find/grep shadow functions launch a nested agent instead of bfs/ugrep on 2.1.143 (ARGV0 dispatch broken, silent data corruption)

Resolved 💬 4 comments Opened May 18, 2026 by wwdd23 Closed Jun 18, 2026

Summary

On Claude Code 2.1.143 (macOS, zsh), the shell-snapshot-injected find/grep shadow functions silently launch a nested Claude agent instead of dispatching to the embedded bfs/ugrep, returning agent text instead of file results. This corrupts any Bash command using find/grep (including pipes and command substitution), with no error raised.

Environment

  • Claude Code: 2.1.143
  • OS: macOS (Darwin), zsh
  • CLAUDE_CODE_EXECPATH=/Users/<user>/.local/share/claude/versions/2.1.143

Root cause

The session snapshot (~/.claude/shell-snapshots/snapshot-zsh-*.sh) defines:

function find {
  local _cc_bin="${CLAUDE_CODE_EXECPATH:-}"
  [[ -x $_cc_bin ]] || _cc_bin=/Users/<user>/.local/bin/claude
  if [[ ! -x $_cc_bin ]]; then command find "$@"; return; fi
  if [[ -n $ZSH_VERSION ]]; then
    ARGV0=bfs "$_cc_bin" -regextype findutils-default "$@"
  ...
}

It relies on the claude binary honoring ARGV0=bfs (and ARGV0=ugrep for grep) to dispatch to the embedded applet. On 2.1.143 this dispatch does not work — the binary parses the args as the agent CLI:

$ ARGV0=bfs "$CLAUDE_CODE_EXECPATH" -regextype findutils-default /tmp -maxdepth 0
error: unknown option '-maxdepth'

Because the guard only falls back to system tools when the binary is missing ([[ ! -x $_cc_bin ]]), and the binary is present and executable, the function always takes the broken ARGV0 path. With other arg shapes (e.g. find DIR -name '*.md' -mtime -7) it does not error out but instead boots a nested Claude agent session, returning that agent's text as the command output.

Reproduction

  1. Claude Code 2.1.143, zsh, binary present.
  2. In the Bash tool: find . -name '*.md' -mtime -7 | wc -l
  3. Observed: output is a Claude agent's text response (in our case another sub-agent's session text), not a count.
  4. type findfind is a shell function from .../shell-snapshots/snapshot-zsh-*.sh
  5. command find . -maxdepth 0 works correctly (system find unaffected).

Direct dispatch check:

$ ARGV0=bfs "$CLAUDE_CODE_EXECPATH" -maxdepth 0 /tmp
error: unknown option '-maxdepth'      # expected: bfs runs, lists /tmp

Impact

  • Every find/grep invocation through the Bash tool can silently return wrong data (corrupted file listings / counts / search results) with no error.
  • Side effect: spawns nested claude agent processes → observed elevated load and dozens of stray claude processes (FD/CPU leak).
  • Especially dangerous for unattended/automated agent workflows where corrupted find/grep output feeds downstream decisions.

Notes / asks

  • The 2.1.143 changelog entry "Fixed embedded grep/find/rg wrappers failing when the running binary is deleted mid-session — now falls back to installed tools" does not cover this case: the binary is present, so the missing-binary fallback never triggers, yet ARGV0 dispatch is still broken.
  • There appears to be no env var / settings.json key to disable the find/grep shadowing (analogous to USE_BUILTIN_RIPGREP=0). Editing the snapshot doesn't persist (regenerated per session).
  • Requests:
  1. Fix ARGV0=bfs/ARGV0=ugrep applet dispatch in the native binary, or make the shadow function verify dispatch works and fall back to command find/command grep/rg when it doesn't.
  2. Provide an opt-out env/setting to disable the find/grep shadow.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗