Claude Agent SDK 指南：结构化输出、插件与钩子系统 | Anthropic AI 开发工具

claude-agent-sdk by jezweb/claude-skills

415 周安装量

656 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/jezweb/claude-skills --skill claude-agent-sdk

AI/机器学习开发自动化

🇨🇳中文介绍

Claude Agent SDK - 结构化输出与错误预防指南

包 : @anthropic-ai/claude-agent-sdk@0.2.12 破坏性变更 : v0.1.45 - 结构化输出 (2025年11月), v0.1.0 - 无默认系统提示, 需设置 settingSources

v0.1.45+ 版本新特性 (2025年11月)

主要特性:

1. 结构化输出 (v0.1.45, 2025年11月14日)

JSON 模式验证 - 保证响应完全匹配指定模式
outputFormat 参数 - 使用 JSON 模式或 Zod 定义输出结构
访问验证结果 - 通过 message.structured_output
必需 Beta 头 : structured-outputs-2025-11-13
类型安全 - 使用 Zod 模式实现完整的 TypeScript 类型推断

示例:

import { query } from "@anthropic-ai/claude-agent-sdk";
import { z } from "zod";
import { zodToJsonSchema } from "zod-to-json-schema";

const schema = z.object({
  summary: z.string(),
  sentiment: z.enum(['positive', 'neutral', 'negative']),
  confidence: z.number().min(0).max(1)
});

const response = query({
  prompt: "Analyze this code review feedback",
  options: {
    model: "claude-sonnet-4-5",
    outputFormat: {
      type: "json_schema",
      json_schema: {
        name: "AnalysisResult",
        strict: true,
        schema: zodToJsonSchema(schema)
      }
    }
  }
});

for await (const message of response) {
  if (message.type === 'result' && message.structured_output) {
    // 保证匹配模式
    const validated = schema.parse(message.structured_output);
    console.log(`Sentiment: ${validated.sentiment}`);
  }
}

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

2. 插件系统 (v0.1.27)

plugins 数组 - 加载本地插件路径
自定义插件支持 - 扩展代理能力

3. 钩子系统 (v0.1.0+)

全部 12 个钩子事件:

钩子	触发时机	使用场景
`PreToolUse`	工具执行前	验证、修改或阻止工具调用
`PostToolUse`	工具执行后	记录结果、触发副作用
`Notification`	代理通知	显示状态更新
`UserPromptSubmit`	收到用户提示	预处理或验证输入
`SubagentStart`	子代理启动	跟踪委托、记录上下文
`SubagentStop`	子代理完成	汇总结果、清理
`PreCompact`	上下文压缩前	在截断前保存状态
`PermissionRequest`	需要权限时	自定义审批工作流
`Stop`	代理停止时	清理、最终记录
`SessionStart`	会话开始时	初始化状态
`SessionEnd`	会话结束时	持久化状态、清理
`Error`	发生错误时	自定义错误处理

const response = query({
  prompt: "...",
  options: {
    hooks: {
      PreToolUse: async (input) => {
        console.log(`Tool: ${input.toolName}`);
        return { allow: true };  // 或 { allow: false, message: "..." }
      },
      PostToolUse: async (input) => {
        await logToolUsage(input.toolName, input.result);
      }
    }
  }
});

fallbackModel - 失败时自动回退模型
maxThinkingTokens - 控制扩展思考预算
strictMcpConfig - 严格的 MCP 配置验证
continue - 使用新提示继续 (与 resume 不同)
permissionMode: 'plan' - 用于规划工作流的新权限模式

Claude Agent SDK 完整参考指南

核心查询 API
工具集成
MCP 服务器
子代理编排
会话管理
权限控制
沙盒设置
文件检查点
文件系统设置
查询对象方法
消息类型与流式处理
错误处理
已知问题

query(prompt: string | AsyncIterable<SDKUserMessage>, options?: Options)
  -> AsyncGenerator<SDKMessage>

outputFormat - 结构化 JSON 模式验证 (v0.1.45+)
settingSources - 文件系统设置加载 ('user'|'project'|'local')
canUseTool - 自定义权限逻辑回调
agents - 编程式子代理定义
mcpServers - MCP 服务器配置
permissionMode - 'default'|'acceptEdits'|'bypassPermissions'|'plan'
betas - 启用 Beta 功能 (例如，1M 上下文窗口)
sandbox - 安全执行的沙盒设置
enableFileCheckpointing - 启用文件状态快照
systemPrompt - 系统提示 (字符串或预设对象)

扩展上下文 (1M 令牌)

启用 100 万令牌上下文窗口:

const response = query({
  prompt: "Analyze this large codebase",
  options: {
    betas: ['context-1m-2025-08-07'],  // 启用 1M 上下文
    model: "claude-sonnet-4-5"
  }
});

两种形式的 systemPrompt:

// 1. 简单字符串
systemPrompt: "You are a helpful coding assistant."

// 2. 带可选追加的预设 (保留 Claude Code 默认值)
systemPrompt: {
  type: 'preset',
  preset: 'claude_code',
  append: "\n\nAdditional context: Focus on security."
}

使用预设形式 当你想要 Claude Code 的默认行为加上自定义附加内容时。

工具集成 (内置 + 自定义)

allowedTools - 白名单 (优先级更高)
disallowedTools - 黑名单
canUseTool - 自定义权限回调 (参见权限控制部分)

内置工具: Read, Write, Edit, Bash, Grep, Glob, WebSearch, WebFetch, Task, NotebookEdit, BashOutput, KillBash, ListMcpResources, ReadMcpResource, AskUserQuestion

AskUserQuestion 工具 (v0.1.71+)

在代理执行期间启用用户交互:

const response = query({
  prompt: "Review and refactor the codebase",
  options: {
    allowedTools: ["Read", "Write", "Edit", "AskUserQuestion"]
  }
});

// 代理现在可以询问澄清问题
// 问题以 tool_call 形式出现在消息流中，名称为 "AskUserQuestion"

在任务中途澄清模糊需求
在执行破坏性操作前获取用户批准
呈现选项并获取选择

工具配置 (v0.1.57+)

三种形式的工具配置:

// 1. 精确允许列表 (字符串数组)
tools: ["Read", "Write", "Grep"]

// 2. 禁用所有工具 (空数组)
tools: []

// 3. 带默认值的预设 (对象形式)
tools: { type: 'preset', preset: 'claude_code' }

注意: allowedTools 和 disallowedTools 仍然有效，但 tools 提供了更多灵活性。

MCP 服务器 (模型上下文协议)

服务器类型:

进程内 - 使用 createSdkMcpServer() 和 tool() 定义
外部 - stdio、HTTP、SSE 传输

tool(name: string, description: string, zodSchema, handler)

处理器返回:

{ content: [{ type: "text", text: "..." }], isError?: boolean }

外部 MCP 服务器 (stdio)

const response = query({
  prompt: "List files and analyze Git history",
  options: {
    mcpServers: {
      // 文件系统服务器
      "filesystem": {
        command: "npx",
        args: ["@modelcontextprotocol/server-filesystem"],
        env: {
          ALLOWED_PATHS: "/Users/developer/projects:/tmp"
        }
      },
      // Git 操作服务器
      "git": {
        command: "npx",
        args: ["@modelcontextprotocol/server-git"],
        env: {
          GIT_REPO_PATH: "/Users/developer/projects/my-repo"
        }
      }
    },
    allowedTools: [
      "mcp__filesystem__list_files",
      "mcp__filesystem__read_file",
      "mcp__git__log",
      "mcp__git__diff"
    ]
  }
});

外部 MCP 服务器 (HTTP/SSE)

const response = query({
  prompt: "Analyze data from remote service",
  options: {
    mcpServers: {
      "remote-service": {
        url: "https://api.example.com/mcp",
        headers: {
          "Authorization": "Bearer your-token-here",
          "Content-Type": "application/json"
        }
      }
    },
    allowedTools: ["mcp__remote-service__analyze"]
  }
});

MCP 工具命名约定

格式 : mcp__<server-name>__<tool-name>

服务器名称和工具名称必须与配置匹配
使用双下划线 (__) 作为分隔符
包含在 allowedTools 数组中

示例: mcp__weather-service__get_weather, mcp__filesystem__read_file

AgentDefinition 类型

type AgentDefinition = {
  description: string;        // 何时使用此代理
  prompt: string;             // 代理的系统提示
  tools?: string[];           // 允许的工具 (可选)
  model?: 'sonnet' | 'opus' | 'haiku' | 'inherit';  // 模型 (可选)
  skills?: string[];          // 要加载的技能 (v0.2.10+)
  maxTurns?: number;          // 停止前的最大轮次 (v0.2.10+)
}

description : 何时使用代理 (由主代理用于委托)
prompt : 系统提示 (定义角色，继承主上下文)
tools : 允许的工具 (如果省略，则继承自主代理)
model : 模型覆盖 (haiku/sonnet/opus/inherit)
skills : 为代理加载的技能 (v0.2.10+)
maxTurns : 在返回控制前限制代理为 N 轮 (v0.2.10+)

agents: {
  "security-checker": {
    description: "安全审计和漏洞扫描",
    prompt: "你负责安全检查。扫描密钥，验证 OWASP 合规性。",
    tools: ["Read", "Grep", "Bash"],
    model: "sonnet",
    skills: ["security-best-practices"],  // 加载特定技能
    maxTurns: 10  // 限制为 10 轮
  }
}

⚠️ 子代理清理警告

已知问题 : 当父代理停止时，子代理不会停止 (问题 #132)

当父代理停止时 (通过取消或错误)，生成的子代理会继续作为孤立进程运行。这可能导致:

资源泄漏
父代理停止后继续执行工具
递归场景中的内存不足 (Claude Code 问题 #4850)

解决方法 : 在 Stop 钩子中实现清理:

const response = query({
  prompt: "Deploy to production",
  options: {
    agents: {
      "deployer": {
        description: "处理部署",
        prompt: "部署应用程序",
        tools: ["Bash"]
      }
    },
    hooks: {
      Stop: async (input) => {
        // 手动清理生成的进程
        console.log("Parent stopped - cleaning up subagents");
        // 实现进程跟踪和终止
      }
    }
  }
});

增强跟踪 : 问题 #142 提议自动终止

resume: sessionId - 继续之前的会话
forkSession: true - 从会话创建新分支
continue: prompt - 使用新提示继续 (与 resume 不同)

会话分叉模式 (独特能力):

// 在不修改原始会话的情况下探索替代方案
const forked = query({
  prompt: "Try GraphQL instead of REST",
  options: {
    resume: sessionId,
    forkSession: true  // 创建新分支，原始会话保持不变
  }
});

捕获会话 ID:

for await (const message of response) {
  if (message.type === 'system' && message.subtype === 'init') {
    sessionId = message.session_id;  // 保存供后续恢复/分叉使用
  }
}

V2 会话 API (预览版 - v0.1.54+)

更简单的多轮对话模式:

import {
  unstable_v2_createSession,
  unstable_v2_resumeSession,
  unstable_v2_prompt
} from "@anthropic-ai/claude-agent-sdk";

// 创建新会话
const session = await unstable_v2_createSession({
  model: "claude-sonnet-4-5",
  workingDirectory: process.cwd(),
  allowedTools: ["Read", "Grep", "Glob"]
});

// 发送提示并流式接收响应
const stream = unstable_v2_prompt(session, "Analyze the codebase structure");
for await (const message of stream) {
  console.log(message);
}

// 在同一会话中继续对话
const stream2 = unstable_v2_prompt(session, "Now suggest improvements");
for await (const message of stream2) {
  console.log(message);
}

// 恢复之前的会话
const resumedSession = await unstable_v2_resumeSession(session.sessionId);

注意: V2 API 处于预览状态 (unstable_ 前缀)。.receive() 方法在 v0.1.72 中更名为 .stream()。

type PermissionMode = "default" | "acceptEdits" | "bypassPermissions" | "plan";

default - 标准权限检查
acceptEdits - 自动批准文件编辑
bypassPermissions - 跳过所有检查 (仅在 CI/CD 中使用)
plan - 规划模式 (v0.1.45+)

自定义权限逻辑

const response = query({
  prompt: "Deploy application to production",
  options: {
    permissionMode: "default",
    canUseTool: async (toolName, input) => {
      // 允许只读操作
      if (['Read', 'Grep', 'Glob'].includes(toolName)) {
        return { behavior: "allow" };
      }

      // 拒绝破坏性 bash 命令
      if (toolName === 'Bash') {
        const dangerous = ['rm -rf', 'dd if=', 'mkfs', '> /dev/'];
        if (dangerous.some(pattern => input.command.includes(pattern))) {
          return {
            behavior: "deny",
            message: "Destructive command blocked for safety"
          };
        }
      }

      // 部署需要确认
      if (input.command?.includes('deploy') || input.command?.includes('kubectl apply')) {
        return {
          behavior: "ask",
          message: "Confirm deployment to production?"
        };
      }

      // 默认允许
      return { behavior: "allow" };
    }
  }
});

type CanUseToolCallback = (
  toolName: string,
  input: any
) => Promise<PermissionDecision>;

type PermissionDecision =
  | { behavior: "allow" }
  | { behavior: "deny"; message?: string }
  | { behavior: "ask"; message?: string };

// 阻止所有文件写入
canUseTool: async (toolName, input) => {
  if (toolName === 'Write' || toolName === 'Edit') {
    return { behavior: "deny", message: "No file modifications allowed" };
  }
  return { behavior: "allow" };
}

// 对特定文件需要确认
canUseTool: async (toolName, input) => {
  const sensitivePaths = ['/etc/', '/root/', '.env', 'credentials.json'];
  if ((toolName === 'Write' || toolName === 'Edit') &&
      sensitivePaths.some(path => input.file_path?.includes(path))) {
    return {
      behavior: "ask",
      message: `Modify sensitive file ${input.file_path}?`
    };
  }
  return { behavior: "allow" };
}

// 记录所有工具使用情况
canUseTool: async (toolName, input) => {
  console.log(`Tool requested: ${toolName}`, input);
  await logToDatabase(toolName, input);
  return { behavior: "allow" };
}

沙盒设置 (安全关键)

为 Bash 命令启用沙盒化执行:

const response = query({
  prompt: "Run system diagnostics",
  options: {
    sandbox: {
      enabled: true,
      autoAllowBashIfSandboxed: true,  // 在沙盒中自动批准 bash
      excludedCommands: ["rm", "dd", "mkfs"],  // 从不自动批准这些命令
      allowUnsandboxedCommands: false  // 拒绝无法沙盒化的命令
    }
  }
});

SandboxSettings 类型

type SandboxSettings = {
  enabled: boolean;
  autoAllowBashIfSandboxed?: boolean;  // 默认: false
  excludedCommands?: string[];
  allowUnsandboxedCommands?: boolean;  // 默认: false
  network?: NetworkSandboxSettings;
  ignoreViolations?: SandboxIgnoreViolations;
};

type NetworkSandboxSettings = {
  enabled: boolean;
  proxyUrl?: string;  // 网络请求的 HTTP 代理
};

enabled - 激活沙盒隔离
autoAllowBashIfSandboxed - 对安全的 bash 命令跳过权限提示
excludedCommands - 始终需要权限的命令
allowUnsandboxedCommands - 允许无法沙盒化的命令 (有风险)
network.proxyUrl - 通过代理路由网络以进行监控

最佳实践: 在生产环境中处理不受信任输入的代理始终使用沙盒。

启用文件状态快照以实现回滚能力:

const response = query({
  prompt: "Refactor the authentication module",
  options: {
    enableFileCheckpointing: true  // 启用文件快照
  }
});

// 稍后: 将文件更改回滚到特定点
for await (const message of response) {
  if (message.type === 'user' && message.uuid) {
    // 稍后可以回滚到此点
    const userMessageUuid = message.uuid;

    // 回滚 (在 Query 对象上调用)
    await response.rewindFiles(userMessageUuid);
  }
}

撤销失败的重构尝试
A/B 测试代码更改
安全探索替代方案

type SettingSource = 'user' | 'project' | 'local';

user - ~/.claude/settings.json (全局)
project - .claude/settings.json (团队共享)
local - .claude/settings.local.json (gitignored 覆盖)

默认: 不加载任何设置 (settingSources: [])

当加载多个源时，设置按以下顺序合并 (优先级从高到低):

编程选项 (传递给 query()) - 始终优先
本地设置 (.claude/settings.local.json)
项目设置 (.claude/settings.json)
用户设置 (~/.claude/settings.json)

// .claude/settings.json
{
  "allowedTools": ["Read", "Write", "Edit"]
}

// .claude/settings.local.json
{
  "allowedTools": ["Read"]  // 覆盖项目设置
}

// 编程方式
const response = query({
  options: {
    settingSources: ["project", "local"],
    allowedTools: ["Read", "Grep"]  // ← 这个优先
  }
});

// 实际 allowedTools: ["Read", "Grep"]

最佳实践: 在 CI/CD 中使用 settingSources: ["project"] 以确保行为一致。

query() 函数返回一个具有以下方法的 Query 对象:

const q = query({ prompt: "..." });

// 异步迭代 (主要用法)
for await (const message of q) { ... }

// 运行时模型控制
await q.setModel("claude-opus-4-5");           // 在会话中途更改模型
await q.setMaxThinkingTokens(4096);            // 设置思考预算

// 内省
const models = await q.supportedModels();     // 列出可用模型
const commands = await q.supportedCommands(); // 列出可用命令
const account = await q.accountInfo();        // 获取账户详情

// MCP 状态
const status = await q.mcpServerStatus();     // 检查 MCP 服务器状态
// 返回: { [serverName]: { status: 'connected' | 'failed', error?: string } }

// 文件操作 (需要 enableFileCheckpointing)
await q.rewindFiles(userMessageUuid);         // 回滚到检查点

根据任务复杂性动态切换模型
监控 MCP 服务器健康状态
为推理任务调整思考预算

消息类型与流式处理

system - 会话初始化/完成 (包含 session_id)
assistant - 代理响应
tool_call - 工具执行请求
tool_result - 工具执行结果
error - 错误消息
result - 最终结果 (v0.1.45+ 包含 structured_output)

流式处理模式:

for await (const message of response) {
  if (message.type === 'system' && message.subtype === 'init') {
    sessionId = message.session_id;  // 捕获供恢复/分叉使用
  }
  if (message.type === 'result' && message.structured_output) {
    // 结构化输出可用 (v0.1.45+)
    const validated = schema.parse(message.structured_output);
  }
}

错误代码	原因	解决方案
`CLI_NOT_FOUND`	Claude Code 未安装	安装: `npm install -g @anthropic-ai/claude-code`
`AUTHENTICATION_FAILED`	API 密钥无效	检查 ANTHROPIC_API_KEY 环境变量
`RATE_LIMIT_EXCEEDED`	请求过多	实现带退避的重试机制
`CONTEXT_LENGTH_EXCEEDED`	提示过长	使用会话压缩，减少上下文
`PERMISSION_DENIED`	工具被阻止	检查 permissionMode、canUseTool
`TOOL_EXECUTION_FAILED`	工具错误	检查工具实现
`SESSION_NOT_FOUND`	会话 ID 无效	验证会话 ID
`MCP_SERVER_FAILED`	服务器错误	检查服务器配置

此技能预防 14 个已记录的问题:

问题 #1: CLI 未找到错误

错误 : "Claude Code CLI not installed" 来源 : SDK 需要 Claude Code CLI 发生原因 : CLI 未全局安装预防 : 使用 SDK 前安装: npm install -g @anthropic-ai/claude-code

问题 #2: 身份验证失败

错误 : "Invalid API key" 来源 : 缺少或错误的 ANTHROPIC_API_KEY 发生原因 : 环境变量未设置预防 : 始终设置 export ANTHROPIC_API_KEY="sk-ant-..."

问题 #3: 权限被拒绝错误

错误 : 工具执行被阻止来源 : permissionMode 限制 发生原因 : 工具未被权限允许预防 : 使用 allowedTools 或自定义 canUseTool 回调

问题 #4: 上下文长度超出 (会话破坏性)

错误 : "Prompt too long" 来源 : 输入超出模型上下文窗口 (问题 #138) 发生原因 : 大型代码库、长对话

⚠️ 关键行为 : 一旦会话达到上下文限制:

对该会话的所有后续请求都返回 "Prompt too long"
/compact 命令因相同错误而失败
会话永久损坏，必须放弃

// 1. 主动会话分叉 (在达到限制前创建检查点)
const checkpoint = query({
  prompt: "Checkpoint current state",
  options: {
    resume: sessionId,
    forkSession: true  // 在达到限制前创建分支
  }
});

// 2. 监控时间并主动轮换会话
const MAX_SESSION_TIME = 80 * 60 * 1000;  // 80 分钟 (在 90 分钟崩溃前)
let sessionStartTime = Date.now();

function shouldRotateSession() {
  return Date.now() - sessionStartTime > MAX_SESSION_TIME;
}

// 3. 在达到上下文限制前启动新会话
if (shouldRotateSession()) {
  const summary = await getSummary(currentSession);
  const newSession = query({
    prompt: `Continue with context: ${summary}`
  });
  sessionStartTime = Date.now();
}

注意 : SDK 会自动压缩，但如果达到限制，会话将无法恢复

问题 #5: 工具执行超时

错误 : 工具无响应来源 : 长时间运行的工具执行 发生原因 : 工具运行时间过长 (>5 分钟默认值) 预防 : 在工具实现中实现超时处理

问题 #6: 会话未找到

错误 : "Invalid session ID" 来源 : 会话过期或无效 发生原因 : 会话 ID 不正确或太旧预防 : 从 system 初始化消息中捕获 session_id

问题 #7: MCP 服务器连接失败

错误 : 服务器无响应来源 : 服务器未运行或配置错误 发生原因 : 命令/URL 不正确，服务器崩溃预防 : 独立测试 MCP 服务器，验证命令/URL

问题 #8: 子代理定义错误

错误 : 无效的 AgentDefinition 来源 : 缺少必需字段 发生原因 : 缺少 description 或 prompt 预防 : 始终包含 description 和 prompt 字段

问题 #9: 设置文件未找到

错误 : "Cannot read settings" 来源 : 设置文件不存在 发生原因 : settingSources 包含不存在的文件预防 : 在包含到源中之前检查文件是否存在

问题 #10: 工具名称冲突

错误 : 重复的工具名称来源 : 多个工具使用相同名称 发生原因 : 两个 MCP 服务器定义了相同的工具名称预防 : 使用唯一的工具名称，用服务器名称作为前缀

问题 #11: Zod 模式验证错误

错误 : 无效的工具输入来源 : 输入不匹配 Zod 模式 发生原因 : 代理提供了错误的数据类型预防 : 使用带有 .describe() 的描述性 Zod 模式

问题 #12: 文件系统权限被拒绝

错误 : 无法访问路径来源 : 受限的文件系统访问 发生原因 : 路径在 workingDirectory 之外或无权限预防 : 设置正确的 workingDirectory，检查文件权限

问题 #13: MCP 服务器配置缺少 `type` 字段

错误 : "Claude Code process exited with code 1" (隐晦，无上下文) 来源 : GitHub 问题 #131 发生原因 : 基于 URL 的 MCP 服务器需要显式的 type: "http" 或 type: "sse" 字段预防 : 对于基于 URL 的 MCP 服务器始终指定传输类型

// ❌ 错误 - 缺少 type 字段 (导致隐晦的退出代码 1)
mcpServers: {
  "my-server": {
    url: "https://api.example.com/mcp"
  }
}

// ✅ 正确 - 基于 URL 的服务器需要 type 字段
mcpServers: {
  "my-server": {
    url: "https://api.example.com/mcp",
    type: "http"  // 或用于 Server-Sent Events 的 "sse"
  }
}

诊断线索 : 如果你看到 "process exited with code 1" 且没有其他上下文，请检查你的 MCP 服务器配置是否缺少 type 字段。

问题 #14: 包含 Unicode 行分隔符的 MCP 工具结果

错误 : JSON 解析错误，代理挂起来源 : GitHub 问题 #137 发生原因 : Unicode U+2028 (行分隔符) 和 U+2029 (段落分隔符) 在 JSON 中有效，但会破坏 JavaScript 解析预防 : 在 MCP 工具结果中转义这些字符

// MCP 工具处理器 - 清理外部数据
tool("fetch_content", "Fetch text content", {}, async (args) => {
  const content = await fetchExternalData();

  // ✅ 清理 Unicode 行/段落分隔符
  const sanitized = content
    .replace(/\u2028/g, '\\u2028')
    .replace(/\u2029/g, '\\u2029');

  return {
    content: [{ type: "text", text: sanitized }]
  };
});

何时重要 : 可能包含这些字符的外部数据源 (API、网络抓取、用户输入)

无技能 : ~15,000 令牌 (MCP 设置、权限模式、会话 API、沙盒配置、钩子、结构化输出、错误处理)
有技能 : ~4,500 令牌 (全面的 v0.2.12 覆盖 + 错误预防 + 高级模式)
节省 : ~70% (~10,500 令牌)

预防的错误 : 14 个已记录问题及其确切解决方案 (包括 2 个社区发现的陷阱) 关键价值 : V2 会话 API、沙盒设置、文件检查点、查询方法、AskUserQuestion 工具、结构化输出 (v0.1.45+)、会话分叉、canUseTool 模式、完整的钩子系统 (12 个事件)、Zod v4 支持、子代理清理模式

最后验证 : 2026-01-20 | 技能版本 : 3.1.0 | 变更 : 添加了问题 #13 (MCP type 字段)、问题 #14 (Unicode U+2028/U+2029)、扩展了问题 #4 (会话破坏性)、添加了带有 Stop 钩子模式的子代理清理警告

🇺🇸English

Claude Agent SDK - Structured Outputs & Error Prevention Guide

Package : @anthropic-ai/claude-agent-sdk@0.2.12 Breaking Changes : v0.1.45 - Structured outputs (Nov 2025), v0.1.0 - No default system prompt, settingSources required

What's New in v0.1.45+ (Nov 2025)

Major Features:

1. Structured Outputs (v0.1.45, Nov 14, 2025)

JSON schema validation - Guarantees responses match exact schemas
outputFormat parameter - Define output structure with JSON schema or Zod
Access validated results - Via message.structured_output
Beta header required : structured-outputs-2025-11-13
Type safety - Full TypeScript inference with Zod schemas

Example:

import { query } from "@anthropic-ai/claude-agent-sdk";
import { z } from "zod";
import { zodToJsonSchema } from "zod-to-json-schema";

const schema = z.object({
  summary: z.string(),
  sentiment: z.enum(['positive', 'neutral', 'negative']),
  confidence: z.number().min(0).max(1)
});

const response = query({
  prompt: "Analyze this code review feedback",
  options: {
    model: "claude-sonnet-4-5",
    outputFormat: {
      type: "json_schema",
      json_schema: {
        name: "AnalysisResult",
        strict: true,
        schema: zodToJsonSchema(schema)
      }
    }
  }
});

for await (const message of response) {
  if (message.type === 'result' && message.structured_output) {
    // Guaranteed to match schema
    const validated = schema.parse(message.structured_output);
    console.log(`Sentiment: ${validated.sentiment}`);
  }
}

Zod Compatibility (v0.1.71+): SDK supports both Zod v3.24.1+ and Zod v4.0.0+ as peer dependencies. Import remains import { z } from "zod" for either version.

2. Plugins System (v0.1.27)

plugins array - Load local plugin paths
Custom plugin support - Extend agent capabilities

3. Hooks System (v0.1.0+)

All 12 Hook Events:

Hook	When Fired	Use Case
`PreToolUse`	Before tool execution	Validate, modify, or block tool calls
`PostToolUse`	After tool execution	Log results, trigger side effects
`Notification`	Agent notifications	Display status updates
`UserPromptSubmit`	User prompt received	Pre-process or validate input
`SubagentStart`	Subagent spawned

Hook Configuration:

const response = query({
  prompt: "...",
  options: {
    hooks: {
      PreToolUse: async (input) => {
        console.log(`Tool: ${input.toolName}`);
        return { allow: true };  // or { allow: false, message: "..." }
      },
      PostToolUse: async (input) => {
        await logToolUsage(input.toolName, input.result);
      }
    }
  }
});

4. Additional Options

fallbackModel - Automatic model fallback on failures
maxThinkingTokens - Control extended thinking budget
strictMcpConfig - Strict MCP configuration validation
continue - Resume with new prompt (differs from resume)
permissionMode: 'plan' - New permission mode for planning workflows

📚 Docs : https://platform.claude.com/docs/en/agent-sdk/structured-outputs

The Complete Claude Agent SDK Reference

Core Query API
Tool Integration
MCP Servers
Subagent Orchestration
Session Management
Permission Control
Sandbox Settings
File Checkpointing
Filesystem Settings
Query Object Methods
Message Types & Streaming
Error Handling
Known Issues

Core Query API

Key signature:

query(prompt: string | AsyncIterable<SDKUserMessage>, options?: Options)
  -> AsyncGenerator<SDKMessage>

Critical Options:

outputFormat - Structured JSON schema validation (v0.1.45+)
settingSources - Filesystem settings loading ('user'|'project'|'local')
canUseTool - Custom permission logic callback
agents - Programmatic subagent definitions
mcpServers - MCP server configuration
permissionMode - 'default'|'acceptEdits'|'bypassPermissions'|'plan'
betas - Enable beta features (e.g., 1M context window)
sandbox - Sandbox settings for secure execution
enableFileCheckpointing - Enable file state snapshots

Extended Context (1M Tokens)

Enable 1 million token context window:

const response = query({
  prompt: "Analyze this large codebase",
  options: {
    betas: ['context-1m-2025-08-07'],  // Enable 1M context
    model: "claude-sonnet-4-5"
  }
});

System Prompt Configuration

Two forms of systemPrompt:

// 1. Simple string
systemPrompt: "You are a helpful coding assistant."

// 2. Preset with optional append (preserves Claude Code defaults)
systemPrompt: {
  type: 'preset',
  preset: 'claude_code',
  append: "\n\nAdditional context: Focus on security."
}

Use preset form when you want Claude Code's default behaviors plus custom additions.

Tool Integration (Built-in + Custom)

Tool Control:

allowedTools - Whitelist (takes precedence)
disallowedTools - Blacklist
canUseTool - Custom permission callback (see Permission Control section)

Built-in Tools: Read, Write, Edit, Bash, Grep, Glob, WebSearch, WebFetch, Task, NotebookEdit, BashOutput, KillBash, ListMcpResources, ReadMcpResource, AskUserQuestion

AskUserQuestion Tool (v0.1.71+)

Enable user interaction during agent execution:

const response = query({
  prompt: "Review and refactor the codebase",
  options: {
    allowedTools: ["Read", "Write", "Edit", "AskUserQuestion"]
  }
});

// Agent can now ask clarifying questions
// Questions appear in message stream as tool_call with name "AskUserQuestion"

Use cases:

Clarify ambiguous requirements mid-task
Get user approval before destructive operations
Present options and get selection

Tools Configuration (v0.1.57+)

Three forms of tool configuration:

// 1. Exact allowlist (string array)
tools: ["Read", "Write", "Grep"]

// 2. Disable all tools (empty array)
tools: []

// 3. Preset with defaults (object form)
tools: { type: 'preset', preset: 'claude_code' }

Note: allowedTools and disallowedTools still work but tools provides more flexibility.

MCP Servers (Model Context Protocol)

Server Types:

In-process - createSdkMcpServer() with tool() definitions
External - stdio, HTTP, SSE transport

Tool Definition:

tool(name: string, description: string, zodSchema, handler)

Handler Return:

{ content: [{ type: "text", text: "..." }], isError?: boolean }

External MCP Servers (stdio)

const response = query({
  prompt: "List files and analyze Git history",
  options: {
    mcpServers: {
      // Filesystem server
      "filesystem": {
        command: "npx",
        args: ["@modelcontextprotocol/server-filesystem"],
        env: {
          ALLOWED_PATHS: "/Users/developer/projects:/tmp"
        }
      },
      // Git operations server
      "git": {
        command: "npx",
        args: ["@modelcontextprotocol/server-git"],
        env: {
          GIT_REPO_PATH: "/Users/developer/projects/my-repo"
        }
      }
    },
    allowedTools: [
      "mcp__filesystem__list_files",
      "mcp__filesystem__read_file",
      "mcp__git__log",
      "mcp__git__diff"
    ]
  }
});

External MCP Servers (HTTP/SSE)

const response = query({
  prompt: "Analyze data from remote service",
  options: {
    mcpServers: {
      "remote-service": {
        url: "https://api.example.com/mcp",
        headers: {
          "Authorization": "Bearer your-token-here",
          "Content-Type": "application/json"
        }
      }
    },
    allowedTools: ["mcp__remote-service__analyze"]
  }
});

MCP Tool Naming Convention

Format : mcp__<server-name>__<tool-name>

CRITICAL:

Server name and tool name MUST match configuration
Use double underscores (__) as separators
Include in allowedTools array

Examples: mcp__weather-service__get_weather, mcp__filesystem__read_file

Subagent Orchestration

AgentDefinition Type

type AgentDefinition = {
  description: string;        // When to use this agent
  prompt: string;             // System prompt for agent
  tools?: string[];           // Allowed tools (optional)
  model?: 'sonnet' | 'opus' | 'haiku' | 'inherit';  // Model (optional)
  skills?: string[];          // Skills to load (v0.2.10+)
  maxTurns?: number;          // Maximum turns before stopping (v0.2.10+)
}

Field Details:

description : When to use agent (used by main agent for delegation)
prompt : System prompt (defines role, inherits main context)
tools : Allowed tools (if omitted, inherits from main agent)
model : Model override (haiku/sonnet/opus/inherit)
skills : Skills to load for agent (v0.2.10+)
maxTurns : Limit agent to N turns before returning control (v0.2.10+)

Usage:

agents: {
  "security-checker": {
    description: "Security audits and vulnerability scanning",
    prompt: "You check security. Scan for secrets, verify OWASP compliance.",
    tools: ["Read", "Grep", "Bash"],
    model: "sonnet",
    skills: ["security-best-practices"],  // Load specific skills
    maxTurns: 10  // Limit to 10 turns
  }
}

⚠️ Subagent Cleanup Warning

Known Issue : Subagents don't stop when parent agent stops (Issue #132)

When a parent agent is stopped (via cancellation or error), spawned subagents continue running as orphaned processes. This can lead to:

Resource leaks
Continued tool execution after parent stopped
RAM out-of-memory in recursive scenarios (Claude Code Issue #4850)

Workaround : Implement cleanup in Stop hooks:

const response = query({
  prompt: "Deploy to production",
  options: {
    agents: {
      "deployer": {
        description: "Handle deployments",
        prompt: "Deploy the application",
        tools: ["Bash"]
      }
    },
    hooks: {
      Stop: async (input) => {
        // Manual cleanup of spawned processes
        console.log("Parent stopped - cleaning up subagents");
        // Implement process tracking and termination
      }
    }
  }
});

Enhancement Tracking : Issue #142 proposes auto-termination

Session Management

Options:

resume: sessionId - Continue previous session
forkSession: true - Create new branch from session
continue: prompt - Resume with new prompt (differs from resume)

Session Forking Pattern (Unique Capability):

// Explore alternative without modifying original
const forked = query({
  prompt: "Try GraphQL instead of REST",
  options: {
    resume: sessionId,
    forkSession: true  // Creates new branch, original session unchanged
  }
});

Capture Session ID:

for await (const message of response) {
  if (message.type === 'system' && message.subtype === 'init') {
    sessionId = message.session_id;  // Save for later resume/fork
  }
}

V2 Session APIs (Preview - v0.1.54+)

Simpler multi-turn conversation pattern:

import {
  unstable_v2_createSession,
  unstable_v2_resumeSession,
  unstable_v2_prompt
} from "@anthropic-ai/claude-agent-sdk";

// Create a new session
const session = await unstable_v2_createSession({
  model: "claude-sonnet-4-5",
  workingDirectory: process.cwd(),
  allowedTools: ["Read", "Grep", "Glob"]
});

// Send prompts and stream responses
const stream = unstable_v2_prompt(session, "Analyze the codebase structure");
for await (const message of stream) {
  console.log(message);
}

// Continue conversation in same session
const stream2 = unstable_v2_prompt(session, "Now suggest improvements");
for await (const message of stream2) {
  console.log(message);
}

// Resume a previous session
const resumedSession = await unstable_v2_resumeSession(session.sessionId);

Note: V2 APIs are in preview (unstable_ prefix). The .receive() method was renamed to .stream() in v0.1.72.

Permission Control

Permission Modes:

type PermissionMode = "default" | "acceptEdits" | "bypassPermissions" | "plan";

default - Standard permission checks
acceptEdits - Auto-approve file edits
bypassPermissions - Skip ALL checks (use in CI/CD only)
plan - Planning mode (v0.1.45+)

Custom Permission Logic

const response = query({
  prompt: "Deploy application to production",
  options: {
    permissionMode: "default",
    canUseTool: async (toolName, input) => {
      // Allow read-only operations
      if (['Read', 'Grep', 'Glob'].includes(toolName)) {
        return { behavior: "allow" };
      }

      // Deny destructive bash commands
      if (toolName === 'Bash') {
        const dangerous = ['rm -rf', 'dd if=', 'mkfs', '> /dev/'];
        if (dangerous.some(pattern => input.command.includes(pattern))) {
          return {
            behavior: "deny",
            message: "Destructive command blocked for safety"
          };
        }
      }

      // Require confirmation for deployments
      if (input.command?.includes('deploy') || input.command?.includes('kubectl apply')) {
        return {
          behavior: "ask",
          message: "Confirm deployment to production?"
        };
      }

      // Allow by default
      return { behavior: "allow" };
    }
  }
});

canUseTool Callback

type CanUseToolCallback = (
  toolName: string,
  input: any
) => Promise<PermissionDecision>;

type PermissionDecision =
  | { behavior: "allow" }
  | { behavior: "deny"; message?: string }
  | { behavior: "ask"; message?: string };

Examples:

// Block all file writes
canUseTool: async (toolName, input) => {
  if (toolName === 'Write' || toolName === 'Edit') {
    return { behavior: "deny", message: "No file modifications allowed" };
  }
  return { behavior: "allow" };
}

// Require confirmation for specific files
canUseTool: async (toolName, input) => {
  const sensitivePaths = ['/etc/', '/root/', '.env', 'credentials.json'];
  if ((toolName === 'Write' || toolName === 'Edit') &&
      sensitivePaths.some(path => input.file_path?.includes(path))) {
    return {
      behavior: "ask",
      message: `Modify sensitive file ${input.file_path}?`
    };
  }
  return { behavior: "allow" };
}

// Log all tool usage
canUseTool: async (toolName, input) => {
  console.log(`Tool requested: ${toolName}`, input);
  await logToDatabase(toolName, input);
  return { behavior: "allow" };
}

Sandbox Settings (Security-Critical)

Enable sandboxed execution for Bash commands:

const response = query({
  prompt: "Run system diagnostics",
  options: {
    sandbox: {
      enabled: true,
      autoAllowBashIfSandboxed: true,  // Auto-approve bash in sandbox
      excludedCommands: ["rm", "dd", "mkfs"],  // Never auto-approve these
      allowUnsandboxedCommands: false  // Deny unsandboxable commands
    }
  }
});

SandboxSettings Type

type SandboxSettings = {
  enabled: boolean;
  autoAllowBashIfSandboxed?: boolean;  // Default: false
  excludedCommands?: string[];
  allowUnsandboxedCommands?: boolean;  // Default: false
  network?: NetworkSandboxSettings;
  ignoreViolations?: SandboxIgnoreViolations;
};

type NetworkSandboxSettings = {
  enabled: boolean;
  proxyUrl?: string;  // HTTP proxy for network requests
};

Key Options:

enabled - Activate sandbox isolation
autoAllowBashIfSandboxed - Skip permission prompts for safe bash commands
excludedCommands - Commands that always require permission
allowUnsandboxedCommands - Allow commands that can't be sandboxed (risky)
network.proxyUrl - Route network through proxy for monitoring

Best Practice: Always use sandbox in production agents handling untrusted input.

File Checkpointing

Enable file state snapshots for rollback capability:

const response = query({
  prompt: "Refactor the authentication module",
  options: {
    enableFileCheckpointing: true  // Enable file snapshots
  }
});

// Later: rewind file changes to a specific point
for await (const message of response) {
  if (message.type === 'user' && message.uuid) {
    // Can rewind to this point later
    const userMessageUuid = message.uuid;

    // To rewind (call on Query object)
    await response.rewindFiles(userMessageUuid);
  }
}

Use cases:

Undo failed refactoring attempts
A/B test code changes
Safe exploration of alternatives

Filesystem Settings

Setting Sources:

type SettingSource = 'user' | 'project' | 'local';

user - ~/.claude/settings.json (global)
project - .claude/settings.json (team-shared)
local - .claude/settings.local.json (gitignored overrides)

Default: NO settings loaded (settingSources: [])

Settings Priority

When multiple sources loaded, settings merge in this order (highest priority first):

Programmatic options (passed to query()) - Always win
Local settings (.claude/settings.local.json)
Project settings (.claude/settings.json)
User settings (~/.claude/settings.json)

Example:

// .claude/settings.json
{
  "allowedTools": ["Read", "Write", "Edit"]
}

// .claude/settings.local.json
{
  "allowedTools": ["Read"]  // Overrides project settings
}

// Programmatic
const response = query({
  options: {
    settingSources: ["project", "local"],
    allowedTools: ["Read", "Grep"]  // ← This wins
  }
});

// Actual allowedTools: ["Read", "Grep"]

Best Practice: Use settingSources: ["project"] in CI/CD for consistent behavior.

Query Object Methods

The query() function returns a Query object with these methods:

const q = query({ prompt: "..." });

// Async iteration (primary usage)
for await (const message of q) { ... }

// Runtime model control
await q.setModel("claude-opus-4-5");           // Change model mid-session
await q.setMaxThinkingTokens(4096);            // Set thinking budget

// Introspection
const models = await q.supportedModels();     // List available models
const commands = await q.supportedCommands(); // List available commands
const account = await q.accountInfo();        // Get account details

// MCP status
const status = await q.mcpServerStatus();     // Check MCP server status
// Returns: { [serverName]: { status: 'connected' | 'failed', error?: string } }

// File operations (requires enableFileCheckpointing)
await q.rewindFiles(userMessageUuid);         // Rewind to checkpoint

Use cases:

Dynamic model switching based on task complexity
Monitoring MCP server health
Adjusting thinking budget for reasoning tasks

Message Types & Streaming

Message Types:

system - Session init/completion (includes session_id)
assistant - Agent responses
tool_call - Tool execution requests
tool_result - Tool execution results
error - Error messages
result - Final result (includes structured_output for v0.1.45+)

Streaming Pattern:

for await (const message of response) {
  if (message.type === 'system' && message.subtype === 'init') {
    sessionId = message.session_id;  // Capture for resume/fork
  }
  if (message.type === 'result' && message.structured_output) {
    // Structured output available (v0.1.45+)
    const validated = schema.parse(message.structured_output);
  }
}

Error Handling

Error Codes:

Error Code	Cause	Solution
`CLI_NOT_FOUND`	Claude Code not installed	Install: `npm install -g @anthropic-ai/claude-code`
`AUTHENTICATION_FAILED`	Invalid API key	Check ANTHROPIC_API_KEY env var
`RATE_LIMIT_EXCEEDED`	Too many requests	Implement retry with backoff
`CONTEXT_LENGTH_EXCEEDED`	Prompt too long	Use session compaction, reduce context

Known Issues Prevention

This skill prevents 14 documented issues:

Issue #1: CLI Not Found Error

Error : "Claude Code CLI not installed" Source : SDK requires Claude Code CLI Why It Happens : CLI not installed globally Prevention : Install before using SDK: npm install -g @anthropic-ai/claude-code

Issue #2: Authentication Failed

Error : "Invalid API key" Source : Missing or incorrect ANTHROPIC_API_KEY Why It Happens : Environment variable not set Prevention : Always set export ANTHROPIC_API_KEY="sk-ant-..."

Issue #3: Permission Denied Errors

Error : Tool execution blocked Source : permissionMode restrictions Why It Happens : Tool not allowed by permissions Prevention : Use allowedTools or custom canUseTool callback

Issue #4: Context Length Exceeded (Session-Breaking)

Error : "Prompt too long" Source : Input exceeds model context window (Issue #138) Why It Happens : Large codebase, long conversations

⚠️ Critical Behavior : Once a session hits context limit:

All subsequent requests to that session return "Prompt too long"
/compact command fails with same error
Session is permanently broken and must be abandoned

Prevention Strategies :

// 1. Proactive session forking (create checkpoints before hitting limit)
const checkpoint = query({
  prompt: "Checkpoint current state",
  options: {
    resume: sessionId,
    forkSession: true  // Create branch before hitting limit
  }
});

// 2. Monitor time and rotate sessions proactively
const MAX_SESSION_TIME = 80 * 60 * 1000;  // 80 minutes (before 90-min crash)
let sessionStartTime = Date.now();

function shouldRotateSession() {
  return Date.now() - sessionStartTime > MAX_SESSION_TIME;
}

// 3. Start new sessions before hitting context limits
if (shouldRotateSession()) {
  const summary = await getSummary(currentSession);
  const newSession = query({
    prompt: `Continue with context: ${summary}`
  });
  sessionStartTime = Date.now();
}

Note : SDK auto-compacts, but if limit is reached, session becomes unrecoverable

Issue #5: Tool Execution Timeout

Error : Tool doesn't respond Source : Long-running tool execution Why It Happens : Tool takes too long (>5 minutes default) Prevention : Implement timeout handling in tool implementations

Issue #6: Session Not Found

Error : "Invalid session ID" Source : Session expired or invalid Why It Happens : Session ID incorrect or too old Prevention : Capture session_id from system init message

Issue #7: MCP Server Connection Failed

Error : Server not responding Source : Server not running or misconfigured Why It Happens : Command/URL incorrect, server crashed Prevention : Test MCP server independently, verify command/URL

Issue #8: Subagent Definition Errors

Error : Invalid AgentDefinition Source : Missing required fields Why It Happens : description or prompt missing Prevention : Always include description and prompt fields

Issue #9: Settings File Not Found

Error : "Cannot read settings" Source : Settings file doesn't exist Why It Happens : settingSources includes non-existent file Prevention : Check file exists before including in sources

Issue #10: Tool Name Collision

Error : Duplicate tool name Source : Multiple tools with same name Why It Happens : Two MCP servers define same tool name Prevention : Use unique tool names, prefix with server name

Issue #11: Zod Schema Validation Error

Error : Invalid tool input Source : Input doesn't match Zod schema Why It Happens : Agent provided wrong data type Prevention : Use descriptive Zod schemas with .describe()

Issue #12: Filesystem Permission Denied

Error : Cannot access path Source : Restricted filesystem access Why It Happens : Path outside workingDirectory or no permissions Prevention : Set correct workingDirectory, check file permissions

Issue #13: MCP Server Config Missing `type` Field

Error : "Claude Code process exited with code 1" (cryptic, no context) Source : GitHub Issue #131 Why It Happens : URL-based MCP servers require explicit type: "http" or type: "sse" field Prevention : Always specify transport type for URL-based MCP servers

// ❌ Wrong - missing type field (causes cryptic exit code 1)
mcpServers: {
  "my-server": {
    url: "https://api.example.com/mcp"
  }
}

// ✅ Correct - type field required for URL-based servers
mcpServers: {
  "my-server": {
    url: "https://api.example.com/mcp",
    type: "http"  // or "sse" for Server-Sent Events
  }
}

Diagnostic Clue : If you see "process exited with code 1" with no other context, check your MCP server configuration for missing type fields.

Issue #14: MCP Tool Result with Unicode Line Separators

Error : JSON parse error, agent hangs Source : GitHub Issue #137 Why It Happens : Unicode U+2028 (line separator) and U+2029 (paragraph separator) are valid in JSON but break JavaScript parsing Prevention : Escape these characters in MCP tool results

// MCP tool handler - sanitize external data
tool("fetch_content", "Fetch text content", {}, async (args) => {
  const content = await fetchExternalData();

  // ✅ Sanitize Unicode line/paragraph separators
  const sanitized = content
    .replace(/\u2028/g, '\\u2028')
    .replace(/\u2029/g, '\\u2029');

  return {
    content: [{ type: "text", text: sanitized }]
  };
});

When This Matters : External data sources (APIs, web scraping, user input) that may contain these characters

Related : MCP Python SDK Issue #1356

Official Documentation

Agent SDK Overview : https://platform.claude.com/docs/en/api/agent-sdk/overview
TypeScript API : https://platform.claude.com/docs/en/api/agent-sdk/typescript
Structured Outputs : https://platform.claude.com/docs/en/agent-sdk/structured-outputs
GitHub (TypeScript) : https://github.com/anthropics/claude-agent-sdk-typescript
CHANGELOG : https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md

Token Efficiency :

Without skill : ~15,000 tokens (MCP setup, permission patterns, session APIs, sandbox config, hooks, structured outputs, error handling)
With skill : ~4,500 tokens (comprehensive v0.2.12 coverage + error prevention + advanced patterns)
Savings : ~70% (~10,500 tokens)

Errors prevented : 14 documented issues with exact solutions (including 2 community-sourced gotchas) Key value : V2 Session APIs, Sandbox Settings, File Checkpointing, Query methods, AskUserQuestion tool, structured outputs (v0.1.45+), session forking, canUseTool patterns, complete hooks system (12 events), Zod v4 support, subagent cleanup patterns

Last verified : 2026-01-20 | Skill version : 3.1.0 | Changes : Added Issue #13 (MCP type field), Issue #14 (Unicode U+2028/U+2029), expanded Issue #4 (session-breaking), added subagent cleanup warning with Stop hook pattern

Weekly Installs

415

Repository

jezweb/claude-skills

GitHub Stars

656

First Seen

Jan 20, 2026

Security Audits

Gen Agent Trust HubFail SocketPass SnykWarn

Installed on

claude-code363

opencode279

gemini-cli274

cursor257

codex247

antigravity236

agent-browser 浏览器自动化工具 - Vercel Labs 命令行网页操作与测试

138,300 周安装

systemPrompt - System prompt (string or preset object)

Claude Agent SDK 指南：结构化输出、插件与钩子系统 | Anthropic AI 开发工具

🇨🇳中文介绍

Claude Agent SDK - 结构化输出与错误预防指南

v0.1.45+ 版本新特性 (2025年11月)

1. 结构化输出 (v0.1.45, 2025年11月14日)

相关 Skills

2. 插件系统 (v0.1.27)

3. 钩子系统 (v0.1.0+)

4. 其他选项

Claude Agent SDK 完整参考指南

目录

核心查询 API

扩展上下文 (1M 令牌)

系统提示配置

工具集成 (内置 + 自定义)

AskUserQuestion 工具 (v0.1.71+)

工具配置 (v0.1.57+)

MCP 服务器 (模型上下文协议)

外部 MCP 服务器 (stdio)

外部 MCP 服务器 (HTTP/SSE)

MCP 工具命名约定

子代理编排

AgentDefinition 类型

⚠️ 子代理清理警告

会话管理

V2 会话 API (预览版 - v0.1.54+)

权限控制

自定义权限逻辑

canUseTool 回调

沙盒设置 (安全关键)

SandboxSettings 类型

文件检查点

文件系统设置

设置优先级

查询对象方法

消息类型与流式处理

错误处理

已知问题预防

问题 #1: CLI 未找到错误

问题 #2: 身份验证失败

问题 #3: 权限被拒绝错误

问题 #4: 上下文长度超出 (会话破坏性)

问题 #5: 工具执行超时

问题 #6: 会话未找到

问题 #7: MCP 服务器连接失败

问题 #8: 子代理定义错误

问题 #9: 设置文件未找到

问题 #10: 工具名称冲突

问题 #11: Zod 模式验证错误

问题 #12: 文件系统权限被拒绝

问题 #13: MCP 服务器配置缺少 type 字段

问题 #14: 包含 Unicode 行分隔符的 MCP 工具结果

官方文档

🇺🇸English

Claude Agent SDK - Structured Outputs & Error Prevention Guide

What's New in v0.1.45+ (Nov 2025)

1. Structured Outputs (v0.1.45, Nov 14, 2025)

2. Plugins System (v0.1.27)

3. Hooks System (v0.1.0+)

4. Additional Options

The Complete Claude Agent SDK Reference

Table of Contents

Core Query API

Extended Context (1M Tokens)

System Prompt Configuration

Tool Integration (Built-in + Custom)

AskUserQuestion Tool (v0.1.71+)

Tools Configuration (v0.1.57+)

MCP Servers (Model Context Protocol)

External MCP Servers (stdio)

External MCP Servers (HTTP/SSE)

MCP Tool Naming Convention

Subagent Orchestration

AgentDefinition Type

⚠️ Subagent Cleanup Warning

Session Management

V2 Session APIs (Preview - v0.1.54+)

Permission Control

Custom Permission Logic

canUseTool Callback

问题 #13: MCP 服务器配置缺少 `type` 字段

Issue #13: MCP Server Config Missing `type` Field