Skip to content

feat: add Kiro agent (kiro-cli)#419

Merged
wesm merged 12 commits intomainfrom
kiro-agent
Mar 3, 2026
Merged

feat: add Kiro agent (kiro-cli)#419
wesm merged 12 commits intomainfrom
kiro-agent

Conversation

@wesm
Copy link
Collaborator

@wesm wesm commented Mar 3, 2026

Summary

  • Add KiroAgent implementing the Agent interface, invoking kiro-cli chat --no-interactive
  • Strip Kiro UI chrome (ANSI codes, splash screen, tip box, model line, timing footer) from output
  • Support agentic mode (--trust-all-tools), stderr fallback, and 512 KB prompt size guard
  • Register kiro in the agent registry and add it to CLI help text and gh-action workflow generation

Supersedes #302 — squashed and rebased onto current main with review fixes applied.

Original implementation by @mikeaadd.

🤖 Generated with Claude Code

mikeaadd and others added 5 commits March 3, 2026 11:24
@mikeaadd @claude @wesm
feat: add Kiro agent (kiro-cli)
24eee7b 
Add KiroAgent that wraps kiro-cli for code reviews. Kiro output
is captured, ANSI-stripped, and cleaned of UI chrome (logo, tip
box, model line, timing footer) before returning the review text.

- Add KiroAgent with chat --no-interactive invocation
- Strip ANSI escapes and UI chrome via stripKiroOutput
- Constrain start-marker search to first 30 lines to avoid
  false matches on markdown blockquotes in review content
- Support --trust-all-tools in agentic mode
- Register "kiro" in fallback order, error messages, CLI help
- Add comprehensive tests (output stripping, args, agentic mode,
  chaining, success/failure/empty output)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@wesm @claude
fix: address review findings for kiro agent
4263e49 
- Add kiro to ghaction.go --agents help text
- Add test for bare ">" start marker without trailing space
- Add test verifying output writer receives review content

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@wesm @claude
fix: harden kiro agent output handling and prompt size
1e8772b 
- Reuse stripTerminalControls (handles OSC sequences and control
  chars) instead of maintaining a weaker duplicate ANSI regex
- Fall back to stderr when stdout is empty on successful exit,
  preventing silent "No review output generated" results
- Reject prompts exceeding 512 KB with a clear error before
  exec, since kiro-cli requires argv (no stdin support)
- Add tests for stderr fallback and oversized prompt rejection

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@wesm @claude
fix: restrict footer scan, add -- separator, improve stderr fallback
b7f7d43 
- Restrict timing footer detection to last 5 lines to avoid truncating
  review content that contains "▸ Time:" in a code snippet
- Add "--" separator before prompt argument to prevent flag parsing
- Use stripKiroOutput (not stripTerminalControls) for stderr fallback
  so Kiro chrome is fully stripped

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@wesm @claude
fix: trim trailing blanks before footer scan, add -- to CommandLine
6a63fe0 
- Strip trailing blank lines before applying the 5-line footer scan
  window so blank postamble from kiro-cli doesn't hide the real footer
- Update CommandLine() to include -- separator, matching Review() behavior

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@roborev-ci
Copy link

roborev-ci bot commented Mar 3, 2026

roborev: Combined Review (6a63fe0)

The changes successfully integrate the kiro agent, but there is a medium severity issue regarding GitHub Action validation that needs addressing.

Medium

  • Files: cmd/roborev/ghaction
    .go#L97    , [internal/ghaction/ghaction.go#L18](/home/roborev/repos/roborev/internal/gh
    action/ghaction.go#L18)
  • Problem: gh-action --agent help now advertises kiro/kilo, but workflow validation allowlist still excludes both. Users can be told a value is valid and then get runtime validation failure (invalid agent).

Suggested Fix: Either add kiro/kilo support in internal/ghaction (allowedAgents, install/env mappings) or remove them from CLI help until supported.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@wesm wesm mentioned this pull request Mar 3, 2026
Closed
3 tasks
wesm and others added 2 commits March 3, 2026 12:08
@wesm @claude
fix: add kiro and kilo to ghaction allowlist and install mappings
b7fd9e5 
The CLI help text advertised kiro/kilo as valid agents but the
ghaction validation allowlist rejected them at runtime.

- Add both to allowedAgents
- kiro: not CI-compatible yet, install step directs to kiro.dev
- kilo: install via @kilocode/cli, uses OPENAI_API_KEY (default)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@wesm @claude
fix: correct kiro/kilo env vars and workflow template
ef9922d 
- kiro: map to GITHUB_TOKEN so envEntries skips it (not CI-compatible)
- kilo: map to ANTHROPIC_API_KEY with multi-provider comment (like opencode)
- Extend workflow template and CLI next-steps to handle kilo as multi-provider

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@roborev-ci
Copy link

roborev-ci bot commented Mar 3, 2026

roborev: Combined Review (ef9922d)

Verdict: The PR successfully adds support for the Kiro CLI and GitHub Action integration, but introduces medium-severity issues related to workflow generation and supply-chain risks.

Medium

  • Missing CI Installation
    for Kiro

    • Location: internal/ghaction/ghaction.go:17, internal/ghaction/ghaction.go:120
    • Description: kiro is allowlisted for workflow generation, but its install command is only an
      informational echo ("Install kiro-cli: see https://kiro.dev/"). This means generated CI workflows can proceed and then fail later when roborev tries to invoke a missing kiro-cli.
    • Suggested Fix: Either remove kiro from allowed Agents for CI until supported, or make the install step fail fast with a clear error (exit 1) and explicit guidance.

  • Supply-Chain Risk in CI Workflow Generation

    • Location: internal/ghaction/ghaction.go:126

  • Description: The kilo install command uses npm install -g @kilocode/cli@latest in generated CI workflows. Using @latest poses a supply-chain risk, as silent upstream changes can execute new code in CI with repository token access.

    • Suggested Fix: Pin
      to an explicit version (e.g., @kilocode/cli@x.y.z) and update intentionally. Consider additional integrity controls such as trusted registries or provenance/signature verification.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@wesm @claude
test: add kiro/kilo coverage for workflow template and CLI output
fcb43b9 
- Verify kilo workflow gets multi-provider comment and ANTHROPIC_API_KEY
- Verify kiro workflow has no agent-specific secret env vars
- Add notContains support to CLI ghaction test table

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@roborev-ci
Copy link

roborev-ci bot commented Mar 3, 2026

roborev: Combined Review (fcb43b9)

Verdict: Action required to address a high
-severity supply-chain risk in CI installation commands and a medium-severity bug in Kiro's output parsing logic.

High

  • Supply-chain execution risk in GitHub Actions
    • File: internal/ghaction/ghaction.go:124-12 6
    • Problem: AgentInstallCmd("kilo") generates npm install -g @kilocode/cli@latest for CI workflows. Using @latest is a floating dependency and creates a supply-chain risk; an unexpected upstream update or compromise can execute arbitrary code in the runner (
      which has access to workflow tokens/secrets).
    • Suggested Fix: Pin the installation to a specific, immutable version (e.g., @kilocode/cli@<exact-version>) and update via explicit review. Prefer additional integrity controls like trusted source verification or signature validation.

Medium

  • stderr fallback can be skipped when stdout has only non-review noise
    • File: internal/agent/kiro.go:157
    • Problem: Review() only falls back to stderr when stripKiroOutput(stdout) is empty.
      However, stripKiroOutput() returns trimmed raw text when no > marker is found. This means non-review stdout noise (e.g., model/status lines) can block the fallback even if the stderr stream contains the actual review.
    • Suggested Fix: Parse both streams and prefer the one
      that contains a valid review marker/content pattern, or explicitly fall back to stderr when stdout lacks a detected review start marker.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

wesm and others added 2 commits March 3, 2026 12:32
@wesm @claude
fix: prefer stderr review over stdout noise in kiro fallback
6a694d5 
Extract stripKiroReview returning (text, hasMarker) so the Review
method can detect when stdout contains only non-review noise
(no "> " marker) and prefer stderr's marker-detected content.

Previously, stdout noise blocked the stderr fallback because
stripKiroOutput returned the noise as non-empty text.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@wesm @claude
fix: accept non-marker stderr in kiro fallback
cfbcc64 
When stdout has no review marker, fall back to stderr
unconditionally (not only when stderr also has a marker).
This handles the case where stderr contains plain review
text without Kiro chrome.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@roborev-ci
Copy link

roborev-ci bot commented Mar 3, 2026

roborev: Combined Review (6a694d5)

Verdict: The addition of kiro and kilo agents introduces a few medium-
severity issues regarding CI workflow generation, Windows OS constraints, and supply-chain security that should be addressed.

Medium

1. CI Workflow Generation Failure for kiro

  • File: internal/ghaction/ghaction.go (Lines 17, 120
    )

  • Description: kiro is now allowed for workflow generation, but its install command is just an echo (no installation). Workflows will still attempt to run roborev with that agent, meaning --agent kiro will generate a CI workflow that predictably fails at runtime.

  • Suggested Fix: Either reject kiro in GitHub Action validation until CI support exists, or fail generation with a clear error when kiro is selected.

2. Supply-Chain Risk in CI via @latest

  • File: internal/ghaction/gh action.go (Line 126)
  • Description: AgentInstallCmd("kilo") installs @kilocode/cli@latest in CI. Using @latest is a supply-chain risk, as an unexpected or compromised upstream release would execute in the workflow context with repository/
    token access.
  • Suggested Fix: Pin an exact version (e.g., @kilocode/cli@X.Y.Z) and update it via controlled PRs. Add integrity controls like a lockfile, checksum, or trusted release verification if possible.

3. Cross-Platform Process
Limits for kiro Prompts

  • File: internal/agent/kiro.go (Lines 17, 132)
  • Description: The prompt length guard (512 KiB) is based on macOS/Linux argv limits, but Windows command
    -line limits are much lower (~32 KiB). Prompts that pass this check can still fail on Windows with argument list too long process start errors.
  • Suggested Fix: Make the limit OS-aware (runtime.GOOS) or use a conservative cross-platform cap and return a clear preflight
    error.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@wesm @claude
fix: keep stdout over stderr noise when neither has a marker
7c41d42 
Refine the fallback precedence so stderr only overrides stdout
when stdout is empty or stderr has a review marker. When both
streams have content but neither has a marker, stdout (primary
stream) is kept.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@roborev-ci
Copy link

roborev-ci bot commented Mar 3, 2026

roborev: Combined Review (cfbcc64)

**
Summary Verdict:** The PR introduces Kiro/Kilo agents with a few medium-severity issues related to output handling, CI workflow validation, and supply-chain risks in GitHub Actions.

Medium

  • [internal/agent/kiro.go#L171](/home/roborev/
    repos/roborev/internal/agent/kiro.go#L171)
    Review() overwrites valid stdout content when stdout has no "> " marker and stderr is non-empty. This can return warning/status stderr text instead of the actual review (for cases where Kiro
    emits review text without marker on stdout).
    Suggested fix: Parse both streams first, then prefer marker-bearing stream; if neither has a marker, prefer non-empty stdout over stderr (or only use stderr when stdout is empty).

  • internal/ghaction/ghaction.go#L
    18    , [internal/ghaction/ghaction.go#L123](/home/roborev/repos/roborev/internal/ghaction/ghaction.
    go#L123)
    kiro is allowed for workflow generation, but its install step is only an echo and comments state it is not CI-compatible. A generated workflow with only kiro will likely fail at runtime (no agents available) instead of failing fast during config
    validation.
    Suggested fix: Disallow kiro in GH Action validation (with clear error), or make generation require at least one CI-capable agent when kiro is present.

  • [internal/ghaction/ghaction.go#L126](/home/robore
    v/repos/roborev/internal/ghaction/ghaction.go#L126)
    CI workflow generation installs @kilocode/cli@latest (npm install -g @kilocode/cli@latest). Using a mutable latest tag in CI is a supply-chain
    risk: if the package (or tag) is compromised, attacker-controlled code runs in GitHub Actions with workflow token/secrets scope.
    Remediation: Pin an exact version (for example @kilocode/cli@<fixed-version>), and prefer additional integrity controls (provenance/signature verification
    , locked install source, least-privilege workflow permissions).

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@roborev-ci
Copy link

roborev-ci bot commented Mar 3, 2026

roborev: Combined Review (7c41d42)

Verdict: The PR successfully introduces Kiro and Kilo agent integrations, but contains a few medium-severity issues related to CI
workflow configuration, supply-chain risks, and OS-level argument limits that should be addressed.

Medium Severity Findings

1. Invalid CI workflow generation for kiro

  • Files: internal/ghaction/ghaction.go:18, internal/ghaction/gh action.go:123
  • Description: kiro is allowlisted for workflow generation, but its install command is only echo 'Install kiro-cli: see https://kiro.dev/' (no actual install). This produces a workflow that passes the install step but later
    fails during review due to the absence of a runnable agent in CI.
  • Suggested Fix: Either reject kiro in gh-action validation until CI installation is supported, or make the install step fail fast with a clear error (exit 1) so the workflow is explicitly unsupported instead of silently
    misconfigured.

2. Supply-chain risk with @latest dependency for kilo

  • File: internal/ghaction/ghaction.go:126
  • Description: AgentInstallCmd("kilo") installs @kilocode/cli@latest in CI. Using @latest introduces a supply-chain risk, leading to non-reproducible builds and the potential for silent upgrades to newly vulnerable or compromised versions.
  • Suggested Fix: Pin an exact version (e.g., @kilocode/cli@X.Y.Z) and update deliberately. If
    possible, add integrity verification (lockfile-based install, checksum/signature verification, or trusted artifact source).

3. Argument length limit (E2BIG) exceeded on Linux

  • File: internal/agent/kiro.go:17, internal/agent/kiro. go:134
  • Description: maxPromptArgLen is conservatively set to 512 KB based on macOS ARG_MAX. However, Linux enforces a strict limit (MAX_ARG_STRLEN) of 128 KB (PAGE_SIZE * 32 ) for any single argument passed via execve. Because the prompt is passed as a single CLI argument, prompts larger than 128 KB will cause cmd.Run() to fail with a syscall.E2BIG ("argument list too long") error on Linux.
  • Suggested Fix:
    Reduce maxPromptArgLen to safely stay under 128 KB (e.g., 120 * 1024 to leave room for the rest of the arguments) to comply with the single-argument limit on Linux.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@wesm @claude
fix: fall back to stderr when stdout has marker but empty body
fbf6de1 
When stdout contains only a bare marker (e.g., ">") with no
review content, check stderr for the actual review instead of
returning "No review output generated".

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@roborev-ci
Copy link

roborev-ci bot commented Mar 3, 2026

roborev: Combined Review (fbf6de1)

Verdict: The PR introduces a medium-severity security risk
related to unpinned dependencies in CI workflow generation.

Medium

Unpinned third-party CLI install in CI workflow generation
File: [internal/ghaction/ghaction.go:122](/home/roborev/repos/roborev/internal/ghaction/gh
action.go:122)

AgentInstallCmd("kilo") returns npm install -g @kilocode/cli@latest. Using @latest in CI is a supply-chain risk: a compromised/new malicious upstream release would execute arbitrary code in the runner, potentially with access to
GITHUB_TOKEN and configured API-key secrets.

Suggested remediation: Pin to an explicit version (for example @kilocode/cli@x.y.z), and update intentionally. If possible, add integrity verification (checksum/signature) or run from a prebuilt trusted image.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@wesm wesm merged commit 9aba424 into main Mar 3, 2026
8 checks passed
@wesm wesm deleted the kiro-agent branch March 3, 2026 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wesm @mikeaadd