feat(windows): claudePathForSdk helper — unblocks LLM scanners + auditor

Full Windows E2E was blocked by Agent SDK `spawn EINVAL` on every
sdk.query() call. Root cause: our findClaudePath resolves to
`C:\...\claude.cmd` on Windows, we pass that as
`pathToClaudeCodeExecutable`, and Node's child_process.spawn refuses
to run .cmd/.bat without `shell: true` since CVE-2024-27980 (Node
20.12+). The SDK does not set shell:true, so every spawn throws
before the user's auth is even checked.

Fix: new `claudePathForSdk()` helper in utils/agent-options.ts that
returns undefined on win32 (lets the SDK fall back to its own bundled
cli.js which it spawns correctly) and the concrete path on POSIX
(where the CJS bundle fileURLToPath(undefined) crash from B-006 /
D-121 still matters). All three manual queryOpts sites migrated:
- src/agents/session-auditor.ts (2 queryOpts blocks)
- src/agents/memory-extractor.ts (1 queryOpts block)
- src/utils/agent-options.ts::buildAgentQueryOptions (was inline)

Regression test test/agent-sdk-paths.test.ts updated to accept either
`claudePathForSdk` or `findClaudePath` as the auth-safe import.

Also bumped @anthropic-ai/claude-agent-sdk ^0.2.84 → ^0.2.112 in the
same pass (latest) — no behavior change from our side, but aligns
with the version installed during Windows testing.

Verified on Azure Win11 Pro 24H2 (Standard_D2s_v5, native Node
20.20.2, Claude Code 2.1.112 from npm install -g):

- axme-code setup --force real OAuth: 26 LLM decisions + 13 presets
  = 39, $0.97, 211s, zero errors (was 0 LLM + 13 presets + 3x
  spawn EINVAL warnings before fix)
- claude --print with Bash+Read tools: 22s, substantive answer
  identical to Linux baseline
- PreToolUse + PostToolUse + SessionEnd hooks all fire
- Detached audit worker: session_end → check_result PASS →
  audit_complete ($0.14), auditRan: true (was false before fix)

Linux: npm test 511/511 pass, no regression.

Author: George-iam

package-lock.json

@@ -18,7 +18,7 @@
     "node": ">=20"
   },
   "dependencies": {
-    "@anthropic-ai/claude-agent-sdk": "^0.2.84",
+    "@anthropic-ai/claude-agent-sdk": "^0.2.112",
     "@modelcontextprotocol/sdk": "^1.29.0",
     "js-yaml": "^4.1.0"
   },
@@ -34,8 +34,19 @@
     "url": "https://github.com/AxmeAI/axme-code.git"
   },
   "license": "MIT",
-  "keywords": ["mcp", "claude-code", "ai-agent", "developer-tools"],
-  "files": ["dist", "templates", ".claude-plugin", "README.md", "LICENSE"],
+  "keywords": [
+    "mcp",
+    "claude-code",
+    "ai-agent",
+    "developer-tools"
+  ],
+  "files": [
+    "dist",
+    "templates",
+    ".claude-plugin",
+    "README.md",
+    "LICENSE"
+  ],
   "overrides": {
     "@anthropic-ai/sdk": ">=0.81.0"
   }

package.json

@@ -12,7 +12,7 @@
 import type { Memory } from "../types.js";
 import { extractCostFromResult, zeroCost, type CostInfo } from "../utils/cost-extractor.js";
 import { toMemorySlug } from "../storage/memory.js";
-import { buildAgentEnv, findClaudePath } from "../utils/agent-options.js";
+import { buildAgentEnv, claudePathForSdk } from "../utils/agent-options.js";
 
 export interface MemoryExtractionResult {
   memories: Memory[];
@@ -69,7 +69,7 @@ export async function runMemoryExtraction(opts: {
   const startTime = Date.now();
   const model = opts.model ?? "claude-haiku-4-5";
 
-  const claudePath = findClaudePath();
+  const claudePath = claudePathForSdk();
   const queryOpts = {
     cwd: opts.projectPath,
     model,

src/agents/memory-extractor.ts

@@ -21,7 +21,7 @@ import { basename, relative } from "node:path";
 import type { Memory, Decision, SessionHandoff, WorkspaceInfo } from "../types.js";
 import { DEFAULT_AUDITOR_MODEL } from "../types.js";
 import { extractCostFromResult, zeroCost, type CostInfo } from "../utils/cost-extractor.js";
-import { buildAgentEnv, findClaudePath } from "../utils/agent-options.js";
+import { buildAgentEnv, claudePathForSdk } from "../utils/agent-options.js";
 import { toMemorySlug } from "../storage/memory.js";
 import { toSlug, listDecisions } from "../storage/decisions.js";
 import { listMemories } from "../storage/memory.js";
@@ -625,7 +625,7 @@ async function runSingleAuditCall(opts: {
 }> {
   const sdk = await import("@anthropic-ai/claude-agent-sdk");
 
-  const claudePath = findClaudePath();
+  const claudePath = claudePathForSdk();
   const queryOpts = {
     cwd: opts.sessionOrigin,
     model: opts.model,
@@ -886,7 +886,7 @@ JSON SCHEMA:
 ANALYSIS TO FORMAT:
 ${freeTextAnalysis}`;
 
-  const claudePath = findClaudePath();
+  const claudePath = claudePathForSdk();
   const queryOpts = {
     cwd: sessionOrigin,
     model,

src/agents/session-auditor.ts

@@ -110,6 +110,25 @@ export function _resetFindClaudePath(): void {
   _claudePath = undefined;
 }
 
+/**
+ * Value to pass as the SDK's `pathToClaudeCodeExecutable` option.
+ *
+ * On POSIX this is the same as findClaudePath() — the SDK needs the concrete
+ * path because its own `require.resolve("./cli.js")` fallback can hit
+ * `fileURLToPath(undefined)` inside CJS bundles (B-006 / D-121).
+ *
+ * On Windows we return undefined, deliberately. The SDK's fallback in its own
+ * bundled cli.js path works correctly there; meanwhile passing our PATH-
+ * resolved `claude.cmd` triggers `spawn EINVAL` on every call because Node's
+ * child_process.spawn refuses .cmd/.bat without `shell: true` since CVE-
+ * 2024-27980, and the SDK does not set shell:true. Every site that constructs
+ * queryOpts and calls `sdk.query()` MUST use this helper, not findClaudePath
+ * directly, otherwise scanners/auditor/extractor all break on Windows.
+ */
+export function claudePathForSdk(): string | undefined {
+  return process.platform === "win32" ? undefined : findClaudePath();
+}
+
 export type AgentRole = "scanner" | "tester" | "reviewer" | "engineer" | "architect" | "auditor";
 
 const ROLE_TOOLS: Record<AgentRole, { allowed: string[]; disallowed: string[] }> = {
@@ -176,7 +195,8 @@ export function buildAgentQueryOptions(base: {
 }, role: AgentRole): Options {
   const tools = ROLE_TOOLS[role];
 
-  const claudePath = findClaudePath();
+  // See claudePathForSdk() docstring for why this isn't just findClaudePath().
+  const claudePath = claudePathForSdk();
 
   return {
     cwd: base.cwd,

src/utils/agent-options.ts

@@ -36,7 +36,7 @@ function walk(dir: string, out: string[] = []): string[] {
   return out;
 }
 
-test("every src/agents file calling sdk.query imports buildAgentQueryOptions or findClaudePath", () => {
+test("every src/agents file calling sdk.query imports buildAgentQueryOptions or claudePathForSdk", () => {
   const files = walk(AGENTS_DIR);
   const offenders: string[] = [];
 
@@ -45,7 +45,11 @@ test("every src/agents file calling sdk.query imports buildAgentQueryOptions or
     if (!src.includes("sdk.query(")) continue;
 
     const hasBuilder = /import\s+[^;]*\bbuildAgentQueryOptions\b[^;]*from\s+["'][^"']*agent-options/.test(src);
-    const hasFinder = /import\s+[^;]*\bfindClaudePath\b[^;]*from\s+["'][^"']*agent-options/.test(src);
+    // Both `claudePathForSdk` and the older `findClaudePath` are accepted —
+    // the former is the correct Windows-safe choice (returns undefined on
+    // win32 to dodge `spawn EINVAL` on .cmd), the latter remains allowed
+    // only for backwards-compat regression surface.
+    const hasFinder = /import\s+[^;]*\b(claudePathForSdk|findClaudePath)\b[^;]*from\s+["'][^"']*agent-options/.test(src);
 
     if (!hasBuilder && !hasFinder) {
       offenders.push(file.replace(AGENTS_DIR, ""));
@@ -56,7 +60,7 @@ test("every src/agents file calling sdk.query imports buildAgentQueryOptions or
     offenders,
     [],
     `The following files call sdk.query() but import neither buildAgentQueryOptions ` +
-    `nor findClaudePath from utils/agent-options. Without pathToClaudeCodeExecutable ` +
+    `nor claudePathForSdk from utils/agent-options. Without pathToClaudeCodeExecutable ` +
     `the bundled CJS build will crash with fileURLToPath(undefined) (B-006 / D-121):\n` +
     `  ${offenders.join("\n  ")}`,
   );