anthropics · YoshKoz · Mar 21, 2026 · Copilot · Mar 21, 2026 · Copilot
diff --git a/plugins/README.md b/plugins/README.md
@@ -25,6 +25,7 @@ Learn more in the [official plugins documentation](https://docs.claude.com/en/do
 | [pr-review-toolkit](./pr-review-toolkit/) | Comprehensive PR review agents specializing in comments, tests, error handling, type design, code quality, and code simplification | **Command:** `/pr-review-toolkit:review-pr` - Run with optional review aspects (comments, tests, errors, types, code, simplify, all)<br>**Agents:** `comment-analyzer`, `pr-test-analyzer`, `silent-failure-hunter`, `type-design-analyzer`, `code-reviewer`, `code-simplifier` |
 | [ralph-wiggum](./ralph-wiggum/) | Interactive self-referential AI loops for iterative development. Claude works on the same task repeatedly until completion | **Commands:** `/ralph-loop`, `/cancel-ralph` - Start/stop autonomous iteration loops<br>**Hook:** Stop - Intercepts exit attempts to continue iteration |
 | [security-guidance](./security-guidance/) | Security reminder hook that warns about potential security issues when editing files | **Hook:** PreToolUse - Monitors 9 security patterns including command injection, XSS, eval usage, dangerous HTML, pickle deserialization, and os.system calls |
+| [tmp-cwd-cleanup](./tmp-cwd-cleanup/) | Cleans up orphaned `/tmp/claude-*-cwd` files on session exit, working around a Bash tool memory leak ([#8856](https://github.com/anthropics/claude-code/issues/8856)) | **Hook:** Stop - Deletes accumulated working-directory tracking files owned by the current user |
 
 ## Installation
 

diff --git a/plugins/tmp-cwd-cleanup/.claude-plugin/plugin.json b/plugins/tmp-cwd-cleanup/.claude-plugin/plugin.json
@@ -0,0 +1,9 @@
+{
+  "name": "tmp-cwd-cleanup",
+  "version": "1.0.0",
+  "description": "Cleans up orphaned /tmp/claude-*-cwd working directory tracking files on session stop, working around a memory leak in the Bash tool (issue #8856)",
+  "author": {
+    "name": "Claude Code Community",
+    "email": ""
-    "name": "Claude Code Community",
-    "email": ""
+    "name": "Claude Code Community"
-    "name": "Claude Code Community",
-    "email": ""
+    "name": "Claude Code Community"
+  }
+}
diff --git a/plugins/tmp-cwd-cleanup/README.md b/plugins/tmp-cwd-cleanup/README.md
@@ -0,0 +1,41 @@
+# tmp-cwd-cleanup
+
+A workaround plugin for [issue #8856](https://github.com/anthropics/claude-code/issues/8856): the Bash tool creates a `/tmp/claude-<hex>-cwd` file after every shell command to track the working directory, but never deletes it. On active systems these files accumulate into the thousands and eventually slow down `/tmp` lookups.
+
+## What it does
+
+Registers a **Stop hook** that deletes all `/tmp/claude-*-cwd` files owned by the current user when the Claude Code session ends.
+
+```
+/tmp/claude-02a6-cwd   (22 bytes — deleted on exit)
+/tmp/claude-1f3b-cwd   (22 bytes — deleted on exit)
+...
+```
+
+## Installation
+
+Install via the `/plugin` command inside Claude Code:
+
+```
+/plugin install tmp-cwd-cleanup
+```
+
+Or add it manually to your `.claude/settings.json`:
+
+```json
+{
+  "plugins": ["tmp-cwd-cleanup"]
+}
+```
+
+## Notes
+
+- Only removes files owned by the **current user** (safe on shared systems).
+- Exits `0` so it never blocks session teardown.
+- This plugin is a stopgap; the proper fix is to call `unlinkSync` in the Bash tool implementation immediately after reading the cwd file ([upstream tracking issue #8856](https://github.com/anthropics/claude-code/issues/8856)).
+
+## Hook
+
+| Event | Matcher | Effect |
+|-------|---------|--------|
+| `Stop` | _(all)_ | Deletes `/tmp/claude-*-cwd` files owned by current user |
diff --git a/plugins/tmp-cwd-cleanup/hooks/cleanup_cwd_files.py b/plugins/tmp-cwd-cleanup/hooks/cleanup_cwd_files.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+"""Stop hook: clean up orphaned /tmp/claude-*-cwd files.
+
+The Bash tool writes a small temp file to /tmp/claude-<hex>-cwd after each
+command to capture the resulting working directory, but never deletes it.
+On active systems these files accumulate into the thousands and eventually
+slow down /tmp lookups (see issue #8856).
+
+This hook runs on session Stop and removes any such files owned by the
+current user, providing a clean-up path until the upstream fix lands.
+"""
+
+import glob
+import json
+import os
+import sys
+
+
+def main() -> None:
+    # Consume stdin (required by the hook protocol) but we don't need it.
+    try:
+        json.load(sys.stdin)
+    except Exception:
+        pass
+
+    uid = os.getuid() if hasattr(os, "getuid") else None  # no-op on Windows
+    removed = 0
+    errors = 0
+
+    for path in glob.glob("/tmp/claude-*-cwd"):
+        try:
+            # Only remove files owned by the current user (safety check).
+            if uid is not None and os.stat(path).st_uid != uid:
-    uid = os.getuid() if hasattr(os, "getuid") else None  # no-op on Windows
-    removed = 0
-    errors = 0
-
-    for path in glob.glob("/tmp/claude-*-cwd"):
-        try:
-            # Only remove files owned by the current user (safety check).
-            if uid is not None and os.stat(path).st_uid != uid:
+    # On platforms without os.getuid (e.g., Windows), skip cleanup entirely
+    # to avoid deleting files owned by other users.
+    if not hasattr(os, "getuid"):
+        return
+
+    uid = os.getuid()
+    removed = 0
+    errors = 0
+
+    for path in glob.glob("/tmp/claude-*-cwd"):
+        try:
+            # Only remove files owned by the current user (safety check).
+            if os.stat(path).st_uid != uid:
-    uid = os.getuid() if hasattr(os, "getuid") else None  # no-op on Windows
-    removed = 0
-    errors = 0
-
-    for path in glob.glob("/tmp/claude-*-cwd"):
-        try:
-            # Only remove files owned by the current user (safety check).
-            if uid is not None and os.stat(path).st_uid != uid:
+    # On platforms without os.getuid (e.g., Windows), skip cleanup entirely
+    # to avoid deleting files owned by other users.
+    if not hasattr(os, "getuid"):
+        return
+
+    uid = os.getuid()
+    removed = 0
+    errors = 0
+
+    for path in glob.glob("/tmp/claude-*-cwd"):
+        try:
+            # Only remove files owned by the current user (safety check).
+            if os.stat(path).st_uid != uid:
+                continue
+            if os.path.isfile(path):
+                os.unlink(path)
+                removed += 1
+        except OSError:
+            errors += 1
+
+    # Exit 0 so the Stop event is never blocked.
+    # Optionally surface a brief summary via systemMessage.
+    if removed > 0:
+        result = {"systemMessage": f"tmp-cwd-cleanup: removed {removed} orphaned file(s)."}
+        if errors:
+            result["systemMessage"] += f" ({errors} error(s) skipped)"
+        print(json.dumps(result))
+
+    sys.exit(0)
+
+
-    # Consume stdin (required by the hook protocol) but we don't need it.
-    try:
-        json.load(sys.stdin)
-    except Exception:
-        pass
-
-    uid = os.getuid() if hasattr(os, "getuid") else None  # no-op on Windows
-    removed = 0
-    errors = 0
-
-    for path in glob.glob("/tmp/claude-*-cwd"):
-        try:
-            # Only remove files owned by the current user (safety check).
-            if uid is not None and os.stat(path).st_uid != uid:
-                continue
-            if os.path.isfile(path):
-                os.unlink(path)
-                removed += 1
-        except OSError:
-            errors += 1
-
-    # Exit 0 so the Stop event is never blocked.
-    # Optionally surface a brief summary via systemMessage.
-    if removed > 0:
-        result = {"systemMessage": f"tmp-cwd-cleanup: removed {removed} orphaned file(s)."}
-        if errors:
-            result["systemMessage"] += f" ({errors} error(s) skipped)"
-        print(json.dumps(result))
-
-    sys.exit(0)
+    try:
+        # Consume stdin (required by the hook protocol) but we don't need it.
+        try:
+            json.load(sys.stdin)
+        except Exception:
+            # Ignore any malformed or unexpected stdin payloads.
+            pass
+
+        uid = os.getuid() if hasattr(os, "getuid") else None  # no-op on Windows
+        removed = 0
+        errors = 0
+
+        for path in glob.glob("/tmp/claude-*-cwd"):
+            try:
+                # Only remove files owned by the current user (safety check).
+                if uid is not None and os.stat(path).st_uid != uid:
+                    continue
+                if os.path.isfile(path):
+                    os.unlink(path)
+                    removed += 1
+            except OSError:
+                errors += 1
+
+        # Optionally surface a brief summary via systemMessage.
+        if removed > 0:
+            result = {"systemMessage": f"tmp-cwd-cleanup: removed {removed} orphaned file(s)."}
+            if errors:
+                result["systemMessage"] += f" ({errors} error(s) skipped)"
+            print(json.dumps(result))
+    except Exception:
+        # Swallow any unexpected errors to ensure we always exit 0.
+        pass
+    finally:
+        # Exit 0 so the Stop event is never blocked.
+        sys.exit(0)
-    # Consume stdin (required by the hook protocol) but we don't need it.
-    try:
-        json.load(sys.stdin)
-    except Exception:
-        pass
-
-    uid = os.getuid() if hasattr(os, "getuid") else None  # no-op on Windows
-    removed = 0
-    errors = 0
-
-    for path in glob.glob("/tmp/claude-*-cwd"):
-        try:
-            # Only remove files owned by the current user (safety check).
-            if uid is not None and os.stat(path).st_uid != uid:
-                continue
-            if os.path.isfile(path):
-                os.unlink(path)
-                removed += 1
-        except OSError:
-            errors += 1
-
-    # Exit 0 so the Stop event is never blocked.
-    # Optionally surface a brief summary via systemMessage.
-    if removed > 0:
-        result = {"systemMessage": f"tmp-cwd-cleanup: removed {removed} orphaned file(s)."}
-        if errors:
-            result["systemMessage"] += f" ({errors} error(s) skipped)"
-        print(json.dumps(result))
-
-    sys.exit(0)
+    try:
+        # Consume stdin (required by the hook protocol) but we don't need it.
+        try:
+            json.load(sys.stdin)
+        except Exception:
+            # Ignore any malformed or unexpected stdin payloads.
+            pass
+
+        uid = os.getuid() if hasattr(os, "getuid") else None  # no-op on Windows
+        removed = 0
+        errors = 0
+
+        for path in glob.glob("/tmp/claude-*-cwd"):
+            try:
+                # Only remove files owned by the current user (safety check).
+                if uid is not None and os.stat(path).st_uid != uid:
+                    continue
+                if os.path.isfile(path):
+                    os.unlink(path)
+                    removed += 1
+            except OSError:
+                errors += 1
+
+        # Optionally surface a brief summary via systemMessage.
+        if removed > 0:
+            result = {"systemMessage": f"tmp-cwd-cleanup: removed {removed} orphaned file(s)."}
+            if errors:
+                result["systemMessage"] += f" ({errors} error(s) skipped)"
+            print(json.dumps(result))
+    except Exception:
+        # Swallow any unexpected errors to ensure we always exit 0.
+        pass
+    finally:
+        # Exit 0 so the Stop event is never blocked.
+        sys.exit(0)
+if __name__ == "__main__":
+    main()
diff --git a/plugins/tmp-cwd-cleanup/hooks/hooks.json b/plugins/tmp-cwd-cleanup/hooks/hooks.json
@@ -0,0 +1,15 @@
+{
+  "description": "Cleans up orphaned /tmp/claude-*-cwd working directory tracking files when the session stops",
+  "hooks": {
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 ${CLAUDE_PLUGIN_ROOT}/hooks/cleanup_cwd_files.py"
+          }
+        ]
+      }
+    ]
+  }
+}