Trust Boundary Rules
- Run trusted workflow code, scripts, and Kiro agent configs from the base or default branch.
- Review pull request code in a separate workspace.
- Keep review agents on
--trust-tools=read,grep. - Use strict normalization before any workflow turns a finding into a gate, issue, or fix branch.
- Use current-run artifacts, timestamps, or run IDs instead of stale bot comments.
Slash Command Contract
| Command | Authority | Required checks |
|---|---|---|
/open-issue <n> |
Creates a GitHub issue. | PR-only, write/maintain/admin commenter, file-based command parsing, structured REVIEW_DATA. |
/kiro-fix <n> |
Creates a branch and pull request. | PR-only, write/maintain/admin commenter, file-based command parsing, structured REVIEW_DATA, scoped write agent. |
Shared Parsing
Both slash-command workflows use the same helper scripts:
node scripts/parse-review-command.mjs /open-issue --file comment-body.txt
node scripts/parse-review-command.mjs /kiro-fix --file comment-body.txt
node scripts/check-comment-permission.mjs writeProduction Notes
The demo workflows use the public Kiro installer for readability. Production deployments should pin or verify the installer, or install Kiro from an approved package source before secrets are available. Kiro's official headless setup guidance is available in the headless mode docs.