Agent-Ex

Amazon Kiro

IDECLIkiro.dev
Amazon Kiro is strongest on workspace-centric IDE automation, bundled "powers," and enterprise governance. Steering supports four inclusion modes: always (default), fileMatch (conditional on file patterns), manual (on-demand via #name or slash commands), and auto (description-matched). Kiro also supports AGENTS.md as an always-included steering source. Team steering can be distributed via MDM or Group Policy. Powers are a first-class concept bundling POWER.md, MCP server configuration, and optional steering/hooks into a single install with contextual activation. In multi-root workspaces, Kiro collects hooks and MCP definitions from each root folder. Enterprise governance includes MCP registry allow-lists, model governance, web tools governance, API key governance, and centralized admin settings via Kiro Profile. CLI custom agents support extensive configuration including knowledgeBase resources with semantic search, DAG-based task dependencies for subagents, and ACP for cross-editor compatibility.

Steering

Instructions
Vendor Terms steering, steering files, AGENTS.md, team steering, foundational steering, file references
Interfaces IDE, CLI
Scopes
User / HomeProject / Repo RootSubdirectory / FolderOrganization / Enterprise
Availability current (explicit)
Trust Model Contextual guidance, not a hard policy layer; inclusion modes control when steering loads; team steering distributed via MDM/Group Policy
Notes Supports always, fileMatch, manual, and auto inclusion modes (IDE); AGENTS.md also supported as always-included source; foundational steering files (product.md, tech.md, structure.md) auto-generated via IDE; custom agents require explicit resource inclusion for steering; workspace overrides global on conflict
Steering for IDE ↗Steering for CLI ↗

Prompts

Prompts
Vendor Terms prompts, reusable prompts, MCP prompts, local prompts, global prompts
Interfaces CLI
Scopes
Project / Repo RootUser / Home
Availability current (explicit)
Trust Model Reusable prompt templates with local > global > MCP priority; content previewed before sending to model
Notes CLI feature; local prompts in .kiro/prompts/, global in ~/.kiro/prompts/; MCP prompts from configured servers; invoked with @name; priority: local > global > MCP; /prompts slash command with list, create, edit, details, get, remove subcommands; MCP prompts support arguments, file-based prompts do not
Manage prompts ↗

Skills

Skills
Vendor Terms agent skills, SKILL.md, skill:// URI
Interfaces IDE, CLI
Scopes
Project / Repo RootUser / Home
Availability current (explicit)
Trust Model Text-only instruction packages that cannot execute code on their own; if agent has write/shell tools enabled, it could execute commands referenced in skills; no isolation between skills
Notes Auto-activate via progressive disclosure (name+description at startup, full content on demand). IDE supports slash command invocation; CLI activation is automatic only. Workspace takes priority over global on conflicts. Custom agents must explicitly include skills via skill:// URIs. IDE supports importing skills from GitHub repos or local folders.
Agent Skills for IDE ↗Agent Skills for CLI ↗

MCP Servers

MCP & Tools
Vendor Terms MCP servers, mcp.json, MCP tools, MCP prompts, MCP resource templates, MCP elicitation, autoApprove, disabledTools, MCP registry
Interfaces IDE, CLI
Scopes
User / HomeProject / Repo RootOrganization / Enterprise
Availability current (explicit)
Trust Model Tool approval required per-use; autoApprove array or wildcard bypasses approval; disabledTools blocks specific tools; IDE approved environment variables whitelist; enterprise MCP registry allow-list with client-side enforcement
Notes IDE and CLI merge workspace and user MCP configs with workspace precedence. CLI adds a third tier: agent config > workspace > global. IDE supports MCP prompts, resource templates, and elicitation. CLI supports OAuth authentication with mid-session token refresh. Enterprise admins can enforce allow-lists via MCP registry URL (fetched at startup and every 24h). Curated server directory with 30+ servers and one-click install.
Model context protocol ↗MCP configuration ↗MCP tools usage ↗MCP server directory ↗CLI MCP overview ↗CLI MCP configuration ↗Enterprise MCP governance ↗

Custom Agents and Subagents

Agents
Vendor Terms custom agents, subagents, agent configuration, plan agent, agent permissions, task dependencies, toolAliases, allowedTools, knowledgeBase resources
Interfaces IDE, CLI
Scopes
Project / Repo RootUser / Home
Availability current (explicit)
Trust Model Agents default to read-only; write tools require explicit opt-in; allowedTools with globs controls approval-free tools; trustedAgents and agentPermissions provide layered permission control; preToolUse hooks can audit/block; IDE subagents: steering and MCP work, Specs and Hooks do not
Notes CLI custom agents are JSON config files with extensive configuration: prompt (inline or file URI), tools, allowedTools (glob patterns), toolAliases, toolsSettings, resources (file, skill, knowledgeBase with semantic search), hooks (5 trigger types), mcpServers (with OAuth), model override. IDE subagents are Markdown files with YAML frontmatter. Two built-in IDE subagents (context gathering, general purpose). Built-in Plan agent (CLI, read-only). CLI subagents support DAG-based task dependencies, per-subagent permission control, and dedicated execution monitor. ACP support enables CLI agents in JetBrains and Zed.
Creating custom agents for CLI ↗Agent configuration reference ↗Subagents for IDE ↗Subagents for CLI ↗Planning agent ↗Agent Client Protocol ↗

Hooks

Hooks
Vendor Terms hooks, agent hooks, Ask Kiro, Run Command, Agent Prompt, Shell Command
Interfaces IDE, CLI
Scopes
Project / Repo RootUser / Home
Availability current (explicit)
Trust Model Deterministic automation; IDE hooks can Ask Kiro (agent prompt) or Run Command (shell); CLI hooks fire on lifecycle events with structured JSON input; exit code semantics differ between surfaces
Notes IDE hooks support 10 trigger types (Prompt Submit, Agent Stop, Pre/Post Tool Use, File Create/Save/Delete, Pre/Post Task Execution, Manual Trigger) with two action types (Ask Kiro agent prompt, Run Command shell). CLI hooks support 5 types (AgentSpawn, UserPromptSubmit, PreToolUse, PostToolUse, Stop) defined in agent configuration with JSON STDIN events, tool matching, caching, and exit-code-based flow control (exit 2 blocks PreToolUse). Default timeout: 60s IDE, 30s CLI.
Hooks for IDE ↗Hooks for CLI ↗Hook actions ↗Hook types ↗Hook examples ↗

Powers

Plugins & Distribution
Vendor Terms powers, POWER.md, mcp.json, steering/, keywords, dynamic MCP tool loading
Interfaces IDE, kiro.dev
Scopes
User / HomeProject / Repo Root
Availability current (explicit)
Trust Model Third-party powers explicitly disclaimed (not tested or screened across all use cases); MCP servers auto-register on install; environment variables for secrets; no sandboxing or permission model mentioned
Notes IDE-only; CLI support planned. 40+ curated and community powers available via kiro.dev marketplace and GitHub. Powers register in ~/.kiro/settings/mcp.json (user scope) with workspace-level steering/hooks. Cross-tool compatibility (Cursor, Claude Code, Cline) planned. Install from kiro.dev, IDE powers panel, or GitHub URL.
Powers docs ↗Install powers ↗Create powers ↗Powers landing page ↗

IDE Extensions and Extension Registry

Settings & Policy
Vendor Terms IDE extensions, OpenVSX, extension registry, product.json
Interfaces IDE
Scopes
Machine / AdminOrganization / Enterprise
Availability current (explicit)
Trust Model Standard IDE extension trust with an explicit governance hook for curated registries
Notes Admins can point Kiro to a private registry by editing product.json; deployable via MDM/endpoint management
Custom extension registry ↗

Enterprise Governance and CLI Configuration

Settings & Policy
Vendor Terms Kiro Profile, admin settings, Kiro console, .kiroignore, kiroAgent.agentIgnoreFiles, content exclusion, MCP registry, MCP allow-list, MCP governance, model governance, web tools governance, API key governance, /tools, tool permissions, trust levels, cli.json
Interfaces IDE, CLI
Scopes
Organization / EnterpriseUser / HomeProject / Repo Root
Availability current (explicit)
Trust Model Admin-controlled via AWS console with client-side enforcement; MCP registry parameters are read-only; .kiroignore blocks files from agent context; CLI tool permissions default to read-trusted with per-request approval for writes/shell
Notes Enterprise admin toggles via Kiro Profile control encryption, code references, dashboards, prompt logging, MCP on/off, web tools on/off, overages, model allow-lists, and API key generation. MCP governance via registry allow-list (JSON over HTTPS, 24h sync, MCP Registry open standard). Model governance restricts available models (important for data residency). Content exclusion via .kiroignore (gitignore syntax, workspace and global scopes). CLI tool permissions via /tools command with tiered shell/path trust (session-scoped). CLI three-tier config: Global > Project > Agent.
Enterprise settings ↗Enterprise MCP governance ↗Model governance ↗Web tools governance ↗API key governance ↗Kiroignore ↗CLI permissions ↗CLI configuration ↗
Data last updated 2026-04-18 · Auto-generated from upstream docs and may be inaccurate · Agent-Ex