Sandbox creates 0-byte stub files that pollute git status
Resolved 💬 3 comments Opened Mar 8, 2026 by sbellem Closed Mar 12, 2026
Summary
The sandbox denyWithinAllow enforcement creates visible 0-byte read-only stub files in the working directory. These files pollute git status with phantom untracked files and are recreated on every invocation, so deleting them is not a viable workaround.
Reproduction
- Open Claude Code in a git repository
- Have sandbox enabled (default)
- Run
git status
Observe untracked files like:
?? .bash_profile
?? .bashrc
?? .gitconfig
?? .gitmodules
?? .mcp.json
?? .profile
?? .ripgreprc
?? .zprofile
?? .zshrc
?? HEAD
?? config
?? hooks
?? objects
?? refs
All are 0 bytes, read-only (-r--r--r--), and share the same creation timestamp.
Details
The sandbox config includes denyWithinAllow rules for paths like:
~/.bashrc,~/.zshrc,~/.ssh, etc.<repo>/HEAD,<repo>/objects,<repo>/refs,<repo>/hooks,<repo>/config<repo>/.claude/settings.json,<repo>/.claude/skills,<repo>/.claude/agents, etc.
Instead of silently blocking writes to these paths, the sandbox creates empty read-only files at them. This causes several problems:
- Pollutes
git statuswith untracked files that aren't part of the project - Files are recreated on every session/tool invocation — deleting them is futile
- Dotfiles created in wrong location — e.g.
.bashrcis created in the repo root instead of protecting~/.bashrc - Directories turned into files —
.claude/agents/,.claude/commands/,.claude/skills/become 0-byte files, which could interfere with later use of those features
Expected behavior
The sandbox should silently deny writes to protected paths without creating visible stub files in the working tree.
Environment
- Claude Code CLI
- Linux (Fedora 43, kernel 6.18.6)
- Sandbox enabled with default config
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗