Add KR-AG Kiro subagent invocation validation rules

[avifenesh]

Summary

• add a new KiroAgentValidator for .kiro/agents/*.json and implement KR-AG-006 / KR-AG-007
• register the validator for FileType::KiroAgent and update rule/category parity wiring (rules.json, docs, locale keys, README tool surface)
• refresh generated rule docs + site data and update rule-count references across docs/tests

Validation

• cargo test -p agnix-core kiro_agent -- --nocapture
• cargo test -p agnix-cli --test rule_parity -- --nocapture
• cargo test -p agnix-cli --test docs_website_parity -- --nocapture
• cargo test -p agnix-mcp --test mcp_tests rules_tests::test_rules_count -- --nocapture
• python3 scripts/check-rule-counts.py

Closes #604

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the Kiro agent validation capabilities by introducing new rules that govern subagent invocation and tool scope consistency. It integrates a dedicated validator for these rules into the system, ensuring that Kiro agent configurations adhere to best practices for inter-agent communication and security. The changes also involve comprehensive updates to documentation and internal rule tracking to reflect the expanded validation coverage.

Highlights

• New Kiro Agent Validation Rules: Introduced two new validation rules, KR-AG-006 and KR-AG-007, to ensure proper invocation and tool scope management for Kiro subagents. KR-AG-006 flags references to non-existent subagents, while KR-AG-007 identifies cases where an invoking agent has a broader tool scope than its referenced subagent.
• KiroAgentValidator Implementation: A new KiroAgentValidator has been implemented in Rust to enforce these rules, including logic for extracting agent mentions, parsing tool scopes, and indexing known agents within the .kiro/agents directory.
• Documentation and System Updates: Updated various documentation files (READMEs, changelogs, knowledge base) and internal system configurations to reflect the addition of the new rules, incrementing total rule counts and registering the new validator within the system.
• Test Coverage Expansion: Existing test suites were updated to include checks for the new Kiro agent rules, ensuring their correct detection and integration into the overall validation process.

Changelog

• AGENTS.md
  • Updated the total rule count from 231 to 233 and validator count from 25 to 26.
• CHANGELOG.md
  • Updated the total rule count from 231 to 233 in the description of agnix validation rules and real-time diagnostics.
• CLAUDE.md
  • Updated the total rule count from 231 to 233 and validator count from 25 to 26.
• README.md
  • Updated the Kiro tool entry to include the 'KR-AG-' prefix and the '.kiro/agents/.json' file surface, increasing its rule count from 5 to 7.
• SPEC.md
  • Updated the total rule count from 231 to 233 and added 'Kiro Agents' with 2 rules and the '.kiro/agents/*.json' path to the validation table.
• crates/agnix-cli/tests/docs_website_parity.rs
  • Updated the readme_supported_tools_kiro_row_matches_current_rules_surface test to include the 'KR-AG-' prefix and '.kiro/agents/.json' path for Kiro rules.
• crates/agnix-cli/tests/kiro_ci_gate.rs
  • Updated tests to include the 'KR-AG-' prefix and '.kiro/agents/.json' file surface for Kiro rules, and adjusted assertions for the new rule count.
• crates/agnix-cli/tests/rule_parity.rs
  • Added 'KR-AG-' to the list of valid rule prefixes and 'kiro-agents' to the inferred fixture coverage and rules JSON integrity checks.
• crates/agnix-core/src/config/rule_filter.rs
  • Added a rule filter entry for 'KR-AG-' prefix to map to kiro_steering rules.
• crates/agnix-core/src/registry.rs
  • Incremented the EXPECTED_BUILTIN_COUNT from 68 to 69, registered the new KiroAgentValidator for FileType::KiroAgent, and added its factory function.
• crates/agnix-core/src/rules/kiro_agent.rs
  • Added a new module implementing KiroAgentValidator with rules KR-AG-006 (unknown subagent reference) and KR-AG-007 (broader tool scope).
• crates/agnix-core/src/rules/mod.rs
  • Imported the new kiro_agent module.
• crates/agnix-lsp/README.md
  • Updated the total rule count from 231 to 233.
• crates/agnix-mcp/tests/mcp_tests.rs
  • Updated the assertion for the total rule count from 231 to 233.
• crates/agnix-rules/rules.json
  • Updated the total rule count from 231 to 233, changed last_updated date to '2026-03-02', and added definitions for KR-AG-006 and KR-AG-007 rules under the 'kiro-agents' category.
• editors/vscode/README.md
  • Updated the displayed rule count from 231 to 233 in the feature list and command descriptions.
• knowledge-base/INDEX.md
  • Updated the total rule count from 231 to 233 across various sections, including the master index, validator implementation guide, and rule summary table, and added 'Kiro Agents' to the rule category breakdown.
• knowledge-base/README.md
  • Updated the total rule count from 231 to 233 in the main reference link.
• knowledge-base/VALIDATION-RULES.md
  • Added detailed descriptions for the new KR-AG-006 and KR-AG-007 rules, including requirements, detection logic, fixes, and source references, and updated the total rule count and rule list.
• locales/en.yml
  • Added English localization keys for the new KR-AG-006 and KR-AG-007 rules, including messages and suggestions.
• locales/es.yml
  • Added Spanish localization keys for the new KR-AG-006 and KR-AG-007 rules, including messages and suggestions.
• locales/zh-CN.yml
  • Added Simplified Chinese localization keys for the new KR-AG-006 and KR-AG-007 rules, including messages and suggestions.
• scripts/check-rule-counts.py
  • Added 'kiro-agents' to the CATEGORY_DISPLAY_NAMES and CATEGORY_RULE_PREFIXES mappings.
• website/docs/rules/generated/cur-001.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-002.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-003.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-004.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-005.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-006.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-007.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-008.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-009.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-010.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-011.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-012.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-013.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-014.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-015.md
  • Updated the 'Verified On' date to '2026-02-26'.
• website/docs/rules/generated/cur-016.md
  • Updated the 'Verified On' date to '2026-02-26', modified an evidence source URL, and revised invalid/valid JSON examples.
• website/docs/rules/generated/kr-ag-006.md
  • Added new documentation for rule KR-AG-006: 'Kiro Agent References Unknown Subagent'.
• website/docs/rules/generated/kr-ag-007.md
  • Added new documentation for rule KR-AG-007: 'Kiro Agent Tool Scope Broader Than Referenced Subagent'.
• website/docs/rules/generated/oc-001.md
  • Updated the 'Verified On' date to '2026-02-27'.
• website/docs/rules/generated/oc-002.md
  • Updated the 'Verified On' date to '2026-02-27'.
• website/docs/rules/generated/oc-003.md
  • Updated the 'Verified On' date to '2026-02-27'.
• website/docs/rules/generated/oc-004.md
  • Updated the 'Verified On' date to '2026-02-27'.
• website/docs/rules/generated/oc-006.md
  • Updated the 'Verified On' date to '2026-02-27'.
• website/docs/rules/generated/oc-007.md
  • Updated the 'Verified On' date to '2026-02-27'.
• website/docs/rules/generated/oc-008.md
  • Updated the 'Verified On' date to '2026-02-27'.
• website/docs/rules/generated/oc-009.md
  • Updated the 'Verified On' date to '2026-02-27'.
• website/docs/rules/generated/oc-sk-001.md
  • Updated the 'Verified On' date to '2026-02-27'.
• website/docs/rules/index.md
  • Updated the total rule count from 231 to 233 and added the new KR-AG-006 and KR-AG-007 rules to the rules reference table.
• website/src/data/siteData.json
  • Updated totalRules from 231 to 233 and categoryCount from 31 to 32.

Activity

• The pull request author, avifenesh, provided a summary outlining the addition of new Kiro agent validation rules, their implementation, and updates to documentation and tests.
• The PR description includes detailed validation results from running various test suites, confirming that 10 tests specific to Kiro agent rules passed, along with other general integrity and documentation parity tests.
• The validation output shows successful execution of tests for file_types::detection, rules::kiro_agent, authoring, and rules_tests, indicating that the new rules and their integration are functioning as expected.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 463ff6554e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[gemini-code-assist]

Code Review

This pull request introduces two new validation rules, KR-AG-006 and KR-AG-007, for Kiro agent configurations, along with a new KiroAgentValidator. The implementation of the validator and its associated tests are well-done. The changes also include updates to documentation, tests, and configuration files across the project to reflect the addition of these new rules.

I've found a couple of minor issues:

1. The new Kiro agent rules are tied to the kiro_steering configuration flag, which could be confusing. They should probably have their own kiro_agents flag for independent control.
2. There are some inconsistencies in the reported number of auto-fixable rules across different documentation files.

Overall, this is a good contribution that expands the linter's capabilities. Addressing the minor issues will improve consistency and usability.

[Copilot]

Pull request overview

Adds new cross-agent validation for Kiro .kiro/agents/*.json files, introducing rules to detect unknown subagent references and tool-scope mismatches between an orchestrator agent and its referenced subagents. The PR also wires the new rules/category through registry/config/tests and refreshes generated docs/site data + rule counts.

Changes:

• Implement KiroAgentValidator with KR-AG-006 and KR-AG-007 cross-file checks for .kiro/agents/*.json.
• Register the validator for FileType::KiroAgent and update rule parity/CI-gate tests + locales.
• Refresh rules.json / docs / website data and update total rule & category counts across docs.

Reviewed changes

Copilot reviewed 26 out of 53 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
website/src/data/siteData.json	Updates website rule/category counts to include the new Kiro agent rules/category.
website/docs/rules/index.md	Updates rules index counts and adds KR-AG-006/007 entries to the rules table.
website/docs/rules/generated/oc-sk-001.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/oc-009.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/oc-008.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/oc-007.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/oc-006.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/oc-004.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/oc-003.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/oc-002.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/oc-001.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/kr-ag-007.md	Adds generated documentation page for KR-AG-007.
website/docs/rules/generated/kr-ag-006.md	Adds generated documentation page for KR-AG-006.
website/docs/rules/generated/cur-016.md	Refreshes generated rule doc content (Verified On, source URL, examples).
website/docs/rules/generated/cur-015.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-014.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-013.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-012.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-011.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-010.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-009.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-008.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-007.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-006.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-005.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-004.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-003.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-002.md	Refreshes generated “Verified On” metadata.
website/docs/rules/generated/cur-001.md	Refreshes generated “Verified On” metadata.
scripts/check-rule-counts.py	Adds kiro-agents category label + mapping for count checks.
locales/zh-CN.yml	Adds localized messages/suggestions for KR-AG-006 and KR-AG-007.
locales/es.yml	Adds localized messages/suggestions for KR-AG-006 and KR-AG-007.
locales/en.yml	Adds localized messages/suggestions for KR-AG-006 and KR-AG-007.
knowledge-base/rules.json	Adds KR-AG-006/007 rule entries and a new kiro-agents category; bumps totals/last_updated.
knowledge-base/VALIDATION-RULES.md	Documents KR-AG-006/007 and updates totals/coverage tables.
knowledge-base/README.md	Updates referenced rule count to 233.
knowledge-base/INDEX.md	Updates referenced rule count and adds “Kiro Agents” to category breakdown.
editors/vscode/README.md	Updates referenced total rule count to 233.
crates/agnix-rules/rules.json	Updates packaged rules catalog with KR-AG-006/007 and category metadata.
crates/agnix-mcp/tests/mcp_tests.rs	Updates rule_count() expectation to 233.
crates/agnix-lsp/README.md	Updates referenced total rule count to 233.
crates/agnix-core/src/rules/mod.rs	Exposes new kiro_agent rules module.
crates/agnix-core/src/rules/kiro_agent.rs	Implements KiroAgentValidator and unit tests for KR-AG-006/007.
crates/agnix-core/src/registry.rs	Registers KiroAgentValidator for FileType::KiroAgent and updates registry counts/tests.
crates/agnix-core/src/config/rule_filter.rs	Adds KR-AG-* prefix handling for category enablement filtering.
crates/agnix-cli/tests/rule_parity.rs	Includes KR-AG-* in rule prefix extraction and adds fixture coverage mapping for kiro-agents.
crates/agnix-cli/tests/kiro_ci_gate.rs	Updates CI-gate assertions for Kiro surface to include KR-AG-* and .kiro/agents/*.json.
crates/agnix-cli/tests/docs_website_parity.rs	Updates Kiro docs parity checks to include KR-AG-* and .kiro/agents/*.json.
SPEC.md	Updates top-level counts and adds “Kiro Agents” to validated surfaces.
README.md	Updates Supported Tools table row for Kiro to include KR-AG-* and .kiro/agents/*.json.
CLAUDE.md	Updates referenced rule and validator counts.
CHANGELOG.md	Updates referenced rule counts for LSP/VS Code integration bullets.
AGENTS.md	Updates referenced rule and validator counts.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[avifenesh]

Addressed all review feedback in commit 712637d.\n\nImplemented:\n- Prompt-only @subagent extraction (including *Prompt fields), with new tests for non-prompt false positives.\n- Case-insensitive .kiro/agents discovery for both fast-path and upward search.\n- allowedTools presence semantics: allowedTools is authoritative even when empty.\n- 1-based KR-AG line/column reporting + coverage test.\n- Dedicated rules.kiro_agents config toggle and independent gating tests.\n- Doc consistency updates (auto-fix totals = 96) and generator label fix for "Kiro Agents" in website index/category output.\n\nValidation rerun:\n- cargo test -p agnix-core kiro_agent -- --nocapture\n- cargo test -p agnix-core config::tests:: -- --nocapture\n- cargo test -p agnix-cli --test docs_website_parity -- --nocapture\n- cargo test -p agnix-cli --test rule_parity -- --nocapture\n- cargo test -p agnix-mcp --test mcp_tests rules_tests::test_rules_count -- --nocapture\n- python3 scripts/check-rule-counts.py

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 712637dc58

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[avifenesh]

Follow-up feedback addressed in commit 68b50c6:

• load_agent_index now skips reserved/non-agent JSON filenames (plugin.json, settings.json, settings.local.json, mcp.json, mcp-*.json, *.mcp.json) so they cannot satisfy KR-AG references.
• KR-AG-007 now compares parent tools against explicitly empty referenced scopes (allowedTools: []) while still skipping referenced agents with unknown/missing scope fields.
• Added targeted regression tests for both behaviors.

Validation rerun:

• cargo test -p agnix-core kiro_agent -- --nocapture

[Copilot]

Pull request overview

Copilot reviewed 29 out of 56 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

extract_prompt_agent_mentions() relies on prompt_field_regex() scanning the raw JSON text. Because this regex does not understand JSON structure, it can match sequences like "prompt": "..." that appear inside other string values (e.g., a prompt that contains a JSON example), which can produce false KR-AG-006/KR-AG-007 diagnostics.

Consider extracting prompt fields from the parsed serde_json::Value (walk objects/arrays and only consider keys that equal/ends_with "prompt") and then scanning those string values for @agent mentions. If you still want accurate locations, add a targeted span-finder for the specific prompt string token rather than a whole-file regex.

[Copilot]

load_agent_index() skips agent files that fail read_to_string or JSON parsing. This means a referenced subagent file can exist on disk but still be treated as “unknown”, causing KR-AG-006 false positives (especially while a subagent file is mid-edit / temporarily invalid JSON).

To avoid incorrect KR-AG-006 reports, consider indexing agent names from the filename (and/or the raw "name" field when present) even when JSON parsing fails, and treat tool scope as unknown in that case (so KR-AG-007 can be skipped).

Suggested change

	let Ok(raw) = fs.read_to_string(&entry.path) else {
	continue;
	};
	let Ok(value) = serde_json::from_str::<Value>(&raw) else {
	continue;
	};
	let explicit_name = value.get("name").and_then(Value::as_str);
	let fallback_name = entry.path.file_stem().and_then(|stem| stem.to_str());
	// Fallback agent name from the filename (used even if JSON reading/parsing fails).
	let fallback_name = entry.path.file_stem().and_then(|stem| stem.to_str());
	// Read the file; on failure, still index the agent by filename with unknown tool scope.
	let raw = match fs.read_to_string(&entry.path) {
	Ok(raw) => raw,
	Err(_) => {
	if let Some(name) = fallback_name {
	let normalized_name = normalize_agent_name(name);
	if !normalized_name.is_empty() {
	let null_value = Value::Null;
	// Keep first observed definition for deterministic conflict handling.
	index
	.entry(normalized_name)
	.or_insert_with(|| AgentInfo {
	tools: extract_tools(&null_value),
	has_explicit_tool_scope: has_explicit_tool_scope(&null_value),
	});
	}
	}
	continue;
	}
	};
	// Parse the JSON; on failure, still index the agent by filename with unknown tool scope.
	let value = match serde_json::from_str::<Value>(&raw) {
	Ok(value) => value,
	Err(_) => {
	if let Some(name) = fallback_name {
	let normalized_name = normalize_agent_name(name);
	if !normalized_name.is_empty() {
	let null_value = Value::Null;
	// Keep first observed definition for deterministic conflict handling.
	index
	.entry(normalized_name)
	.or_insert_with(|| AgentInfo {
	tools: extract_tools(&null_value),
	has_explicit_tool_scope: has_explicit_tool_scope(&null_value),
	});
	}
	}
	continue;
	}
	};
	let explicit_name = value.get("name").and_then(Value::as_str);

[Copilot]

There’s no unit test covering the case where a prompt contains an embedded JSON/code sample that includes a "prompt": "..." snippet. With the current whole-file regex approach, that scenario is prone to false positives.

Add a regression test where the agent’s actual prompt string contains a JSON example mentioning @missing-agent, and assert KR-AG-006 does not fire based on that embedded snippet.