Regression in #230: PPID mismatch — mcpRedirect swallows all redirects when hook spawned via shell wrapper

[se7enango]

Summary

The MCP-readiness sentinel guard introduced in 04569b1 (fix for #230) is silently bypassed in normal Claude Code sessions because the MCP server and the hook process resolve process.ppid to different PIDs. As a result, isMCPReady() always returns false for hooks, and mcpRedirect() swallows every deny/modify decision — WebFetch, curl/wget, inline-HTTP, and gradle/maven redirects all become silent passthroughs.

Effectively, the core routing policy of context-mode is no-op for any Claude Code installation that spawns hooks via a shell wrapper.

Root cause

src/server.ts (MCP server) writes the sentinel using its own process.ppid:

// src/server.ts (introduced by #230)
const mcpSentinel = join(tmpdir(), `context-mode-mcp-ready-${process.ppid}`);
// ...
writeFileSync(mcpSentinel, String(process.pid));

hooks/core/mcp-ready.mjs reads the sentinel using its own process.ppid:

export function sentinelPath() {
  return resolve(tmpdir(), `context-mode-mcp-ready-${process.ppid}`);
}

This only works if both processes share the same parent. They don't:

Process	How spawned	process.ppid
MCP server	Claude Code → node start.mjs (direct)	Claude Code main PID
Hook (pretooluse.mjs)	Claude Code → bash -c \"node hooks/pretooluse.mjs\"	Transient bash PID

So the sentinel exists at /tmp/context-mode-mcp-ready-${CC_PID}, but the hook looks for /tmp/context-mode-mcp-ready-${TRANSIENT_BASH_PID} — different file, never found.

Reproduction

Environment:

• context-mode v1.0.94 (installed via Claude Code marketplace, autoUpdate: true)
• Claude Code CLI on Linux (WSL2, Ubuntu)

Steps:

1. Start a Claude Code session with context-mode plugin enabled.
2. Verify the MCP server is alive and the sentinel exists:

   ls /tmp/context-mode-mcp-ready-*
   # → /tmp/context-mode-mcp-ready-<CC_PID>   (PID inside is alive)
   

3. Trigger any redirect from agent (e.g. ask agent to call WebFetch).
4. Observed: WebFetch succeeds. No deny shown.
5. Expected: deny with permissionDecision: \"deny\" and the Use ctx_fetch_and_index ... reason.

Direct verification of the guard:

node -e \"
import('/path/to/plugins/cache/context-mode/context-mode/1.0.94/hooks/core/mcp-ready.mjs').then(m => {
  console.log('ppid:', process.ppid);
  console.log('sentinelPath:', m.sentinelPath());
  console.log('isMCPReady:', m.isMCPReady());
});
\"

Output (run from a child of Claude Code):

ppid: 1067770
sentinelPath: /tmp/context-mode-mcp-ready-1067770
isMCPReady: false

While the actual sentinel sits at /tmp/context-mode-mcp-ready-1034965 (Claude Code's main PID), pointing to the live MCP server PID 1035016.

End-to-end confirmation — manually invoking the hook with a WebFetch payload returns empty stdout (passthrough):

echo '{\"tool_name\":\"WebFetch\",\"tool_input\":{\"url\":\"https://example.com\",\"prompt\":\"x\"},\"session_id\":\"t\"}' \\
  | node hooks/pretooluse.mjs
# → (no output)   ← should print {hookSpecificOutput: {permissionDecision: \"deny\", ...}}

And the routing function directly:

node -e \"
import('hooks/core/routing.mjs').then(m => {
  const d = m.routePreToolUse('WebFetch', {url:'https://example.com'}, '/tmp', 'claude-code', 't');
  console.log(d);
});\"
# → null   ← should be { action: 'deny', reason: '...' }

Impact (all affected by the same swallow)

• WebFetch deny (routing.mjs:313-320)
• curl/wget redirect-to-execute (routing.mjs:255-263)
• inline-HTTP (fetch(...), requests.get, http.get) redirect (routing.mjs:274-285)
• gradle / mvn build-tool redirect (routing.mjs:289-297)

All of these become silent no-ops, so the agent quietly uses original tools and floods the context window — the exact thing context-mode is designed to prevent.

ctx_doctor reports green across the board because it only checks file existence, not behavior.

Suggested fixes

Any of these would resolve the PPID mismatch. Listed roughly in increasing invasiveness:

1. Directory-scan + PID liveness probe — drop the per-PPID filename. MCP server writes a fixed-path sentinel ${tmpdir}/context-mode-mcp-ready/<server-pid>. Hook scans the directory and returns true if any file's PID is alive (process.kill(pid, 0)).
2. Lockfile + stat — server holds an exclusive lockfile at a fixed path; hook checks lock holder's PID liveness. Same idea, OS-level primitive.
3. Environment-variable handshake — MCP server export CTX_MODE_MCP_PID=<pid> into the session somehow (or write a dotenv next to plugin.json that hooks source). Less portable.
4. Walk up the process tree — hook walks up its parent chain (/proc/<pid>/status PPID lines on Linux, ps -o ppid= elsewhere) until it finds a PID that has a matching sentinel file. Works on any spawn topology.

Option 1 looks cleanest and avoids the cross-platform PPID resolution rabbit hole.

Workarounds

For users who want the redirects back today: pin to a version prior to 04569b1 (2026-04-13) and disable marketplace autoUpdate. The mcpRedirect guard is the only thing producing the regression — earlier versions called the redirect formatter directly.

Notes

• Reproduced under Claude Code on Linux (WSL2, Ubuntu). Other Claude Code platforms that wrap hook commands in bash -c \"...\" will behave the same. Direct-spawn platforms (e.g. some Cursor/VSCode adapters) may coincidentally work because their hook spawn topology happens to share a PPID with the MCP server.
• Issue Agent gets stuck when WebFetch is blocked but ctx_fetch_and_index MCP tool is unavailable #230's original problem was real (deny with no MCP fallback → agent stuck). A directory-scan fix preserves the graceful-degradation intent without the ppid coupling.

[mksglu]

Thanks for the detailed write-up, Jay. The reproduction steps and direct verification of isMCPReady() are exactly what we need.

I spent some time tracing this. Here's where I landed:

Claude Code spawns hooks using spawn(command, [], { shell: true }), which wraps the command in /bin/sh -c "...". For context-mode's hook commands (simple node "/path/hook.mjs" after ${CLAUDE_PLUGIN_ROOT} expansion), most shells exec-optimize: /bin/sh replaces itself with node, so process.ppid in the hook ends up being the Claude Code PID. Same PID the MCP server uses for its sentinel. On macOS (bash 3.2 as /bin/sh) and standard Linux (dash), this works and the sentinel resolves correctly.

But exec-optimization is a shell implementation detail, not a guarantee. On WSL2, the behavior may differ. I wasn't able to reproduce the mismatch on macOS, but your WSL2 evidence (the direct isMCPReady: false output and the sentinel path mismatch) is convincing that something breaks in your specific spawn topology.

Could you grab two things so I can confirm the exact failure path?

1. The process tree while a hook is running:

# Run this during an active Claude Code session
ps -eo pid,ppid,comm | grep -E 'claude|node|sh|bash' | head -30

2. ctx-debug.sh output if you have it, or:

ls -la $TMPDIR/context-mode-mcp-ready-* 2>/dev/null || ls -la /tmp/context-mode-mcp-ready-* 2>/dev/null

Either way, you're right that the ppid-based sentinel is fragile. It works on most platforms because of exec-optimization, but it shouldn't depend on that. Your Option 1 (directory-scan + PID liveness probe) is the right direction. I'm going to look at implementing that with a session-scoping mechanism to avoid cross-session false positives.

Re: workaround, pinning to pre-04569b1 works but you lose the graceful degradation from #230. If you're on WSL2 and the redirects are fully broken anyway, pinning is probably the lesser evil for now.

[se7enango]

Confirmed both pieces of evidence on my WSL2 box. Bug still reproduces.

1. Process tree — /bin/sh does NOT exec-optimize on WSL2

ps -eo pid,ppid,comm during an active Claude Code session, hook spawns visible:

1208183 ...     claude         ← Claude Code main PID
1208240 1208183 node           ← MCP server (direct spawn, ppid = claude)
1208500 1208183 node
1208633 1208590 sh             ← hook wrapper (sh -c "node ...")
1208634 1208633 node           ← hook node, ppid = sh PID, NOT claude
1208642 1208558 sh             ← another hook wrapper
1208643 1208642 node           ← same pattern
...
1088138 ...     claude         ← second Claude session
1088559 1088516 sh
1088560 1088559 node
1088566 1088528 sh
1088567 1088566 node

Every hook node process has a live sh as its immediate parent. /bin/sh -c "node /path/hook.mjs" on WSL2 (Ubuntu 24.04, dash as /bin/sh) is not doing the exec-replace optimization here — sh stays alive, so process.ppid inside the hook resolves to the transient sh PID, never the Claude Code PID.

2. Sentinel files

$ ls -la /tmp/context-mode-mcp-ready-*
-rw-r--r-- 1 user user 7 Apr 26 19:23 /tmp/context-mode-mcp-ready-1088138
-rw-r--r-- 1 user user 7 Apr 26 20:41 /tmp/context-mode-mcp-ready-1208183

Sentinels exist at /tmp/context-mode-mcp-ready-<claude_pid> (1088138, 1208183 — both Claude main PIDs). The hook node process is looking for /tmp/context-mode-mcp-ready-<sh_pid> (1208633, 1208642, etc.), which never gets written. Mismatch confirmed end-to-end.

Note: $TMPDIR is /tmp/.ctx-mode-Uc34jU in this session, but the sentinels are written to /tmp/ root — so even if PPID matched, a per-session TMPDIR override would also break the lookup. Probably worth resolving sentinel directory the same way on both writer and reader regardless of which fix lands.

3. End-to-end re-verify — bug still reproduces in v1.0.95

WebFetch https://example.com → returned page content with no deny, no redirect to ctx_fetch_and_index. mcpRedirect is fully bypassed.

---

So the WSL2 failure path is: dash (as /bin/sh) keeps the wrapper process alive when invoked via sh -c "node ..." from Claude Code's spawn(cmd, [], {shell: true}). Different from macOS bash 3.2 / standard Linux dash invocations you tested — likely the difference is in how Claude Code's child_process options interact with WSL2's process layer, but from context-mode's side the fix is the same: stop relying on PPID equality.

Happy to test a directory-scan + liveness-probe build whenever you have one.

[se7enango]

Raw outputs you asked for:

1. Process tree

$ ps -eo pid,ppid,comm | grep -E 'claude|node|sh|bash' | head -30
    424     358 bash
    458     457 bash
    466     457 bash
    475     457 bash
    476     473 sh
    479     476 sh
    534     479 sh
    545     534 node
    713     712 node
    720     545 node
    747     735 node
    766     545 node
   1002     545 node
   2281    2279 bash
  51902     720 bash
  52130     720 bash
 127906    1002 node
 127921    1002 node
 181259     720 bash
1088138   52130 claude
1088204 1088138 node
1088480 1088138 node
1088559 1088516 sh
1088560 1088559 node
1088566 1088528 sh
1088567 1088566 node
1208183   51902 claude
1208240 1208183 node
1208500 1208183 node
1208633 1208590 sh
1208634 1208633 node
1208642 1208558 sh
1208643 1208642 node

2. Sentinels

$ ls -la $TMPDIR/context-mode-mcp-ready-* 2>/dev/null
(no output)

$ ls -la /tmp/context-mode-mcp-ready-* 2>/dev/null
-rw-r--r-- 1 user user 7 Apr 26 19:23 /tmp/context-mode-mcp-ready-1088138
-rw-r--r-- 1 user user 7 Apr 26 20:41 /tmp/context-mode-mcp-ready-1208183

$ echo "TMPDIR=$TMPDIR"
TMPDIR=/tmp/.ctx-mode-Uc34jU

3. ctx-debug.sh

$ bash scripts/ctx-debug.sh
context-mode diagnostic v2.0.0
─────────────────────────────
29 passed, 1 failed, 2 warnings

Failed:
  ✗ PreToolUse denies WebFetch

System info from the same run:

OS:         WSL2, Ubuntu 24.04.4 LTS
Kernel:     6.6.87.2-microsoft-standard-WSL2
Shell:      /bin/bash 5.2.21  (/bin/sh → dash)
Node:       v22.22.2 (nvm)
context-mode: 1.0.95 (marketplace)
Adapter:    claude-code
TMPDIR:     /tmp/.ctx-mode-qCOFcT

[mksglu]

Fixed in v1.0.98. @se7enango please test:

# Update via marketplace (restart Claude Code) or:
npm install -g context-mode@1.0.98

What changed

The PPID-keyed sentinel (context-mode-mcp-ready-${process.ppid}) is replaced with a directory-scan + PID liveness probe:

1. Server writes: /tmp/context-mode-mcp-ready-${process.pid} (own PID, not parent)
2. Hook scans: /tmp/context-mode-mcp-ready-* → reads each PID → kill(pid, 0) → if alive, MCP is ready
3. Dead sentinels cleaned up automatically during scan
4. Hardcoded /tmp on Unix — avoids TMPDIR mismatch you found

No more dependency on process.ppid matching between hook and server. Works regardless of whether /bin/sh exec-optimizes.

How to verify

After upgrading, the redirects should work again:

• curl commands → redirected to ctx_fetch_and_index
• WebFetch → blocked with MCP alternative
• Raw HTTP in Bash → redirected to ctx_execute

If you want to check the sentinel directly:

ls -la /tmp/context-mode-mcp-ready-*
# Should show sentinel(s) with MCP server PIDs

Let me know if this resolves it on your WSL2 setup.

[se7enango]

good work Thx

[mksglu]

good work Thx

Is it worked?