[BUG] Bash tool creates 0-byte phantom files with code-fragment names during complex python -c execution (Windows + Git Bash)

Resolved 💬 1 comment Opened May 27, 2026 by DoubleK007 Closed Jun 27, 2026

Environment

  • Claude Code: 2.1.146
  • Platform: Windows 11 (10.0.26200)
  • Shell: Git Bash 5.2.37 (MSYS2 MINGW64)

Summary

On Windows with Git Bash, Claude Code's Bash tool intermittently creates 0-byte files in the current working directory when running complex multi-line python -c "..." commands containing nested escaped double-quotes around SQL with >= and string literals like datetime('now').

The created files are named after code fragments from the command itself — e.g., datetime('now, ').replace(', {len(parsed)}, >=, 1.5%, 12d}, 5}. Some look like literal f-string format-spec endings.

Related (but distinct):

  • #17087 (empty dotfiles on Linux — open)
  • #23942 (NUL files on Windows Git Bash — closed)
  • #28759 (apostrophe quoting bug — closed-not-planned)

Pattern that correlates with leaks

Multi-line python -c "..." (outer double-quotes) containing:

  • Escaped inner double-quotes (\"...\")
  • Single-quotes inside the escaped doubles (e.g. 'now', '-7 days')
  • >= comparison operators
  • Multiple c.execute(...) calls

Out of ~10 such commands per session, 0-5 leak a 0-byte file into cwd. Simple python -c "...>..." variants do NOT leak. The trigger appears to be the combination of nested escaped quotes + SQL string literals + >= — likely a non-deterministic timing/buffering interaction in how the Bash tool pipes complex commands through the Windows shell layers.

Evidence

Over a 5-day window with a watcher logging every 0-byte file appearing in the project root:

  • 44 phantom files captured
  • All names are code/text fragments
  • All appearances coincide with an active Claude Code session
  • All within 1-2 min of complex python -c invocations

A controlled in-session reproduction leaked a ' phantom once; simpler variants and re-runs did not. Non-determinism confirmed.

Ruled out

  • NOT a plugin hook bug — disabling the claude-mem PostToolUse hook for ~20h did not stop leaks
  • NOT simple python -c with > — controlled repro runs clean
  • NOT user-project specific — matches the pattern in #17087 / #23942

Workaround

Avoid multi-line python -c "..." with escaped double-quotes + SQL string literals. Write a temp .py file and run python file.py — bypasses the shell-quoting layers. For cleanup: a watcher + sweep script handles the symptom reliably.

Ask

Is there a known root cause for this class of "Bash tool leaks 0-byte files in cwd" bugs on Windows + Git Bash? Any guidance on a CC-level fix (e.g., wrapper passing complex commands via a temp file instead of bash -c "...")?

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗