On Day 2, we walked through Kiro’s spec-driven workflow from prompt to PR. That’s the active side of development — telling Kiro what to build. Today we cover the passive side: automation that runs without you asking.
Agent hooks fire on events (file save, commit, build). Powers extend Kiro with external tools via MCP. Together they form Kiro’s quality gate infrastructure — a set of automated checks that catch problems before they reach production.
If the spec-driven workflow is the accelerator, hooks and powers are the brakes and sensors.
Agent Hooks: Event-Driven Automation
Agent hooks are natural language instructions that run automatically when specific events occur in your development workflow. Unlike traditional Git hooks (which run shell scripts), Kiro’s hooks are interpreted by the AI agent, giving them context awareness — it knows what you changed and why.
Hook Types and Triggers
| Trigger | When It Fires | Typical Use Case |
|---|---|---|
on_save | File saved to disk | Regenerate tests, format code, type-check |
on_commit | Git commit created | Scan for secrets, check conventions, generate changelog |
on_api_change | API route or schema modified | Auto-update API docs |
on_build | Build command runs | Run linters, audit dependencies |
on_pr_open | Pull request created | Generate PR description, check size limits |
on_pr_merge | Pull request merged | Tag release, update changelog, deploy staging |
Configuration
Hooks go in .kiro/hooks.yaml at your project root:
hooks: # On save: regenerate unit tests for changed components - trigger: on_save pattern: "src/components/**/*.tsx" action: "Regenerate unit tests for this component in tests/components/"
# On save: type-check changed TypeScript files - trigger: on_save pattern: "src/**/*.ts" action: "Run TypeScript type checker on the changed file and fix any type errors"
# On commit: scan for hardcoded secrets - trigger: on_commit action: "Scan all staged files for hardcoded API keys, passwords, tokens, and connection strings. Flag any found with the exact file and line number."
# On commit: enforce commit message convention - trigger: on_commit action: "Validate the commit message follows conventional commits format (type(scope): description). If not, suggest the correct format."
# On API change: update documentation - trigger: on_api_change pattern: "src/routes/**/*.ts" action: "Update API documentation in docs/api/ to reflect changed routes"
# On build: security audit - trigger: on_build action: "Run npm audit on package.json. If vulnerabilities found, categorize by severity and suggest fixes."
# On PR open: generate description - trigger: on_pr_open action: "Analyze the diff between this branch and main. Generate a PR description with: summary of changes, affected files, breaking changes, and testing instructions."How Hooks Execute
When a trigger fires (e.g., you save a file), Kiro:
- Matches the trigger — checks if the changed file matches the
patternglob - Reads the context — loads the current file, recent changes, and project structure
- Executes the action — interprets your natural language instruction and performs the work
- Reports results — shows a notification in the IDE (success, warnings, or flags)
The hook execution is asynchronous and runs alongside your work. You’ll see a subtle indicator that an agent hook is running, but it won’t block your editing.
The Pattern Parameter
The pattern field is a glob that limits which files trigger the hook:
# Only fire when TypeScript source files changepattern: "src/**/*.ts"
# Only fire when API route files changepattern: "src/routes/**/*.ts"
# Only fire when test files changepattern: "**/*.test.ts"
# Fire on any JavaScript/TypeScript filepattern: "src/**/*.{js,ts,jsx,tsx}"Without a pattern, the hook fires for any file change matching the trigger.
Safety: Why Natural Language > Scripts
Traditional Git hooks are shell scripts — a pre-commit hook that runs npm test either passes or fails. Kiro’s natural language hooks are smarter:
# Instead of: "run eslint on src/"# You write:- trigger: on_save pattern: "src/**/*.ts" action: "Check the saved file for common coding issues: unused imports, missing error handling, hardcoded values that should be config. Fix any issues directly."The agent understands what you want to check, not just which command to run. It can:
- Distinguish between a real secret and a test placeholder
- Understand that a missing import might be intentional in a WIP file
- Apply project-specific conventions from your steering file
This makes hooks significantly less brittle than shell scripts.
Agent Hook Workflow Example
Here’s a realistic CI-quality workflow using hooks alone:
Scenario: You’re adding a new API endpoint. You write the route handler, save, and commit.
# 1. On save: immediately check for type errors- trigger: on_save pattern: "src/**/*.ts" action: "Check saved file for TypeScript errors and fix them"
# 2. On save: auto-generate unit tests- trigger: on_save pattern: "src/routes/**/*.ts" action: "Generate Vitest unit tests for this route handler"
# 3. On commit: security scan- trigger: on_commit action: "Check staged files for: hardcoded secrets, SQL injection patterns, missing input validation. List any concerns."
# 4. On commit: update API docs- trigger: on_api_change pattern: "src/routes/**/*.ts" action: "Update relevant API docs in docs/api/"
# 5. On build: full quality gate- trigger: on_build action: "Run the test suite. If any tests fail, analyze the failure and suggest fixes."What happens: You save routes/users.ts → Kiro type-checks it → generates unit tests → You commit → Kiro scans for secrets → updates API docs → You build → Kiro runs tests.
All automated, all context-aware, zero shell scripts.
Powers: Kiro’s MCP Marketplace
Powers are pre-configured MCP integrations available directly from Kiro IDE. Think of them as the VS Code extension marketplace, but for AI agent tools.
How Powers Work
Each Power bundles:
- An MCP server (the actual tool implementation)
- Kiro-specific configuration (steering file snippets, hook templates, spec patterns)
- Auth setup (OAuth flow, API key management)
- Usage examples (prompt templates optimized for this tool)
The Powers Catalog
Kiro ships with 100+ Powers. Here are the most impactful categories:
| Category | Notable Powers | Impact |
|---|---|---|
| Payments | Stripe, Checkout.com, StepPay | Generate correct payment flows without reading API docs |
| Observability | Datadog, New Relic, Dynatrace | Query production metrics from within specs |
| Security | Snyk, Checkmarx, SonarQube, Aikido | Auto-fix vulnerabilities during codegen |
| Cloud | Terraform, Firebase, Supabase, Neon | Generate IaC alongside application code |
| Design | Figma, Miro | Translate designs to code with design system awareness |
| Testing | ScoutQA, Playwright | Generate and run E2E tests |
| API | Postman, Context7 | API testing and library documentation |
| Infrastructure | Depot, CloudZero, Harness | Container builds, cost analysis, CI/CD |
Spotlight: Figma Power
The Figma Power is one of Kiro’s most impressive — it connects Figma design files to code generation:
# How it works:# 1. Drop a Figma URL into your Kiro spec# 2. Kiro fetches the design via Figma MCP# 3. It understands: component hierarchy, design tokens, layout, interactions# 4. Generates code matching your tech stack (React/Tailwind/TypeScript)# 5. Uses Code Connect to map Figma components to existing componentsThis is fundamentally different from “screenshot to code” tools. The Figma Power understands your design system, not just pixel positions.
Enabling a Power
From Kiro IDE:
- Open the Powers tab (left sidebar)
- Browse or search — try “PostgreSQL” to see database Powers
- Click the Power card → review permissions and auth requirements
- Click Add
- Complete any auth flow (OAuth, API key entry)
The Power is now active. Kiro will use its tools during spec generation and task execution automatically.
Custom MCP Servers: Bring Your Own Tools
Beyond Powers, you can connect any MCP server. This is how you integrate internal tools, proprietary APIs, and legacy systems.
Configuration
Edit .kiro/kiro.json in your project root:
{ "mcpServers": { "internal-api-docs": { "command": "node", "args": ["/path/to/mcp-server/index.js"], "env": { "API_DOCS_URL": "${INTERNAL_API_URL}" } }, "pagerduty": { "command": "npx", "args": ["-y", "@pagerduty/mcp-server"], "env": { "PAGERDUTY_API_KEY": "${PAGERDUTY_TOKEN}" } } }}Security Rules for MCP
- Never hardcode tokens — use environment variables or Kiro’s secret store
- Read-only tokens first — start with read-only API keys; upgrade when needed
- Limit scope — Kiro can connect up to 5 MCP servers simultaneously; more = more token consumption + slower planning
- Audit token permissions — check what each MCP server token can access
MCP in the Autonomous Agent
When you run the autonomous agent (Web interface), MCP integrations are available during task execution. The agent can query external APIs, check documentation, and call services — all within the isolated sandbox.
The key difference from IDE MCP: the autonomous agent can use MCP tools across multiple repos in a single task, maintaining context throughout.
Combining Hooks + Powers + Steering
The real power comes from combining all three systems:
Steering defines how you code → Hooks automate what happens when you code → Powers extend what you can reach
Here’s a composed workflow:
steering.md: Defines code standards, architecture, security rules ↓ You write code ↓on_save hook: Type-check + format (aware of architecture from steering)on_commit hook: Scan secrets + check conventions ⤷ Uses Powers: Snyk for security scanning ⤷ MCP server checks Snyk APIon_pr_open hook: Generate PR description + check size ⤷ Uses Powers: GitHub for PR metadata ⤷ MCP server calls GitHub APIEach layer adds context to the next. The hook knows your code standards because it reads the steering file. The Power knows your project structure because the hook provides it.
Token Cost Awareness
Agent hooks consume credits just like chat prompts. Simple hooks (type-check on save) cost fractions of a credit. Complex hooks (generate tests + scan for secrets on commit) cost more.
| Hook Complexity | Credit Cost (Auto mode) | Equivalent Chat |
|---|---|---|
| Type-check on save | 0.1 - 0.3 credits | ~10 simple prompts |
| Test regeneration | 0.3 - 1.0 credits | ~30 prompts |
| Full security scan on commit | 0.5 - 2.0 credits | ~50 prompts |
| PR description generation | 1.0 - 3.0 credits | ~100 prompts |
Consider your monthly credits when designing hooks. A on_commit hook that runs 20 times/day × 1 credit = 600 credits/month — over half a Pro plan.
Optimization tips:
- Use
patternto scope hooks narrowly - Don’t chain expensive hooks on the same trigger
- Consider using Auto mode for hooks (1x credits vs 1.3x for Sonnet 4)
What’s Next
With hooks, powers, and MCP integrated into your workflow, Day 4 explores the Kiro Autonomous Agent (Web) — async, cross-repo coding that runs independently for hours or days, managing multiple sub-agents and sandboxed environments.
Series: Practical Kiro — AWS’s Agentic Development Environment. Day 3: Agent Hooks, Powers & MCP. Day 4: Autonomous Agent (Web) → coming next.
Advertisement
Advertisement