Kiro CLI includes a collection of built-in tools that enhance your terminal experience with AI-powered assistance for common development tasks.
Reads files, folders and images
find "React components that use hooks"
You can also configure the read tool to have specific access to the files and folders in your project, giving you granular control over what the Kiro can read.
{ "toolsSettings": { "read": { "allowedPaths": ["~/projects", "./src/**"], "deniedPaths": ["d1/denied/path/", "d2/denied/path/**/file.txt"] } } }
| Option | Type | Required | Description |
|---|---|---|---|
allowedPaths | array of paths | No | Paths that can read without prompting. |
deniedPaths | array of paths | No | Paths that are denied. |
Path values can be glob patterns similar to the behavior as gitignore. For example, ~/temp would match ~/temp/child and ~/temp/child/grandchild
**Tool for creating and editing files.
{ "toolsSettings": { "write": { "allowedPaths": ["~/projects/output.txt", "./src/**"], "deniedPaths": ["/d1/denied/path/", "/d2/denied/path/**/file.txt"] } } }
| Option | Type | Required | Description |
|---|---|---|---|
allowedPaths | array of paths | No | Paths that can be written to without prompting. |
deniedPaths | array of paths | No | Paths that are denied. |
Path values can be glob patterns similar to the behavior as gitignore. For example, ~/temp would match ~/temp/child and ~/temp/child/grandchild
Make AWS CLI API calls with the specified service, operation, and parameters.
{ "toolsSettings": { "aws": { "allowedServices": ["s3", "lambda", "ec2"], "deniedServices": ["eks", "rds"], "autoAllowReadonly": true } } }
| Option | Type | Default | Description |
|---|---|---|---|
allowedServices | array of strings | [] | List of AWS services that can be accessed without prompting |
deniedServices | array of strings | [] | List of AWS services to deny. Deny rules are evaluated before allow rules |
autoAllowReadonly | boolean | false | Whether to automatically allow read-only operations (get, describe, list, ls, search, batch_get) without prompting |
Provide information about Kiro CLI capabilities, features, commands, and documentation. This tool accesses Kiro CLI's built-in documentation and help content to answer questions about the CLI's functionality.
The introspect tool is automatically used when you ask questions about Kiro CLI itself, such as:
Opens the browser to a pre-filled GitHub issue template to report chat issues, bugs, or feature requests.
This tool has no configuration options.
Store and retrieve information in a knowledge base across chat sessions. Provides semantic search capabilities for files, directories, and text content.
This tool has no configuration options.
An internal reasoning mechanism that improves the quality of complex tasks by breaking them down into atomic actions.
This tool has no configuration options.
Create and manage ToDo lists for tracking multi-step tasks.
This tool has no configuration options.
Tool settings are specified in the toolsSettings section of the agent configuration file. Each tool's settings are specified using the tool's name as the key.
For MCP server tools, use the format @server_name/tool_name as the key:
{ "toolsSettings": { "write": { "allowedPaths": ["~/projects"] }, "@git/git_status": { "git_user": "$GIT_USER" } } }
Tools can be explicitly allowed in the allowedTools section of the agent configuration:
{ "allowedTools": [ "read", "knowledge", "@git/git_status" ] }
If a tool is not in the allowedTools list, the user will be prompted for permission when the tool is used unless an allowed toolSettings configuration is set.
Some tools have default permission behaviors:
read and report are trusted by defaultshell, write, and aws prompt for permission by default, but can be configured to allow specific commands/paths/services
Built-in tools