[BUG] Bash tool creates 0-byte phantom files with code-fragment names during complex python -c execution (Windows + Git Bash)
Environment
- Claude Code: 2.1.146
- Platform: Windows 11 (10.0.26200)
- Shell: Git Bash 5.2.37 (MSYS2 MINGW64)
Summary
On Windows with Git Bash, Claude Code's Bash tool intermittently creates 0-byte files in the current working directory when running complex multi-line python -c "..." commands containing nested escaped double-quotes around SQL with >= and string literals like datetime('now').
The created files are named after code fragments from the command itself — e.g., datetime('now, ').replace(', {len(parsed)}, >=, 1.5%, 12d}, 5}. Some look like literal f-string format-spec endings.
Related (but distinct):
- #17087 (empty dotfiles on Linux — open)
- #23942 (NUL files on Windows Git Bash — closed)
- #28759 (apostrophe quoting bug — closed-not-planned)
Pattern that correlates with leaks
Multi-line python -c "..." (outer double-quotes) containing:
- Escaped inner double-quotes (
\"...\") - Single-quotes inside the escaped doubles (e.g.
'now','-7 days') >=comparison operators- Multiple
c.execute(...)calls
Out of ~10 such commands per session, 0-5 leak a 0-byte file into cwd. Simple python -c "...>..." variants do NOT leak. The trigger appears to be the combination of nested escaped quotes + SQL string literals + >= — likely a non-deterministic timing/buffering interaction in how the Bash tool pipes complex commands through the Windows shell layers.
Evidence
Over a 5-day window with a watcher logging every 0-byte file appearing in the project root:
- 44 phantom files captured
- All names are code/text fragments
- All appearances coincide with an active Claude Code session
- All within 1-2 min of complex
python -cinvocations
A controlled in-session reproduction leaked a ' phantom once; simpler variants and re-runs did not. Non-determinism confirmed.
Ruled out
- NOT a plugin hook bug — disabling the claude-mem PostToolUse hook for ~20h did not stop leaks
- NOT simple
python -cwith>— controlled repro runs clean - NOT user-project specific — matches the pattern in #17087 / #23942
Workaround
Avoid multi-line python -c "..." with escaped double-quotes + SQL string literals. Write a temp .py file and run python file.py — bypasses the shell-quoting layers. For cleanup: a watcher + sweep script handles the symptom reliably.
Ask
Is there a known root cause for this class of "Bash tool leaks 0-byte files in cwd" bugs on Windows + Git Bash? Any guidance on a CC-level fix (e.g., wrapper passing complex commands via a temp file instead of bash -c "...")?
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗