Workshop Session
Building governed, scalable AI agent systems through configuration
200 Level ยท 45 Minutes ยท No AWS Account Required
In regulated environments โ finance, healthcare, government โ this is a non-starter.
โ Configure agent behavior visually โ tools, permissions, guardrails
โ Govern with hooks that warn or block dangerous actions at runtime
โ Delegate to specialized subagents with least-privilege tool access
โ Define tasks as swappable skill specs โ same agent, different output
โ
Share the entire setup as a folder โ git commit, anyone gets the same system
.kiro/
.kiro/
โโโ agents/
โ โโโ orchestrator.json
โ โโโ readonly.json
โ โโโ write-agent.json
โ โโโ game-builder.json
โโโ settings/
โ โโโ mcp.json
โโโ steering/
โ โโโ orchestrator-rules.md
โโโ skills/
โโโ safe-research/
โโโ kiropong/
Commit to git, review in PRs
Clone the repo โ same agent setup
Every rule is readable plain text
Edit in cckiro or JSON โ they stay in sync
One orchestrator, three specialists โ least privilege by design
All 9 tools ยท Governed by steering + hooks ยท Delegates to subagents
โ delegates to โ
read + code
Cannot modify anything
read + write + shell
Asks before every change
read + write + shell
Skill defines the output
Defense in depth โ each layer catches what the previous one missed
| # | Layer | What it does | Example |
|---|---|---|---|
| 1 | Tools | What the agent CAN do | readonly: only read + code |
| 2 | Auto-Allow | What runs WITHOUT permission | read auto-allowed, write needs approval |
| 3 | Tool Settings | Per-tool restrictions | shell deniedCommands: rm, mv, chmod |
| 4 | Hooks | Runtime warnings or blocks | preToolUse on write โ warns or blocks |
| 5 | Steering | Behavioral rules in English | "Write tasks โ delegate to write-agent" |
exit 0 to exit 2 in a hook โ the agent is blocked, not just warned. One number changes the behavior.read | Read files | auto |
glob | Find files | auto |
grep | Search contents | auto |
code | Code intelligence | auto |
write | Create/modify | approval |
shell | Run commands | approval |
web_search | Search web | approval |
web_fetch | Fetch pages | approval |
use_subagent | Delegate | approval |
@aws-knowledge/search_documentation
โ kb_search
rm *, mv *, cp *, chmod *
Orchestrator can delegate to: readonly, write-agent, game-builder
The orchestrator has ALL tools but is governed. It CAN write โ but hooks warn it, and steering tells it to delegate instead.
| Hook | When | Command | Exit |
|---|---|---|---|
| agentSpawn | Agent starts | echo '๐ฏ Orchestrator active' | 0 |
| preToolUse write | Before write | echo 'โ ๏ธ Consider delegating' | 0 |
| preToolUse shell | Before shell | echo 'โ ๏ธ Consider delegating' | 0 |
| stop | Agent finishes | echo 'โ
Task complete' | 0 |
exit 0 โ AllowAction proceeds. Warning logged. Agent may self-correct.
exit 2 โ BlockAction stopped. Agent must find another way โ like delegating.
Matchers target specific tools. Without a matcher, the hook fires for every tool call.
# Orchestrator Rules ## When to delegate - Write tasks โ write-agent - Investigation โ readonly - Game building โ game-builder ## When to act directly - Simple reads, quick answers - MCP documentation lookups ## Always - Explain what you're doing - Report back after delegation
file:// referenceThe game-builder agent is generic. Its prompt says: "follow the skill instructions exactly."
600ร300 canvas ยท paddle physics ยท vs AI / 2 Player ยท First to 5 / Timed 45s
Same agent โ different game
Same agent + different skill = different output.
Swap the skill, don't rebuild the agent.
Model Context Protocol connects agents to external data sources and APIs.
URL: https://knowledge-mcp.global.api.aws
6 tools: search, read, recommend, regions
| Agent | On the agent JSON โ portable |
| Workspace | .kiro/settings/mcp.json |
| Global | ~/.kiro/settings/mcp.json |
| Agent | MCP |
|---|---|
| orchestrator | โ aws-knowledge |
| write-agent | โ aws-knowledge |
| readonly | โ not needed |
| game-builder | โ not needed |
| Type | URI | Loading |
|---|---|---|
| File | file:// | Full at startup |
| Skill | skill:// | Metadata at startup, full on demand |
| Agent | Resources |
|---|---|
| orchestrator | Steering + safe-research skill |
| game-builder | kiropong skill |
| readonly | None |
| write-agent | None |
.md .txt .py .js .ts .json .yaml
Tools: read, code
Can: Read, analyze, explain
Cannot: Write, delete, run commands
Zero risk of modification
Tools: read, write, shell
Can: Create and modify files
Constraint: Approval before every write
Human-in-the-loop
Tools: read, write, shell
Can: Build from skill specs
Constraint: Generic โ skill defines output
Reusable across tasks
Visual management for everything in .kiro/
Overview of agents, MCP, steering, skills
Visual editor + JSON sync
Add, test, toggle servers
Create and edit rules
Browse and edit skill specs
Global vs project config
Runs locally at localhost:3030 ยท Single binary ยท No dependencies ยท Open source
| Requirement | How .kiro/ addresses it |
|---|---|
| Least privilege | Each agent has only the tools it needs |
| Audit trail | Hooks log every tool use with timestamps |
| Human-in-the-loop | Auto-allow controls which tools need approval |
| Blocked actions | Hooks with exit 2 prevent dangerous operations |
| Denied commands | Tool settings block specific shell commands |
| Reviewable rules | Steering files are plain markdown |
| Version control | .kiro/ commits to git like any code |
| Reproducible | Same folder = same agent system, every time |
| Separation of duties | Orchestrator delegates, subagents execute |
๐ฏ Agents are config, not code.
A .kiro/ folder IS your agent system. Share it, version it, review it.
๐ก๏ธ Governance is built in.
5 layers: tools, auto-allow, tool settings, hooks, steering.
๐ฎ Skills make agents reusable.
Same agent + different skill = different output.
๐ Steering is the control plane.
Plain English rules your compliance team can read and approve.
๐๏ธ Configuration is the product.
Git commit your .kiro/ folder. Anyone who clones gets the same system.
45 minutes ยท No AWS account ยท All local
Multi-Agent Configuration
with Config Control for Kiro
[QR CODE]
Thank you!