@cleocode/adapters 2026.4.62 → 2026.4.64

package/dist/providers/claude-code/hooks.d.ts

@@ -143,16 +143,20 @@ export declare class ClaudeCodeHookProvider implements AdapterHookProvider {
     /**
      * Extract a plain-text transcript from Claude Code session JSONL files.
      *
-     * Reads the most recent .jsonl file under `~/.claude/projects/` and
+     * Claude Code stores session data under `~/.claude/projects/<project-slug>/`:
+     *   - Root-level session JSONLs: `<sessionId>.jsonl` (primary transcript)
+     *   - UUID subdirectories contain `subagents/agent-*.jsonl` (subagent turns)
+     *
+     * Reads the most-recent root-level JSONL plus all subagent JSONLs and
      * extracts user/assistant turn text into a flat string for brain
      * observation extraction.
      *
      * Returns null when no session data is found or on any read error.
      *
-     * @param _sessionId - CLEO session ID (unused; reads the most recent file)
+     * @param sessionId - CLEO session ID (available for future subagent filtering)
      * @param _projectDir - Project directory (unused; Claude Code uses global paths)
-     * @task T144 @epic T134
+     * @task T729 @task T144 @epic T134
      */
-    getTranscript(_sessionId: string, _projectDir: string): Promise<string | null>;
+    getTranscript(sessionId: string, _projectDir: string): Promise<string | null>;
 }
 //# sourceMappingURL=hooks.d.ts.map

package/dist/providers/claude-code/hooks.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hooks.d.ts","sourceRoot":"","sources":["../../../src/providers/claude-code/hooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAMH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AA8C/D;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,sBAAuB,YAAW,mBAAmB;IAChE,kEAAkE;IAClE,OAAO,CAAC,UAAU,CAAS;IAE3B;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,aAAa,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAItD,+DAA+D;IAC/D,OAAO,CAAC,UAAU,CAAuB;IAEzC;;;;;;;;;;;;;;;;OAgBG;IACG,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6E5D;;;;;;;OAOG;IACG,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IA2C5C;;OAEG;IACH,YAAY,IAAI,OAAO;IAIvB;;;;OAIG;IACH,aAAa,IAAI,MAAM,GAAG,IAAI;IAI9B;;;;;;;;OAQG;IACH,WAAW,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAI/C;;;;;;;;;;OAUG;IACG,2BAA2B,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAStD;;;;;;;;;;OAUG;IACG,kBAAkB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IASnD;;;;;;;;;;OAUG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAW9D;;;;;;;;;;;;OAYG;IACG,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CA2DrF"}
+{"version":3,"file":"hooks.d.ts","sourceRoot":"","sources":["../../../src/providers/claude-code/hooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAMH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AA8C/D;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,sBAAuB,YAAW,mBAAmB;IAChE,kEAAkE;IAClE,OAAO,CAAC,UAAU,CAAS;IAE3B;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,aAAa,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAItD,+DAA+D;IAC/D,OAAO,CAAC,UAAU,CAAuB;IAEzC;;;;;;;;;;;;;;;;OAgBG;IACG,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6E5D;;;;;;;OAOG;IACG,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IA2C5C;;OAEG;IACH,YAAY,IAAI,OAAO;IAIvB;;;;OAIG;IACH,aAAa,IAAI,MAAM,GAAG,IAAI;IAI9B;;;;;;;;OAQG;IACH,WAAW,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAI/C;;;;;;;;;;OAUG;IACG,2BAA2B,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAStD;;;;;;;;;;OAUG;IACG,kBAAkB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IASnD;;;;;;;;;;OAUG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAW9D;;;;;;;;;;;;;;;;OAgBG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CA4FpF"}

package/dist/providers/claude-sdk/spawn.d.ts

@@ -9,12 +9,13 @@
  * - Awaits full completion before returning (synchronous output capture)
  * - Session IDs from the SDK enable future multi-turn resumption
  * - No temp files, no OS PIDs — tracking is purely in-memory session IDs
- * - `canSpawn()` checks for `ANTHROPIC_API_KEY` rather than CLI availability
+ * - `canSpawn()` uses 3-tier key resolution (env var → stored key → Claude Code OAuth)
  *
  * CANT enrichment is identical to the CLI provider: `buildCantEnrichedPrompt()`
  * is called before `query()` and the result is passed as the SDK prompt string.
  *
  * @task T581
+ * @see T752 — canSpawn() OAuth fix
  */
 import type { AdapterSpawnProvider, SpawnContext, SpawnResult } from '@cleocode/contracts';
 /**
@@ -38,10 +39,15 @@ export declare class ClaudeSDKSpawnProvider implements AdapterSpawnProvider {
     /**
      * Check whether the SDK can be used in the current environment.
      *
-     * Returns `true` if `ANTHROPIC_API_KEY` is set. No binary check is needed
-     * because the SDK manages the Claude Code subprocess internally.
+     * Uses 3-tier key resolution so the provider works with:
+     * - `ANTHROPIC_API_KEY` environment variable (explicit)
+     * - `~/.local/share/cleo/anthropic-key` (user-stored via cleo config)
+     * - Claude Code OAuth token (zero-config for Claude Code users)
      *
-     * @returns `true` when an API key is present
+     * No binary check is needed because the SDK manages the Claude Code
+     * subprocess internally.
+     *
+     * @returns `true` when any Anthropic credential is available
      */
     canSpawn(): Promise<boolean>;
     /**

package/dist/providers/claude-sdk/spawn.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"spawn.d.ts","sourceRoot":"","sources":["../../../src/providers/claude-sdk/spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAS3F;;;;;;;;;;;;;;GAcG;AACH,qBAAa,sBAAuB,YAAW,oBAAoB;IACjE,kCAAkC;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAsB;IAE/C;;;;;;;OAOG;IACG,QAAQ,IAAI,OAAO,CAAC,OAAO,CAAC;IAIlC;;;;;;;;;OASG;IACG,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC;IA6IxD;;;;;;;OAOG;IACG,WAAW,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAU3C;;;;;;;;;OASG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGnD"}
+{"version":3,"file":"spawn.d.ts","sourceRoot":"","sources":["../../../src/providers/claude-sdk/spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAKH,OAAO,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAgE3F;;;;;;;;;;;;;;GAcG;AACH,qBAAa,sBAAuB,YAAW,oBAAoB;IACjE,kCAAkC;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAsB;IAE/C;;;;;;;;;;;;OAYG;IACG,QAAQ,IAAI,OAAO,CAAC,OAAO,CAAC;IAIlC;;;;;;;;;OASG;IACG,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC;IA6IxD;;;;;;;OAOG;IACG,WAAW,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAU3C;;;;;;;;;OASG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGnD"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cleocode/adapters",
-  "version": "2026.4.62",
+  "version": "2026.4.64",
   "description": "Unified provider adapters for CLEO (Claude Code, OpenCode, Cursor)",
   "type": "module",
   "main": "dist/index.js",
@@ -14,8 +14,8 @@
   "dependencies": {
     "@anthropic-ai/claude-agent-sdk": "0.2.108",
     "@openai/agents": "0.8.3",
-    "@cleocode/caamp": "2026.4.62",
-    "@cleocode/contracts": "2026.4.62"
+    "@cleocode/caamp": "2026.4.64",
+    "@cleocode/contracts": "2026.4.64"
   },
   "license": "MIT",
   "engines": {

package/src/providers/claude-code/__tests__/hooks-get-transcript.test.ts

@@ -0,0 +1,183 @@
+/**
+ * Tests for ClaudeCodeHookProvider.getTranscript() — T729 bug fix.
+ *
+ * Verifies that getTranscript reads root-level session JSONLs (siblings
+ * to UUID subdirectories) instead of walking into UUID subdirs.
+ *
+ * Claude Code layout under ~/.claude/projects/<project>/:
+ *   - <sessionId>.jsonl        ← root-level session JSONL (the real transcript)
+ *   - <uuid>/                  ← UUID subdir (contains only subagents/ and tool-results/)
+ *   - <uuid>/subagents/        ← subagent session JSONLs live here
+ *   - <uuid>/tool-results/     ← not JSONL sessions
+ *
+ * @task T729
+ * @epic T726
+ */
+
+import { mkdir, mkdtemp, rm, writeFile } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import { ClaudeCodeHookProvider } from '../hooks.js';
+
+let tempDir: string;
+let hooks: ClaudeCodeHookProvider;
+
+/** JSONL line for a user turn. */
+function userLine(text: string): string {
+  return JSON.stringify({ role: 'user', content: text });
+}
+
+/** JSONL line for an assistant turn. */
+function assistantLine(text: string): string {
+  return JSON.stringify({ role: 'assistant', content: text });
+}
+
+beforeEach(async () => {
+  tempDir = await mkdtemp(join(tmpdir(), 'cleo-get-transcript-'));
+  hooks = new ClaudeCodeHookProvider();
+  // Override HOME so getTranscript reads from our temp fixture
+  process.env['HOME'] = tempDir;
+});
+
+afterEach(async () => {
+  delete process.env['HOME'];
+  await rm(tempDir, { recursive: true, force: true });
+});
+
+// ---------------------------------------------------------------------------
+// Fixture builders
+// ---------------------------------------------------------------------------
+
+/**
+ * Create the standard Claude Code directory layout under tempDir.
+ *
+ * ~/.claude/projects/
+ *   <projectSlug>/
+ *     <sessionId>.jsonl          ← root-level session JSONL
+ *     <uuid>/                    ← UUID subdir (no JSONLs at root)
+ *     <uuid>/subagents/
+ *       agent-<agentId>.jsonl   ← subagent JSONL
+ *     <uuid>/tool-results/       ← not a session JSONL
+ */
+async function createFixture(opts: {
+  projectSlug: string;
+  sessionId: string;
+  rootLines: string[];
+  uuid?: string;
+  subagentLines?: string[];
+}): Promise<{ projectDir: string }> {
+  const projectsDir = join(tempDir, '.claude', 'projects');
+  const projectDir = join(projectsDir, opts.projectSlug);
+  await mkdir(projectDir, { recursive: true });
+
+  // Root-level session JSONL (the one getTranscript MUST read)
+  const rootJsonl = join(projectDir, `${opts.sessionId}.jsonl`);
+  await writeFile(rootJsonl, opts.rootLines.join('\n'));
+
+  if (opts.uuid) {
+    // UUID subdir — should NOT be read as a session JSONL source
+    const uuidDir = join(projectDir, opts.uuid);
+    await mkdir(uuidDir, { recursive: true });
+
+    if (opts.subagentLines) {
+      const subagentsDir = join(uuidDir, 'subagents');
+      await mkdir(subagentsDir, { recursive: true });
+      const saJsonl = join(subagentsDir, `agent-${opts.sessionId}.jsonl`);
+      await writeFile(saJsonl, opts.subagentLines.join('\n'));
+    }
+
+    // tool-results dir should never be iterated
+    await mkdir(join(uuidDir, 'tool-results'), { recursive: true });
+  }
+
+  return { projectDir };
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe('getTranscript — T729 root-level JSONL fix', () => {
+  it('GT-1: reads root-level session JSONL, not UUID subdir contents', async () => {
+    await createFixture({
+      projectSlug: 'test-project',
+      sessionId: 'ses_abc123',
+      rootLines: [userLine('hello from root'), assistantLine('response from root')],
+      uuid: 'f47ac10b-58cc-4372-a567-0e02b2c3d479',
+    });
+
+    const result = await hooks.getTranscript('ses_abc123', '/tmp/test');
+
+    expect(result).not.toBeNull();
+    expect(result).toContain('user: hello from root');
+    expect(result).toContain('assistant: response from root');
+  });
+
+  it('GT-2: returns null when projects dir does not exist', async () => {
+    // HOME points to tempDir but no .claude/projects inside
+    const result = await hooks.getTranscript('ses_abc123', '/tmp/test');
+    expect(result).toBeNull();
+  });
+
+  it('GT-3: returns null when root-level JSONL has no recognizable turns', async () => {
+    await createFixture({
+      projectSlug: 'test-project',
+      sessionId: 'ses_empty',
+      rootLines: [JSON.stringify({ type: 'system', data: 'some system event' }), 'malformed line'],
+    });
+
+    const result = await hooks.getTranscript('ses_empty', '/tmp/test');
+    expect(result).toBeNull();
+  });
+
+  it('GT-4: picks most-recent root JSONL when multiple projects exist', async () => {
+    // Create two project dirs with root JSONLs; lexicographically later name wins
+    const projectsDir = join(tempDir, '.claude', 'projects');
+
+    const proj1 = join(projectsDir, 'project-a');
+    await mkdir(proj1, { recursive: true });
+    await writeFile(join(proj1, 'ses_older.jsonl'), userLine('older project'));
+
+    const proj2 = join(projectsDir, 'project-z');
+    await mkdir(proj2, { recursive: true });
+    await writeFile(join(proj2, 'ses_newer.jsonl'), userLine('newer project'));
+
+    const result = await hooks.getTranscript('ses_newer', '/tmp/test');
+    // project-z sorts after project-a, so project-z/ses_newer.jsonl wins
+    expect(result).toContain('user: newer project');
+  });
+
+  it('GT-5: also ingests subagent JSONLs from UUID subdir when present', async () => {
+    await createFixture({
+      projectSlug: 'test-project',
+      sessionId: 'ses_withagent',
+      rootLines: [userLine('main session turn')],
+      uuid: 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
+      subagentLines: [assistantLine('subagent turn')],
+    });
+
+    const result = await hooks.getTranscript('ses_withagent', '/tmp/test');
+
+    expect(result).not.toBeNull();
+    expect(result).toContain('user: main session turn');
+    expect(result).toContain('assistant: subagent turn');
+  });
+
+  it('GT-6: does NOT read JSONL files placed directly inside UUID subdirs (wrong layout)', async () => {
+    const projectsDir = join(tempDir, '.claude', 'projects');
+    const projectDir = join(projectsDir, 'test-project');
+    await mkdir(projectDir, { recursive: true });
+
+    // Place a JSONL inside a UUID subdir (old/wrong location)
+    const uuidDir = join(projectDir, 'f47ac10b-58cc-4372-a567-0e02b2c3d479');
+    await mkdir(uuidDir, { recursive: true });
+    await writeFile(join(uuidDir, 'wrong-location.jsonl'), userLine('should not be read'));
+
+    // No root-level JSONL present
+    const result = await hooks.getTranscript('ses_abc', '/tmp/test');
+
+    // Should return null since no root-level JSONLs exist
+    expect(result).toBeNull();
+  });
+});

package/src/providers/claude-code/hooks.ts

@@ -351,67 +351,104 @@ export class ClaudeCodeHookProvider implements AdapterHookProvider {
   /**
    * Extract a plain-text transcript from Claude Code session JSONL files.
    *
-   * Reads the most recent .jsonl file under `~/.claude/projects/` and
+   * Claude Code stores session data under `~/.claude/projects/<project-slug>/`:
+   *   - Root-level session JSONLs: `<sessionId>.jsonl` (primary transcript)
+   *   - UUID subdirectories contain `subagents/agent-*.jsonl` (subagent turns)
+   *
+   * Reads the most-recent root-level JSONL plus all subagent JSONLs and
    * extracts user/assistant turn text into a flat string for brain
    * observation extraction.
    *
    * Returns null when no session data is found or on any read error.
    *
-   * @param _sessionId - CLEO session ID (unused; reads the most recent file)
+   * @param sessionId - CLEO session ID (available for future subagent filtering)
    * @param _projectDir - Project directory (unused; Claude Code uses global paths)
-   * @task T144 @epic T134
+   * @task T729 @task T144 @epic T134
    */
-  async getTranscript(_sessionId: string, _projectDir: string): Promise<string | null> {
+  async getTranscript(sessionId: string, _projectDir: string): Promise<string | null> {
     try {
       const homeDir = process.env.HOME ?? process.env.USERPROFILE ?? '/root';
       const projectsDir = join(homeDir, '.claude', 'projects');
 
-      // Find all JSONL files across project subdirectories
-      let allFiles: Array<{ path: string; mtime: number }> = [];
+      // Collect root-level session JSONLs (siblings to UUID subdirs).
+      // Claude Code layout: ~/.claude/projects/<project>/<sessionId>.jsonl
+      // UUID subdirs contain only subagents/ and tool-results/, not JSONLs.
+      let rootFiles: Array<{ path: string }> = [];
+      const subagentFiles: Array<{ path: string }> = [];
+
       try {
         const projectDirs = await readdir(projectsDir, { withFileTypes: true });
-        for (const entry of projectDirs) {
-          if (!entry.isDirectory()) continue;
-          const subDir = join(projectsDir, entry.name);
+        for (const projectEntry of projectDirs) {
+          if (!projectEntry.isDirectory()) continue;
+          const projectDir = join(projectsDir, projectEntry.name);
+
           try {
-            const files = await readdir(subDir);
-            for (const file of files) {
-              if (!file.endsWith('.jsonl')) continue;
-              const filePath = join(subDir, file);
-              // Use file path modification heuristic (filename usually includes timestamp)
-              allFiles.push({ path: filePath, mtime: 0 });
+            const projectContents = await readdir(projectDir, { withFileTypes: true });
+            for (const entry of projectContents) {
+              // Root-level JSONL: direct child file ending in .jsonl
+              if (entry.isFile() && entry.name.endsWith('.jsonl')) {
+                rootFiles.push({ path: join(projectDir, entry.name) });
+                continue;
+              }
+
+              // UUID subdir: check for subagent JSONLs
+              if (entry.isDirectory()) {
+                const subagentsDir = join(projectDir, entry.name, 'subagents');
+                try {
+                  const subagentEntries = await readdir(subagentsDir);
+                  for (const sa of subagentEntries) {
+                    if (sa.startsWith('agent-') && sa.endsWith('.jsonl')) {
+                      subagentFiles.push({ path: join(subagentsDir, sa) });
+                    }
+                  }
+                } catch {
+                  // No subagents dir in this subdir — skip
+                }
+              }
             }
           } catch {
-            // Skip unreadable subdirectories
+            // Skip unreadable project directories
           }
         }
       } catch {
         return null;
       }
 
-      if (allFiles.length === 0) return null;
+      if (rootFiles.length === 0 && subagentFiles.length === 0) return null;
 
-      // Sort by path descending (timestamps in filenames sort naturally)
-      allFiles = allFiles.sort((a, b) => b.path.localeCompare(a.path));
-      const mostRecent = allFiles[0];
-      if (!mostRecent) return null;
+      // Sort root files by path descending (timestamps in filenames sort naturally)
+      rootFiles = rootFiles.sort((a, b) => b.path.localeCompare(a.path));
 
-      const raw = await readFile(mostRecent.path, 'utf-8');
-      const lines = raw.split('\n').filter((l) => l.trim());
+      // Collect all JSONL paths: most-recent root file first, then subagent files
+      const allPaths = [
+        ...(rootFiles[0] ? [rootFiles[0].path] : []),
+        ...subagentFiles.map((f) => f.path),
+      ];
+
+      // Suppress unused variable warning — sessionId available for future filtering
+      void sessionId;
 
       const turns: string[] = [];
-      for (const line of lines) {
+      for (const filePath of allPaths) {
         try {
-          const entry = JSON.parse(line) as Record<string, unknown>;
-          const role = entry.role as string | undefined;
-          const content = entry.content;
-          if (role === 'assistant' && typeof content === 'string') {
-            turns.push(`assistant: ${content}`);
-          } else if (role === 'user' && typeof content === 'string') {
-            turns.push(`user: ${content}`);
+          const raw = await readFile(filePath, 'utf-8');
+          const lines = raw.split('\n').filter((l) => l.trim());
+          for (const line of lines) {
+            try {
+              const entry = JSON.parse(line) as Record<string, unknown>;
+              const role = entry.role as string | undefined;
+              const content = entry.content;
+              if (role === 'assistant' && typeof content === 'string') {
+                turns.push(`assistant: ${content}`);
+              } else if (role === 'user' && typeof content === 'string') {
+                turns.push(`user: ${content}`);
+              }
+            } catch {
+              // Skip malformed lines
+            }
           }
         } catch {
-          // Skip malformed lines
+          // Skip unreadable files
         }
       }
 

package/src/providers/claude-sdk/__tests__/spawn.test.ts

@@ -61,7 +61,7 @@ describe('ClaudeSDKSpawnProvider', () => {
   });
 
   // -------------------------------------------------------------------------
-  // canSpawn
+  // canSpawn — 3-tier key resolution (T752)
   // -------------------------------------------------------------------------
 
   describe('canSpawn()', () => {
@@ -70,12 +70,61 @@ describe('ClaudeSDKSpawnProvider', () => {
       expect(await provider.canSpawn()).toBe(true);
     });
 
-    it('returns false when ANTHROPIC_API_KEY is absent', async () => {
+    it('returns false when no credentials are available', async () => {
+      // Mock fs.existsSync to return false for all key paths so no tier
+      // resolves (env var, stored key file, or OAuth credentials file).
+      const { existsSync } = await import('node:fs');
+      const saved = process.env.ANTHROPIC_API_KEY;
+      delete process.env.ANTHROPIC_API_KEY;
+      vi.spyOn({ existsSync }, 'existsSync').mockReturnValue(false);
+      // Use vi.mock for node:fs to prevent reading real ~/.claude/.credentials.json
+      vi.doMock('node:fs', () => ({
+        existsSync: vi.fn().mockReturnValue(false),
+        readFileSync: vi.fn().mockImplementation(() => {
+          throw new Error('mocked: file not found');
+        }),
+      }));
+      try {
+        // Re-import spawn module with mocked fs to get fresh resolver state
+        vi.resetModules();
+        const { ClaudeSDKSpawnProvider: FreshProvider } = await import('../spawn.js');
+        const freshProvider = new FreshProvider();
+        expect(await freshProvider.canSpawn()).toBe(false);
+      } finally {
+        vi.resetModules();
+        vi.doUnmock('node:fs');
+        if (saved !== undefined) {
+          process.env.ANTHROPIC_API_KEY = saved;
+        }
+      }
+    });
+
+    it('returns true when OAuth credentials file exists (no API key env var)', async () => {
+      const validCreds = JSON.stringify({
+        claudeAiOauth: {
+          accessToken: 'oauth-token',
+          expiresAt: Date.now() + 3_600_000, // 1 hour from now
+        },
+      });
+      vi.doMock('node:fs', () => ({
+        existsSync: vi
+          .fn()
+          .mockImplementation((p: string) => String(p).endsWith('.credentials.json')),
+        readFileSync: vi.fn().mockImplementation((p: string) => {
+          if (String(p).endsWith('.credentials.json')) return validCreds;
+          throw new Error('mocked: file not found');
+        }),
+      }));
       const saved = process.env.ANTHROPIC_API_KEY;
       delete process.env.ANTHROPIC_API_KEY;
       try {
-        expect(await provider.canSpawn()).toBe(false);
+        vi.resetModules();
+        const { ClaudeSDKSpawnProvider: FreshProvider } = await import('../spawn.js');
+        const freshProvider = new FreshProvider();
+        expect(await freshProvider.canSpawn()).toBe(true);
       } finally {
+        vi.resetModules();
+        vi.doUnmock('node:fs');
         if (saved !== undefined) {
           process.env.ANTHROPIC_API_KEY = saved;
         }

package/src/providers/claude-sdk/spawn.ts

@@ -9,20 +9,79 @@
  * - Awaits full completion before returning (synchronous output capture)
  * - Session IDs from the SDK enable future multi-turn resumption
  * - No temp files, no OS PIDs — tracking is purely in-memory session IDs
- * - `canSpawn()` checks for `ANTHROPIC_API_KEY` rather than CLI availability
+ * - `canSpawn()` uses 3-tier key resolution (env var → stored key → Claude Code OAuth)
  *
  * CANT enrichment is identical to the CLI provider: `buildCantEnrichedPrompt()`
  * is called before `query()` and the result is passed as the SDK prompt string.
  *
  * @task T581
+ * @see T752 — canSpawn() OAuth fix
  */
 
+import { existsSync, readFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
 import type { AdapterSpawnProvider, SpawnContext, SpawnResult } from '@cleocode/contracts';
 import { getErrorMessage } from '@cleocode/contracts';
 import { getServers } from './mcp-registry.js';
 import { SessionStore } from './session-store.js';
 import { resolveTools } from './tool-bridge.js';
 
+// ---------------------------------------------------------------------------
+// Inline 3-tier Anthropic key resolver
+// NOTE: Cannot import from @cleocode/core — circular dependency
+//       (@cleocode/core depends on @cleocode/adapters). This is a deliberate
+//       inline copy of the resolution logic from anthropic-key-resolver.ts.
+//       Keep in sync with packages/core/src/memory/anthropic-key-resolver.ts.
+//       T752 — OAuth fix for canSpawn()
+// ---------------------------------------------------------------------------
+
+/**
+ * Resolve the Anthropic API key using a 3-tier priority chain:
+ * 1. `ANTHROPIC_API_KEY` environment variable
+ * 2. `~/.local/share/cleo/anthropic-key` (user-stored via cleo config)
+ * 3. `~/.claude/.credentials.json` → claudeAiOauth.accessToken (Claude Code OAuth)
+ *
+ * @returns The key/token string, or null if unavailable.
+ */
+function resolveAnthropicApiKey(): string | null {
+  // 1. Explicit env var
+  const envKey = process.env.ANTHROPIC_API_KEY;
+  if (envKey?.trim()) return envKey;
+
+  // 2. CLEO global stored key
+  try {
+    const xdg = process.env.XDG_DATA_HOME || join(homedir(), '.local', 'share');
+    const keyFile = join(xdg, 'cleo', 'anthropic-key');
+    if (existsSync(keyFile)) {
+      const stored = readFileSync(keyFile, 'utf-8').trim();
+      if (stored) return stored;
+    }
+  } catch {
+    // Not available — continue
+  }
+
+  // 3. Claude Code OAuth token (free for Claude Code users)
+  try {
+    const credPath = join(homedir(), '.claude', '.credentials.json');
+    if (!existsSync(credPath)) return null;
+    const raw = readFileSync(credPath, 'utf-8');
+    const creds = JSON.parse(raw) as {
+      claudeAiOauth?: { accessToken?: string; expiresAt?: number };
+    };
+    const token = creds.claudeAiOauth?.accessToken;
+    if (token?.trim()) {
+      const expiresAt = creds.claudeAiOauth?.expiresAt;
+      if (expiresAt && Date.now() > expiresAt) return null;
+      return token;
+    }
+  } catch {
+    // Credentials file missing or unreadable — not an error
+  }
+
+  return null;
+}
+
 /** Model used when no model is specified in spawn options. */
 const DEFAULT_MODEL = 'claude-sonnet-4-5';
 
@@ -48,13 +107,18 @@ export class ClaudeSDKSpawnProvider implements AdapterSpawnProvider {
   /**
    * Check whether the SDK can be used in the current environment.
    *
-   * Returns `true` if `ANTHROPIC_API_KEY` is set. No binary check is needed
-   * because the SDK manages the Claude Code subprocess internally.
+   * Uses 3-tier key resolution so the provider works with:
+   * - `ANTHROPIC_API_KEY` environment variable (explicit)
+   * - `~/.local/share/cleo/anthropic-key` (user-stored via cleo config)
+   * - Claude Code OAuth token (zero-config for Claude Code users)
+   *
+   * No binary check is needed because the SDK manages the Claude Code
+   * subprocess internally.
    *
-   * @returns `true` when an API key is present
+   * @returns `true` when any Anthropic credential is available
    */
   async canSpawn(): Promise<boolean> {
-    return !!process.env.ANTHROPIC_API_KEY;
+    return !!resolveAnthropicApiKey();
   }
 
   /**