Permission wildcard * doesn't match escaped $ in file paths
Description
The * wildcard in permission patterns like Bash(find:*) fails to match commands when the file path contains an escaped dollar sign (\$), even though * should match any character sequence.
Version
2.1.12
Steps to Reproduce
- Add
"Bash(find:*)"to~/.claude/settings.jsonallow list - Run a command with
\$in the path (common in TanStack Router file-based routing):
``bash``
find /path/to/project.\$projectId -name "*.tsx"
- Claude Code prompts for permission despite the command clearly starting with
find
Expected Behavior
Bash(find:*) should match find /any/path/with/\$chars because the * wildcard should match all characters including \$.
Actual Behavior
The permission prompt appears, requiring explicit approval or a separate pattern like Bash(find *\\$*).
Workaround
Add explicit patterns for each command using the space-based wildcard format:
"Bash(find *\\$*)"
Impact
This affects any project using file-based routing frameworks (TanStack Router, Next.js dynamic routes, SvelteKit, etc.) where paths contain $ characters for dynamic segments. Users need to duplicate every permission rule with a \$ variant, which is tedious and error-prone.
Environment
- macOS (Darwin 25.2.0)
- Claude Code 2.1.12
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗