fix(cli): validate sandbox mode flag against allowed values

Fixes bounty issue #1420

The -s/--sandbox flag was accepting any string value without validation.
Now it uses clap's value_enum to validate against the allowed modes:
danger-full-access, read-only, and workspace-write. Invalid values now
produce a clear error message showing the possible values.

Author: factorydroid

cortex-cli/src/main.rs

@@ -10,7 +10,7 @@
 //! - Shell completions
 
 use anyhow::Result;
-use clap::{Args, CommandFactory, Parser, Subcommand};
+use clap::{Args, CommandFactory, Parser, Subcommand, ValueEnum};
 use clap_complete::{Shell, generate};
 use std::io;
 use std::path::PathBuf;
@@ -36,6 +36,24 @@ use cortex_cli::upgrade_cmd::UpgradeCli;
 use cortex_cli::{LandlockCommand, SeatbeltCommand, WindowsCommand};
 use cortex_common::CliConfigOverrides;
 
+/// Sandbox mode for CLI argument parsing.
+///
+/// This enum is used by clap for argument validation and help text.
+/// It maps directly to the engine's SandboxMode type.
+#[derive(Debug, Clone, Copy, Default, PartialEq, Eq, ValueEnum)]
+pub enum CliSandboxMode {
+    /// Full access, no restrictions (DANGEROUS - use with caution)
+    #[value(name = "danger-full-access")]
+    DangerFullAccess,
+    /// Read-only filesystem access
+    #[value(name = "read-only")]
+    ReadOnly,
+    /// Read access + write to workspace (default)
+    #[default]
+    #[value(name = "workspace-write")]
+    WorkspaceWrite,
+}
+
 /// Cortex CLI - AI Coding Agent
 ///
 /// If no subcommand is specified, starts the interactive TUI.
@@ -74,8 +92,8 @@ struct InteractiveArgs {
     config_profile: Option<String>,
 
     /// Select the sandbox policy for shell commands
-    #[arg(long = "sandbox", short = 's')]
-    sandbox_mode: Option<String>,
+    #[arg(long = "sandbox", short = 's', value_enum)]
+    sandbox_mode: Option<CliSandboxMode>,
 
     /// Configure when the model requires human approval
     #[arg(long = "ask-for-approval", short = 'a')]