[BUG] After updating Claude Code, login fails with this error:
Resolved 💬 3 comments Opened Feb 12, 2026 by p-oancia Closed Feb 16, 2026
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
The :* pattern must be at the end. Move :* to the end for prefix
matching, or use * for wildcard matching. Examples: Bash(npm run:*) - prefix
matching (legacy), Bash(npm run *) - wildcard matching
Files with errors are skipped entirely, not just the invalid settings.
```
The invalid patterns in `~/.claude/settings.local.json` were **auto-generated
by previous Claude Code sessions** when approving commands — not hand-written.
They include:
- `WebFetch(domain:prnt.sc)` and similar `WebFetch(domain:xxx)` entries — an
older domain-filtering syntax where `:` was part of the domain filter, not a
prefix matcher
- One-off Bash approvals that contained URLs with `https:` in them (e.g.
`Bash(for url in "https://example.com/...")`)
These were all valid under the previous parser but now fail the stricter `:`
validation.
## Two issues
1. **No migration for auto-generated patterns.** Since Claude Code itself
wrote these patterns to the settings file, an update that changes validation
rules should either migrate existing entries or gracefully skip only the
invalid ones.
2. **Entire file is skipped, not just invalid entries.** The error message
confirms this: "Files with errors are skipped entirely, not just the invalid
settings." A single invalid pattern causes *all* permissions in the file to be
lost, which blocks the user from logging in. Gracefully ignoring only the
invalid entries would be much less disruptive.
## Steps to reproduce
1. Use a previous version of Claude Code and approve some `WebFetch` requests
for specific domains (generates `WebFetch(domain:xxx)` entries) and/or approve
Bash commands containing URLs
2. Update Claude Code to a version with the stricter `:*` pattern validation
3. Attempt to launch Claude Code
## Expected behavior
- Auto-generated patterns from previous versions should either be migrated
automatically or ignored gracefully
- Invalid individual entries should be skipped with a warning, not cause the
entire settings file to be discarded
## Workaround
Manually edit `~/.claude/settings.local.json` to remove all entries containing
`:` that don't end with `:*`.
### What Should Happen?
n/a
### Error Messages/Logs
```shell
Steps to Reproduce
The :* pattern must be at the end. Move :* to the end for prefix
matching, or use * for wildcard matching. Examples: Bash(npm run:*) - prefix
matching (legacy), Bash(npm run *) - wildcard matching
Files with errors are skipped entirely, not just the invalid settings.
```
The invalid patterns in `~/.claude/settings.local.json` were **auto-generated
by previous Claude Code sessions** when approving commands — not hand-written.
They include:
- `WebFetch(domain:prnt.sc)` and similar `WebFetch(domain:xxx)` entries — an
older domain-filtering syntax where `:` was part of the domain filter, not a
prefix matcher
- One-off Bash approvals that contained URLs with `https:` in them (e.g.
`Bash(for url in "https://example.com/...")`)
These were all valid under the previous parser but now fail the stricter `:`
validation.
## Two issues
1. **No migration for auto-generated patterns.** Since Claude Code itself
wrote these patterns to the settings file, an update that changes validation
rules should either migrate existing entries or gracefully skip only the
invalid ones.
2. **Entire file is skipped, not just invalid entries.** The error message
confirms this: "Files with errors are skipped entirely, not just the invalid
settings." A single invalid pattern causes *all* permissions in the file to be
lost, which blocks the user from logging in. Gracefully ignoring only the
invalid entries would be much less disruptive.
## Steps to reproduce
1. Use a previous version of Claude Code and approve some `WebFetch` requests
for specific domains (generates `WebFetch(domain:xxx)` entries) and/or approve
Bash commands containing URLs
2. Update Claude Code to a version with the stricter `:*` pattern validation
3. Attempt to launch Claude Code
## Expected behavior
- Auto-generated patterns from previous versions should either be migrated
automatically or ignored gracefully
- Invalid individual entries should be skipped with a warning, not cause the
entire settings file to be discarded
## Workaround
Manually edit `~/.claude/settings.local.json` to remove all entries containing
`:` that don't end with `:*`.
### Claude Model
None
### Is this a regression?
Yes, this worked in a previous version
### Last Working Version
2.1.39
### Claude Code Version
2.1.39
### Platform
Anthropic API
### Operating System
macOS
### Terminal/Shell
Terminal.app (macOS)
### Additional Information
_No response_This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗