Bug Description
Passing an invalid --permission-mode value does not fail the command. In headless mode, this can silently fall back to the default permission mode and then auto-approve a write tool request.
Steps to Reproduce
- Run a local fake OpenAI-compatible HTTP server that returns a
write_file tool call.
- Run the CLI against that fake server:
export IAC_CODE_CONFIG_DIR="$(mktemp -d)"
export IAC_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1
export IAC_CODE_PROVIDER=OpenAPICompatible
export IAC_CODE_MODEL=fake-model
export IAC_CODE_API_KEY=test-key
export IAC_CODE_BASE_URL="http://127.0.0.1:<fake-server-port>/v1"
uv run iac-code --prompt write --output-format json --max-turns 4 --permission-mode nonsense
The fake model returned this tool call:
{"name":"write_file","arguments":{"path":"/tmp/iac-e2e-write/created.txt","content":"created by e2e\n"}}Expected Behavior
The CLI should reject --permission-mode nonsense as a usage error before agent or tool execution starts.
Actual Behavior
The command exits with code 0, executes write_file, and creates the target file.
Observed JSON output included:
{
"text": "tool completed",
"tool_uses": [
{
"name": "write_file",
"is_error": false
}
]
}The file existed afterward with content:
Operating System
macOS
Python Version
Python 3.14.2
iac-code Version
0.3.0 (uv run iac-code --version output: iac-code v0.3.0)
LLM Provider
Other
IaC Type
Not applicable
Additional Context
Tested from a local source checkout with uv run iac-code on 2026-05-29. A local fake OpenAI-compatible HTTP server was used; no real LLM or cloud credentials were used.
This is risky because users may believe an explicit permission mode was applied, while headless mode continues and auto-approves permission requests.
Likely related code:
src/iac_code/services/permissions/loader.py: invalid cli_mode only logs a warning and continues.src/iac_code/cli/headless.py: PermissionRequestEvent is automatically granted in headless mode.
Bug Description
Passing an invalid
--permission-modevalue does not fail the command. In headless mode, this can silently fall back to the default permission mode and then auto-approve a write tool request.Steps to Reproduce
write_filetool call.The fake model returned this tool call:
{"name":"write_file","arguments":{"path":"/tmp/iac-e2e-write/created.txt","content":"created by e2e\n"}}Expected Behavior
The CLI should reject
--permission-mode nonsenseas a usage error before agent or tool execution starts.Actual Behavior
The command exits with code 0, executes
write_file, and creates the target file.Observed JSON output included:
{ "text": "tool completed", "tool_uses": [ { "name": "write_file", "is_error": false } ] }The file existed afterward with content:
Operating System
macOS
Python Version
Python 3.14.2
iac-code Version
0.3.0 (
uv run iac-code --versionoutput:iac-code v0.3.0)LLM Provider
Other
IaC Type
Not applicable
Additional Context
Tested from a local source checkout with
uv run iac-codeon 2026-05-29. A local fake OpenAI-compatible HTTP server was used; no real LLM or cloud credentials were used.This is risky because users may believe an explicit permission mode was applied, while headless mode continues and auto-approves permission requests.
Likely related code:
src/iac_code/services/permissions/loader.py: invalidcli_modeonly logs a warning and continues.src/iac_code/cli/headless.py:PermissionRequestEventis automatically granted in headless mode.