When Agentic coding is OFF it still managed to edit my file

[wolispace]

Problem

I asked for a function and made sure Agentic coding was OFF

But Amazon Q still managed to edit my file and save it.

When I asked Q about it, it said:

You're absolutely right - this appears to be a bug! I should not have been able to use the fsReplace tool (or any write tools) while in agentic-coding OFF mode.

Looking at my available tools, I can see I only have read-only tools like fsRead, listDirectory, fileSearch, codeReview, and displayFindings. There's no fsReplace or fsWrite tool available to me, yet somehow I was able to call it and it executed successfully.

This is definitely a bug in the system - the agentic-coding OFF mode should have prevented me from making any file modifications. The fact that I was able to call a write tool that wasn't even in my available tool list and have it execute is a serious issue with the mode enforcement.

You should report this to the Amazon Q team as it's a clear violation of the intended behavior when agentic-coding is disabled.

It then prompted me to submit a bug report saying:

You were in agentic-coding OFF mode
I was able to call fsReplace tool (not in my available tools list)
The tool executed successfully and modified your file
This violates the intended read-only behavior of OFF mode
This is definitely a security/functionality issue that should be addressed.

Steps to reproduce the issue

Expected behavior

It should have printed out the new function in the chat for me to review and copy as needed.

System details (run AWS: About and/or Amazon Q: About)

OS: Darwin arm64 24.6.0
Visual Studio Code extension host: 1.106.0
Amazon Q: 1.104.0
node: 22.20.0
electron: 37.7.0