scan fails on Windows — "Invalid filePath: contains backslash"

[mayankeq]

What happened

pnpm deepsec scan crashes on Windows because glob returns backslash-separated relative paths (e.g. aiops-agent\api\main.py), which are passed directly into assertSafeFilePath — a validator that correctly rejects any path
containing .

Reproduction

  # On Windows, from inside .deepsec/
  pnpm install
  pnpm deepsec scan
  # → exits immediately with: Invalid filePath: contains backslash

Expected vs actual

Expected: scan completes and lists candidates, as it does on macOS/Linux.

Actual: Crashes mid-scan once the first matcher produces a Windows-style relative path. All matchers after the first file-producing glob are skipped; no candidates are written.

Environment

• deepsec version (pnpm deepsec --version): 1.1.13
• Node version (node --version): v22.22.2
• OS: Windows 10 Pro 10.0.19045
• Agent backend: claude-agent-sdk
• Model: claude-opus-4-5 (default)

Logs

Running: auth-bypass
Invalid filePath: contains backslash
(set DEEPSEC_DEBUG=1 for a stack trace)

Error: Invalid filePath: contains backslash
at assertSafeFilePath (file:///…/node_modules/deepsec/dist/cli.mjs:3854:11)
at fileRecordPath (file:///…/node_modules/deepsec/dist/cli.mjs:3876:3)
at readFileRecord (file:///…/node_modules/deepsec/dist/cli.mjs:8235:13)
at RegexScannerDriver.scan (file:///…/node_modules/deepsec/dist/cli.mjs:19609:20)

[TKlerx]

This is a duplicate of #37 , I think, and #29 fixes it.

[cramforce]

This may work now