Permission wildcard * doesn't match escaped $ in file paths

Resolved 💬 3 comments Opened Jan 18, 2026 by mootras Closed Jan 21, 2026

Description

The * wildcard in permission patterns like Bash(find:*) fails to match commands when the file path contains an escaped dollar sign (\$), even though * should match any character sequence.

Version

2.1.12

Steps to Reproduce

  1. Add "Bash(find:*)" to ~/.claude/settings.json allow list
  2. Run a command with \$ in the path (common in TanStack Router file-based routing):

``bash
find /path/to/project.\$projectId -name "*.tsx"
``

  1. Claude Code prompts for permission despite the command clearly starting with find

Expected Behavior

Bash(find:*) should match find /any/path/with/\$chars because the * wildcard should match all characters including \$.

Actual Behavior

The permission prompt appears, requiring explicit approval or a separate pattern like Bash(find *\\$*).

Workaround

Add explicit patterns for each command using the space-based wildcard format:

"Bash(find *\\$*)"

Impact

This affects any project using file-based routing frameworks (TanStack Router, Next.js dynamic routes, SvelteKit, etc.) where paths contain $ characters for dynamic segments. Users need to duplicate every permission rule with a \$ variant, which is tedious and error-prone.

Environment

  • macOS (Darwin 25.2.0)
  • Claude Code 2.1.12

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗