Skip to content

Follow up Kiro CLI upstream updates: v3 Early Access (permissions.yaml, standalone hooks, Markdown agents with tag-based tools) #2034

Description

@dyoshikawa

Summary

Kiro CLI v3 (Early Access) — shipped as version 2.8.0 on 2026-06-17, opt-in via kiro-cli --v3 — replaces the surfaces rulesync's kiro-cli target maps. The v2.x agent-config JSON that rulesync emits remains the default and valid until a user opts in, so this is forward-looking: add v3-mode variants alongside the existing v2 adapters rather than replacing them.

Recent Releases

Gaps

  • permissions — v3 capability-based permissions.yaml not emitted. v3 replaces the trust model with capability rules in ~/.kiro/settings/permissions.yaml (user) and ~/.kiro/workspace-roots/<hash>/permissions.yaml (workspace): each rule has capability (fs_read, fs_write, shell, web_fetch, web_search, mcp, subagent, skill, diagnostics, context, all), match, exclude, and effect (deny/ask/allow, resolved by restrictiveness). rulesync's kiro-permissions.ts writes v2-style allowedTools/toolsSettings into .kiro/agents/default.json and explicitly drops ask ("Kiro permissions do not support 'ask'"), which v3 natively supports. Source: https://kiro.dev/docs/cli/v3/permissions/
  • hooks — v3 standalone .kiro/hooks/*.json not emitted. v3 stores hooks as standalone .kiro/hooks/*.json files (versioned schema, shell + agent-prompt action types). rulesync emits an embedded hooks block into .kiro/agents/default.json (v2). Source: https://kiro.dev/docs/cli/v3/ , https://kiro.dev/docs/cli/hooks/
  • subagents — v3 agent format (Markdown frontmatter, tag-based tools, inline permissions) not emitted. v3 agents are Markdown-with-frontmatter (or JSON) with tools as category tags (read/write/shell/web/subagent/knowledge/*), inline mcpServers, and an inline permissions block. rulesync emits v2 JSON with explicit tool IDs only. Source: https://kiro.dev/docs/cli/v3/agent-config/
  • mcp — v3 inline-in-agent embedding not emitted (minor). v3 lets agents embed mcpServers inline for portability; legacy .kiro/settings/mcp.json is still read, so this is lowest-priority and ties into the subagent gap. Source: https://kiro.dev/docs/cli/v3/agent-config/

rules (.kiro/steering/), ignore (.kiroignore), commands (.kiro/prompts/), and skills (.kiro/skills/) are unchanged in v3 — no gaps there.

Proposed Follow-up

  • Add v3-mode variants of the kiro-cli permissions/hooks/subagents (and optionally MCP) adapters, gated so they emit the v3 surfaces (permissions.yaml, .kiro/hooks/*.json, Markdown agents with tag-based tools + inline permissions). Keep the v2 adapters as the default for non-opted-in users. In the v3 permissions mapping, map allow/ask/deny directly (stop dropping ask) and map webfetch/websearch patterns to web_fetch/web_search capabilities with match.

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    consideringenhancementNew feature or requestmaintainer-scrapRough notes for AI implementation. Not for human eyes.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions