fix(windows): resolve real claude.exe so SDK skips broken fallback

George-iam · claude · George-iam · commit 9af6fec6fb3c · 2026-04-29T11:08:21.000Z
In our standalone CJS bundle (what install.ps1 deploys), esbuild emits 'var import_meta = {};' because CJS has no native import.meta. The Agent SDK fallback at sdk.mjs:63 then crashes with fileURLToPath(undefined) when pathToClaudeCodeExecutable is omitted - which was the case on Windows since claudePathForSdk() returned undefined to dodge CVE-2024- 27980 spawn EINVAL on .cmd shims. Fix: on Windows, derive the real claude.exe from npm's claude.cmd shim location (<dir>\node_modules\@Anthropic-AI\claude-code\bin\ claude.exe) and pass that to the SDK. .exe is unaffected by CVE-2024- 27980 (only .cmd/.bat trigger spawn EINVAL), and bypassing the SDK broken fallback means the import.meta.url stub doesn't matter. claudePathForSdk() simplified to findClaudePath() - uniform across Linux/macOS/Windows, no platform special-case (D-136). Verified Azure Win11 Pro 24H2 native (Standard_D2s_v5, Node 20.20.2, Claude Code 2.1.123, standalone bundle deployed exactly as install.ps1 would): - axme-code setup --force real OAuth: 10 LLM + 13 presets = 23 decisions, 0.59 USD, 117s, zero errors (was 0 LLM + 13 presets + 4x fileURLToPath TypeError before fix) - claude --print --dangerously-skip-permissions with Write tool: notes.md created, PreToolUse + PostToolUse + SessionEnd all fired - Detached audit worker: session_end -> check_result PASS -> audit_complete (0.137 USD) Linux: npm test 511/511 pass, no regression. Prior 2026-04-17 'Windows verified' actually tested via dist/+ node_modules path (SDK loaded as ESM from disk so import.meta.url was defined and the SDK fallback worked). The standalone bundle path - what install.ps1 actually deploys - was never E2E-tested on Windows before today because v0.2.9 had no Windows binaries. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/src/utils/agent-options.ts b/src/utils/agent-options.ts
@@ -4,7 +4,7 @@
 
 import { execSync } from "node:child_process";
 import { existsSync, readdirSync } from "node:fs";
-import { join } from "node:path";
+import { dirname, join } from "node:path";
 import { homedir } from "node:os";
 import { resolveAuthMode } from "./auth-config.js";
 
@@ -21,7 +21,11 @@ type Options = import("@anthropic-ai/claude-agent-sdk").Options;
  * Resolution order (B-009 — first match wins):
  *   1. `AXME_CLAUDE_EXECUTABLE` env var — explicit override for CI / unusual installs
  *   2. `CLAUDE_CODE_ENTRYPOINT` env var — set by Claude Code itself in some contexts
- *   3. `which claude` — standard PATH lookup (works on most dev machines)
+ *   3. `which`/`where.exe` PATH lookup. On Windows the npm shim is
+ *      `claude.cmd`, but spawn() of .cmd hits CVE-2024-27980 EINVAL — so we
+ *      derive the real `claude.exe` underneath
+ *      `<npm-prefix>/node_modules/@anthropic-ai/claude-code/bin/claude.exe`
+ *      and return that instead.
  *   4. Standard install locations (no PATH dependency):
  *      - ~/.local/bin/claude
  *      - /usr/local/bin/claude
@@ -56,19 +60,40 @@ export function findClaudePath(): string | undefined {
     const lookup = process.platform === "win32" ? "where.exe claude" : "which claude";
     const p = execSync(lookup, { encoding: "utf-8", timeout: 5000, stdio: ["ignore", "pipe", "ignore"] }).trim();
     const lines = p.split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
-    // On Windows, `where.exe claude` returns every matching entry including
-    // the bare-name shebang file that npm ships for Unix compatibility
-    // (e.g. C:\node\claude with no extension). cmd.exe / the Agent SDK
-    // cannot execute such files — they need .cmd/.exe/.bat/.ps1. Pick the
-    // first Windows-executable from the list; fall back to the first entry
-    // only if nothing else matches (unlikely but keeps behaviour defined).
-    const preferred = process.platform === "win32"
-      ? lines.find((r) => /\.(cmd|exe|bat|ps1)$/i.test(r))
-      : undefined;
-    const first = preferred ?? lines[0];
-    if (first && existsSync(first)) {
-      _claudePath = first;
-      return _claudePath;
+    if (process.platform === "win32") {
+      // npm's claude.cmd is a shim that ultimately invokes the real
+      // claude.exe under <npm-prefix>/node_modules/@anthropic-ai/claude-code/
+      // bin/claude.exe. The Agent SDK can spawn .exe directly (no
+      // CVE-2024-27980 EINVAL like .cmd/.bat) AND avoids the SDK's own
+      // import.meta.url-based fallback which crashes inside our esbuild
+      // bundle (fileURLToPath(undefined)). Always prefer the .exe.
+      const cmd = lines.find((r) => /\\claude\.cmd$/i.test(r));
+      if (cmd) {
+        const exeCandidate = join(
+          dirname(cmd),
+          "node_modules", "@anthropic-ai", "claude-code", "bin", "claude.exe",
+        );
+        if (existsSync(exeCandidate)) {
+          _claudePath = exeCandidate;
+          return _claudePath;
+        }
+      }
+      // Fallback: any .exe directly in the where.exe output (rare on npm
+      // installs but possible for custom layouts).
+      const directExe = lines.find((r) => /\.exe$/i.test(r) && existsSync(r));
+      if (directExe) {
+        _claudePath = directExe;
+        return _claudePath;
+      }
+      // Last resort on Windows: bare name / .ps1 / .cmd. SDK will likely
+      // fail on these (.cmd → spawn EINVAL, bare → not executable by
+      // cmd.exe), so caller's deterministic fallback kicks in.
+    } else {
+      const first = lines[0];
+      if (first && existsSync(first)) {
+        _claudePath = first;
+        return _claudePath;
+      }
     }
   } catch { /* not in PATH — continue to standard locations */ }
 
@@ -113,20 +138,14 @@ export function _resetFindClaudePath(): void {
 /**
  * Value to pass as the SDK's `pathToClaudeCodeExecutable` option.
  *
- * On POSIX this is the same as findClaudePath() — the SDK needs the concrete
- * path because its own `require.resolve("./cli.js")` fallback can hit
- * `fileURLToPath(undefined)` inside CJS bundles (B-006 / D-121).
- *
- * On Windows we return undefined, deliberately. The SDK's fallback in its own
- * bundled cli.js path works correctly there; meanwhile passing our PATH-
- * resolved `claude.cmd` triggers `spawn EINVAL` on every call because Node's
- * child_process.spawn refuses .cmd/.bat without `shell: true` since CVE-
- * 2024-27980, and the SDK does not set shell:true. Every site that constructs
- * queryOpts and calls `sdk.query()` MUST use this helper, not findClaudePath
- * directly, otherwise scanners/auditor/extractor all break on Windows.
+ * Always equal to findClaudePath() — the SDK needs an explicit path because
+ * its own `fileURLToPath(import.meta.url)` fallback crashes inside our
+ * esbuild bundle (import.meta.url is undefined there). On Windows
+ * findClaudePath() now resolves the `.cmd` shim back to the real `.exe`
+ * (CVE-2024-27980 only affected .cmd/.bat — passing .exe to spawn is safe).
  */
 export function claudePathForSdk(): string | undefined {
-  return process.platform === "win32" ? undefined : findClaudePath();
+  return findClaudePath();
 }
 
 export type AgentRole = "scanner" | "tester" | "reviewer" | "engineer" | "architect" | "auditor";
@@ -195,7 +214,6 @@ export function buildAgentQueryOptions(base: {
 }, role: AgentRole): Options {
   const tools = ROLE_TOOLS[role];
 
-  // See claudePathForSdk() docstring for why this isn't just findClaudePath().
   const claudePath = claudePathForSdk();
 
   return {
