Summary
Kiro CLI v3 (Early Access) — shipped as version 2.8.0 on 2026-06-17, opt-in via kiro-cli --v3 — replaces the surfaces rulesync's kiro-cli target maps. The v2.x agent-config JSON that rulesync emits remains the default and valid until a user opts in, so this is forward-looking: add v3-mode variants alongside the existing v2 adapters rather than replacing them.
Recent Releases
Gaps
- permissions — v3 capability-based
permissions.yaml not emitted. v3 replaces the trust model with capability rules in ~/.kiro/settings/permissions.yaml (user) and ~/.kiro/workspace-roots/<hash>/permissions.yaml (workspace): each rule has capability (fs_read, fs_write, shell, web_fetch, web_search, mcp, subagent, skill, diagnostics, context, all), match, exclude, and effect (deny/ask/allow, resolved by restrictiveness). rulesync's kiro-permissions.ts writes v2-style allowedTools/toolsSettings into .kiro/agents/default.json and explicitly drops ask ("Kiro permissions do not support 'ask'"), which v3 natively supports. Source: https://kiro.dev/docs/cli/v3/permissions/
- hooks — v3 standalone
.kiro/hooks/*.json not emitted. v3 stores hooks as standalone .kiro/hooks/*.json files (versioned schema, shell + agent-prompt action types). rulesync emits an embedded hooks block into .kiro/agents/default.json (v2). Source: https://kiro.dev/docs/cli/v3/ , https://kiro.dev/docs/cli/hooks/
- subagents — v3 agent format (Markdown frontmatter, tag-based
tools, inline permissions) not emitted. v3 agents are Markdown-with-frontmatter (or JSON) with tools as category tags (read/write/shell/web/subagent/knowledge/*), inline mcpServers, and an inline permissions block. rulesync emits v2 JSON with explicit tool IDs only. Source: https://kiro.dev/docs/cli/v3/agent-config/
- mcp — v3 inline-in-agent embedding not emitted (minor). v3 lets agents embed
mcpServers inline for portability; legacy .kiro/settings/mcp.json is still read, so this is lowest-priority and ties into the subagent gap. Source: https://kiro.dev/docs/cli/v3/agent-config/
rules (.kiro/steering/), ignore (.kiroignore), commands (.kiro/prompts/), and skills (.kiro/skills/) are unchanged in v3 — no gaps there.
Proposed Follow-up
- Add v3-mode variants of the
kiro-cli permissions/hooks/subagents (and optionally MCP) adapters, gated so they emit the v3 surfaces (permissions.yaml, .kiro/hooks/*.json, Markdown agents with tag-based tools + inline permissions). Keep the v2 adapters as the default for non-opted-in users. In the v3 permissions mapping, map allow/ask/deny directly (stop dropping ask) and map webfetch/websearch patterns to web_fetch/web_search capabilities with match.
References
Summary
Kiro CLI v3 (Early Access) — shipped as version 2.8.0 on 2026-06-17, opt-in via
kiro-cli --v3— replaces the surfaces rulesync'skiro-clitarget maps. The v2.x agent-config JSON that rulesync emits remains the default and valid until a user opts in, so this is forward-looking: add v3-mode variants alongside the existing v2 adapters rather than replacing them.Recent Releases
Gaps
permissions.yamlnot emitted. v3 replaces the trust model with capability rules in~/.kiro/settings/permissions.yaml(user) and~/.kiro/workspace-roots/<hash>/permissions.yaml(workspace): each rule hascapability(fs_read,fs_write,shell,web_fetch,web_search,mcp,subagent,skill,diagnostics,context,all),match,exclude, andeffect(deny/ask/allow, resolved by restrictiveness). rulesync'skiro-permissions.tswrites v2-styleallowedTools/toolsSettingsinto.kiro/agents/default.jsonand explicitly dropsask("Kiro permissions do not support 'ask'"), which v3 natively supports. Source: https://kiro.dev/docs/cli/v3/permissions/.kiro/hooks/*.jsonnot emitted. v3 stores hooks as standalone.kiro/hooks/*.jsonfiles (versioned schema, shell + agent-prompt action types). rulesync emits an embeddedhooksblock into.kiro/agents/default.json(v2). Source: https://kiro.dev/docs/cli/v3/ , https://kiro.dev/docs/cli/hooks/tools, inlinepermissions) not emitted. v3 agents are Markdown-with-frontmatter (or JSON) withtoolsas category tags (read/write/shell/web/subagent/knowledge/*), inlinemcpServers, and an inlinepermissionsblock. rulesync emits v2 JSON with explicit tool IDs only. Source: https://kiro.dev/docs/cli/v3/agent-config/mcpServersinline for portability; legacy.kiro/settings/mcp.jsonis still read, so this is lowest-priority and ties into the subagent gap. Source: https://kiro.dev/docs/cli/v3/agent-config/rules(.kiro/steering/),ignore(.kiroignore),commands(.kiro/prompts/), andskills(.kiro/skills/) are unchanged in v3 — no gaps there.Proposed Follow-up
kiro-clipermissions/hooks/subagents (and optionally MCP) adapters, gated so they emit the v3 surfaces (permissions.yaml,.kiro/hooks/*.json, Markdown agents with tag-based tools + inlinepermissions). Keep the v2 adapters as the default for non-opted-in users. In the v3 permissions mapping, mapallow/ask/denydirectly (stop droppingask) and map webfetch/websearch patterns toweb_fetch/web_searchcapabilities withmatch.References
permissions.yamlmodel..kiro/hooks/*.jsonhook schema.