AndyMik90 · StillKnotKnown · Jan 19, 2026 · Jan 19, 2026 · Jan 19, 2026 · Jan 19, 2026
diff --git a/apps/frontend/src/main/__tests__/cli-tool-manager.test.ts b/apps/frontend/src/main/__tests__/cli-tool-manager.test.ts
@@ -17,10 +17,10 @@ import {
 } from '../cli-tool-manager';
 import {
   findWindowsExecutableViaWhere,
-  findWindowsExecutableViaWhereAsync,
-  isSecurePath
+  findWindowsExecutableViaWhereAsync
 } from '../utils/windows-paths';
 import { findExecutable, findExecutableAsync } from '../env-utils';
+import { isSecurePath } from '../platform';
 
 type SpawnOptions = Parameters<(typeof import('../env-utils'))['getSpawnOptions']>[1];
 type MockDirent = import('fs').Dirent<import('node:buffer').NonSharedBuffer>;
@@ -169,6 +169,15 @@ vi.mock('../utils/windows-paths', () => ({
   WINDOWS_GIT_PATHS: {}
 }));
 
+// Mock platform module - preserve original implementations but mock isSecurePath
+vi.mock('../platform', async () => {
+  const actualPlatform = await vi.importActual<typeof import('../platform')>('../platform');
+  return {
+    ...actualPlatform,
+    isSecurePath: vi.fn(() => true)
+  };
+});
+
 describe('cli-tool-manager - Claude CLI NVM detection', () => {
   beforeEach(() => {
     vi.clearAllMocks();
@@ -717,16 +726,24 @@ describe('cli-tool-manager - Claude CLI Windows where.exe detection', () => {
 
     // Simulate where.exe returning path with .cmd extension (preferred over no extension)
     vi.mocked(findWindowsExecutableViaWhere).mockReturnValue(
-      'D:\\Program Files\\nvm4w\\nodejs\\claude.cmd'
+      'D:\\\\Program Files\\\\nvm4w\\\\nodejs\\\\claude.cmd'
     );
 
-    vi.mocked(existsSync).mockReturnValue(true);
+    // Mock existsSync to only return true for the where.exe path
+    vi.mocked(existsSync).mockImplementation((filePath) => {
+      const pathStr = String(filePath);
+      // Only the where.exe result should exist
+      if (pathStr.includes('nvm4w') && pathStr.includes('claude.cmd')) {
+        return true;
+      }
+      return false;
+    });
     vi.mocked(execFileSync).mockReturnValue('claude-code version 1.0.0\n');
 
     const result = getToolInfo('claude');
 
     expect(result.found).toBe(true);
-    expect(result.path).toBe('D:\\Program Files\\nvm4w\\nodejs\\claude.cmd');
+    expect(result.path).toBe('D:\\\\Program Files\\\\nvm4w\\\\nodejs\\\\claude.cmd');
     expect(result.path).toMatch(/\.(cmd|exe)$/i);
   });
 

diff --git a/apps/frontend/src/main/agent/agent-process.ts b/apps/frontend/src/main/agent/agent-process.ts
@@ -24,7 +24,7 @@ import type { AppSettings } from '../../shared/types/settings';
 import { getOAuthModeClearVars } from './env-utils';
 import { getAugmentedEnv } from '../env-utils';
 import { getToolInfo } from '../cli-tool-manager';
-import { killProcessGracefully } from '../platform';
+import { killProcessGracefully, isWindows } from '../platform';
 
 /**
  * Type for supported CLI tools
@@ -42,7 +42,7 @@ const CLI_TOOL_ENV_MAP: Readonly<Record<CliTool, string>> = {
 
 
 function deriveGitBashPath(gitExePath: string): string | null {
-  if (process.platform !== 'win32') {
+  if (!isWindows()) {
     return null;
   }
 
@@ -165,7 +165,7 @@ export class AgentProcessManager {
     // On Windows, detect and pass git-bash path for Claude Code CLI
     // Electron can detect git via where.exe, but Python subprocess may not have the same PATH
     const gitBashEnv: Record<string, string> = {};
-    if (process.platform === 'win32' && !process.env.CLAUDE_CODE_GIT_BASH_PATH) {
+    if (isWindows() && !process.env.CLAUDE_CODE_GIT_BASH_PATH) {
       try {
         const gitInfo = getToolInfo('git');
         if (gitInfo.found && gitInfo.path) {

diff --git a/apps/frontend/src/main/agent/agent-queue.ts b/apps/frontend/src/main/agent/agent-queue.ts
@@ -17,6 +17,7 @@ import { pythonEnvManager } from '../python-env-manager';
 import { transformIdeaFromSnakeCase, transformSessionFromSnakeCase } from '../ipc-handlers/ideation/transformers';
 import { transformRoadmapFromSnakeCase } from '../ipc-handlers/roadmap/transformers';
 import type { RawIdea } from '../ipc-handlers/ideation/types';
+import { getPathDelimiter } from '../platform';
 
 /** Maximum length for status messages displayed in progress UI */
 const STATUS_MESSAGE_MAX_LENGTH = 200;
@@ -280,7 +281,7 @@ export class AgentQueueManager {
     if (autoBuildSource) {
       pythonPathParts.push(autoBuildSource);
     }
-    const combinedPythonPath = pythonPathParts.join(process.platform === 'win32' ? ';' : ':');
+    const combinedPythonPath = pythonPathParts.join(getPathDelimiter());
 
     // Build final environment with proper precedence:
     // 1. process.env (system)
@@ -607,7 +608,7 @@ export class AgentQueueManager {
     if (autoBuildSource) {
       pythonPathParts.push(autoBuildSource);
     }
-    const combinedPythonPath = pythonPathParts.join(process.platform === 'win32' ? ';' : ':');
+    const combinedPythonPath = pythonPathParts.join(getPathDelimiter());
 
     // Build final environment with proper precedence:
     // 1. process.env (system)

diff --git a/apps/frontend/src/main/claude-cli-utils.ts b/apps/frontend/src/main/claude-cli-utils.ts
@@ -1,6 +1,7 @@
 import path from 'path';
 import { getAugmentedEnv, getAugmentedEnvAsync } from './env-utils';
 import { getToolPath, getToolPathAsync } from './cli-tool-manager';
+import { getPathDelimiter, isWindows } from './platform';
 
 export type ClaudeCliInvocation = {
   command: string;
@@ -12,12 +13,12 @@ function ensureCommandDirInPath(command: string, env: Record<string, string>): R
     return env;
   }
 
-  const pathSeparator = process.platform === 'win32' ? ';' : ':';
+  const pathSeparator = getPathDelimiter();
   const commandDir = path.dirname(command);
   const currentPath = env.PATH || '';
   const pathEntries = currentPath.split(pathSeparator);
   const normalizedCommandDir = path.normalize(commandDir);
-  const hasCommandDir = process.platform === 'win32'
+  const hasCommandDir = isWindows()
     ? pathEntries
       .map((entry) => path.normalize(entry).toLowerCase())
       .includes(normalizedCommandDir.toLowerCase())

diff --git a/apps/frontend/src/main/cli-tool-manager.ts b/apps/frontend/src/main/cli-tool-manager.ts
@@ -27,7 +27,7 @@ import os from 'os';
 import { promisify } from 'util';
 import { app } from 'electron';
 import { findExecutable, findExecutableAsync, getAugmentedEnv, getAugmentedEnvAsync, shouldUseShell, existsAsync } from './env-utils';
-import { isWindows, isMacOS, isUnix, joinPaths, getExecutableExtension } from './platform';
+import { isWindows, isMacOS, isUnix, joinPaths, getExecutableExtension, normalizeExecutablePath, isSecurePath as isPathSecure } from './platform';
 import type { ToolDetectionResult } from '../shared/types';
 import { findHomebrewPython as findHomebrewPythonUtil } from './utils/homebrew-python';
 
@@ -48,7 +48,6 @@ import {
   WINDOWS_GIT_PATHS,
   findWindowsExecutableViaWhere,
   findWindowsExecutableViaWhereAsync,
-  isSecurePath,
 } from './utils/windows-paths';
 
 /**
@@ -96,25 +95,32 @@ interface CacheEntry {
 function isWrongPlatformPath(pathStr: string | undefined): boolean {
   if (!pathStr) return false;
 
+  // Strip quotes before platform check - quotes are handled by validation
+  let cleanPath = pathStr.trim();
+  if ((cleanPath.startsWith('"') && cleanPath.endsWith('"')) ||
+      (cleanPath.startsWith("'") && cleanPath.endsWith("'"))) {
+    cleanPath = cleanPath.slice(1, -1);
+  }
+
   if (isWindows()) {
     // On Windows, reject Unix-style absolute paths (starting with /)
     // but allow relative paths and Windows paths
-    if (pathStr.startsWith('/') && !pathStr.startsWith('//')) {
+    if (cleanPath.startsWith('/') && !cleanPath.startsWith('//')) {
       // Unix absolute path on Windows
       return true;
     }
   } else {
     // On Unix (macOS/Linux), reject Windows-style paths
     // Windows paths have: drive letter (C:), backslashes, or specific Windows paths
-    if (/^[A-Za-z]:[/\\]/.test(pathStr)) {
+    if (/^[A-Za-z]:[/\\]/.test(cleanPath)) {
       // Drive letter path (C:\, D:/, etc.)
       return true;
     }
-    if (pathStr.includes('\\')) {
+    if (cleanPath.includes('\\')) {
       // Contains backslashes (Windows path separators)
       return true;
     }
-    if (pathStr.includes('AppData') || pathStr.includes('Program Files')) {
+    if (cleanPath.includes('AppData') || cleanPath.includes('Program Files')) {
       // Contains Windows-specific directory names
       return true;
     }
@@ -724,17 +730,25 @@ class CLIToolManager {
         console.warn(
           `[Claude CLI] User-configured path is from different platform, ignoring: ${this.userConfig.claudePath}`
         );
-      } else if (isWindows() && !isSecurePath(this.userConfig.claudePath)) {
-        console.warn(
-          `[Claude CLI] User-configured path failed security validation, ignoring: ${this.userConfig.claudePath}`
-        );
       } else {
-        const validation = this.validateClaude(this.userConfig.claudePath);
-        const result = buildClaudeDetectionResult(
-          this.userConfig.claudePath, validation, 'user-config', 'Using user-configured Claude CLI'
-        );
-        if (result) return result;
-        console.warn(`[Claude CLI] User-configured path invalid: ${validation.message}`);
+        // Strip quotes before security check - quotes are handled by validateClaude
+        const unquotedPath = this.userConfig.claudePath.trim();
+        const cleanPath = unquotedPath.startsWith('"') && unquotedPath.endsWith('"')
+          ? unquotedPath.slice(1, -1)
+          : unquotedPath;
+
+        if (isWindows() && !isPathSecure(cleanPath)) {
+          console.warn(
+            `[Claude CLI] User-configured path failed security validation, ignoring: ${cleanPath}`
+          );
+        } else {
+          const validation = this.validateClaude(this.userConfig.claudePath);
+          const result = buildClaudeDetectionResult(
+            this.userConfig.claudePath, validation, 'user-config', 'Using user-configured Claude CLI'
+          );
+          if (result) return result;
+          console.warn(`[Claude CLI] User-configured path invalid: ${validation.message}`);
+        }
       }
     }
 
@@ -940,7 +954,11 @@ class CLIToolManager {
           ? trimmedCmd.slice(1, -1)
           : trimmedCmd;
 
-      const needsShell = shouldUseShell(trimmedCmd);
+      // Normalize the path on Windows to handle missing extensions
+      // e.g., C:\...\npm\claude -> C:\...\npm\claude.cmd
+      const normalizedCmd = normalizeExecutablePath(unquotedCmd);
+
+      const needsShell = shouldUseShell(normalizedCmd);
       const cmdDir = path.dirname(unquotedCmd);
       const env = getAugmentedEnv(cmdDir && cmdDir !== '.' ? [cmdDir] : []);
 
@@ -949,15 +967,15 @@ class CLIToolManager {
       if (needsShell) {
         // For .cmd/.bat files on Windows, use cmd.exe with a quoted command line
         // /s preserves quotes so paths with spaces are handled correctly.
-        if (!isSecurePath(unquotedCmd)) {
+        if (!isPathSecure(normalizedCmd)) {
           return {
             valid: false,
             message: `Claude CLI path failed security validation: ${unquotedCmd}`,
           };
         }
         const cmdExe = process.env.ComSpec
           || path.join(process.env.SystemRoot || 'C:\\Windows', 'System32', 'cmd.exe');
-        const cmdLine = `""${unquotedCmd}" --version"`;
+        const cmdLine = `""${normalizedCmd}" --version"`;
         const execOptions: ExecFileSyncOptionsWithVerbatim = {
           encoding: 'utf-8',
           timeout: 5000,
@@ -971,7 +989,7 @@ class CLIToolManager {
       } else {
         // For .exe files and non-Windows, use execFileSync
         version = normalizeExecOutput(
-          execFileSync(unquotedCmd, ['--version'], {
+          execFileSync(normalizedCmd, ['--version'], {
             encoding: 'utf-8',
             timeout: 5000,
             windowsHide: true,
@@ -1079,7 +1097,11 @@ class CLIToolManager {
           ? trimmedCmd.slice(1, -1)
           : trimmedCmd;
 
-      const needsShell = shouldUseShell(trimmedCmd);
+      // Normalize the path on Windows to handle missing extensions
+      // e.g., C:\...\npm\claude -> C:\...\npm\claude.cmd
+      const normalizedCmd = normalizeExecutablePath(unquotedCmd);
+
+      const needsShell = shouldUseShell(normalizedCmd);
       const cmdDir = path.dirname(unquotedCmd);
       const env = await getAugmentedEnvAsync(cmdDir && cmdDir !== '.' ? [cmdDir] : []);
 
@@ -1088,15 +1110,15 @@ class CLIToolManager {
       if (needsShell) {
         // For .cmd/.bat files on Windows, use cmd.exe with a quoted command line
         // /s preserves quotes so paths with spaces are handled correctly.
-        if (!isSecurePath(unquotedCmd)) {
+        if (!isPathSecure(normalizedCmd)) {
           return {
             valid: false,
             message: `Claude CLI path failed security validation: ${unquotedCmd}`,
           };
         }
         const cmdExe = process.env.ComSpec
           || path.join(process.env.SystemRoot || 'C:\\Windows', 'System32', 'cmd.exe');
-        const cmdLine = `""${unquotedCmd}" --version"`;
+        const cmdLine = `""${normalizedCmd}" --version"`;
         const execOptions: ExecFileAsyncOptionsWithVerbatim = {
           encoding: 'utf-8',
           timeout: 5000,
@@ -1108,7 +1130,7 @@ class CLIToolManager {
         stdout = result.stdout;
       } else {
         // For .exe files and non-Windows, use execFileAsync
-        const result = await execFileAsync(unquotedCmd, ['--version'], {
+        const result = await execFileAsync(normalizedCmd, ['--version'], {
           encoding: 'utf-8',
           timeout: 5000,
           windowsHide: true,
@@ -1280,17 +1302,25 @@ class CLIToolManager {
         console.warn(
           `[Claude CLI] User-configured path is from different platform, ignoring: ${this.userConfig.claudePath}`
         );
-      } else if (isWindows() && !isSecurePath(this.userConfig.claudePath)) {
-        console.warn(
-          `[Claude CLI] User-configured path failed security validation, ignoring: ${this.userConfig.claudePath}`
-        );
       } else {
-        const validation = await this.validateClaudeAsync(this.userConfig.claudePath);
-        const result = buildClaudeDetectionResult(
-          this.userConfig.claudePath, validation, 'user-config', 'Using user-configured Claude CLI'
-        );
-        if (result) return result;
-        console.warn(`[Claude CLI] User-configured path invalid: ${validation.message}`);
+        // Strip quotes before security check - quotes are handled by validateClaudeAsync
+        const unquotedPath = this.userConfig.claudePath.trim();
+        const cleanPath = unquotedPath.startsWith('"') && unquotedPath.endsWith('"')
+          ? unquotedPath.slice(1, -1)
+          : unquotedPath;
+
+        if (isWindows() && !isPathSecure(cleanPath)) {
+          console.warn(
+            `[Claude CLI] User-configured path failed security validation, ignoring: ${cleanPath}`
+          );
+        } else {
+          const validation = await this.validateClaudeAsync(this.userConfig.claudePath);
+          const result = buildClaudeDetectionResult(
+            this.userConfig.claudePath, validation, 'user-config', 'Using user-configured Claude CLI'
+          );
+          if (result) return result;
+          console.warn(`[Claude CLI] User-configured path invalid: ${validation.message}`);
+        }
       }
     }