chainlesschain 0.162.39 → 0.162.41

package/src/lib/agent-session-export.js

@@ -0,0 +1,124 @@
+/**
+ * Agent-session Markdown export — Claude-Code `/export` parity for the JSONL
+ * headless/agent session store (`~/.../sessions/<id>.jsonl`, the `--resume`
+ * sessions). `cc session export` keeps serving chat-DB sessions and falls
+ * back to this renderer when the id only exists in the JSONL store.
+ *
+ * Pure function over the event list (see jsonl-session-store.js appendEvent):
+ *   { type, timestamp, data }
+ *   types: session_start{title,provider,model} · user_message · assistant_message
+ *          · system · tool_call{tool,args} · tool_result{tool,result}
+ *          · compact(stats) · token_usage{...}
+ */
+
+export const TOOL_BLOCK_CAP = 4000;
+
+function asText(content) {
+  if (content == null) return "";
+  if (typeof content === "string") return content;
+  try {
+    return JSON.stringify(content, null, 2);
+  } catch {
+    return String(content);
+  }
+}
+
+function fence(body, lang = "") {
+  const text = asText(body);
+  const capped =
+    text.length > TOOL_BLOCK_CAP
+      ? `${text.slice(0, TOOL_BLOCK_CAP)}\n… [truncated]`
+      : text;
+  // avoid breaking out of the fence when the payload contains ```
+  const guard = capped.includes("```") ? "````" : "```";
+  return `${guard}${lang}\n${capped}\n${guard}`;
+}
+
+/** Render a JSONL agent session as a readable Markdown transcript. */
+export function renderAgentSessionMarkdown(sessionId, events, opts = {}) {
+  const L = [];
+  const start = events.find((e) => e?.type === "session_start");
+  const firstTs = events.find((e) => Number.isFinite(e?.timestamp))?.timestamp;
+
+  L.push(`# Agent Session ${sessionId}`);
+  L.push("");
+  const metaBits = [];
+  if (start?.data?.title && start.data.title !== "Untitled")
+    metaBits.push(`title: ${start.data.title}`);
+  if (start?.data?.provider) metaBits.push(`provider: ${start.data.provider}`);
+  if (start?.data?.model) metaBits.push(`model: ${start.data.model}`);
+  if (firstTs) metaBits.push(`started: ${new Date(firstTs).toISOString()}`);
+  if (opts.exportedAt) metaBits.push(`exported: ${opts.exportedAt}`);
+  if (metaBits.length) {
+    L.push(`> ${metaBits.join(" · ")}`);
+    L.push("");
+  }
+
+  let users = 0;
+  let assistants = 0;
+  let tokensIn = 0;
+  let tokensOut = 0;
+
+  for (const ev of events) {
+    if (!ev || typeof ev !== "object") continue;
+    switch (ev.type) {
+      case "user_message":
+        users += 1;
+        L.push("## 👤 User");
+        L.push("");
+        L.push(asText(ev.data?.content));
+        L.push("");
+        break;
+      case "assistant_message":
+        assistants += 1;
+        L.push("## 🤖 Assistant");
+        L.push("");
+        L.push(asText(ev.data?.content));
+        L.push("");
+        break;
+      case "system":
+        L.push("## ⚙ System");
+        L.push("");
+        L.push(asText(ev.data?.content));
+        L.push("");
+        break;
+      case "tool_call":
+        L.push(`**🔧 tool_call — \`${ev.data?.tool || "?"}\`**`);
+        L.push("");
+        L.push(fence(ev.data?.args, "json"));
+        L.push("");
+        break;
+      case "tool_result":
+        L.push(`**↩ tool_result — \`${ev.data?.tool || "?"}\`**`);
+        L.push("");
+        L.push(fence(ev.data?.result));
+        L.push("");
+        break;
+      case "compact": {
+        const s = ev.data || {};
+        const saved = s.savedTokens ?? s.saved ?? null;
+        L.push(
+          `> ⊟ context compacted${saved != null ? ` — saved ~${saved} tokens` : ""}`,
+        );
+        L.push("");
+        break;
+      }
+      case "token_usage": {
+        const d = ev.data || {};
+        tokensIn += Number(d.inputTokens ?? d.input_tokens ?? 0) || 0;
+        tokensOut += Number(d.outputTokens ?? d.output_tokens ?? 0) || 0;
+        break;
+      }
+      default:
+        break; // session_start handled above; unknown types skipped
+    }
+  }
+
+  L.push("---");
+  const totals = [`${users} user / ${assistants} assistant turns`];
+  if (tokensIn || tokensOut)
+    totals.push(`tokens in/out: ${tokensIn}/${tokensOut}`);
+  L.push(`_${totals.join(" · ")}_`);
+  L.push("");
+  return L.join("\n");
+}

package/src/lib/ide-context.js

@@ -251,6 +251,68 @@ export async function collectIdeDiagnostics(mcp, filePath, opts = {}) {
   return relevant.length > 0 ? relevant : null;
 }
 
+// ─── IDE-native diff approval (Claude-Code parity) ──────────────────────────
+//
+// When a permission `ask` fires for a file edit and an IDE bridge is up, the
+// confirmation can be the editor's own openDiff review instead of a terminal
+// y/N. The openDiff contract (extension P2): it BLOCKS until the user decides;
+// on Accept the IDE itself writes the (possibly user-edited) right-hand text
+// to the file — so an accepted review REPLACES the tool's own write, it does
+// not precede it. The caller must skip normal execution on "accepted".
+
+/** Env kill-switch for diff-approval routing: CC_IDE_DIFF_APPROVAL=0 disables. */
+export function ideDiffApprovalEnabled(env = process.env) {
+  const v = String(env?.CC_IDE_DIFF_APPROVAL ?? "").toLowerCase();
+  return !(v === "0" || v === "false" || v === "off");
+}
+
+/** Does this MCP surface expose the IDE bridge's openDiff tool? */
+export function hasIdeOpenDiff(mcp) {
+  return !!(
+    mcp?.mcpClient?.callTool &&
+    mcp.externalToolExecutors?.mcp__ide__openDiff?.kind === "mcp"
+  );
+}
+
+/**
+ * Run one blocking openDiff review in the connected IDE. Returns
+ *   { outcome:"accepted", finalText|null }  — the IDE wrote the file itself
+ *   { outcome:"rejected" }                  — nothing was written
+ *   null                                    — IDE unavailable / transport
+ *                                             error / malformed reply → the
+ *                                             caller falls back to its normal
+ *                                             confirmation path.
+ * Deliberately NO timeout: a review takes as long as the user takes (the MCP
+ * HTTP client has no request timeout; the extension holds the response open).
+ */
+export async function requestIdeDiffApproval(mcp, req = {}) {
+  if (!hasIdeOpenDiff(mcp)) return null;
+  if (!req.path || typeof req.modifiedText !== "string") return null;
+  const exec = mcp.externalToolExecutors.mcp__ide__openDiff;
+  let result;
+  try {
+    result = await mcp.mcpClient.callTool(exec.serverName, exec.toolName, {
+      path: req.path,
+      modifiedText: req.modifiedText,
+      ...(typeof req.originalText === "string"
+        ? { originalText: req.originalText }
+        : {}),
+      ...(req.title ? { title: req.title } : {}),
+    });
+  } catch {
+    return null;
+  }
+  const data = parseToolResultJson(result);
+  if (data?.outcome === "accepted") {
+    return {
+      outcome: "accepted",
+      finalText: typeof data.finalText === "string" ? data.finalText : null,
+    };
+  }
+  if (data?.outcome === "rejected") return { outcome: "rejected" };
+  return null; // anything else is not a verdict — fail safe to fallback
+}
+
 /**
  * Render pulled diagnostics as a compact feedback string for the tool result.
  * Returns null when there is nothing to report.

package/src/lib/init-ai-refine.js

@@ -0,0 +1,66 @@
+/**
+ * `cc init --ai` — agent-enhanced inventory (claude /init parity, module 99
+ * §5.2). Runs AFTER the offline census wrote the starter cc.md: a bounded
+ * headless agent reads the repo (README, entry files) and rewrites cc.md so
+ * the Conventions section holds real, observed conventions instead of the
+ * "(add project rules here)" placeholder.
+ *
+ * Self-reference guard: the child run executes with CC_PROJECT_MEMORY=0 so
+ * the half-baked cc.md being refined is NOT injected into the very agent
+ * refining it. Restored in finally.
+ *
+ * Offline inventory stays the `cc init` default — this is strictly opt-in
+ * (needs a reachable LLM).
+ */
+
+export const AI_REFINE_MAX_TURNS = 12;
+export const AI_REFINE_TOOLS = [
+  "read_file",
+  "list_dir",
+  "search_files",
+  "write_file",
+];
+
+export function buildRefinePrompt() {
+  return [
+    "You are refining this project's memory file `cc.md` (it was just generated from an offline folder census).",
+    "Steps:",
+    "1. read_file cc.md to see the current draft.",
+    "2. Read the README and one or two key entry/config files to learn the project's real conventions (code style, commit format, how to run tests, architecture notes worth remembering).",
+    "3. write_file cc.md with the refined version: KEEP the existing sections and data, but replace the placeholder under `## Conventions` with concrete, observed conventions (5-10 short bullets max). Do not invent facts you did not see.",
+    "Keep the file concise — it is loaded into every agent run.",
+  ].join("\n");
+}
+
+/**
+ * Run the refine pass.
+ * @param {object} opts { cwd, provider?, model?, baseUrl?, apiKey?,
+ *                        maxTurns?, runHeadless? (test seam) }
+ * @returns {Promise<{exitCode:number, result:string, isError:boolean}>}
+ */
+export async function aiRefineMemoryFile(opts = {}) {
+  const run =
+    opts.runHeadless ||
+    (await import("../runtime/headless-runner.js")).runAgentHeadless;
+
+  const prev = process.env.CC_PROJECT_MEMORY;
+  process.env.CC_PROJECT_MEMORY = "0"; // self-reference guard
+  try {
+    return await run({
+      prompt: buildRefinePrompt(),
+      cwd: opts.cwd || process.cwd(),
+      provider: opts.provider || undefined,
+      model: opts.model || undefined,
+      baseUrl: opts.baseUrl || undefined,
+      apiKey: opts.apiKey || undefined,
+      permissionMode: "acceptEdits", // write_file must work headless
+      allowedTools: AI_REFINE_TOOLS,
+      maxTurns: opts.maxTurns || AI_REFINE_MAX_TURNS,
+      expandFileRefs: false,
+      outputFormat: "text",
+    });
+  } finally {
+    if (prev === undefined) delete process.env.CC_PROJECT_MEMORY;
+    else process.env.CC_PROJECT_MEMORY = prev;
+  }
+}

package/src/lib/json-schema-output.js

@@ -0,0 +1,181 @@
+/**
+ * `cc agent -p --json-schema <file>` — structured output for headless runs.
+ *
+ * The final answer must be JSON that validates against a (subset) JSON
+ * Schema; invalid replies are retried with a corrective prompt (up to
+ * MAX_ATTEMPTS total). Implemented entirely AROUND runAgentHeadless using its
+ * `deps.writeOut` capture seam — the runner itself is untouched: each attempt
+ * runs with output captured, the validated JSON is the only thing printed.
+ *
+ * Validator subset (enough for tool/script contracts, not full draft-2020):
+ * type (object/array/string/number/integer/boolean/null), properties,
+ * required, items, enum, const, additionalProperties:false. Zero deps.
+ */
+
+import fsDefault from "fs";
+
+export const MAX_ATTEMPTS = 3;
+export const _deps = { fs: fsDefault };
+
+/** Validate `value` against the schema subset. Returns error strings ([] = valid). */
+export function validateAgainstSchema(value, schema, path = "$") {
+  const errors = [];
+  if (!schema || typeof schema !== "object") return errors;
+
+  const typeOf = (v) =>
+    v === null
+      ? "null"
+      : Array.isArray(v)
+        ? "array"
+        : typeof v === "number" && Number.isInteger(v)
+          ? "integer"
+          : typeof v;
+
+  if (schema.type) {
+    const want = Array.isArray(schema.type) ? schema.type : [schema.type];
+    const got = typeOf(value);
+    const ok = want.some((t) => t === got || (t === "number" && got === "integer"));
+    if (!ok) {
+      errors.push(`${path}: expected type ${want.join("|")}, got ${got}`);
+      return errors; // type mismatch — deeper checks are noise
+    }
+  }
+  if (schema.enum && !schema.enum.some((e) => JSON.stringify(e) === JSON.stringify(value))) {
+    errors.push(`${path}: value not in enum [${schema.enum.map((e) => JSON.stringify(e)).join(", ")}]`);
+  }
+  if (schema.const !== undefined && JSON.stringify(schema.const) !== JSON.stringify(value)) {
+    errors.push(`${path}: must equal const ${JSON.stringify(schema.const)}`);
+  }
+  if (typeOf(value) === "object" && !Array.isArray(value)) {
+    for (const req of schema.required || []) {
+      if (!(req in value)) errors.push(`${path}: missing required property "${req}"`);
+    }
+    const props = schema.properties || {};
+    for (const [k, v] of Object.entries(value)) {
+      if (props[k]) {
+        errors.push(...validateAgainstSchema(v, props[k], `${path}.${k}`));
+      } else if (schema.additionalProperties === false) {
+        errors.push(`${path}: unexpected property "${k}"`);
+      }
+    }
+  }
+  if (Array.isArray(value) && schema.items) {
+    value.forEach((item, i) => {
+      errors.push(...validateAgainstSchema(item, schema.items, `${path}[${i}]`));
+    });
+  }
+  return errors;
+}
+
+/** Pull a JSON payload out of an LLM reply (bare, fenced, or embedded). */
+export function extractJsonPayload(text) {
+  const raw = String(text || "").trim();
+  const tries = [];
+  tries.push(raw);
+  const fence = /```(?:json)?\s*([\s\S]*?)```/i.exec(raw);
+  if (fence) tries.push(fence[1].trim());
+  const firstObj = raw.indexOf("{");
+  const lastObj = raw.lastIndexOf("}");
+  if (firstObj !== -1 && lastObj > firstObj) tries.push(raw.slice(firstObj, lastObj + 1));
+  const firstArr = raw.indexOf("[");
+  const lastArr = raw.lastIndexOf("]");
+  if (firstArr !== -1 && lastArr > firstArr) tries.push(raw.slice(firstArr, lastArr + 1));
+  for (const candidate of tries) {
+    if (!candidate) continue;
+    try {
+      return { ok: true, value: JSON.parse(candidate) };
+    } catch {
+      /* next candidate */
+    }
+  }
+  return { ok: false, error: "reply contains no parseable JSON" };
+}
+
+export function buildSchemaInstruction(schema) {
+  return [
+    "OUTPUT CONTRACT: your FINAL reply must be ONLY a JSON value (no prose, no markdown fences) that validates against this JSON Schema:",
+    JSON.stringify(schema),
+  ].join("\n");
+}
+
+export function buildRetryPrompt(originalPrompt, raw, errors) {
+  return [
+    originalPrompt,
+    "",
+    "Your previous reply failed JSON Schema validation:",
+    ...errors.slice(0, 10).map((e) => `- ${e}`),
+    "",
+    `Previous reply (for reference): ${String(raw).slice(0, 2000)}`,
+    "",
+    "Reply again with ONLY the corrected JSON.",
+  ].join("\n");
+}
+
+/**
+ * Run a headless turn constrained to a schema, retrying on validation
+ * failure. Prints the validated JSON to writeOut; returns the exit code.
+ *
+ * @param {object} cfg { schemaFile|schema, baseOptions, runHeadless,
+ *                       maxAttempts?, writeOut?, writeErr?, deps? }
+ */
+export async function runJsonSchemaConstrained(cfg = {}) {
+  const fs = cfg.deps?.fs || _deps.fs;
+  const writeOut = cfg.writeOut || ((s) => process.stdout.write(s));
+  const writeErr = cfg.writeErr || ((s) => process.stderr.write(s));
+  const maxAttempts = cfg.maxAttempts || MAX_ATTEMPTS;
+
+  const schema =
+    cfg.schema || JSON.parse(fs.readFileSync(cfg.schemaFile, "utf-8"));
+  const instruction = buildSchemaInstruction(schema);
+  const base = cfg.baseOptions || {};
+
+  let prompt = base.prompt;
+  let lastRaw = "";
+  let lastErrors = ["no attempts ran"];
+
+  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+    let captured = "";
+    const outcome = await cfg.runHeadless(
+      {
+        ...base,
+        prompt,
+        outputFormat: "text",
+        appendSystemPrompt: [base.appendSystemPrompt, instruction]
+          .filter(Boolean)
+          .join("\n\n"),
+      },
+      {
+        writeOut: (s) => {
+          captured += s;
+        },
+        writeErr,
+      },
+    );
+    const raw = String(outcome?.result ?? captured ?? "").trim() || captured.trim();
+    lastRaw = raw;
+    const parsed = extractJsonPayload(raw);
+    if (parsed.ok) {
+      const errors = validateAgainstSchema(parsed.value, schema);
+      if (errors.length === 0) {
+        writeOut(`${JSON.stringify(parsed.value, null, 2)}\n`);
+        return 0;
+      }
+      lastErrors = errors;
+    } else {
+      lastErrors = [parsed.error];
+    }
+    if (attempt < maxAttempts) {
+      writeErr(
+        `--json-schema: attempt ${attempt} failed validation (${lastErrors.length} error(s)) — retrying…\n`,
+      );
+      prompt = buildRetryPrompt(base.prompt, raw, lastErrors);
+    }
+  }
+
+  writeErr(
+    `--json-schema: reply failed validation after ${maxAttempts} attempts:\n${lastErrors
+      .map((e) => `  - ${e}`)
+      .join("\n")}\nLast reply:\n${lastRaw.slice(0, 1000)}\n`,
+  );
+  return 1;
+}

package/src/lib/mcp-serve.js

@@ -0,0 +1,259 @@
+/**
+ * `cc mcp serve` — expose cc's local file tools as an MCP server so OTHER
+ * MCP clients (Claude Desktop, another cc, any Streamable-HTTP client) can
+ * use this machine's workspace. Claude-Code `claude mcp serve` parity.
+ *
+ * Protocol: Streamable-HTTP MCP, same shape the IDE-bridge work verified
+ * against the real CLI MCPClient — every request is POST JSON-RPC answered
+ * with application/json (no persistent SSE GET needed): `initialize`,
+ * `notifications/initialized`, `tools/list`, `tools/call`; tool failures are
+ * `isError` results, transport failures JSON-RPC errors.
+ *
+ * Security: tools are CONFINED to the serve root (path resolves inside root
+ * or the call fails), Bearer-token auth is on by default (random token,
+ * printed once), `--read-only` drops write_file. Zero npm deps (node http).
+ */
+
+import http from "http";
+import fsDefault from "fs";
+import pathDefault from "path";
+import { randomBytes } from "crypto";
+
+export const MAX_READ_BYTES = 200 * 1024;
+export const MAX_LIST_ENTRIES = 500;
+export const MAX_SEARCH_RESULTS = 200;
+export const MAX_SEARCH_ENTRIES = 50_000;
+const SKIP_DIRS = new Set(["node_modules", ".git", "dist", "build"]);
+
+export const _deps = { fs: fsDefault, path: pathDefault };
+
+/** Resolve `rel` inside `root`; throws on escape (.. traversal, abs paths out). */
+export function confine(root, rel, deps = _deps) {
+  const abs = deps.path.resolve(root, rel || ".");
+  const normRoot = deps.path.resolve(root);
+  if (abs !== normRoot && !abs.startsWith(normRoot + deps.path.sep)) {
+    throw new Error(`path escapes serve root: ${rel}`);
+  }
+  return abs;
+}
+
+function ok(text) {
+  return { content: [{ type: "text", text: String(text) }] };
+}
+function fail(message) {
+  return { content: [{ type: "text", text: String(message) }], isError: true };
+}
+
+/** Build the tool table (name → {description, inputSchema, handler}). */
+export function buildTools({ root, readOnly = false, deps = _deps }) {
+  const fs = deps.fs;
+  const tools = {
+    read_file: {
+      description: `Read a UTF-8 file under the serve root (${MAX_READ_BYTES} byte cap)`,
+      inputSchema: {
+        type: "object",
+        properties: { path: { type: "string" } },
+        required: ["path"],
+      },
+      handler: ({ path: rel }) => {
+        const abs = confine(root, rel, deps);
+        const buf = fs.readFileSync(abs);
+        const truncated = buf.length > MAX_READ_BYTES;
+        const text = (truncated ? buf.slice(0, MAX_READ_BYTES) : buf).toString(
+          "utf-8",
+        );
+        return ok(truncated ? `${text}\n… [truncated ${buf.length} bytes]` : text);
+      },
+    },
+    list_dir: {
+      description: "List a directory under the serve root (dirs get trailing /)",
+      inputSchema: {
+        type: "object",
+        properties: { path: { type: "string" } },
+      },
+      handler: ({ path: rel } = {}) => {
+        const abs = confine(root, rel || ".", deps);
+        const entries = fs
+          .readdirSync(abs, { withFileTypes: true })
+          .slice(0, MAX_LIST_ENTRIES)
+          .map((e) => (e.isDirectory() ? `${e.name}/` : e.name));
+        return ok(entries.join("\n"));
+      },
+    },
+    search_files: {
+      description:
+        "Find files under the serve root whose RELATIVE PATH contains the query (case-insensitive, bounded walk)",
+      inputSchema: {
+        type: "object",
+        properties: {
+          query: { type: "string" },
+          dir: { type: "string" },
+        },
+        required: ["query"],
+      },
+      handler: ({ query, dir } = {}) => {
+        const base = confine(root, dir || ".", deps);
+        const q = String(query).toLowerCase();
+        const hits = [];
+        let seen = 0;
+        const walk = (d) => {
+          if (hits.length >= MAX_SEARCH_RESULTS || seen >= MAX_SEARCH_ENTRIES)
+            return;
+          let list;
+          try {
+            list = fs.readdirSync(d, { withFileTypes: true });
+          } catch {
+            return;
+          }
+          for (const e of list) {
+            if (hits.length >= MAX_SEARCH_RESULTS || ++seen >= MAX_SEARCH_ENTRIES)
+              return;
+            const abs = deps.path.join(d, e.name);
+            if (e.isDirectory()) {
+              if (!SKIP_DIRS.has(e.name) && !e.name.startsWith("."))
+                walk(abs);
+            } else {
+              const rel = deps.path.relative(root, abs).replace(/\\/g, "/");
+              if (rel.toLowerCase().includes(q)) hits.push(rel);
+            }
+          }
+        };
+        walk(base);
+        return ok(hits.join("\n") || "(no matches)");
+      },
+    },
+  };
+  if (!readOnly) {
+    tools.write_file = {
+      description: "Write a UTF-8 file under the serve root (creates parent dirs)",
+      inputSchema: {
+        type: "object",
+        properties: {
+          path: { type: "string" },
+          content: { type: "string" },
+        },
+        required: ["path", "content"],
+      },
+      handler: ({ path: rel, content }) => {
+        const abs = confine(root, rel, deps);
+        fs.mkdirSync(deps.path.dirname(abs), { recursive: true });
+        fs.writeFileSync(abs, String(content), "utf-8");
+        return ok(`wrote ${Buffer.byteLength(String(content))} bytes to ${rel}`);
+      },
+    };
+  }
+  return tools;
+}
+
+function rpcResult(id, result) {
+  return JSON.stringify({ jsonrpc: "2.0", id, result });
+}
+function rpcError(id, code, message) {
+  return JSON.stringify({ jsonrpc: "2.0", id, error: { code, message } });
+}
+
+/**
+ * Start the server. Returns { server, port, token, url, close() }.
+ *
+ * @param {object} opts { root, port=0, token (null → random, false → no auth),
+ *                        readOnly, deps }
+ */
+export function startMcpServe(opts = {}) {
+  const deps = { ..._deps, ...(opts.deps || {}) };
+  const root = deps.path.resolve(opts.root || process.cwd());
+  const readOnly = Boolean(opts.readOnly);
+  const token =
+    opts.token === false
+      ? null
+      : opts.token || randomBytes(16).toString("hex");
+  const tools = buildTools({ root, readOnly, deps });
+
+  const server = http.createServer((req, res) => {
+    const send = (status, body) => {
+      res.writeHead(status, { "Content-Type": "application/json" });
+      res.end(body);
+    };
+    if (req.method !== "POST") {
+      return send(405, rpcError(null, -32600, "POST only"));
+    }
+    if (token) {
+      const auth = req.headers.authorization || "";
+      if (auth !== `Bearer ${token}`) {
+        return send(401, rpcError(null, -32001, "unauthorized"));
+      }
+    }
+    let raw = "";
+    req.on("data", (c) => {
+      raw += c;
+    });
+    req.on("end", () => {
+      let msg;
+      try {
+        msg = JSON.parse(raw);
+      } catch {
+        return send(400, rpcError(null, -32700, "parse error"));
+      }
+      const { id, method, params } = msg || {};
+      try {
+        if (method === "initialize") {
+          return send(
+            200,
+            rpcResult(id, {
+              protocolVersion: params?.protocolVersion || "2025-03-26",
+              capabilities: { tools: {} },
+              serverInfo: { name: "cc-mcp-serve", version: "1.0.0" },
+            }),
+          );
+        }
+        if (method === "notifications/initialized") {
+          res.writeHead(202);
+          return res.end();
+        }
+        if (method === "tools/list") {
+          return send(
+            200,
+            rpcResult(id, {
+              tools: Object.entries(tools).map(([name, t]) => ({
+                name,
+                description: t.description,
+                inputSchema: t.inputSchema,
+              })),
+            }),
+          );
+        }
+        if (method === "tools/call") {
+          const tool = tools[params?.name];
+          if (!tool) {
+            return send(200, rpcResult(id, fail(`unknown tool: ${params?.name}`)));
+          }
+          let result;
+          try {
+            result = tool.handler(params?.arguments || {});
+          } catch (err) {
+            result = fail(err.message);
+          }
+          return send(200, rpcResult(id, result));
+        }
+        return send(200, rpcError(id, -32601, `method not found: ${method}`));
+      } catch (err) {
+        return send(500, rpcError(id, -32603, err.message));
+      }
+    });
+  });
+
+  return new Promise((resolve, reject) => {
+    server.on("error", reject);
+    server.listen(opts.port || 0, "127.0.0.1", () => {
+      const port = server.address().port;
+      resolve({
+        server,
+        port,
+        token,
+        root,
+        readOnly,
+        url: `http://127.0.0.1:${port}/mcp`,
+        close: () => new Promise((r) => server.close(r)),
+      });
+    });
+  });
+}