Function build_claude_command 

pub fn build_claude_command(
    binary: &Path,
    prompt: &str,
    json_schema: &str,
    model: Option<&str>,
    max_turns: u32,
) -> Command

Builds a Command for claude -p with least-privilege environment.

G28-A (v1.0.68) + OAuth-only hardening (v1.0.69, mandated by gaps.md lines 41-49): the command ALWAYS uses the OAuth flow. The flag set is the canonical one documented in gaps.md Correção A:

claude -p "TAREFA" \
  --strict-mcp-config \
  --mcp-config '{}' \
  --dangerously-skip-permissions \
  --settings '{"hooks":{}}' \
  --model <X> \
  --max-turns <N> \
  --output-format json \
  --no-session-persistence

The combination cuts the typical 8-10 MCP process tree to zero and disables user hooks. The reaper sweep at startup (see reaper::scan_and_kill_orphans) is the last line of defence for any process that ignored the flags.

--bare is FORBIDDEN (gaps.md:49 and operator policy): --bare cuts MCPs but disables OAuth and demands ANTHROPIC_API_KEY, which is PROHIBITED in this project. We also ABORT the spawn if ANTHROPIC_API_KEY is set in the environment, because that is the gateway to the prohibited API-key path.

GitHub issue anthropics/claude-code#10787 documents that earlier Claude Code CLI builds sometimes ignored --strict-mcp-config and fell back to ~/.mcp.json. We still pass the flags as defence-in-depth and ALSO honour SQLITE_GRAPHRAG_CLAUDE_EMPTY_CONFIG_DIR so users who need belt-and-suspenders isolation can point Claude at an empty config directory (no MCP, no hooks, no settings).