What Is Kiro?#

Kiro is an agentic development environment — not just an IDE with AI copilot features, but a complete rethinking of how developers collaborate with AI agents across the entire software lifecycle. It’s built and operated by a small, opinionated team within AWS.

Unlike most AI coding tools that rush from prompt to code, Kiro enforces a structured pipeline:

1
Prompt → Specs → Task Plan → Implementation → Tests → Deployment

Human reviews and approves at every stage. The agent doesn’t guess what you want — it asks for specifications first.

Kiro comes in three forms:

1. Kiro IDE — a VS Code fork (Code OSS) with deep agent integration
2. Kiro CLI — command-line AI agent for terminal-first workflows
3. Kiro Autonomous Agent (Web) — async, cross-repo agent that works independently for hours or days

Why Spec-Driven Development Matters#

Here’s the core insight that Kiro’s team had: AI coding tools are incredibly good at generating code, but they’re terrible at generating the right code.

When you say “add a login page” to most AI tools, they’ll generate a login page — but they probably won’t handle:

• Rate limiting on failed attempts
• Session token refresh logic
• Concurrent login race conditions
• Accessible error messages for screen readers
• Proper CSRF protection
• Rate-limited password reset flows

Kiro’s spec-driven approach forces the agent to think before it codes. Give it the same prompt, and it first generates structured specifications:

1
Feature: User Authentication
2

3
User Stories:
4
  1. As a user, I want to log in with email/password
5
  2. As a user, I want to reset my forgotten password
6
  3. As a user, I want to stay logged in across sessions
7

8
Acceptance Criteria:
9
  - Login form validates email format
10
  - Password must be 8+ characters
11
  - Failed login shows specific error message
12
  - Session persists for 30 days with "remember me"
13
  - Password reset sends email within 30 seconds
14

15
Edge Cases:
16
  - Handle concurrent login attempts
17
  - Rate-limit password reset requests
18
  - Handle expired reset tokens gracefully

You review, adjust, and approve before any code is written. The agent then creates a dependency-ordered task plan:

1
Task 1: Create User model and migration (no dependencies)
2
Task 2: Build authentication service (depends on Task 1)
3
Task 3: Create login API endpoint (depends on Task 2)
4
Task 4: Build login form component (depends on Task 3)
5
Task 5: Add session management (depends on Task 2)
6
Task 6: Write unit tests (depends on Tasks 2-5)
7
Task 7: Write integration tests (depends on Tasks 3-5)

Each task includes implementation details, test requirements, and success criteria. The agent works through them sequentially, and you can approve or reject at each step.

Steering Files: Teach Your Agent How You Code#

Kiro uses steering files — equivalent to Claude Code’s CLAUDE.md or Codex CLI’s AGENTS.md — to tell the AI how your project works:

1
## Code Standards
2
- Use TypeScript strict mode
3
- Follow the repository's existing naming conventions
4
- All new functions must have JSDoc comments
5

6
## Architecture
7
- Backend: Express.js with TypeORM
8
- Frontend: React with TailwindCSS
9
- State management: Zustand
10

11
## Testing
12
- Unit tests: Vitest
13
- E2E: Playwright
14
- Minimum 80% coverage for new code
15

16
## Security
17
- Never commit .env files
18
- Use parameterized queries (no string concatenation)
19
- Sanitize all user input

You can have:

• Global steering (~/.kiro/steering.md) — applies to all projects
• Project steering (.kiro/steering.md) — project-specific, takes priority

Steering files are loaded at the start of every session, so your agent never forgets how you like things done.

Agent Hooks: Automation Beyond Chat#

Agent hooks are event-driven automations that run at specific triggers:

Configuration example:

1
hooks:
2
  - trigger: on_save
3
    pattern: "src/components/**/*.tsx"
4
    action: "regenerate unit tests for this component"
5

6
  - trigger: on_commit
7
    action: "scan staged files for hardcoded secrets"
8

9
  - trigger: on_api_change
10
    pattern: "src/api/**/*.ts"
11
    action: "update API documentation in docs/"

These aren’t scripts — they’re natural language instructions that the agent interprets and executes. You say what you want, and the agent figures out how to do it.

Powers: Kiro’s Plugin Ecosystem#

Kiro’s Powers are the equivalent of plugins, but powered by MCP (Model Context Protocol). Instead of building every integration themselves, Kiro leverages the MCP ecosystem and adds a catalog of 100+ pre-configured integrations.

Some notable Powers:

Each Power is essentially an MCP server + Kiro-specific configuration that makes it work seamlessly with specs and hooks.

The Autonomous Agent: Coding at Scale#

The most ambitious part of Kiro is the Autonomous Agent (Web interface, kiro.dev/agent). This is where Kiro stops being an IDE assistant and becomes a true autonomous worker.

1
Task Input
2
    ↓
3
Research & Planning Agent ──→ (Web search, codebase analysis)
4
    ↓
5
Code Agent ──→ (Implementation, multi-file changes)
6
    ↓
7
Verification Agent ──→ (Tests, linting, security scan)
8
    ↓
9
Pull Request ──→ (Detailed explanation, implementation decisions)

Pricing#

Kiro uses a credit-based system. Credits are consumed fractionally based on task complexity (0.01 credit minimum increment).

Model impact: Auto mode (default) costs 1x credits. Sonnet 4 costs 1.3x credits. Auto uses a mix of models optimized for cost and quality.

The autonomous agent preview is free during preview for Pro, Pro+, and Power subscribers (with weekly limits). Teams can join a waitlist.

Architecture: Built on VS Code#

Kiro IDE is built on Code OSS (the open-source foundation of VS Code), which means:

• Full compatibility with most VS Code extensions
• Familiar keybindings, themes, and workflows
• Built-in terminal, Git integration, and debugging
• Native MCP support

You can think of Kiro as: VS Code + AI agent layer + spec engine + MCP infrastructure + autonomous runtime.

Comparison: Kiro vs Other AI Coding Tools#

The Autonomous Agent Controversy#

In December 2025, Kiro made headlines for an incident where it allegedly deleted and recreated a production environment, causing a 13-hour AWS Cost Explorer outage in a China region. Amazon officially denied Kiro was solely responsible.

Regardless of who was at fault, the incident underscores a critical truth: autonomous AI agents with production access are a sharp tool. The guardrails matter as much as the capabilities.

Kiro’s team responded by strengthening sandbox isolation, adding more granular network controls, and making spec approval checkpoints mandatory for production-facing tasks.

We’ll cover the security lessons in depth on Day 5 of this series.

What’s Next in This Series#

This is Day 0 of a 6-part series on Kiro. Here’s what’s coming:

• Day 1 → Installation: Kiro IDE, CLI, and first configuration
• Day 2 → Spec-driven development workflow in practice
• Day 3 → Agent Hooks, Powers, and MCP integrations
• Day 4 → The Autonomous Agent: cross-repo async coding
• Day 5 → Security, best practices, and the AWS incident lessons

Kiro represents a genuinely different philosophy for AI-assisted development. It’s not trying to be faster at generating code — it’s trying to be more disciplined about what code gets written.

For developers who have been frustrated by AI tools that produce plausible-looking-but-wrong code, Kiro’s spec-first approach is worth a serious look. For teams building production systems, it might be exactly the engineering rigor you’ve been waiting for.

Series: Practical Kiro — AWS’s Agentic Development Environment. Day 0: Overview. Day 1: Installation → coming next.