find/grep shadow functions launch a nested agent instead of bfs/ugrep on 2.1.143 (ARGV0 dispatch broken, silent data corruption)
Summary
On Claude Code 2.1.143 (macOS, zsh), the shell-snapshot-injected find/grep shadow functions silently launch a nested Claude agent instead of dispatching to the embedded bfs/ugrep, returning agent text instead of file results. This corrupts any Bash command using find/grep (including pipes and command substitution), with no error raised.
Environment
- Claude Code:
2.1.143 - OS: macOS (Darwin), zsh
CLAUDE_CODE_EXECPATH=/Users/<user>/.local/share/claude/versions/2.1.143
Root cause
The session snapshot (~/.claude/shell-snapshots/snapshot-zsh-*.sh) defines:
function find {
local _cc_bin="${CLAUDE_CODE_EXECPATH:-}"
[[ -x $_cc_bin ]] || _cc_bin=/Users/<user>/.local/bin/claude
if [[ ! -x $_cc_bin ]]; then command find "$@"; return; fi
if [[ -n $ZSH_VERSION ]]; then
ARGV0=bfs "$_cc_bin" -regextype findutils-default "$@"
...
}
It relies on the claude binary honoring ARGV0=bfs (and ARGV0=ugrep for grep) to dispatch to the embedded applet. On 2.1.143 this dispatch does not work — the binary parses the args as the agent CLI:
$ ARGV0=bfs "$CLAUDE_CODE_EXECPATH" -regextype findutils-default /tmp -maxdepth 0
error: unknown option '-maxdepth'
Because the guard only falls back to system tools when the binary is missing ([[ ! -x $_cc_bin ]]), and the binary is present and executable, the function always takes the broken ARGV0 path. With other arg shapes (e.g. find DIR -name '*.md' -mtime -7) it does not error out but instead boots a nested Claude agent session, returning that agent's text as the command output.
Reproduction
- Claude Code 2.1.143, zsh, binary present.
- In the Bash tool:
find . -name '*.md' -mtime -7 | wc -l - Observed: output is a Claude agent's text response (in our case another sub-agent's session text), not a count.
type find→find is a shell function from .../shell-snapshots/snapshot-zsh-*.shcommand find . -maxdepth 0works correctly (system find unaffected).
Direct dispatch check:
$ ARGV0=bfs "$CLAUDE_CODE_EXECPATH" -maxdepth 0 /tmp
error: unknown option '-maxdepth' # expected: bfs runs, lists /tmp
Impact
- Every
find/grepinvocation through the Bash tool can silently return wrong data (corrupted file listings / counts / search results) with no error. - Side effect: spawns nested
claudeagent processes → observed elevated load and dozens of strayclaudeprocesses (FD/CPU leak). - Especially dangerous for unattended/automated agent workflows where corrupted
find/grepoutput feeds downstream decisions.
Notes / asks
- The 2.1.143 changelog entry "Fixed embedded grep/find/rg wrappers failing when the running binary is deleted mid-session — now falls back to installed tools" does not cover this case: the binary is present, so the missing-binary fallback never triggers, yet
ARGV0dispatch is still broken. - There appears to be no env var / settings.json key to disable the find/grep shadowing (analogous to
USE_BUILTIN_RIPGREP=0). Editing the snapshot doesn't persist (regenerated per session). - Requests:
- Fix
ARGV0=bfs/ARGV0=ugrepapplet dispatch in the native binary, or make the shadow function verify dispatch works and fall back tocommand find/command grep/rgwhen it doesn't. - Provide an opt-out env/setting to disable the find/grep shadow.
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗