.kiro/README.md
Bring Everything Claude Code (ECC) workflows to Kiro. This repository provides custom agents, skills, hooks, steering files, and scripts that can be installed into any Kiro project with a single command.
# Go to .kiro folder
cd .kiro
# Install to your project
./install.sh /path/to/your/project
# Or install to the current directory
./install.sh
# Or install globally (applies to all Kiro projects)
./install.sh ~
The installer uses non-destructive copy — it will not overwrite your existing files.
| Component | Count | Location |
|---|---|---|
| Agents (JSON) | 16 | .kiro/agents/*.json |
| Agents (MD) | 16 | .kiro/agents/*.md |
| Skills | 18 | .kiro/skills/*/SKILL.md |
| Steering Files | 16 | .kiro/steering/*.md |
| IDE Hooks | 10 | .kiro/hooks/*.kiro.hook |
| Scripts | 2 | .kiro/scripts/*.sh |
| MCP Examples | 1 | .kiro/settings/mcp.json.example |
| Documentation | 5 | docs/*.md |
Agents are specialized AI assistants with specific tool configurations.
Format:
.md) - Access via automatic selection or explicit invocation.json) - Access via /agent swap commandBoth formats are included for maximum compatibility.
Note: Agent models are determined by your current model selection in Kiro, not by the agent configuration.
| Agent | Description |
|---|---|
planner | Expert planning specialist for complex features and refactoring. Read-only tools for safe analysis. |
code-reviewer | Senior code reviewer ensuring quality and security. Reviews code for CRITICAL security issues, code quality, React/Next.js patterns, and performance. |
tdd-guide | Test-Driven Development specialist enforcing write-tests-first methodology. Ensures 80%+ test coverage with comprehensive test suites. |
security-reviewer | Security vulnerability detection and remediation specialist. Flags secrets, SSRF, injection, unsafe crypto, and OWASP Top 10 vulnerabilities. |
architect | Software architecture specialist for system design, scalability, and technical decision-making. Read-only tools for safe analysis. |
build-error-resolver | Build and TypeScript error resolution specialist. Fixes build/type errors with minimal diffs, no architectural changes. |
doc-updater | Documentation and codemap specialist. Updates codemaps and documentation, generates docs/CODEMAPS/*, updates READMEs. |
refactor-cleaner | Dead code cleanup and consolidation specialist. Removes unused code, duplicates, and refactors safely. |
go-reviewer | Go code review specialist. Reviews Go code for idiomatic patterns, error handling, concurrency, and performance. |
python-reviewer | Python code review specialist. Reviews Python code for PEP 8, type hints, error handling, and best practices. |
database-reviewer | Database and SQL specialist. Reviews schema design, queries, migrations, and database security. |
e2e-runner | End-to-end testing specialist. Creates and maintains E2E tests using Playwright or Cypress. |
harness-optimizer | Test harness optimization specialist. Improves test performance, reliability, and maintainability. |
loop-operator | Verification loop operator. Runs comprehensive checks and iterates until all pass. |
chief-of-staff | Executive assistant for project management, coordination, and strategic planning. |
go-build-resolver | Go build error resolution specialist. Fixes Go compilation errors, dependency issues, and build problems. |
Usage in IDE:
/ in a Kiro session, e.g., /code-reviewer.planner and architect agents.Usage in CLI:
/agent swap to see available agentscode-reviewer after writing code)kiro-cli --agent plannerSkills are on-demand workflows invocable via the / menu in chat.
| Skill | Description |
|---|---|
tdd-workflow | Enforces test-driven development with 80%+ coverage including unit, integration, and E2E tests. Use when writing new features or fixing bugs. |
coding-standards | Universal coding standards and best practices for TypeScript, JavaScript, React, and Node.js. Use when starting projects, reviewing code, or refactoring. |
security-review | Comprehensive security checklist and patterns. Use when adding authentication, handling user input, creating API endpoints, or working with secrets. |
verification-loop | Comprehensive verification system that runs build, type check, lint, tests, security scan, and diff review. Use after completing features or before creating PRs. |
api-design | RESTful API design patterns and best practices. Use when designing new APIs or refactoring existing endpoints. |
frontend-patterns | React, Next.js, and frontend architecture patterns. Use when building UI components or optimizing frontend performance. |
backend-patterns | Node.js, Express, and backend architecture patterns. Use when building APIs, services, or backend infrastructure. |
e2e-testing | End-to-end testing with Playwright or Cypress. Use when adding E2E tests or improving test coverage. |
golang-patterns | Go idioms, concurrency patterns, and best practices. Use when writing Go code or reviewing Go projects. |
golang-testing | Go testing patterns with table-driven tests and benchmarks. Use when writing Go tests or improving test coverage. |
python-patterns | Python idioms, type hints, and best practices. Use when writing Python code or reviewing Python projects. |
python-testing | Python testing with pytest and coverage. Use when writing Python tests or improving test coverage. |
database-migrations | Database schema design and migration patterns. Use when creating migrations or refactoring database schemas. |
postgres-patterns | PostgreSQL-specific patterns and optimizations. Use when working with PostgreSQL databases. |
docker-patterns | Docker and containerization best practices. Use when creating Dockerfiles or optimizing container builds. |
deployment-patterns | Deployment strategies and CI/CD patterns. Use when setting up deployments or improving CI/CD pipelines. |
search-first | Search-first development methodology. Use when exploring unfamiliar codebases or debugging issues. |
agentic-engineering | Agentic software engineering patterns and workflows. Use when working with AI agents or building agentic systems. |
Usage:
/ in chat to open the skills menutdd-workflow when starting a new feature, security-review when adding auth)Note: For planning complex features, use the planner agent instead (see Agents section above).
Steering files provide always-on rules and context that shape how the agent works with your code.
| File | Inclusion | Description |
|---|---|---|
coding-style.md | auto | Core coding style rules: immutability, file organization, error handling, and code quality standards. Loaded in every conversation. |
security.md | auto | Security best practices including mandatory checks, secret management, and security response protocol. Loaded in every conversation. |
testing.md | auto | Testing requirements: 80% coverage minimum, TDD workflow, and test types (unit, integration, E2E). Loaded in every conversation. |
development-workflow.md | auto | Development process, PR workflow, and collaboration patterns. Loaded in every conversation. |
git-workflow.md | auto | Git commit conventions, branching strategies, and version control best practices. Loaded in every conversation. |
patterns.md | auto | Common design patterns and architectural principles. Loaded in every conversation. |
performance.md | auto | Performance optimization guidelines and profiling strategies. Loaded in every conversation. |
lessons-learned.md | auto | Project-specific patterns and learnings. Edit this file to capture your team's conventions. Loaded in every conversation. |
typescript-patterns.md | fileMatch: *.ts,*.tsx | TypeScript-specific patterns, type safety, and best practices. Loaded when editing TypeScript files. |
python-patterns.md | fileMatch: *.py | Python-specific patterns, type hints, and best practices. Loaded when editing Python files. |
golang-patterns.md | fileMatch: *.go | Go-specific patterns, concurrency, and best practices. Loaded when editing Go files. |
swift-patterns.md | fileMatch: *.swift | Swift-specific patterns and best practices. Loaded when editing Swift files. |
dev-mode.md | manual | Development context mode. Invoke with #dev-mode for focused development. |
review-mode.md | manual | Code review context mode. Invoke with #review-mode for thorough reviews. |
research-mode.md | manual | Research context mode. Invoke with #research-mode for exploration and learning. |
Steering files with auto inclusion are loaded automatically. No action needed — they apply as soon as you install them.
To create your own, add a markdown file to .kiro/steering/ with YAML frontmatter:
---
inclusion: auto # auto | fileMatch | manual
description: Brief explanation of what this steering file contains
fileMatchPattern: "*.ts" # required if inclusion is fileMatch
---
Your rules here...
Kiro supports two types of hooks:
.kiro/hooks/ (for Kiro IDE)kiro-cli)These hooks appear in the Agent Hooks panel in the Kiro IDE and can be toggled on/off. Hook files use the .kiro.hook extension.
| Hook | Trigger | Action | Description |
|---|---|---|---|
quality-gate | Manual (userTriggered) | runCommand | Runs build, type check, lint, and tests via quality-gate.sh. Click to trigger comprehensive quality checks. |
typecheck-on-edit | File edited (*.ts, *.tsx) | askAgent | Checks for type errors when TypeScript files are edited to catch issues early. |
console-log-check | File edited (*.js, *.ts, *.tsx) | askAgent | Checks for console.log statements to prevent debug code from being committed. |
tdd-reminder | File created (*.ts, *.tsx) | askAgent | Reminds you to write tests first when creating new TypeScript files. |
git-push-review | Before shell command | askAgent | Reviews git push commands to ensure code quality before pushing. |
code-review-on-write | After write operation | askAgent | Triggers code review after file modifications. |
auto-format | File edited (*.ts, *.tsx, *.js) | askAgent | Checks for formatting issues and fixes them inline without spawning a terminal. |
extract-patterns | Agent stops | askAgent | Suggests patterns to add to lessons-learned.md after completing work. |
session-summary | Agent stops | askAgent | Provides a summary of work completed in the session. |
doc-file-warning | Before write operation | askAgent | Warns before modifying documentation files to ensure intentional changes. |
IDE Hook Format:
{
"version": "1.0.0",
"enabled": true,
"name": "hook-name",
"description": "What this hook does",
"when": {
"type": "fileEdited",
"patterns": ["*.ts"]
},
"then": {
"type": "runCommand",
"command": "npx tsc --noEmit"
}
}
Required fields: version, enabled, name, description, when, then
Available trigger types: fileEdited, fileCreated, fileDeleted, userTriggered, promptSubmit, agentStop, preToolUse, postToolUse
CLI hooks are embedded within agent configuration files for use with kiro-cli.
Example: See .kiro/agents/tdd-guide-with-hooks.json for an agent with embedded hooks.
CLI Hook Format:
{
"name": "my-agent",
"hooks": {
"postToolUse": [
{
"matcher": "fs_write",
"command": "npx tsc --noEmit"
}
]
}
}
Available triggers: agentSpawn, userPromptSubmit, preToolUse, postToolUse, stop
See .kiro/hooks/README.md for complete documentation on both hook types.
Shell scripts used by hooks to perform quality checks and formatting.
| Script | Description |
|---|---|
quality-gate.sh | Detects your package manager (pnpm/yarn/bun/npm) and runs build, type check, lint, and test commands. Skips checks gracefully if tools are missing. |
format.sh | Detects your formatter (biome or prettier) and auto-formats the specified file. Used by formatting hooks. |
.kiro/
├── agents/ # 16 agents (JSON + MD formats)
│ ├── planner.json # Planning specialist (CLI)
│ ├── planner.md # Planning specialist (IDE)
│ ├── code-reviewer.json # Code review specialist (CLI)
│ ├── code-reviewer.md # Code review specialist (IDE)
│ ├── tdd-guide.json # TDD specialist (CLI)
│ ├── tdd-guide.md # TDD specialist (IDE)
│ ├── security-reviewer.json # Security specialist (CLI)
│ ├── security-reviewer.md # Security specialist (IDE)
│ ├── architect.json # Architecture specialist (CLI)
│ ├── architect.md # Architecture specialist (IDE)
│ ├── build-error-resolver.json # Build error specialist (CLI)
│ ├── build-error-resolver.md # Build error specialist (IDE)
│ ├── doc-updater.json # Documentation specialist (CLI)
│ ├── doc-updater.md # Documentation specialist (IDE)
│ ├── refactor-cleaner.json # Refactoring specialist (CLI)
│ ├── refactor-cleaner.md # Refactoring specialist (IDE)
│ ├── go-reviewer.json # Go review specialist (CLI)
│ ├── go-reviewer.md # Go review specialist (IDE)
│ ├── python-reviewer.json # Python review specialist (CLI)
│ ├── python-reviewer.md # Python review specialist (IDE)
│ ├── database-reviewer.json # Database specialist (CLI)
│ ├── database-reviewer.md # Database specialist (IDE)
│ ├── e2e-runner.json # E2E testing specialist (CLI)
│ ├── e2e-runner.md # E2E testing specialist (IDE)
│ ├── harness-optimizer.json # Test harness specialist (CLI)
│ ├── harness-optimizer.md # Test harness specialist (IDE)
│ ├── loop-operator.json # Verification loop specialist (CLI)
│ ├── loop-operator.md # Verification loop specialist (IDE)
│ ├── chief-of-staff.json # Project management specialist (CLI)
│ ├── chief-of-staff.md # Project management specialist (IDE)
│ ├── go-build-resolver.json # Go build specialist (CLI)
│ └── go-build-resolver.md # Go build specialist (IDE)
├── skills/ # 18 skills
│ ├── tdd-workflow/
│ │ └── SKILL.md # TDD workflow skill
│ ├── coding-standards/
│ │ └── SKILL.md # Coding standards skill
│ ├── security-review/
│ │ └── SKILL.md # Security review skill
│ ├── verification-loop/
│ │ └── SKILL.md # Verification loop skill
│ ├── api-design/
│ │ └── SKILL.md # API design skill
│ ├── frontend-patterns/
│ │ └── SKILL.md # Frontend patterns skill
│ ├── backend-patterns/
│ │ └── SKILL.md # Backend patterns skill
│ ├── e2e-testing/
│ │ └── SKILL.md # E2E testing skill
│ ├── golang-patterns/
│ │ └── SKILL.md # Go patterns skill
│ ├── golang-testing/
│ │ └── SKILL.md # Go testing skill
│ ├── python-patterns/
│ │ └── SKILL.md # Python patterns skill
│ ├── python-testing/
│ │ └── SKILL.md # Python testing skill
│ ├── database-migrations/
│ │ └── SKILL.md # Database migrations skill
│ ├── postgres-patterns/
│ │ └── SKILL.md # PostgreSQL patterns skill
│ ├── docker-patterns/
│ │ └── SKILL.md # Docker patterns skill
│ ├── deployment-patterns/
│ │ └── SKILL.md # Deployment patterns skill
│ ├── search-first/
│ │ └── SKILL.md # Search-first methodology skill
│ └── agentic-engineering/
│ └── SKILL.md # Agentic engineering skill
├── steering/ # 16 steering files
│ ├── coding-style.md # Auto-loaded coding style rules
│ ├── security.md # Auto-loaded security rules
│ ├── testing.md # Auto-loaded testing rules
│ ├── development-workflow.md # Auto-loaded dev workflow
│ ├── git-workflow.md # Auto-loaded git workflow
│ ├── patterns.md # Auto-loaded design patterns
│ ├── performance.md # Auto-loaded performance rules
│ ├── lessons-learned.md # Auto-loaded project patterns
│ ├── typescript-patterns.md # Loaded for .ts/.tsx files
│ ├── python-patterns.md # Loaded for .py files
│ ├── golang-patterns.md # Loaded for .go files
│ ├── swift-patterns.md # Loaded for .swift files
│ ├── dev-mode.md # Manual: #dev-mode
│ ├── review-mode.md # Manual: #review-mode
│ └── research-mode.md # Manual: #research-mode
├── hooks/ # 10 IDE hooks
│ ├── README.md # Documentation on IDE and CLI hooks
│ ├── quality-gate.kiro.hook # Manual quality gate hook
│ ├── typecheck-on-edit.kiro.hook # Auto typecheck on edit
│ ├── console-log-check.kiro.hook # Check for console.log
│ ├── tdd-reminder.kiro.hook # TDD reminder on file create
│ ├── git-push-review.kiro.hook # Review before git push
│ ├── code-review-on-write.kiro.hook # Review after write
│ ├── auto-format.kiro.hook # Auto-format on edit
│ ├── extract-patterns.kiro.hook # Extract patterns on stop
│ ├── session-summary.kiro.hook # Summary on stop
│ └── doc-file-warning.kiro.hook # Warn before doc changes
├── scripts/ # 2 shell scripts
│ ├── quality-gate.sh # Quality gate shell script
│ └── format.sh # Auto-format shell script
└── settings/ # MCP configuration
└── mcp.json.example # Example MCP server configs
docs/ # 5 documentation files
├── longform-guide.md # Deep dive on agentic workflows
├── shortform-guide.md # Quick reference guide
├── security-guide.md # Security best practices
├── migration-from-ecc.md # Migration guide from ECC
└── ECC-KIRO-INTEGRATION-PLAN.md # Integration plan and analysis
All files are yours to modify after installation. The installer never overwrites existing files, so your customizations are safe across re-installs.
.kiro/agents/*.json to adjust behavior or add project-specific instructions.kiro/skills/*/SKILL.md to match your team's processes.kiro/steering/*.md to enforce your coding standards.kiro/hooks/*.json to automate your workflow.kiro/scripts/*.sh to match your tooling setupplanner agent to break down complex featurestdd-workflow skill before implementingcode-reviewer agent after writing codesecurity-reviewer agent for auth, API endpoints, or sensitive data handlingquality-gate hook before committingverification-loop skill before creating PRsThe auto-loaded steering files (coding-style, security, testing) ensure consistent standards throughout your session.
# 1. Start with the planner agent to break down the feature
kiro-cli --agent planner
> "I need to add user authentication with JWT tokens"
# 2. Invoke the TDD workflow skill
> /tdd-workflow
# 3. Follow the TDD cycle: write tests first, then implementation
# The tdd-workflow skill will guide you through:
# - Writing unit tests for auth logic
# - Writing integration tests for API endpoints
# - Writing E2E tests for login flow
# 4. Switch to code-reviewer after implementation
> /agent swap code-reviewer
> "Review the authentication implementation"
# 5. Run security review for auth-related code
> /agent swap security-reviewer
> "Check for security vulnerabilities in the auth system"
# 6. Trigger quality gate before committing
# (In IDE: Click the quality-gate hook in Agent Hooks panel)
# 1. Switch to code-reviewer agent
kiro-cli --agent code-reviewer
# 2. Review specific files or directories
> "Review the changes in src/api/users.ts"
# 3. Use the verification-loop skill for comprehensive checks
> /verification-loop
# 4. The verification loop will:
# - Run build and type checks
# - Run linter
# - Run all tests
# - Perform security scan
# - Review git diff
# - Iterate until all checks pass
# 1. Invoke security-review skill when working on sensitive features
> /security-review
# 2. The skill provides a comprehensive checklist:
# - Input validation and sanitization
# - Authentication and authorization
# - Secret management
# - SQL injection prevention
# - XSS prevention
# - CSRF protection
# 3. Switch to security-reviewer agent for deep analysis
> /agent swap security-reviewer
> "Analyze the API endpoints for security vulnerabilities"
# 4. The security.md steering file is auto-loaded, ensuring:
# - No hardcoded secrets
# - Proper error handling
# - Secure crypto usage
# - OWASP Top 10 compliance
# For Go projects:
kiro-cli --agent go-reviewer
> "Review the concurrency patterns in this service"
> /golang-patterns # Invoke Go-specific patterns skill
# For Python projects:
kiro-cli --agent python-reviewer
> "Review the type hints and error handling"
> /python-patterns # Invoke Python-specific patterns skill
# Language-specific steering files are auto-loaded:
# - golang-patterns.md loads when editing .go files
# - python-patterns.md loads when editing .py files
# - typescript-patterns.md loads when editing .ts/.tsx files
# Hooks run automatically based on triggers:
# 1. typecheck-on-edit hook
# - Triggers when you save .ts or .tsx files
# - Agent checks for type errors inline, no terminal spawned
# 2. console-log-check hook
# - Triggers when you save .js, .ts, or .tsx files
# - Agent flags console.log statements and offers to remove them
# 3. tdd-reminder hook
# - Triggers when you create a new .ts or .tsx file
# - Reminds you to write tests first
# - Reinforces TDD discipline
# 4. extract-patterns hook
# - Runs when agent stops working
# - Suggests patterns to add to lessons-learned.md
# - Builds your team's knowledge base over time
# Toggle hooks on/off in the Agent Hooks panel (IDE)
# or disable them in the hook JSON files
# Use manual steering files for specific contexts:
# Development mode - focused on implementation
> #dev-mode
> "Implement the user registration endpoint"
# Review mode - thorough code review
> #review-mode
> "Review all changes in the current PR"
# Research mode - exploration and learning
> #research-mode
> "Explain how the authentication system works"
# Manual steering files provide context-specific instructions
# without cluttering every conversation
# 1. Use database-reviewer agent for schema work
kiro-cli --agent database-reviewer
> "Review the database schema for the users table"
# 2. Invoke database-migrations skill
> /database-migrations
# 3. For PostgreSQL-specific work
> /postgres-patterns
> "Optimize this query for better performance"
# 4. The database-reviewer checks:
# - Schema design and normalization
# - Index usage and performance
# - Migration safety
# - SQL injection vulnerabilities
# 1. Fix build errors with build-error-resolver
kiro-cli --agent build-error-resolver
> "Fix the TypeScript compilation errors"
# 2. Use docker-patterns skill for containerization
> /docker-patterns
> "Create a production-ready Dockerfile"
# 3. Use deployment-patterns skill for CI/CD
> /deployment-patterns
> "Set up a GitHub Actions workflow for deployment"
# 4. Run quality gate before deployment
# (Trigger quality-gate hook to run all checks)
# 1. Use refactor-cleaner agent for safe refactoring
kiro-cli --agent refactor-cleaner
> "Remove unused code and consolidate duplicate functions"
# 2. The agent will:
# - Identify dead code
# - Find duplicate implementations
# - Suggest consolidation opportunities
# - Refactor safely without breaking changes
# 3. Use verification-loop after refactoring
> /verification-loop
# Ensures all tests still pass after refactoring
# 1. Use doc-updater agent for documentation work
kiro-cli --agent doc-updater
> "Update the README with the new API endpoints"
# 2. The agent will:
# - Update codemaps in docs/CODEMAPS/
# - Update README files
# - Generate API documentation
# - Keep docs in sync with code
# 3. doc-file-warning hook prevents accidental doc changes
# - Triggers before writing to documentation files
# - Asks for confirmation
# - Prevents unintentional modifications
For more detailed information, see the docs/ directory:
MIT — see LICENSE for details.