{"id":47808504,"url":"https://github.com/rommelporras/kiro-config","last_synced_at":"2026-04-24T14:07:03.196Z","repository":{"id":348668049,"uuid":"1192783354","full_name":"rommelporras/kiro-config","owner":"rommelporras","description":"Multi-agent Kiro CLI configuration with an orchestrator-and-specialists pattern, 10+ curated skills, a self-learning knowledge pipeline, and 3-layer security (hooks, denied paths, denied commands). Clone, symlink into ~/.kiro/, done. Fork and make it yours.","archived":false,"fork":false,"pushed_at":"2026-04-21T05:02:13.000Z","size":597,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-21T06:41:36.541Z","etag":null,"topics":["agents","ai","claude","developer-tools","devops","kiro","llm","orchestrator-pattern","prompt-engineering"],"latest_commit_sha":null,"homepage":"https://rommelporras.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rommelporras.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-26T14:59:02.000Z","updated_at":"2026-04-21T05:56:15.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/rommelporras/kiro-config","commit_stats":null,"previous_names":["rommelporras/kiro-config"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/rommelporras/kiro-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rommelporras%2Fkiro-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rommelporras%2Fkiro-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rommelporras%2Fkiro-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rommelporras%2Fkiro-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rommelporras","download_url":"https://codeload.github.com/rommelporras/kiro-config/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rommelporras%2Fkiro-config/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32226461,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T13:21:15.438Z","status":"ssl_error","status_checked_at":"2026-04-24T13:21:15.005Z","response_time":64,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","ai","claude","developer-tools","devops","kiro","llm","orchestrator-pattern","prompt-engineering"],"created_at":"2026-04-03T17:58:35.650Z","updated_at":"2026-04-24T14:07:03.191Z","avatar_url":"https://github.com/rommelporras.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kiro-config\n\nPersonal Kiro CLI configuration with multi-agent orchestrator, multi-domain steering (Python, TypeScript, shell, infra), layered security, and a self-learning knowledge system.\n\n## Architecture\n\n```\nUser ↔ devops-orchestrator (plans, converses, coordinates, git ops)\n ├── devops-docs (edits config, docs, markdown — no TDD)\n ├── devops-python (writes Python code, TDD, debugging)\n ├── devops-shell (writes Bash/shell, system automation)\n ├── devops-typescript (writes TypeScript/Express, TDD with Vitest)\n ├── devops-frontend (writes HTML/CSS/TS, Chart.js, accessibility)\n ├── devops-reviewer (read-only analysis, no write tool)\n ├── devops-refactor (restructures code, preserves behavior)\n ├── devops-terraform (read-only Terraform analysis, preflight gate)\n └── devops-kiro-config (project-local: kiro-config editing)\n\nbase — standalone fallback for general questions (no orchestration)\n```\n\nThe `devops-orchestrator` is the default agent. It never writes executable code — config and markdown edits are handled directly for small scope (\u003c10 files), everything else is delegated to specialists. Skills are curated per agent (no global wildcard loading).\n\n## Features\n\n- **12 steering docs** — engineering, tooling, universal rules, AWS CLI, security, Python/boto3, Shell/Bash, TypeScript, web development, frontend, design principles, terraform\n- **20 skills** — curated per agent: planning, delegation, TDD, debugging, code review, and more\n- **11 hooks** — secret scanning, sensitive file protection, bash write protection, sed/awk block on JSON, doc consistency, workspace context injection, session notification, terraform preflight gate, self-learning pipeline (context enrichment, correction detection, auto-capture, distillation)\n- **11 agents** — devops-orchestrator + 9 specialists + base fallback\n- **Self-learning knowledge pipeline** — corrections auto-captured, keywords tracked, rules auto-promoted\n- **Knowledge base integration** — semantic search across config with auto-indexing\n- **Infrastructure is read-only** — Kiro writes code in files but never executes mutating infra commands\n\n## Structure\n\n```\n├── agents/ # Agent configurations\n│ ├── devops-orchestrator.json # Default — plans, delegates, git ops\n│ ├── devops-docs.json # Config/docs editor subagent\n│ ├── devops-python.json # Python specialist subagent\n│ ├── devops-shell.json # Shell/Bash specialist subagent\n│ ├── devops-typescript.json # TypeScript/Express specialist subagent\n│ ├── devops-frontend.json # Frontend specialist subagent\n│ ├── devops-reviewer.json # Read-only reviewer subagent\n│ ├── devops-refactor.json # Refactoring specialist subagent\n│ ├── devops-terraform.json # Read-only Terraform analyst subagent\n│ ├── devops-kiro-config.json # Project-local kiro-config editor (in .kiro/agents/)\n│ ├── base.json # Standalone fallback (no orchestration)\n│ └── prompts/ # Markdown prompts for each agent\n├── hooks/ # Hook scripts\n│ ├── security/ # PreToolUse gates\n│ │ └── block-sed-json.sh\n│ ├── feedback/ # Self-learning pipeline\n│ │ ├── context-enrichment.sh\n│ │ ├── correction-detect.sh\n│ │ └── auto-capture.sh\n│ ├── _lib/ # Shared libraries\n│ │ └── distill.sh\n│ ├── workspace-context.sh\n│ ├── scan-secrets.sh\n│ ├── protect-sensitive.sh\n│ ├── bash-write-protect.sh\n│ ├── doc-consistency.sh\n│ ├── terraform-preflight.sh\n│ └── notify.sh\n├── knowledge/ # Self-evolving knowledge base\n│ ├── rules.md # Permanent rules (🔴 critical + 🟡 relevant)\n│ ├── episodes.md # Captured corrections\n│ ├── gotchas.md # Known gotchas and edge cases\n│ └── archive/ # Monthly archives\n├── scripts/ # Setup and maintenance\n├── settings/ # CLI settings (cli.json, mcp.json)\n├── skills/ # 20 agent skills (curated per agent)\n│ ├── agent-audit/\n│ ├── design-and-spec/\n│ ├── doc-drift/\n│ └── ...\n├── steering/ # 12 steering docs\n└── docs/ # Reference and setup docs\n```\n\n## Setup\n\nSee [GETTING-STARTED.md](GETTING-STARTED.md) for the full setup walkthrough, or the quick version:\n\n```bash\ngit clone https://github.com/rommelporras/kiro-config.git ~/your/path/kiro-config\ncd ~/your/path/kiro-config\n./setup.sh # symlink into ~/.kiro\n./scripts/personalize.sh # set your project paths\n```\n\nThen see [USAGE-GUIDE.md](USAGE-GUIDE.md) for how to use the orchestrator, trigger skills, and common workflows.\n\n## Personalizing for Your Setup\n\nThis config ships with paths like `~/personal` and `~/eam` that are specific to the original author. Run the setup script to replace them with yours:\n\n```bash\n./scripts/personalize.sh\n```\n\nThe script interactively updates `fs_read.allowedPaths` and `fs_write.allowedPaths` in all agent configs plus the knowledge base paths in `scripts/setup-knowledge.sh`. See [GETTING-STARTED.md](GETTING-STARTED.md) for the full personalization guide.\n\n**Setup walkthroughs:**\n- [Getting Started](GETTING-STARTED.md) — setup + AI-assisted personalization guide\n- [Install Checklist](docs/setup/kiro-cli-install-checklist.md) — Kiro CLI install, clone, symlink, verify\n- [Team Onboarding](docs/setup/team-onboarding.md) — full 3-step setup for teammates (~5 minutes)\n- [Troubleshooting](docs/setup/troubleshooting.md) — steering not loading, broken symlinks, hook false positives\n\n### What NOT to change\n\nThese are shared safety and behavior contracts — changing them weakens the system for everyone on the team:\n\n- `~/.kiro/` paths — standard Kiro CLI paths, same for everyone\n- `deniedPaths` — protect sensitive directories (SSH keys, credentials, Kiro config itself). See [Security Model](docs/reference/security-model.md).\n- `deniedCommands` — block destructive operations (recursive rm, infrastructure mutations, force push to main). Patterns are regex-anchored with `\\A`/`\\z`; see [Audit Playbook](docs/reference/audit-playbook.md) §1.1 for invariants and §7 for real failure cases if you're tempted to \"clean them up.\"\n- `hooks` blocks in agent JSONs — scan secrets, block destructive shell commands, inject knowledge rules. Defined per-agent because Kiro CLI hooks don't inherit across subagents.\n- `includeMcpJson` and `@`-prefixed MCP tools — selectively enabled per agent. Disabling on subagents breaks library-doc lookups via Context7.\n- `steering/` files — universal engineering standards, not path-dependent.\n- `skills/` files — universal agent workflows, not path-dependent.\n\n### Extending beyond paths\n\n- **Add project directories later** — re-run `personalize.sh` or edit agent JSONs directly. Use `jq` for JSON edits, never `sed`.\n- **Add project-local overrides** — drop a `.kiro/` directory in any project repo with its own `agents/`, `steering/`, or `skills/`. Applied only when that directory is your CWD.\n- **Add a new specialist agent** — see [Creating Agents](docs/reference/creating-agents.md) for schema and security baseline.\n- **Maintain the config as it grows** — run the quick health check in [Audit Playbook](docs/reference/audit-playbook.md) §2 before major changes.\n\n## Agent Skill Assignments\n\n| Skill | devops-orchestrator | devops-docs | devops-python | devops-shell | devops-typescript | devops-frontend | devops-reviewer | devops-refactor | devops-terraform | devops-kiro-config |\n|-------|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|\n| design-and-spec | ✓ | | | | | | | | | |\n| writing-plans | ✓ | | | | | | | | | |\n| execution-planning | ✓ | | | | | | | | | |\n| subagent-driven-development | ✓ | | | | | | | | | |\n| dispatching-parallel-agents | ✓ | | | | | | | | | |\n| post-implementation | ✓ | | | | | | | | | |\n| commit | ✓ | | | | | | | | | |\n| push | ✓ | | | | | | | | | |\n| explain-code | ✓ | | | | | | | | ✓ | |\n| agent-audit | ✓ | | | | | | | | | |\n| trace-code | ✓ | | | | | | | | ✓ | |\n| codebase-audit | ✓ | | | | | | | | | |\n| test-driven-development | | | ✓ | ✓ | ✓ | ✓ | | ✓ | | |\n| systematic-debugging | | | ✓ | ✓ | ✓ | | | ✓ | ✓ | |\n| verification-before-completion | | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |\n| receiving-code-review | | | ✓ | ✓ | ✓ | ✓ | | ✓ | | |\n| python-audit | | | ✓ | | | | ✓ | | | |\n| typescript-audit | | | | | | | ✓ | | | |\n| terraform-audit | | | | | | | | | ✓ | |\n| doc-drift | ✓ | | | | | | | | | |\n\n**base agent** loads 14 of the 20 global skills — all orchestrator skills except dispatching-parallel-agents, execution-planning, subagent-driven-development, and post-implementation, plus the subagent-only skills. See [Skill Catalog](docs/reference/skill-catalog.md) for the full list.\n\n## Self-Learning Pipeline\n\n```\nUser correction → correction-detect.sh → auto-capture.sh → episodes.md\n ↓\n (3+ keyword occurrences)\n ↓\ncontext-enrichment.sh ← distill.sh ← rules.md (auto-promoted)\n ↓\n Injected into agent context on every prompt\n```\n\n## Hook Chain\n\n| Hook Type | Matcher | Script | Purpose |\n|-----------|---------|--------|---------|\n| agentSpawn | — | workspace-context.sh | Inject git branch, Python version, project context |\n| preToolUse | fs_write | scan-secrets.sh | Block hardcoded secrets |\n| preToolUse | fs_write | protect-sensitive.sh | Block writes to .env, .pem, etc. |\n| preToolUse | execute_bash | bash-write-protect.sh | Block destructive commands |\n| preToolUse | execute_bash | block-sed-json.sh | Block sed/awk on JSON files |\n| userPromptSubmit | * | context-enrichment.sh | Inject knowledge rules |\n| userPromptSubmit | * | correction-detect.sh | Detect and capture corrections |\n| stop | * | notify.sh | Notification sound |\n\n**Note:** Hooks only fire on the orchestrator (main agent). Subagent security is enforced via `toolsSettings` (deniedCommands, allowedPaths).\n\n## Infrastructure Read-Only Policy\n\nKiro may write infrastructure code in files but **never executes mutating commands**.\n\n| Tool | Allowed (read-only) | Blocked (mutating) |\n|------|---------------------|--------------------|\n| Terraform | `plan`, `validate`, `fmt`, `init`, `state list/show`, `workspace list/show/select`, `show`, `output`, `graph` | `apply`, `destroy`, `import`, `taint`, `init -upgrade`, `providers lock`, `console` |\n| Helm | `lint`, `template`, `diff`, `list`, `get`, `status` | `install`, `upgrade`, `delete`, `rollback` |\n| kubectl | `get`, `describe`, `logs`, `top`, `explain`, `diff` | `apply`, `delete`, `edit`, `patch`, `scale` |\n| Docker | `inspect`, `images`, `ps`, `scout`, `history` | `push`, `run`, `build`, `compose up` |\n| AWS CLI | `describe-*`, `list-*`, `get-*` | `create-*`, `update-*`, `delete-*`, `put-*`, `modify-*` |\n\n## License\n\nMIT\n\n## Documentation\n\n- [Skill Catalog](docs/reference/skill-catalog.md) — all 20 skills with triggers and agent assignments\n- [Creating Agents](docs/reference/creating-agents.md) — how to add new specialist agents\n- [Security Model](docs/reference/security-model.md) — 3-layer defense: hooks, denied paths, denied commands\n- [Audit Playbook](docs/reference/audit-playbook.md) — invariants, quick health check, deep audit protocol, historical failure patterns\n- [Changelog](docs/reference/CHANGELOG.md) — version history and release notes\n- [Team Onboarding](docs/setup/team-onboarding.md) — get a teammate running in 5 minutes\n- [Install Checklist](docs/setup/kiro-cli-install-checklist.md) — get running in 4 steps\n- [Troubleshooting](docs/setup/troubleshooting.md) — common issues and fixes\n- [How It Works](docs/usage/how-it-works.md) — mental model, agent roster, delegation flow\n- [Workflows](docs/usage/workflows.md) — cookbook with real prompts for common tasks\n- [Tips](docs/usage/tips.md) — getting better results, common mistakes, gotchas\n- [Commands](docs/usage/commands.md) — CLI commands, keyboard shortcuts, skill triggers\n- [Customizing](docs/reference/customizing.md) — how to extend and adapt the config\n- [IDE + WSL2 Setup](docs/setup/kiro-ide-wsl-setup.md) — Kiro IDE on WSL2 with Open Remote extension\n- [Personal Setup](docs/setup/rommel-porras-setup.md) — chezmoi integration and dotfiles layout\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frommelporras%2Fkiro-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frommelporras%2Fkiro-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frommelporras%2Fkiro-config/lists"}