[BUG] settings.local.json corrupted by improperly escaped Bash permission entries containing quotes inside regex patterns
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When Claude Code writes allowed Bash commands to .claude/settings.local.json, commands containing unescaped double quotes inside regex/grep patterns (particularly \| alternation with adjacent quotes) produce invalid JSON. The file becomes unparseable and Claude Code reports "Files with errors are skipped entirely" on the next startup.
This is related to #16301 (closed as duplicate) and #15857, but is a distinct and highly reproducible trigger: grep/find commands with \| alternation patterns where quotes appear adjacent to backslash-pipe sequences.
What Should Happen?
Commands should be properly JSON-escaped before writing to settings.local.json
The file should be validated after each write (or use atomic writes with validation)
If a command can't be safely serialized, it should be rejected with a warning rather than silently corrupting the file
Invalid entries should be skipped individually, not cause the entire file to be ignored
Error Messages/Logs
Start a Claude Code session in a project
Have Claude run a command like:
bash find . -type f -exec grep -l "pattern1\|pattern2" {} \;
When prompted, Allow the command (saving to settings.local.json)
End the session
Start a new session → error: settings.local.json is malformed
Steps to Reproduce
Steps to Reproduce
Start a Claude Code session in a project
Have Claude run a command like:
bash find . -type f -exec grep -l "pattern1\|pattern2" {} \;
When prompted, Allow the command (saving to settings.local.json)
End the session
Start a new session → error: settings.local.json is malformed
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.74 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
Windows Terminal
Additional Information
The command is serialized with an unescaped " inside the string. For example, this grep pattern:
bashgrep -l "womiin\|womiin" {}
Gets written to settings.local.json as:
json"Bash(find . -type f -exec grep -l \"womiin\\|womiin\"\\\\|womiin\" {} \\\\; 2>/dev/null | wc -l)"
The womiin\"\\\\ sequence contains a quote that terminates the JSON string prematurely, making the entire file unparseable. The JSON spec requires all " inside strings to be escaped as \", but the serializer fails to escape quotes that appear adjacent to \| patterns.
Impact
The entire settings file is skipped, not just the invalid entry — all other permissions are lost
The corruption is silent (happens during the session when the command is approved, but only detected on next startup)
Users must manually fix the JSON file or lose all their saved permissions
The same commands can be re-approved in subsequent sessions, re-corrupting the file after manual repair
On Windows (PowerShell), the combination of backslash escaping layers makes this particularly frequent
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗