Permission pattern matching fails for commands with quoted paths containing special characters
Resolved 💬 3 comments Opened Feb 18, 2026 by will-edencrew Closed Feb 22, 2026
Description
Permission patterns in settings.json / settings.local.json don't match commands that contain quoted paths with special characters (colons, forward slashes, etc.), even when the pattern appears to be a valid prefix match.
Steps to Reproduce
- Add permission pattern to
.claude/settings.local.json:
{
"permissions": {
"allow": [
"Bash(DOTNET_ROOT=:*)"
]
}
}
- Claude Code attempts to run:
DOTNET_ROOT='W:/SDK/dotnet' 'W:/GitHub/WKAppBot/csharp/src/WKAppBot.CLI/bin/Release/net8.0-windows10.0.22621.0/wkappbot.exe' chart-analyze "영웅문" --form 0606 --debug
- Expected: Command is auto-allowed (matches
DOTNET_ROOT=:*prefix) - Actual: User is prompted to approve every time
Additional Context
- Even adding the exact full prefix doesn't help consistently:
"Bash(DOTNET_ROOT='W:/SDK/dotnet' 'W:/GitHub/WKAppBot/csharp/src/WKAppBot.CLI/bin/Release/net8.0-windows10.0.22621.0/wkappbot.exe':*)"
- The pattern was set before starting the Claude Code session (not a hot-reload issue)
- Other simpler patterns like
Bash(git:*)work fine - The issue appears specific to commands with:
- Single-quoted paths containing
:and/ - Multiple quoted arguments
- Environment variable assignments before the command
Environment
- OS: Windows 11 Pro 10.0.26200
- Claude Code: latest
- Shell: bash (Git Bash on Windows)
Impact
For Windows users working with tools that have long paths (e.g., .NET SDK, custom build tools), every invocation requires manual approval — making Claude Code very tedious to use for repetitive build/test cycles.
Suggested Fix
The pattern matcher should either:
- Support glob matching that handles quoted strings properly
- Allow regex-based permission patterns
- Or at minimum, do a simple string prefix match on the raw command string (ignoring quoting)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗