[BUG] Read() permissions broken for directories with glob-special characters ({, $)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Directory names containing {} and $ break permission glob matching
Description
When a project contains directories with {, }, or $ characters in their names (common in SvelteKit route parameters like {-$locale}), the Read() permission patterns in .claude/settings.json fail to match. This causes Claude Code to repeatedly prompt for read access on every interaction that touches those paths, even after granting permission.
Reproduction
- Have a SvelteKit project (or similar) with parameterized route directories:
````
sites/src/routes/{-$locale}/
marketing/src/routes/{-$locale}/
- When prompted for read access, select "Yes, allow reading from {-$locale}/ from this project" (option 2).
- This writes the following to
.claude/settings.json:
``json``
{
"permissions": {
"allow": [
"Read({-$locale}/**)"
]
}
}
- Claude Code continues to prompt for read access on subsequent interactions with those directories.
- Adding
Read(./**)as a broader fallback also does not resolve the issue.
Expected behavior
Selecting option 2 should persistently allow read access to the directory without re-prompting. Special characters in directory names should be escaped or treated as literals in permission patterns.
Actual behavior
The {} characters are interpreted as glob brace expansion syntax and $ as a variable, so the pattern never matches the literal directory path. Claude Code re-prompts every time.
Workaround
None fully working. Adding paths to additionalDirectories may help but does not suppress the read permission prompt.
Environment
- Framework: SvelteKit (uses
{-$locale}route parameter directories) - Likely affects any project with
{}or$in directory names
Related issues
- #6881 —
/**glob patterns not granting recursive access (similar symptom, different root cause) - #21962 — unexpected lack of glob expansion in permission patterns
Both are about glob patterns not matching as expected, but this issue is specifically about literal directory names containing glob-reserved characters being misinterpreted by the permission matcher.
Suggested fix
Escape glob-special characters ({, }, # Directory names containing {} and $` break permission glob matching
Description
When a project contains directories with {, }, or $ characters in their names (common in SvelteKit route parameters like {-$locale}), the Read() permission patterns in .claude/settings.json fail to match. This causes Claude Code to repeatedly prompt for read access on every interaction that touches those paths, even after granting permission.
Reproduction
- Have a SvelteKit project (or similar) with parameterized route directories:
````
sites/src/routes/{-$locale}/
marketing/src/routes/{-$locale}/
- When prompted for read access, select "Yes, allow reading from {-$locale}/ from this project" (option 2).
- This writes the following to
.claude/settings.json:
``json``
{
"permissions": {
"allow": [
"Read({-$locale}/**)"
]
}
}
- Claude Code continues to prompt for read access on subsequent interactions with those directories.
- Adding
Read(./**)as a broader fallback also does not resolve the issue.
Expected behavior
Selecting option 2 should persistently allow read access to the directory without re-prompting. Special characters in directory names should be escaped or treated as literals in permission patterns.
Actual behavior
The {} characters are interpreted as glob brace expansion syntax and $ as a variable, so the pattern never matches the literal directory path. Claude Code re-prompts every time.
Workaround
None fully working. Adding paths to additionalDirectories may help but does not suppress the read permission prompt.
Environment
- Framework: SvelteKit (uses
{-$locale}route parameter directories) - Likely affects any project with
{}or$in directory names
, [, ], *, ?) in directory names before writing permission patterns to settings, or support a quoting/escaping mechanism in the permission syntax.
What Should Happen?
Read() permission patterns should escape glob-special characters in literal directory names. Selecting "Yes, allow reading from {-$locale}/ from this project" should persist a pattern that actually matches the directory, and Claude Code should not re-prompt for access.
Error Messages/Logs
Steps to Reproduce
- Create or clone a SvelteKit project with parameterized route directories containing glob-special characters (e.g., sites/src/routes/{-$locale}/, marketing/src/routes/{-$locale}/)
- Run Claude Code and ask it to read or work with files under one of those directories
- When prompted, select option 2: "Yes, allow reading from {-$locale}/ from this project"
- Observe that Read({-$locale}/**) is written to .claude/settings.json
- Ask Claude Code to read another file under the same directory
- Claude Code prompts for read permission again, repeatedly, on every interaction
Claude Model
None
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.86
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
VS Code integrated terminal
Additional Information
<img width="426" height="97" alt="Image" src="https://github.com/user-attachments/assets/516feb53-db5b-4eef-bace-768dabe8bc77" />
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗