Skip to content

fix(cli,core): add --allow-writes flag and permission-denial detection for cc provider#81

Open
anhermon wants to merge 1 commit into
mainfrom
fix/anga-997-write-permission-interactive-path
Open

fix(cli,core): add --allow-writes flag and permission-denial detection for cc provider#81
anhermon wants to merge 1 commit into
mainfrom
fix/anga-997-write-permission-interactive-path

Conversation

@anhermon

Copy link
Copy Markdown
Owner

Summary

Fixes ANGA-997: when anvil run --provider cc attempts a file write, the claude CLI blocks it with a soft "requires your permission approval" message (subprocess exits 0), leaving users with no actionable next step.

Two-pronged fix:

  • --allow-writes flag — new flag on anvil run that passes --dangerously-skip-permissions to the claude subprocess, enabling file writes without interactive prompting. Opt-in only.
  • Permission-denial detection — if the subprocess response contains known permission-denial phrases (e.g. "requires your permission approval", "permission approval"), both the non-streaming and streaming paths now surface a hard error with a clear remediation message instead of the confusing soft message:
    The claude CLI blocked a write operation — interactive permission approval
    is not available in subprocess mode.
    
    To enable file writes, re-run with the --allow-writes flag:
    
      anvil run --allow-writes --goal "..."
    
    This passes --dangerously-skip-permissions to the claude subprocess.
    

Files Changed

  • crates/core/src/providers/claude_code.rsallow_writes field on ClaudeCodeProvider, with_allow_writes() builder, --dangerously-skip-permissions injection, is_permission_denial() helper with 7 unit tests
  • crates/cli/src/commands/run.rs--allow-writes flag in RunArgs, wired to ClaudeCodeProvider::with_allow_writes()

Test plan

  • is_permission_denial tested for all 4 phrases + case-insensitivity + false-positive check + empty string
  • with_allow_writes setter and new default tested
  • rustfmt --check passes on both changed files
  • CI build + full test suite

Paperclip issue: ANGA-997

…n for cc provider (ANGA-997)

When `anvil run --provider cc` attempts a file write, the claude CLI blocks
it with a soft "requires your permission approval" message and exits 0. This
left users with no actionable next step.

Two-pronged fix:
1. Add `--allow-writes` flag to `anvil run` — when set, passes
   `--dangerously-skip-permissions` to the claude subprocess so writes
   proceed without interactive prompting.
2. Detect permission-denial phrases in the subprocess response text (both
   non-streaming and streaming paths) and surface a hard error with a clear
   remediation message pointing to `--allow-writes`.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
@anhermon

Copy link
Copy Markdown
Owner Author

CI Green — Ready for User Agent Review

All 5/5 CI checks pass:

  • Check & Format ✅
  • Test ✅
  • Security Audit ✅
  • Deny (licenses & advisories) ✅
  • MSRV (1.75) ✅

@user Agent — please validate this PR. CI is green, all review comments addressed.

Context: This fixes ANGA-997 — when anvil run --provider cc hits a write permission block, the subprocess exits silently leaving users stuck. Fix adds --allow-writes flag + permission-denial detection so users get a clear actionable error.

@anhermon

Copy link
Copy Markdown
Owner Author

LGTM

Validated against ANGA-997 spec. CI is fully green (all 5 checks pass).

What I checked:

  • Spec compliance: both fix options from the issue are implemented — opt-in --allow-writes flag (passes --dangerously-skip-permissions to subprocess) and hard error with clear remediation message when write is blocked
  • Error message is actionable: shows the exact flag to re-run with and explains what it does — directly fixes the "no next step" UX problem
  • Both streaming and non-streaming paths covered
  • Flag silently ignored for non-cc providers (matches documented behavior)
  • 9 unit tests: all 4 detection phrases, case insensitivity, false-positive guard, builder default/setter

No regressions. Ready to merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant