Settings & Policy
Tool configuration, managed settings, command rules, and organizational controls
Extension Name Enterprise Governance and Settings
Vendor Terms Kiro Profile, admin settings, .kiroignore, content exclusion, MCP governance, model governance, web tools governance
Scopes
Organization / EnterpriseUser / HomeProject / Repo RootMachine / Admin
Interfaces IDE, CLI
Availability current (explicit)
Trust Model Admin-controlled via AWS console with client-side enforcement; .kiroignore blocks files from agent context; fail-closed if governance API unreachable
Notes Kiro Profile controls encryption, prompt logging, MCP, web tools, model allow-lists, and API key generation; web tools governance can disable web_search/web_fetch; HIPAA eligible (May 2026); content exclusion via .kiroignore; SSO with Okta and Microsoft Entra ID
Extension Name Settings and Managed Settings
Vendor Terms settings.json, managed settings, managed-settings.json, server-managed settings, policyHelper
Scopes
Organization / EnterpriseUser / HomeProject / Repo Root
Interfaces terminal CLI, VS Code, Desktop, web, JetBrains
Availability current (explicit)
Trust Model Admin-delivered managed settings cannot be overridden; controls permissions, hooks, environment variables, and model defaults
Notes Four-tier scope (managed > local > project > user); 60+ settings keys; policyHelper for dynamic managed settings computation at startup; MDM delivery via macOS plist, Windows registry, or file-based with drop-in directory; fail-closed enforcement option
Extension Name Policies, Settings, and Content Exclusion
Vendor Terms policies, content exclusion, MCP allowlist, BYOK, Copilot Memory policy, agentic audit logs
Scopes
User / HomeOrganization / EnterpriseMachine / Admin
Interfaces GitHub.com, VS Code, Visual Studio, JetBrains, Eclipse, Xcode, CLI
Availability current (explicit)
Trust Model Admin-defined policies that lower tiers cannot override; MCP allowlists restrict permitted servers; block agentic features control
Notes Three policy types (feature, privacy, model); granular org selection for cloud agent; MCP management as separate policy; agentic audit log events and activity monitoring; content exclusion does not apply to CLI or Agent mode
Extension Name Configuration, Rules, and Requirements
Vendor Terms config.toml, requirements.toml, managed configuration, rules, Starlark
Scopes
User / HomeProject / Repo RootSubdirectory / FolderMachine / AdminCloud / Web SessionOrganization / Enterprise
Interfaces CLI, IDE extension, app, web
Availability current (explicit)
Trust Model Admin-enforced requirements cannot be overridden; OS-level sandbox (macOS Seatbelt, Linux bwrap+seccomp)
Notes Requirements are admin-enforced and cannot be overridden; Starlark-based rules (experimental) with prefix_rule() and tree-sitter shell parsing; cloud-managed requirements for Business/Enterprise; 4-level feature maturity taxonomy