (const [id, info] of this.sessions) {
       const lastActive = new Date(info.lastActiveAt).getTime();
@@ -502,7 +704,8 @@ var SessionManager = class _SessionManager {
         info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
         info.cancelledReason = info.cancelledReason ?? "Session timed out";
         info.cancelledSource = info.cancelledSource ?? "cleanup";
-        info.status = "error";
+        info.queryInterrupt = void 0;
+        info.status = "cancelled";
         info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       } else if (info.status === "waiting_permission" && now - lastActive > this.runningSessionMaxMs) {
         this.finishAllPending(
@@ -515,7 +718,8 @@ var SessionManager = class _SessionManager {
         info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
         info.cancelledReason = info.cancelledReason ?? "Session timed out";
         info.cancelledSource = info.cancelledSource ?? "cleanup";
-        info.status = "error";
+        info.queryInterrupt = void 0;
+        info.status = "cancelled";
         info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
       } else if (info.status !== "running" && info.status !== "waiting_permission" && now - lastActive > this.sessionTtlMs) {
         this.finishAllPending(
@@ -553,6 +757,7 @@ var SessionManager = class _SessionManager {
   toPublicJSON(info) {
     const {
       abortController: _abortController,
+      queryInterrupt: _queryInterrupt,
       cwd: _cwd,
       systemPrompt: _systemPrompt,
       agents: _agents,
@@ -568,6 +773,7 @@ var SessionManager = class _SessionManager {
     return rest;
   }
   destroy() {
+    if (this.destroyed) return;
     clearInterval(this.cleanupTimer);
     for (const info of this.sessions.values()) {
       this.finishAllPending(
@@ -579,12 +785,17 @@ var SessionManager = class _SessionManager {
       if ((info.status === "running" || info.status === "waiting_permission") && info.abortController) {
         info.abortController.abort();
       }
+      info.queryInterrupt = void 0;
       info.status = "cancelled";
       info.cancelledAt = info.cancelledAt ?? (/* @__PURE__ */ new Date()).toISOString();
       info.cancelledReason = info.cancelledReason ?? "Server shutting down";
       info.cancelledSource = info.cancelledSource ?? "destroy";
       info.lastActiveAt = (/* @__PURE__ */ new Date()).toISOString();
     }
+    this.drainingSessions.clear();
+    this.runtime.clear();
+    this.sessions.clear();
+    this.destroyed = true;
   }
   static pushEvent(buffer, event, isActivePermissionRequest) {
     const pinned = event.pinned ?? (event.type === "permission_request" || event.type === "permission_result" || event.type === "result" || event.type === "error");
@@ -596,38 +807,61 @@ var SessionManager = class _SessionManager {
       pinned
     };
     buffer.events.push(full);
-    while (buffer.events.length > buffer.maxSize) {
-      const idx = buffer.events.findIndex((e) => !e.pinned);
-      if (idx !== -1) {
-        buffer.events.splice(idx, 1);
-        continue;
+    _SessionManager.evictEventsToLimits(buffer, isActivePermissionRequest);
+    return full;
+  }
+  static evictEventsToLimits(buffer, isActivePermissionRequest) {
+    if (buffer.events.length <= buffer.maxSize && buffer.events.length <= buffer.hardMaxSize) {
+      return;
+    }
+    const droppedIds = /* @__PURE__ */ new Set();
+    let remaining = buffer.events.length;
+    const dropOldestMatching = (count, predicate) => {
+      if (count <= 0) return 0;
+      let dropped = 0;
+      for (const event of buffer.events) {
+        if (dropped >= count) break;
+        if (droppedIds.has(event.id)) continue;
+        if (!predicate(event)) continue;
+        droppedIds.add(event.id);
+        dropped += 1;
       }
-      const pinnedDropIdx = buffer.events.findIndex((e) => {
-        if (e.type === "permission_result") return true;
-        if (e.type === "permission_request") {
-          const requestId = e.data?.requestId;
-          if (typeof requestId !== "string") return true;
-          return isActivePermissionRequest ? !isActivePermissionRequest(requestId) : true;
-        }
-        return false;
-      });
-      if (pinnedDropIdx === -1) break;
-      buffer.events.splice(pinnedDropIdx, 1);
-    }
-    while (buffer.events.length > buffer.hardMaxSize) {
-      const idx = buffer.events.findIndex((e) => {
-        if (e.type === "permission_request") {
-          const requestId = e.data?.requestId;
-          if (typeof requestId !== "string") return true;
-          return isActivePermissionRequest ? !isActivePermissionRequest(requestId) : true;
-        }
-        if (e.type === "permission_result") return true;
-        return false;
-      });
-      if (idx === -1) break;
-      buffer.events.splice(idx, 1);
+      if (dropped > 0) {
+        remaining -= dropped;
+      }
+      return dropped;
+    };
+    const isDroppablePermissionEvent = (event) => {
+      if (event.type === "permission_result") return true;
+      if (event.type !== "permission_request") return false;
+      const requestId = event.data?.requestId;
+      if (typeof requestId !== "string") return true;
+      return isActivePermissionRequest ? !isActivePermissionRequest(requestId) : true;
+    };
+    let toDropForSoftLimit = remaining - buffer.maxSize;
+    if (toDropForSoftLimit > 0) {
+      toDropForSoftLimit -= dropOldestMatching(toDropForSoftLimit, (event) => !event.pinned);
     }
-    return full;
+    if (toDropForSoftLimit > 0) {
+      toDropForSoftLimit -= dropOldestMatching(toDropForSoftLimit, isDroppablePermissionEvent);
+    }
+    let toDropForHardLimit = remaining - buffer.hardMaxSize;
+    if (toDropForHardLimit > 0) {
+      toDropForHardLimit -= dropOldestMatching(toDropForHardLimit, isDroppablePermissionEvent);
+    }
+    if (droppedIds.size > 0) {
+      buffer.events = buffer.events.filter((event) => !droppedIds.has(event.id));
+    }
+  }
+  static lowerBoundByEventId(events, startFrom) {
+    let left = 0;
+    let right = events.length;
+    while (left < right) {
+      const mid = Math.floor((left + right) / 2);
+      if (events[mid].id < startFrom) left = mid + 1;
+      else right = mid;
+    }
+    return left;
   }
   static readEvents(buffer, cursor) {
     let cursorResetTo;
@@ -637,7 +871,8 @@ var SessionManager = class _SessionManager {
       if (earliest == null && buffer.nextId > cursor) cursorResetTo = buffer.nextId;
     }
     const startFrom = cursorResetTo ?? cursor ?? 0;
-    const filtered = buffer.events.filter((e) => e.id >= startFrom);
+    const startIndex = _SessionManager.lowerBoundByEventId(buffer.events, startFrom);
+    const filtered = buffer.events.slice(startIndex);
     const nextCursor = filtered.length > 0 ? filtered[filtered.length - 1].id + 1 : startFrom;
     return { events: filtered, nextCursor, cursorResetTo };
   }
@@ -660,13 +895,28 @@ var SessionManager = class _SessionManager {
   }
 };
 
+// src/tools/claude-code.ts
+import { existsSync as existsSync2, statSync } from "fs";
+
 // src/types.ts
 var EFFORT_LEVELS = ["low", "medium", "high", "max"];
 var AGENT_MODELS = ["sonnet", "opus", "haiku", "inherit"];
-var SESSION_ACTIONS = ["list", "get", "cancel"];
+var SESSION_ACTIONS = ["list", "get", "cancel", "interrupt"];
 var DEFAULT_SETTING_SOURCES = ["user", "project", "local"];
 var CHECK_ACTIONS = ["poll", "respond_permission"];
-var CHECK_RESPONSE_MODES = ["minimal", "full"];
+var CHECK_RESPONSE_MODES = ["minimal", "full", "delta_compact"];
+var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
+  ErrorCode2["INVALID_ARGUMENT"] = "INVALID_ARGUMENT";
+  ErrorCode2["SESSION_NOT_FOUND"] = "SESSION_NOT_FOUND";
+  ErrorCode2["SESSION_BUSY"] = "SESSION_BUSY";
+  ErrorCode2["PERMISSION_REQUEST_NOT_FOUND"] = "PERMISSION_REQUEST_NOT_FOUND";
+  ErrorCode2["PERMISSION_DENIED"] = "PERMISSION_DENIED";
+  ErrorCode2["RESOURCE_EXHAUSTED"] = "RESOURCE_EXHAUSTED";
+  ErrorCode2["TIMEOUT"] = "TIMEOUT";
+  ErrorCode2["CANCELLED"] = "CANCELLED";
+  ErrorCode2["INTERNAL"] = "INTERNAL";
+  return ErrorCode2;
+})(ErrorCode || {});
 
 // src/tools/query-consumer.ts
 import { AbortError, query } from "@anthropic-ai/claude-agent-sdk";
@@ -843,6 +1093,14 @@ function enhanceWindowsError(errorMessage) {
   return errorMessage;
 }
 
+// src/utils/permission-updated-input.ts
+function normalizePermissionUpdatedInput(input) {
+  if (input && typeof input === "object" && !Array.isArray(input)) {
+    return input;
+  }
+  return { input };
+}
+
 // src/tools/query-consumer.ts
 var MAX_TRANSIENT_RETRIES = 3;
 var INITIAL_RETRY_DELAY_MS = 1e3;
@@ -876,6 +1134,10 @@ function describeTool(toolName, toolCache) {
   const found = tools?.find((t) => t.name === toolName);
   return found?.description;
 }
+function normalizePolicyToolNames(tools) {
+  if (!Array.isArray(tools) || tools.length === 0) return [];
+  return tools.filter((tool) => typeof tool === "string").map((tool) => tool.trim()).filter((tool) => tool !== "");
+}
 function sdkResultToAgentResult(result) {
   const sessionTotalTurns = result.session_total_turns;
   const sessionTotalCostUsd = result.session_total_cost_usd;
@@ -1003,13 +1265,41 @@ function consumeQuery(params) {
   );
   const canUseTool = async (toolName, input, options2) => {
     const sessionId = await getSessionId();
+    const normalizedToolName = toolName.trim();
     const normalizedInput = normalizeToolInput(toolName, input, params.platform);
+    const unsupportedPath = findUnsupportedPosixPathInToolInput(normalizedInput, params.platform);
+    if (unsupportedPath) {
+      return {
+        behavior: "deny",
+        message: `Tool '${normalizedToolName || toolName}' requested unsupported POSIX path '${unsupportedPath}' on Windows.`,
+        interrupt: false
+      };
+    }
+    if (typeof options2.blockedPath === "string" && isUnsupportedPosixAbsolutePath(options2.blockedPath, params.platform)) {
+      return {
+        behavior: "deny",
+        message: `Tool '${normalizedToolName || toolName}' requested blocked path '${options2.blockedPath}' that is unsupported on Windows.`,
+        interrupt: false
+      };
+    }
     const sessionInfo = params.sessionManager.get(sessionId);
     if (sessionInfo) {
-      if (Array.isArray(sessionInfo.disallowedTools) && sessionInfo.disallowedTools.includes(toolName)) {
-        return { behavior: "deny", message: `Tool '${toolName}' is disallowed by session policy.` };
+      const disallowedTools = normalizePolicyToolNames(sessionInfo.disallowedTools);
+      const allowedTools = normalizePolicyToolNames(sessionInfo.allowedTools);
+      if (normalizedToolName !== "" && disallowedTools.includes(normalizedToolName)) {
+        return {
+          behavior: "deny",
+          message: `Tool '${normalizedToolName}' is disallowed by session policy.`
+        };
       }
-      if (!options2.blockedPath && Array.isArray(sessionInfo.allowedTools) && sessionInfo.allowedTools.includes(toolName)) {
+      if (sessionInfo.strictAllowedTools === true && normalizedToolName !== "" && allowedTools.length > 0 && !allowedTools.includes(normalizedToolName)) {
+        return {
+          behavior: "deny",
+          message: `Tool '${normalizedToolName}' is not in allowedTools under strictAllowedTools policy.`,
+          interrupt: false
+        };
+      }
+      if (!options2.blockedPath && normalizedToolName !== "" && allowedTools.includes(normalizedToolName)) {
         return {
           behavior: "allow",
           updatedInput: normalizePermissionUpdatedInput(normalizedInput)
@@ -1182,13 +1472,15 @@ function consumeQuery(params) {
                 status: agentResult.isError ? "error" : "idle",
                 totalTurns: sessionTotalTurns,
                 totalCostUsd: sessionTotalCostUsd,
-                abortController: void 0
+                abortController: void 0,
+                queryInterrupt: void 0
               });
             } else if (current) {
               params.sessionManager.update(sessionId2, {
                 totalTurns: sessionTotalTurns,
                 totalCostUsd: sessionTotalCostUsd,
-                abortController: void 0
+                abortController: void 0,
+                queryInterrupt: void 0
               });
             }
             return;
@@ -1240,7 +1532,8 @@ function consumeQuery(params) {
             });
             params.sessionManager.update(sessionId, {
               status: "error",
-              abortController: void 0
+              abortController: void 0,
+              queryInterrupt: void 0
             });
           }
         }
@@ -1323,7 +1616,11 @@ function consumeQuery(params) {
             data: agentResult,
             timestamp: (/* @__PURE__ */ new Date()).toISOString()
           });
-          params.sessionManager.update(sessionId, { status: "error", abortController: void 0 });
+          params.sessionManager.update(sessionId, {
+            status: "error",
+            abortController: void 0,
+            queryInterrupt: void 0
+          });
         }
         return;
       } finally {
@@ -1335,7 +1632,7 @@ function consumeQuery(params) {
 }
 
 // src/utils/resume-token.ts
-import { createHmac } from "crypto";
+import { createHmac, timingSafeEqual } from "crypto";
 function getResumeSecrets() {
   const raw = process.env.CLAUDE_CODE_MCP_RESUME_SECRET;
   if (typeof raw !== "string") return [];
@@ -1347,9 +1644,18 @@ function getResumeSecret() {
 function computeResumeToken(sessionId, secret) {
   return createHmac("sha256", secret).update(sessionId).digest("base64url");
 }
+function timingSafeEqualText(a, b) {
+  const left = Buffer.from(a, "utf8");
+  const rightRaw = Buffer.from(b, "utf8");
+  const right = Buffer.alloc(left.length);
+  rightRaw.copy(right, 0, 0, left.length);
+  const sameLength = rightRaw.length === left.length;
+  return timingSafeEqual(left, right) && sameLength;
+}
 function isValidResumeToken(sessionId, token, secrets) {
   for (const secret of secrets) {
-    if (computeResumeToken(sessionId, secret) === token) return true;
+    const computed = computeResumeToken(sessionId, secret);
+    if (timingSafeEqualText(computed, token)) return true;
   }
   return false;
 }
@@ -1425,6 +1731,7 @@ function toSessionCreateParams(input) {
     permissionMode: input.permissionMode,
     allowedTools: src.allowedTools,
     disallowedTools: src.disallowedTools,
+    strictAllowedTools: src.strictAllowedTools,
     tools: src.tools,
     maxTurns: src.maxTurns,
     systemPrompt: src.systemPrompt,
@@ -1448,13 +1755,15 @@ function toSessionCreateParams(input) {
     debug: src.debug,
     debugFile: src.debugFile,
     env: src.env,
-    abortController: input.abortController
+    abortController: input.abortController,
+    queryInterrupt: input.queryInterrupt
   };
 }
 
 // src/tools/claude-code.ts
 async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, requestSignal) {
-  const cwd = input.cwd !== void 0 ? input.cwd : serverCwd;
+  const cwdProvided = input.cwd !== void 0;
+  const cwd = cwdProvided ? input.cwd : serverCwd;
   if (typeof cwd !== "string" || cwd.trim() === "") {
     return {
       sessionId: "",
@@ -1462,6 +1771,32 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
       error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd must be a non-empty string.`
     };
   }
+  const normalizedCwd = normalizeWindowsPathLike(cwd);
+  if (cwdProvided && !existsSync2(normalizedCwd)) {
+    return {
+      sessionId: "",
+      status: "error",
+      error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd path does not exist: ${normalizedCwd}`
+    };
+  }
+  if (cwdProvided) {
+    try {
+      if (!statSync(normalizedCwd).isDirectory()) {
+        return {
+          sessionId: "",
+          status: "error",
+          error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd must be a directory: ${normalizedCwd}`
+        };
+      }
+    } catch (err) {
+      const detail = err instanceof Error ? ` (${err.message})` : "";
+      return {
+        sessionId: "",
+        status: "error",
+        error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd is not accessible: ${normalizedCwd}${detail}`
+      };
+    }
+  }
   if (!sessionManager.hasCapacityFor(1)) {
     return {
       sessionId: "",
@@ -1485,9 +1820,10 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
     );
   }
   const flat = {
-    cwd,
+    cwd: normalizedCwd,
     allowedTools: input.allowedTools,
     disallowedTools: input.disallowedTools,
+    strictAllowedTools: input.strictAllowedTools ?? adv.strictAllowedTools,
     maxTurns: input.maxTurns,
     model: input.model,
     systemPrompt: input.systemPrompt,
@@ -1519,7 +1855,10 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
             sessionId: init.session_id,
             source: normalizedFlat,
             permissionMode: "default",
-            abortController
+            abortController,
+            queryInterrupt: () => {
+              handle.interrupt();
+            }
           })
         );
       }
@@ -1548,6 +1887,42 @@ async function executeClaudeCode(input, sessionManager, serverCwd, toolCache, re
 }
 
 // src/tools/claude-code-reply.ts
+import { existsSync as existsSync3, statSync as statSync2 } from "fs";
+import os2 from "os";
+import path3 from "path";
+function normalizeAndAssertCwd(cwd, contextLabel) {
+  const normalizedCwd = normalizeWindowsPathLike(cwd);
+  const resolvedCwd = resolvePortableTmpAlias(normalizedCwd);
+  if (!existsSync3(resolvedCwd)) {
+    throw new Error(
+      `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: ${contextLabel} path does not exist: ${resolvedCwd}`
+    );
+  }
+  try {
+    const stat = statSync2(resolvedCwd);
+    if (!stat.isDirectory()) {
+      throw new Error(
+        `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: ${contextLabel} must be a directory: ${resolvedCwd}`
+      );
+    }
+  } catch (err) {
+    if (err instanceof Error && err.message.includes("Error [")) throw err;
+    const detail = err instanceof Error ? ` (${err.message})` : "";
+    throw new Error(
+      `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: ${contextLabel} is not accessible: ${resolvedCwd}${detail}`
+    );
+  }
+  return resolvedCwd;
+}
+function resolvePortableTmpAlias(cwd) {
+  if (process.platform !== "win32") return cwd;
+  const normalized = cwd.replace(/\\/g, "/");
+  if (normalized === "/tmp") return os2.tmpdir();
+  if (normalized.startsWith("/tmp/")) {
+    return path3.join(os2.tmpdir(), normalized.slice("/tmp/".length));
+  }
+  return cwd;
+}
 function toStartError(sessionId, err) {
   const message = err instanceof Error ? err.message : String(err);
   const errorText = message.includes("Error [") ? message : `Error [${"INTERNAL" /* INTERNAL */}]: ${message}`;
@@ -1567,7 +1942,11 @@ function buildOptionsFromDiskResume(dr) {
   if (dr.cwd === void 0 || typeof dr.cwd !== "string" || dr.cwd.trim() === "") {
     throw new Error(`Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd must be provided for disk resume.`);
   }
-  return buildOptions(dr);
+  const normalizedCwd = normalizeAndAssertCwd(dr.cwd, "disk resume cwd");
+  return buildOptions({
+    ...dr,
+    cwd: normalizedCwd
+  });
 }
 async function executeClaudeCodeReply(input, sessionManager, toolCache, requestSignal) {
   const permissionRequestTimeoutMs = input.permissionRequestTimeoutMs ?? 6e4;
@@ -1638,7 +2017,7 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         })
       );
       try {
-        consumeQuery({
+        const handle = consumeQuery({
           mode: "disk-resume",
           sessionId: input.sessionId,
           prompt: input.prompt,
@@ -1649,6 +2028,11 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
           sessionManager,
           toolCache
         });
+        sessionManager.update(input.sessionId, {
+          queryInterrupt: () => {
+            handle.interrupt();
+          }
+        });
       } catch (err) {
         const { agentResult, errorText } = toStartError(input.sessionId, err);
         sessionManager.setResult(input.sessionId, {
@@ -1661,7 +2045,11 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
           data: agentResult,
           timestamp: (/* @__PURE__ */ new Date()).toISOString()
         });
-        sessionManager.update(input.sessionId, { status: "error", abortController: void 0 });
+        sessionManager.update(input.sessionId, {
+          status: "error",
+          abortController: void 0,
+          queryInterrupt: void 0
+        });
         return { sessionId: input.sessionId, status: "error", error: errorText };
       }
       return {
@@ -1683,7 +2071,11 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
           data: agentResult,
           timestamp: (/* @__PURE__ */ new Date()).toISOString()
         });
-        sessionManager.update(input.sessionId, { status: "error", abortController: void 0 });
+        sessionManager.update(input.sessionId, {
+          status: "error",
+          abortController: void 0,
+          queryInterrupt: void 0
+        });
       }
       return {
         sessionId: input.sessionId,
@@ -1718,7 +2110,9 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
     };
   }
   const session = acquired;
+  const normalizedCwd = normalizeAndAssertCwd(session.cwd, "session cwd");
   const options = buildOptions(session);
+  options.cwd = normalizedCwd;
   if (input.forkSession) options.forkSession = true;
   if (input.forkSession && !sessionManager.hasCapacityFor(1)) {
     sessionManager.update(input.sessionId, { status: originalStatus, abortController: void 0 });
@@ -1757,7 +2151,8 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         if (init.session_id === input.sessionId) return;
         sessionManager.update(input.sessionId, {
           status: originalStatus,
-          abortController: void 0
+          abortController: void 0,
+          queryInterrupt: void 0
         });
         if (!sessionManager.get(init.session_id)) {
           sessionManager.create(
@@ -1765,12 +2160,22 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
               sessionId: init.session_id,
               source: { ...session, ...sourceOverrides },
               permissionMode: "default",
-              abortController
+              abortController,
+              queryInterrupt: () => {
+                handle.interrupt();
+              }
             })
           );
         }
       }
     });
+    if (!input.forkSession) {
+      sessionManager.update(input.sessionId, {
+        queryInterrupt: () => {
+          handle.interrupt();
+        }
+      });
+    }
     const sessionId = input.forkSession ? await raceWithAbort(
       handle.sdkSessionIdPromise,
       requestSignal,
@@ -1795,7 +2200,8 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
     if (input.forkSession) {
       sessionManager.update(input.sessionId, {
         status: originalStatus,
-        abortController: void 0
+        abortController: void 0,
+        queryInterrupt: void 0
       });
     } else {
       sessionManager.setResult(input.sessionId, {
@@ -1808,7 +2214,11 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
         data: agentResult,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
-      sessionManager.update(input.sessionId, { status: "error", abortController: void 0 });
+      sessionManager.update(input.sessionId, {
+        status: "error",
+        abortController: void 0,
+        queryInterrupt: void 0
+      });
     }
     return {
       sessionId: input.sessionId,
@@ -1819,14 +2229,18 @@ async function executeClaudeCodeReply(input, sessionManager, toolCache, requestS
 }
 
 // src/tools/tool-discovery.ts
+var DEFAULT_PERMISSION_MODEL = "policy_controlled";
+var DEFAULT_SCHEMA_AVAILABILITY = "none";
 var TOOL_CATALOG = {
   Bash: {
     description: "Run shell commands",
-    category: "execute"
+    category: "execute",
+    notes: ["Execution may require permission approval depending on session policy."]
   },
   Read: {
     description: "Read file contents (large files: use offset/limit or Grep)",
-    category: "file_read"
+    category: "file_read",
+    notes: ["Large reads are often capped by the backend; use offset/limit when needed."]
   },
   Write: {
     description: "Create or overwrite files",
@@ -1855,7 +2269,8 @@ var TOOL_CATALOG = {
   WebSearch: { description: "Web search", category: "network" },
   Task: {
     description: "Spawn subagent (must be in allowedTools)",
-    category: "agent"
+    category: "agent",
+    availabilityConditions: ["Requires Task to be visible and approved by session policy."]
   },
   TaskOutput: { description: "Get subagent output", category: "agent" },
   TaskStop: { description: "Cancel subagent", category: "agent" },
@@ -1869,22 +2284,35 @@ var TOOL_CATALOG = {
   },
   TeamDelete: {
     description: "Delete team (may need shutdown_approved first)",
-    category: "agent"
+    category: "agent",
+    notes: ["Team cleanup can be asynchronous during shutdown."]
   }
 };
 function uniq(items) {
   return Array.from(new Set(items));
 }
+function withToolDefaults(tool) {
+  return {
+    ...tool,
+    permissionModel: tool.permissionModel ?? DEFAULT_PERMISSION_MODEL,
+    schemaAvailability: tool.schemaAvailability ?? DEFAULT_SCHEMA_AVAILABILITY
+  };
+}
 function discoverToolsFromInit(initTools) {
   const names = uniq(initTools.filter((t) => typeof t === "string" && t.trim() !== ""));
-  return names.map((name) => ({
-    name,
-    description: TOOL_CATALOG[name]?.description ?? name,
-    category: TOOL_CATALOG[name]?.category
-  }));
+  return names.map(
+    (name) => withToolDefaults({
+      name,
+      description: TOOL_CATALOG[name]?.description ?? name,
+      category: TOOL_CATALOG[name]?.category,
+      availabilityConditions: TOOL_CATALOG[name]?.availabilityConditions,
+      platformConstraints: TOOL_CATALOG[name]?.platformConstraints,
+      notes: TOOL_CATALOG[name]?.notes
+    })
+  );
 }
 function defaultCatalogTools() {
-  return Object.keys(TOOL_CATALOG).sort((a, b) => a.localeCompare(b)).map((name) => ({ name, ...TOOL_CATALOG[name] }));
+  return Object.keys(TOOL_CATALOG).sort((a, b) => a.localeCompare(b)).map((name) => withToolDefaults({ name, ...TOOL_CATALOG[name] }));
 }
 var ToolDiscoveryCache = class {
   cached;
@@ -1953,7 +2381,7 @@ function pollIntervalForStatus(status) {
   return void 0;
 }
 function toPermissionResult(params) {
-  if (params.decision === "allow") {
+  if (params.decision === "allow" || params.decision === "allow_for_session") {
     return {
       behavior: "allow",
       updatedInput: params.updatedInput,
@@ -1966,6 +2394,19 @@ function toPermissionResult(params) {
     interrupt: params.interrupt
   };
 }
+function appendAllowForSessionUpdate(updates, toolName) {
+  const normalizedToolName = toolName?.trim();
+  if (!normalizedToolName) return updates;
+  return [
+    ...updates ?? [],
+    {
+      type: "addRules",
+      behavior: "allow",
+      destination: "session",
+      rules: [{ toolName: normalizedToolName }]
+    }
+  ];
+}
 function slimAssistantData(data) {
   if (!data || typeof data !== "object") return data;
   const d = data;
@@ -2026,10 +2467,23 @@ function detectPathCompatibilityWarnings(session) {
       `cwd '${cwd}' looks like a Windows UNC path on ${process.platform}. Confirm MCP client/server run on the same platform.`
     );
   }
+  if (process.platform === "win32" && Array.isArray(session.additionalDirectories)) {
+    for (const dir of session.additionalDirectories) {
+      if (typeof dir === "string" && dir.startsWith("/") && !dir.startsWith("//")) {
+        warnings.push(
+          `additionalDirectories contains POSIX-style path '${dir}' on Windows. Consider using a Windows path to avoid path compatibility issues.`
+        );
+      }
+    }
+  }
   return warnings;
 }
 function isPosixHomePath(value) {
-  return /^\/home\/[^/]+(?:\/|$)/.test(value);
+  return /^\/home\/[^/\s]+(?:\/|$)/.test(value);
+}
+function extractPosixHomePath(value) {
+  const match = value.match(/\/home\/[^/\s"'`]+(?:\/[^\s"'`]*)?/);
+  return match?.[0];
 }
 function detectPendingPermissionPathWarnings(pending, session) {
   if (process.platform !== "win32" || pending.length === 0) return [];
@@ -2041,6 +2495,25 @@ function detectPendingPermissionPathWarnings(pending, session) {
     if (typeof req.blockedPath === "string") candidates.push(req.blockedPath);
     const filePath = req.input.file_path;
     if (typeof filePath === "string") candidates.push(filePath);
+    const pathFields = [
+      "path",
+      "directory",
+      "folder",
+      "cwd",
+      "dest",
+      "destination",
+      "source",
+      "target"
+    ];
+    for (const field of pathFields) {
+      const val = req.input[field];
+      if (typeof val === "string") candidates.push(val);
+    }
+    const command = req.input.command;
+    if (typeof command === "string") {
+      const embeddedPath = extractPosixHomePath(command);
+      if (embeddedPath) candidates.push(embeddedPath);
+    }
     const badPath = candidates.find((p) => isPosixHomePath(p));
     if (!badPath) continue;
     warnings.push(
@@ -2053,8 +2526,14 @@ function computeToolValidation(session, initTools) {
   if (!session) return { summary: void 0, warnings: [] };
   const allowedTools = uniqSorted(session.allowedTools);
   const disallowedTools = uniqSorted(session.disallowedTools);
+  const warnings = [];
+  if (allowedTools.length > 0 && session.strictAllowedTools !== true) {
+    warnings.push(
+      "allowedTools currently acts as pre-approval only. Set strictAllowedTools=true to enforce a strict allowlist."
+    );
+  }
   if (allowedTools.length === 0 && disallowedTools.length === 0) {
-    return { summary: void 0, warnings: [] };
+    return { summary: void 0, warnings };
   }
   if (!Array.isArray(initTools) || initTools.length === 0) {
     return {
@@ -2064,6 +2543,7 @@ function computeToolValidation(session, initTools) {
         unknownDisallowedTools: []
       },
       warnings: [
+        ...warnings,
         "Runtime tool list is not available yet; unknown allowedTools/disallowedTools names cannot be validated until system/init tools arrive."
       ]
     };
@@ -2073,7 +2553,6 @@ function computeToolValidation(session, initTools) {
   );
   const unknownAllowedTools = allowedTools.filter((name) => !runtime.has(name));
   const unknownDisallowedTools = disallowedTools.filter((name) => !runtime.has(name));
-  const warnings = [];
   if (unknownAllowedTools.length > 0) {
     warnings.push(
       `Unknown allowedTools (not present in runtime tools): ${unknownAllowedTools.join(", ")}.`
@@ -2114,11 +2593,12 @@ function capEventsByBytes(events, maxBytes) {
 }
 function buildResult(sessionManager, toolCache, input) {
   const responseMode = input.responseMode ?? "minimal";
+  const compactMode = responseMode === "delta_compact";
   const po = input.pollOptions ?? {};
   const includeTools = po.includeTools;
-  const includeEvents = po.includeEvents ?? true;
+  const includeEvents = po.includeEvents ?? !compactMode;
   const includeActions = po.includeActions ?? true;
-  const includeResult = po.includeResult ?? true;
+  const includeResult = po.includeResult ?? !compactMode;
   const includeUsage = po.includeUsage ?? responseMode === "full";
   const includeModelUsage = po.includeModelUsage ?? responseMode === "full";
   const includeStructuredOutput = po.includeStructuredOutput ?? responseMode === "full";
@@ -2174,7 +2654,7 @@ function buildResult(sessionManager, toolCache, input) {
     includeUsage,
     includeModelUsage,
     includeStructuredOutput,
-    slim: responseMode === "minimal"
+    slim: responseMode === "minimal" || responseMode === "delta_compact"
   });
   const cappedEvents = capEventsByBytes(shapedEvents, maxBytes);
   if (cappedEvents.truncated) {
@@ -2219,7 +2699,7 @@ function buildResult(sessionManager, toolCache, input) {
       includeUsage,
       includeModelUsage,
       includeStructuredOutput,
-      slim: responseMode === "minimal"
+      slim: responseMode === "minimal" || responseMode === "delta_compact"
     }) : void 0,
     cancelledAt: session?.cancelledAt,
     cancelledReason: session?.cancelledReason,
@@ -2286,20 +2766,25 @@ function executeClaudeCodeCheck(input, sessionManager, toolCache, requestSignal)
       isError: true
     };
   }
-  if (input.decision !== "allow" && input.decision !== "deny") {
+  if (input.decision !== "allow" && input.decision !== "deny" && input.decision !== "allow_for_session") {
     return {
       sessionId: input.sessionId,
-      error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: decision must be 'allow' or 'deny'.`,
+      error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: decision must be 'allow', 'deny', or 'allow_for_session'.`,
       isError: true
     };
   }
+  const pendingRequest = input.decision === "allow_for_session" ? sessionManager.getPendingPermission(input.sessionId, input.requestId) : void 0;
+  const updatedPermissions = input.decision === "allow_for_session" ? appendAllowForSessionUpdate(
+    input.permissionOptions?.updatedPermissions,
+    pendingRequest?.toolName
+  ) : input.permissionOptions?.updatedPermissions;
   const ok = sessionManager.finishRequest(
     input.sessionId,
     input.requestId,
     toPermissionResult({
       decision: input.decision,
       updatedInput: input.permissionOptions?.updatedInput,
-      updatedPermissions: input.permissionOptions?.updatedPermissions,
+      updatedPermissions,
       denyMessage: input.denyMessage,
       interrupt: input.interrupt
     }),
@@ -2312,10 +2797,38 @@ function executeClaudeCodeCheck(input, sessionManager, toolCache, requestSignal)
       isError: true
     };
   }
+  if (input.decision === "allow_for_session" && pendingRequest?.toolName) {
+    sessionManager.allowToolForSession(input.sessionId, pendingRequest.toolName);
+  }
   return buildResult(sessionManager, toolCache, input);
 }
 
 // src/tools/claude-code-session.ts
+var ALWAYS_REDACTED_FIELDS = [
+  "env",
+  "mcpServers",
+  "sandbox",
+  "debugFile",
+  "pathToClaudeCodeExecutable"
+];
+var CONDITIONAL_REDACTED_FIELDS = [
+  "cwd",
+  "systemPrompt",
+  "agents",
+  "additionalDirectories"
+];
+function buildRedactions(includeSensitive) {
+  const redactions = [];
+  for (const field of ALWAYS_REDACTED_FIELDS) {
+    redactions?.push({ field, reason: "secret_or_internal" });
+  }
+  if (!includeSensitive) {
+    for (const field of CONDITIONAL_REDACTED_FIELDS) {
+      redactions?.push({ field, reason: "sensitive_by_default" });
+    }
+  }
+  return redactions;
+}
 function executeClaudeCodeSession(input, sessionManager, requestSignal) {
   if (requestSignal?.aborted) {
     return {
@@ -2324,7 +2837,23 @@ function executeClaudeCodeSession(input, sessionManager, requestSignal) {
       isError: true
     };
   }
-  const toSessionJson = (s) => input.includeSensitive ? sessionManager.toSensitiveJSON(s) : sessionManager.toPublicJSON(s);
+  const toSessionJson = (s) => {
+    const base = input.includeSensitive ? sessionManager.toSensitiveJSON(s) : sessionManager.toPublicJSON(s);
+    const stored = sessionManager.getResult(s.sessionId);
+    const lastError = stored?.type === "error" ? stored.result.result : void 0;
+    const lastErrorAt = stored?.type === "error" ? stored.createdAt : void 0;
+    return {
+      ...base,
+      pendingPermissionCount: sessionManager.getPendingPermissionCount(s.sessionId),
+      eventCount: sessionManager.getEventCount(s.sessionId),
+      currentCursor: sessionManager.getCurrentCursor(s.sessionId),
+      lastEventId: sessionManager.getLastEventId(s.sessionId),
+      ttlMs: sessionManager.getRemainingTtlMs(s.sessionId),
+      lastError,
+      lastErrorAt,
+      redactions: buildRedactions(input.includeSensitive)
+    };
+  };
   switch (input.action) {
     case "list": {
       const sessions = sessionManager.list().map((s) => toSessionJson(s));
@@ -2381,23 +2910,65 @@ function executeClaudeCodeSession(input, sessionManager, requestSignal) {
         message: `Session '${input.sessionId}' cancelled.`
       };
     }
+    case "interrupt": {
+      if (!input.sessionId) {
+        return {
+          sessions: [],
+          message: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: sessionId is required for 'interrupt' action.`,
+          isError: true
+        };
+      }
+      const interrupted = sessionManager.interrupt(input.sessionId, {
+        reason: "Interrupted by caller",
+        source: "claude_code_session"
+      });
+      if (!interrupted) {
+        const session = sessionManager.get(input.sessionId);
+        if (!session) {
+          return {
+            sessions: [],
+            message: `Error [${"SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */}]: Session '${input.sessionId}' not found.`,
+            isError: true
+          };
+        }
+        return {
+          sessions: [toSessionJson(session)],
+          message: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Session '${input.sessionId}' is not running (status: ${session.status}).`,
+          isError: true
+        };
+      }
+      const updated = sessionManager.get(input.sessionId);
+      return {
+        sessions: updated ? [toSessionJson(updated)] : [],
+        message: `Session '${input.sessionId}' interrupted.`
+      };
+    }
     default:
       return {
         sessions: [],
-        message: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Unknown action '${input.action}'. Use 'list', 'get', or 'cancel'.`,
+        message: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Unknown action '${input.action}'. Use 'list', 'get', 'cancel', or 'interrupt'.`,
         isError: true
       };
   }
 }
 
 // src/resources/register-resources.ts
+import { ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { createHash } from "crypto";
 var RESOURCE_SCHEME = "claude-code-mcp";
 var RESOURCE_URIS = {
   serverInfo: `${RESOURCE_SCHEME}:///server-info`,
   internalTools: `${RESOURCE_SCHEME}:///internal-tools`,
   gotchas: `${RESOURCE_SCHEME}:///gotchas`,
+  quickstart: `${RESOURCE_SCHEME}:///quickstart`,
+  errors: `${RESOURCE_SCHEME}:///errors`,
   compatReport: `${RESOURCE_SCHEME}:///compat-report`
 };
+var RESOURCE_TEMPLATES = {
+  sessionById: `${RESOURCE_SCHEME}:///session/{sessionId}`,
+  runtimeTools: `${RESOURCE_SCHEME}:///tools/runtime{?sessionId}`,
+  compatDiff: `${RESOURCE_SCHEME}:///compat/diff{?client}`
+};
 function asTextResource(uri, text, mimeType) {
   return {
     contents: [
@@ -2409,7 +2980,136 @@ function asTextResource(uri, text, mimeType) {
     ]
   };
 }
+function asJsonResource(uri, value) {
+  return asTextResource(uri, JSON.stringify(value, null, 2), "application/json");
+}
+function serializeLimit(limit) {
+  return Number.isFinite(limit) ? limit : "unlimited";
+}
+function computeEtag(value) {
+  return createHash("sha256").update(JSON.stringify(value)).digest("hex").slice(0, 16);
+}
+function extractSingleVariable(value) {
+  if (typeof value === "string" && value.trim() !== "") return value;
+  if (Array.isArray(value) && typeof value[0] === "string" && value[0].trim() !== "")
+    return value[0];
+  return void 0;
+}
+function buildSessionRedactions(includeSensitive) {
+  const redactions = [
+    { field: "env", reason: "secret_or_internal" },
+    { field: "mcpServers", reason: "secret_or_internal" },
+    { field: "sandbox", reason: "secret_or_internal" },
+    { field: "debugFile", reason: "secret_or_internal" },
+    { field: "pathToClaudeCodeExecutable", reason: "secret_or_internal" }
+  ];
+  if (!includeSensitive) {
+    redactions.push(
+      { field: "cwd", reason: "sensitive_by_default" },
+      { field: "systemPrompt", reason: "sensitive_by_default" },
+      { field: "agents", reason: "sensitive_by_default" },
+      { field: "additionalDirectories", reason: "sensitive_by_default" }
+    );
+  }
+  return redactions;
+}
+function buildGotchasEntries() {
+  return [
+    {
+      id: "permission-timeout",
+      title: "Permission requests auto-deny on timeout",
+      severity: "high",
+      appliesTo: ["claude_code_check.actions", "permission workflow"],
+      symptom: "Session waits for approval, then tool call is denied without explicit caller decision.",
+      detection: "Observe actions[].expiresAt/remainingMs and permission_result with source=timeout.",
+      remedy: "Poll more frequently and respond before timeout; increase permissionRequestTimeoutMs if needed.",
+      example: "Default timeout is 60000ms and server-clamped to 300000ms."
+    },
+    {
+      id: "read-size-cap",
+      title: "Read may cap response size",
+      severity: "medium",
+      appliesTo: ["Read tool"],
+      symptom: "Large file reads are truncated or fail.",
+      detection: "Read responses are incomplete for large files.",
+      remedy: "Use offset/limit paging or chunk with Grep."
+    },
+    {
+      id: "edit-replace-all",
+      title: "Edit replace_all uses substring matching",
+      severity: "medium",
+      appliesTo: ["Edit tool"],
+      symptom: "replace_all=true fails unexpectedly.",
+      detection: "Tool returns error when no exact substring match is found.",
+      remedy: "Validate exact match text first; prefer smaller targeted replacements."
+    },
+    {
+      id: "windows-path-normalization",
+      title: "Windows path normalization applies to common MSYS-style paths",
+      severity: "medium",
+      appliesTo: ["Windows", "cwd", "additionalDirectories", "file_path"],
+      symptom: "Permission/path behavior differs from raw input path text.",
+      detection: "Compare submitted path with effective path in logs/permission prompts.",
+      remedy: "Use absolute native Windows paths when possible; avoid relying on implicit conversion behavior.",
+      example: "/d/... /mnt/c/... /cygdrive/c/... //server/share/... are normalized on Windows."
+    },
+    {
+      id: "team-delete-async-cleanup",
+      title: "TeamDelete cleanup can be asynchronous",
+      severity: "low",
+      appliesTo: ["TeamDelete"],
+      symptom: "Immediate follow-up calls still see active members.",
+      detection: "TeamDelete reports shutdown_approved or active member transitions.",
+      remedy: "Retry after short delay; wait for shutdown state to settle."
+    },
+    {
+      id: "skills-late-availability",
+      title: "Skills may become available later in a session",
+      severity: "low",
+      appliesTo: ["Skills"],
+      symptom: "Early calls show unknown skill/tool errors.",
+      detection: "Later calls in same session succeed without config changes.",
+      remedy: "Retry after initialization events are complete."
+    },
+    {
+      id: "tool-count-sources-differ",
+      title: "toolCatalogCount and availableTools have different sources",
+      severity: "medium",
+      appliesTo: ["internal-tools", "claude_code_check.availableTools", "compat-report"],
+      symptom: "Tool counts appear inconsistent (for example 15 vs 28).",
+      detection: "Compare compat-report.toolCounts and session-level availableTools.",
+      remedy: "Treat catalog count as server-known baseline and availableTools as session runtime view from system/init.tools."
+    },
+    {
+      id: "available-tools-not-exhaustive",
+      title: "availableTools may omit internal features",
+      severity: "low",
+      appliesTo: ["claude_code_check.availableTools"],
+      symptom: "A known feature is callable but not listed in availableTools.",
+      detection: "Feature works while missing from availableTools list.",
+      remedy: "Use availableTools as runtime hint, not exhaustive capability proof.",
+      example: "Some internal features (e.g. ToolSearch) may not appear."
+    }
+  ];
+}
+function asVersionedPayload(params) {
+  const updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    ...params.payload,
+    schemaVersion: params.schemaVersion,
+    updatedAt,
+    etag: computeEtag(params.payload),
+    stability: params.stability
+  };
+}
 function registerResources(server, deps) {
+  const startedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const resourceSchemaVersion = "1.3";
+  const mcpProtocolVersion = "2025-03-26";
+  const gotchasEntries = buildGotchasEntries();
+  const catalogToolNames = new Set(defaultCatalogTools().map((tool) => tool.name));
+  const staticResourceUris = Object.values(RESOURCE_URIS);
+  const templateUris = Object.values(RESOURCE_TEMPLATES);
   const serverInfoUri = new URL(RESOURCE_URIS.serverInfo);
   server.registerResource(
     "server_info",
@@ -2419,21 +3119,50 @@ function registerResources(server, deps) {
       description: "Server metadata (version/platform/runtime).",
       mimeType: "application/json"
     },
-    () => asTextResource(
+    () => asJsonResource(
       serverInfoUri,
-      JSON.stringify(
-        {
+      (() => {
+        const base = {
           name: "claude-code-mcp",
+          version: deps.version,
           node: process.version,
           platform: process.platform,
           arch: process.arch,
-          resources: Object.values(RESOURCE_URIS),
-          toolCatalogCount: deps.toolCache.getTools().length
-        },
-        null,
-        2
-      ),
-      "application/json"
+          mcpProtocolVersion,
+          startedAt,
+          uptimeSec: Math.floor(process.uptime()),
+          resources: staticResourceUris,
+          resourceTemplates: templateUris,
+          toolCatalogCount: deps.toolCache.getTools().length,
+          capabilities: {
+            resources: true,
+            toolsListChanged: true,
+            resourcesListChanged: true,
+            prompts: false,
+            completions: false
+          },
+          limits: {
+            maxSessions: serializeLimit(deps.sessionManager.getMaxSessions()),
+            maxPendingPermissionsPerSession: serializeLimit(
+              deps.sessionManager.getMaxPendingPermissionsPerSession()
+            ),
+            eventBuffer: deps.sessionManager.getEventBufferConfig(),
+            pollDefaults: {
+              runningMs: 3e3,
+              waitingPermissionMs: 1e3
+            }
+          }
+        };
+        if (typeof process.env.CLAUDE_CODE_MCP_BUILD_COMMIT === "string") {
+          const commit = process.env.CLAUDE_CODE_MCP_BUILD_COMMIT.trim();
+          if (commit !== "") base.buildCommit = commit;
+        }
+        return asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload: base
+        });
+      })()
     )
   );
   const toolsUri = new URL(RESOURCE_URIS.internalTools);
@@ -2445,10 +3174,19 @@ function registerResources(server, deps) {
       description: "Claude Code internal tool catalog (runtime-aware).",
       mimeType: "application/json"
     },
-    () => asTextResource(
+    () => asJsonResource(
       toolsUri,
-      JSON.stringify({ tools: deps.toolCache.getTools() }, null, 2),
-      "application/json"
+      (() => {
+        const base = {
+          tools: deps.toolCache.getTools(),
+          toolCatalogCount: deps.toolCache.getTools().length
+        };
+        return asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload: base
+        });
+      })()
     )
   );
   const gotchasUri = new URL(RESOURCE_URIS.gotchas);
@@ -2465,19 +3203,75 @@ function registerResources(server, deps) {
       [
         "# claude-code-mcp: gotchas",
         "",
-        "- Permission approvals have a timeout (default 60s, server-clamped to 5min) and auto-deny (`actions[].expiresAt`/`remainingMs`).",
-        "- `Read` has a per-call size cap in practice (often ~256KB); for large files use `offset`/`limit` or chunk with `Grep`.",
-        "- `Edit` with `replace_all=true` is substring replacement; if no match is found the tool returns an error.",
-        "- On Windows, this server normalizes common MSYS-style paths (e.g. `/d/...`, `/mnt/c/...`, `/cygdrive/c/...`, `//server/share/...`) for `cwd`, `additionalDirectories`, and tool inputs that include `file_path`.",
-        "- `TeamDelete` may require members to reach `shutdown_approved`; cleanup can be asynchronous during shutdown.",
-        '- Skills may become available later in the same session (early calls may show "Unknown").',
-        "- Some internal features (e.g. ToolSearch) may not appear in `availableTools` because it is derived from SDK `system/init.tools`.",
+        ...gotchasEntries.map((entry) => `- ${entry.title}. ${entry.remedy}`),
         ""
       ].join("\n"),
       "text/markdown"
     )
   );
   const compatReportUri = new URL(RESOURCE_URIS.compatReport);
+  const quickstartUri = new URL(RESOURCE_URIS.quickstart);
+  server.registerResource(
+    "quickstart",
+    quickstartUri.toString(),
+    {
+      title: "Quickstart",
+      description: "Minimal async polling flow for claude_code / claude_code_check.",
+      mimeType: "text/markdown"
+    },
+    () => asTextResource(
+      quickstartUri,
+      [
+        "# claude-code-mcp quickstart",
+        "",
+        "1. Call `claude_code` with `{ prompt }` and keep `sessionId`.",
+        "2. Poll with `claude_code_check(action='poll')` using `nextCursor`.",
+        "3. If actions are returned, respond with `claude_code_check(action='respond_permission')`.",
+        "4. Continue polling until status becomes `idle` / `error` / `cancelled`.",
+        "",
+        "Notes:",
+        "- `respond_user_input` is not supported on this backend.",
+        "- `allowedTools` is pre-approval by default; set `strictAllowedTools=true` for strict allowlist behavior.",
+        "- Prefer `responseMode='delta_compact'` for high-frequency polling."
+      ].join("\n"),
+      "text/markdown"
+    )
+  );
+  const errorsUri = new URL(RESOURCE_URIS.errors);
+  server.registerResource(
+    "errors",
+    errorsUri.toString(),
+    {
+      title: "Errors",
+      description: "Structured error codes and remediation hints.",
+      mimeType: "application/json"
+    },
+    () => {
+      const codes = Object.values(ErrorCode);
+      const hints = {
+        ["INVALID_ARGUMENT" /* INVALID_ARGUMENT */]: "Validate required fields and enum values.",
+        ["SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */]: "Session may be expired or server-restarted.",
+        ["SESSION_BUSY" /* SESSION_BUSY */]: "Wait for running/waiting_permission session to settle.",
+        ["PERMISSION_REQUEST_NOT_FOUND" /* PERMISSION_REQUEST_NOT_FOUND */]: "The permission request was already finished/expired.",
+        ["PERMISSION_DENIED" /* PERMISSION_DENIED */]: "Check token/secrets/policy restrictions.",
+        ["RESOURCE_EXHAUSTED" /* RESOURCE_EXHAUSTED */]: "Reduce session count or increase server limits.",
+        ["TIMEOUT" /* TIMEOUT */]: "Increase timeout or poll/respond more frequently.",
+        ["CANCELLED" /* CANCELLED */]: "Request/session was cancelled by caller or shutdown.",
+        ["INTERNAL" /* INTERNAL */]: "Inspect server logs and runtime environment."
+      };
+      return asJsonResource(
+        errorsUri,
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload: {
+            codes,
+            hints
+          }
+        })
+      );
+    }
+  );
   server.registerResource(
     "compat_report",
     compatReportUri.toString(),
@@ -2493,43 +3287,294 @@ function registerResources(server, deps) {
           "CLAUDE_CODE_GIT_BASH_PATH is not set. Auto-detection exists, but explicit path is more reliable for GUI-launched MCP clients."
         );
       }
-      return asTextResource(
+      const diskResumeEnabled = process.env.CLAUDE_CODE_MCP_ALLOW_DISK_RESUME === "1";
+      const resumeSecretConfigured = typeof process.env.CLAUDE_CODE_MCP_RESUME_SECRET === "string" && process.env.CLAUDE_CODE_MCP_RESUME_SECRET.trim() !== "";
+      const runtimeToolStats = deps.sessionManager.getRuntimeToolStats();
+      const toolCatalogCount = deps.toolCache.getTools().length;
+      const detectedMismatches = [];
+      if (runtimeToolStats.sessionsWithInitTools > 0 && runtimeToolStats.runtimeDiscoveredUniqueCount < toolCatalogCount) {
+        detectedMismatches.push(
+          "Runtime discovered tools are fewer than catalog tools; some features may be hidden or not surfaced in system/init.tools."
+        );
+      }
+      const updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+      const base = {
+        transport: "stdio",
+        samePlatformRequired: true,
+        packageVersion: deps.version,
+        runtime: {
+          node: process.version,
+          platform: process.platform,
+          arch: process.arch
+        },
+        limits: {
+          maxSessions: serializeLimit(deps.sessionManager.getMaxSessions()),
+          maxPendingPermissionsPerSession: serializeLimit(
+            deps.sessionManager.getMaxPendingPermissionsPerSession()
+          ),
+          eventBuffer: deps.sessionManager.getEventBufferConfig()
+        },
+        diskResume: {
+          enabled: diskResumeEnabled,
+          resumeSecretConfigured
+        },
+        features: {
+          resources: true,
+          resourceTemplates: true,
+          toolsListChanged: true,
+          resourcesListChanged: true,
+          sessionInterrupt: true,
+          allowForSessionDecision: true,
+          respondUserInput: false,
+          prompts: false,
+          completions: false
+        },
+        recommendedSettings: {
+          responseMode: "delta_compact",
+          poll: {
+            runningMs: 3e3,
+            waitingPermissionMs: 1e3,
+            cursorStrategy: "Persist nextCursor and de-duplicate by event.id."
+          },
+          timeouts: {
+            sessionInitTimeoutMs: 1e4,
+            permissionRequestTimeoutMs: 6e4,
+            permissionRequestTimeoutMaxMs: 3e5
+          }
+        },
+        guidance: [
+          "Some clients cache tool descriptions at connect time. Prefer claude_code_check(pollOptions.includeTools=true) for runtime-authoritative tool lists.",
+          "Use allowedTools/disallowedTools only with exact runtime tool names.",
+          "Set strictAllowedTools=true when you need allowedTools to behave as a strict allowlist.",
+          "This server assumes MCP client and server run on the same machine/platform.",
+          "For high-frequency status checks, prefer responseMode='delta_compact'.",
+          "respond_user_input is not supported on this backend; use poll/respond_permission flow."
+        ],
+        toolCounts: {
+          catalogCount: toolCatalogCount,
+          sessionsWithInitTools: runtimeToolStats.sessionsWithInitTools,
+          runtimeDiscoveredUniqueCount: runtimeToolStats.runtimeDiscoveredUniqueCount,
+          explain: "catalogCount is server catalog size; runtimeDiscoveredUniqueCount is union of system/init.tools across active sessions."
+        },
+        toolCatalogCount,
+        detectedMismatches,
+        runtimeWarnings,
+        resourceTemplates: templateUris
+      };
+      const healthScore = Math.max(
+        0,
+        100 - runtimeWarnings.length * 10 - detectedMismatches.length * 15
+      );
+      return asJsonResource(
         compatReportUri,
-        JSON.stringify(
-          {
-            transport: "stdio",
-            samePlatformRequired: true,
-            runtime: {
-              node: process.version,
-              platform: process.platform,
-              arch: process.arch
-            },
-            features: {
-              resources: true,
-              toolsListChanged: true,
-              resourcesListChanged: true,
-              prompts: false,
-              completions: false
-            },
-            guidance: [
-              "Some clients cache tool descriptions at connect time. Prefer claude_code_check(pollOptions.includeTools=true) for runtime-authoritative tool lists.",
-              "Use allowedTools/disallowedTools only with exact runtime tool names.",
-              "This server assumes MCP client and server run on the same machine/platform."
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload: {
+            ...base,
+            healthScore,
+            updatedAt
+          }
+        })
+      );
+    }
+  );
+  server.registerResource(
+    "session_snapshot_template",
+    new ResourceTemplate(RESOURCE_TEMPLATES.sessionById, { list: void 0 }),
+    {
+      title: "Session Snapshot Template",
+      description: "Read lightweight session diagnostics by sessionId.",
+      mimeType: "application/json"
+    },
+    (uri, variables) => {
+      const sessionId = extractSingleVariable(variables.sessionId) ?? extractSingleVariable(uri.searchParams.get("sessionId"));
+      const payload = typeof sessionId !== "string" || sessionId.trim() === "" ? {
+        found: false,
+        message: "sessionId is required in URI template variable."
+      } : (() => {
+        const session = deps.sessionManager.get(sessionId);
+        if (!session) {
+          return {
+            sessionId,
+            found: false,
+            message: `Session '${sessionId}' not found.`
+          };
+        }
+        const base = deps.sessionManager.toPublicJSON(session);
+        const stored = deps.sessionManager.getResult(sessionId);
+        return {
+          sessionId,
+          found: true,
+          session: {
+            ...base,
+            pendingPermissionCount: deps.sessionManager.getPendingPermissionCount(sessionId),
+            eventCount: deps.sessionManager.getEventCount(sessionId),
+            currentCursor: deps.sessionManager.getCurrentCursor(sessionId),
+            lastEventId: deps.sessionManager.getLastEventId(sessionId),
+            ttlMs: deps.sessionManager.getRemainingTtlMs(sessionId),
+            lastError: stored?.type === "error" ? stored.result.result : void 0,
+            lastErrorAt: stored?.type === "error" ? stored.createdAt : void 0,
+            redactions: buildSessionRedactions(false)
+          }
+        };
+      })();
+      return asJsonResource(
+        uri,
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload
+        })
+      );
+    }
+  );
+  server.registerResource(
+    "runtime_tools_template",
+    new ResourceTemplate(RESOURCE_TEMPLATES.runtimeTools, { list: void 0 }),
+    {
+      title: "Runtime Tools Template",
+      description: "Read runtime tool view globally or for a specific sessionId.",
+      mimeType: "application/json"
+    },
+    (uri, variables) => {
+      const sessionId = extractSingleVariable(variables.sessionId) ?? extractSingleVariable(uri.searchParams.get("sessionId"));
+      const internalToolCount = catalogToolNames.size;
+      const payload = (() => {
+        if (typeof sessionId === "string" && sessionId.trim() !== "") {
+          const session = deps.sessionManager.get(sessionId);
+          if (!session) {
+            return {
+              sessionId,
+              source: "session_not_found",
+              availableTools: [],
+              toolCounts: {
+                internalToolCount,
+                runtimeAvailableCount: 0,
+                sessionAugmentedToolCount: 0
+              }
+            };
+          }
+          const initTools = deps.sessionManager.getInitTools(sessionId) ?? [];
+          const discovered = discoverToolsFromInit(initTools);
+          const sessionAugmentedToolCount2 = discovered.filter(
+            (tool) => !catalogToolNames.has(tool.name)
+          ).length;
+          return {
+            sessionId,
+            source: initTools.length > 0 ? "session_runtime" : "session_without_init",
+            availableTools: discovered,
+            toolCounts: {
+              internalToolCount,
+              runtimeAvailableCount: discovered.length,
+              sessionAugmentedToolCount: sessionAugmentedToolCount2
+            }
+          };
+        }
+        const catalog = deps.toolCache.getTools();
+        const sessionAugmentedToolCount = catalog.filter(
+          (tool) => !catalogToolNames.has(tool.name)
+        ).length;
+        return {
+          source: "catalog",
+          availableTools: catalog,
+          toolCounts: {
+            internalToolCount,
+            runtimeAvailableCount: catalog.length,
+            sessionAugmentedToolCount
+          }
+        };
+      })();
+      return asJsonResource(
+        uri,
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "stable",
+          payload
+        })
+      );
+    }
+  );
+  server.registerResource(
+    "compat_diff_template",
+    new ResourceTemplate(RESOURCE_TEMPLATES.compatDiff, { list: void 0 }),
+    {
+      title: "Compatibility Diff Template",
+      description: "Returns client-specific compatibility guidance and recommended settings.",
+      mimeType: "application/json"
+    },
+    (uri, variables) => {
+      const clientRaw = extractSingleVariable(variables.client) ?? extractSingleVariable(uri.searchParams.get("client"));
+      const clientFingerprint = (clientRaw ?? "unknown").trim();
+      const key = clientFingerprint.toLowerCase();
+      const profile = (() => {
+        if (key.includes("codex")) {
+          return {
+            clientFamily: "codex",
+            detectedMismatches: [],
+            recommendations: [
+              "Prefer responseMode='delta_compact' for fast status loops.",
+              "Enable pollOptions.includeTools=true when exact runtime tool names are required."
+            ]
+          };
+        }
+        if (key.includes("claude")) {
+          return {
+            clientFamily: "claude",
+            detectedMismatches: [],
+            recommendations: [
+              "Use resources and resource templates for low-latency diagnostics.",
+              "Use allowedTools/disallowedTools with exact runtime names.",
+              "Enable strictAllowedTools when running in locked-down governance mode."
+            ]
+          };
+        }
+        if (key.includes("cursor")) {
+          return {
+            clientFamily: "cursor",
+            detectedMismatches: [
+              "Verify that resources/list and resourceTemplates/list are refreshed after list_changed notifications."
             ],
-            toolCatalogCount: deps.toolCache.getTools().length,
-            runtimeWarnings
-          },
-          null,
-          2
-        ),
-        "application/json"
+            recommendations: [
+              "Prefer claude_code_check polling as source of truth for runtime state.",
+              "Fallback to tool calls if resource template support is partial."
+            ]
+          };
+        }
+        return {
+          clientFamily: "generic",
+          detectedMismatches: [],
+          recommendations: [
+            "Persist nextCursor and de-duplicate by event.id.",
+            "Use responseMode='delta_compact' for high-frequency polling, full mode only for diagnostics."
+          ]
+        };
+      })();
+      return asJsonResource(
+        uri,
+        asVersionedPayload({
+          schemaVersion: resourceSchemaVersion,
+          stability: "experimental",
+          payload: {
+            clientFingerprint,
+            ...profile,
+            recommendedSettings: {
+              responseMode: "delta_compact",
+              poll: {
+                runningMs: 3e3,
+                waitingPermissionMs: 1e3,
+                cursorStrategy: "Persist nextCursor and de-duplicate by event.id."
+              }
+            }
+          }
+        })
       );
     }
   );
 }
 
 // src/server.ts
-var SERVER_VERSION = true ? "2.2.0" : "0.0.0-dev";
+var SERVER_VERSION = true ? "2.4.0" : "0.0.0-dev";
 function createServerContext(serverCwd) {
   const sessionManager = new SessionManager();
   const server = new McpServer(
@@ -2550,12 +3595,17 @@ function createServerContext(serverCwd) {
     }
   );
   const claudeCodeToolRef = {};
+  const notifyInternalToolsResourceChanged = () => {
+    if (!server.isConnected()) return;
+    server.sendResourceListChanged();
+  };
   const toolCache = new ToolDiscoveryCache(void 0, (tools) => {
     try {
       claudeCodeToolRef.current?.update({ description: buildInternalToolsDescription(tools) });
       if (server.isConnected()) {
         server.sendToolListChanged();
       }
+      notifyInternalToolsResourceChanged();
     } catch {
     }
   });
@@ -2639,6 +3689,7 @@ function createServerContext(serverCwd) {
     cwd: z.string(),
     allowedTools: z.array(z.string()).optional().describe("Default: []"),
     disallowedTools: z.array(z.string()).optional().describe("Default: []"),
+    strictAllowedTools: z.boolean().optional().describe("Default: false"),
     maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
     model: z.string().optional().describe("Default: SDK"),
     systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
@@ -2706,12 +3757,13 @@ function createServerContext(serverCwd) {
         cwd: z.string().optional().describe("Working dir. Default: server cwd"),
         allowedTools: z.array(z.string()).optional().describe("Default: []"),
         disallowedTools: z.array(z.string()).optional().describe("Default: []"),
+        strictAllowedTools: z.boolean().optional().describe("Default: false"),
         maxTurns: z.number().int().positive().optional().describe("Default: SDK"),
         model: z.string().optional().describe("Default: SDK"),
         effort: effortOptionSchema.describe("Default: SDK"),
         thinking: thinkingOptionSchema.describe("Default: SDK"),
         systemPrompt: systemPromptSchema.optional().describe("Default: SDK"),
-        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000"),
+        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000, clamped to 300000"),
         sessionInitTimeoutMs: z.number().int().positive().optional().describe("Deprecated, use advanced.sessionInitTimeoutMs. Default: 10000"),
         advanced: advancedOptionsSchema
       },
@@ -2774,7 +3826,7 @@ function createServerContext(serverCwd) {
         effort: effortOptionSchema.describe("Default: SDK"),
         thinking: thinkingOptionSchema.describe("Default: SDK"),
         sessionInitTimeoutMs: z.number().int().positive().optional().describe("Default: 10000"),
-        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000"),
+        permissionRequestTimeoutMs: z.number().int().positive().optional().describe("Default: 60000, clamped to 300000"),
         diskResumeConfig: diskResumeConfigSchema
       },
       outputSchema: startResultSchema,
@@ -2822,10 +3874,10 @@ function createServerContext(serverCwd) {
   server.registerTool(
     "claude_code_session",
     {
-      description: "List, inspect, or cancel sessions.",
+      description: "List, inspect, cancel, or interrupt sessions.",
       inputSchema: {
         action: z.enum(SESSION_ACTIONS),
-        sessionId: z.string().optional().describe("Required for get/cancel"),
+        sessionId: z.string().optional().describe("Required for get/cancel/interrupt"),
         includeSensitive: z.boolean().optional().describe("Default: false")
       },
       outputSchema: sessionResultSchema,
@@ -2877,10 +3929,10 @@ function createServerContext(serverCwd) {
         action: z.enum(CHECK_ACTIONS),
         sessionId: z.string().describe("Session ID"),
         cursor: z.number().int().nonnegative().optional().describe("Default: 0"),
-        responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Default: 'minimal'"),
-        maxEvents: z.number().int().positive().optional().describe("Default: 200 (minimal), unlimited (full)"),
-        requestId: z.string().optional().describe("Permission request ID"),
-        decision: z.enum(["allow", "deny"]).optional().describe("Decision"),
+        responseMode: z.enum(CHECK_RESPONSE_MODES).optional().describe("Default: 'minimal'. Use 'delta_compact' for lightweight polling."),
+        maxEvents: z.number().int().positive().optional().describe("Default: 200 (minimal), unlimited (full/delta_compact)"),
+        requestId: z.string().optional().describe("Default: none"),
+        decision: z.enum(["allow", "deny", "allow_for_session"]).optional().describe("Default: none"),
         denyMessage: z.string().optional().describe("Default: 'Permission denied by caller'"),
         interrupt: z.boolean().optional().describe("Default: false"),
         pollOptions: z.object({
@@ -2888,11 +3940,11 @@ function createServerContext(serverCwd) {
           includeEvents: z.boolean().optional().describe("Default: true"),
           includeActions: z.boolean().optional().describe("Default: true"),
           includeResult: z.boolean().optional().describe("Default: true"),
-          includeUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
-          includeModelUsage: z.boolean().optional().describe("Default: full=true, minimal=false"),
-          includeStructuredOutput: z.boolean().optional().describe("Default: full=true, minimal=false"),
-          includeTerminalEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
-          includeProgressEvents: z.boolean().optional().describe("Default: full=true, minimal=false"),
+          includeUsage: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
+          includeModelUsage: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
+          includeStructuredOutput: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
+          includeTerminalEvents: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
+          includeProgressEvents: z.boolean().optional().describe("Default: full=true, minimal/delta_compact=false"),
           maxBytes: z.number().int().positive().optional().describe("Default: unlimited")
         }).optional().describe("Default: none"),
         permissionOptions: z.object({
@@ -2944,7 +3996,7 @@ function createServerContext(serverCwd) {
       }
     }
   );
-  registerResources(server, { toolCache });
+  registerResources(server, { toolCache, version: SERVER_VERSION, sessionManager });
   return { server, sessionManager, toolCache };
 }