kiro-agent-team 1.0.0

package/.kiro/documentation/docs_cli_mcp_governance.md

@@ -0,0 +1,436 @@
+# Governance
+Pro-tier customers using IAM Identity Center as the sign-in method can control MCP access for users within their organization. By default, your users can use any MCP server in their Kiro client. As an administrator, you have the ability to either entirely disable the use of MCP servers by your users, or specify a vetted list of MCP servers that your users are allowed use.
+You control these restrictions using an MCP on/off toggle and an MCP registry. The MCP toggle and registry attributes are part of the [Kiro Profile](https://kiro.dev/docs/cli/enterprise/subscribe/) used for Kiro subscription users, and [Q Developer Profile](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/q-admin-setup-subscribe-general.html) used for Q subscription users.
+These profiles can be defined at an organization level or at an account level, with the account-level profile superseding the organizational-level profile. You can specify a default MCP policy for your organization and override it for specific accounts; for example, disable MCP for the organization but enable it with an allow-list for certain teams (accounts).
+**Warning**
+Both the toggle and the registry settings are enforced on the client side. Be aware that your end users could circumvent it.
+## Disabling MCP for your organization[](https://kiro.dev/docs/cli/mcp/governance/#disabling-mcp-for-your-organization)
+To disable MCP for your account or organization:
+  1. Open the Kiro console.
+  2. Choose **Settings**
+  3. Choose the **Kiro** or **Q Developer** tab, depending on user subscription type.
+  4. Toggle **Model Context Protocol (MCP)** to **Off**.
+
+
+## Specifying an MCP allow-list for your organization[](https://kiro.dev/docs/cli/mcp/governance/#specifying-an-mcp-allow-list-for-your-organization)
+**Info**
+MCP allow-list is currently supported only for Q subscription users.
+To control which MCP servers your users can access, create a JSON file with the allowed servers, serve it over HTTPS, and add the URL to your Q Developer profile. Kiro clients using this profile allow users to access only the MCP servers in your allow-list.
+### Specifying the MCP registry URL[](https://kiro.dev/docs/cli/mcp/governance/#specifying-the-mcp-registry-url)
+  1. Open the Kiro console.
+  2. Choose **Settings**.
+  3. Choose the **Q Developer** tab.
+  4. Ensure **Model Context Protocol (MCP)** is **On**.
+  5. In the **MCP Registry URL** field, choose **Edit**.
+  6. Enter the URL of an MCP registry JSON file containing the allow-listed MCP servers.
+  7. Choose **Save**.
+
+
+The MCP registry URL is encrypted both in transit and at rest in accordance with [our data encryption policy](https://kiro.dev/docs/cli/privacy-and-security/data-protection/#data-encryption).
+### MCP registry file format[](https://kiro.dev/docs/cli/mcp/governance/#mcp-registry-file-format)
+The format of the registry JSON file is a subset of the server schema JSON in the [MCP registry standard](https://github.com/modelcontextprotocol/registry) v0.1. The JSON schema definition for the subset supported by Kiro is available in the [registry schema](https://kiro.dev/docs/cli/mcp/governance/#mcp-registry-json-schema) section at the end of this document.
+The following example shows an MCP registry file containing both a remote (HTTP) and a local (stdio) MCP server definition.
+```
+
+{
+  "servers": [
+    {
+      "server": {
+        "name": "my-remote-server",
+        "title": "My server",
+        "description": "My server description",
+        "version": "1.0.0",
+        "remotes": [
+          {
+            "type": "streamable-http",
+            "url": "https://acme.com/my-server",
+            "headers": [
+              {
+                "name": "X-My-Header",
+                "value": "SomeValue"
+              }
+            ]
+          }
+        ]
+      }
+    },
+    {
+      "server": {
+        "name": "my-local-server",
+        "title": "My server",
+        "description": "My server description",
+        "version": "1.0.0",
+        "packages": [
+          {
+            "registryType": "npm",
+            "registryBaseUrl": "https://npm.acme.com",
+            "identifier": "@acme/my-server",
+            "transport": {
+              "type": "stdio"
+            },
+            "runtimeArguments": [
+              {
+                "type": "positional",
+                "value": "-q"
+              }
+            ],
+            "packageArguments": [
+              {
+                "type": "positional",
+                "value": "start"
+              }
+            ],
+            "environmentVariables": [
+              {
+                "name": "ENV_VAR",
+                "value": "ENV_VAR_VALUE"
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ]
+}
+
+
+```
+
+The following table lists the properties for the registry JSON file. All properties are mandatory, unless otherwise noted. See the [registry schema](https://kiro.dev/docs/cli/mcp/governance/#mcp-registry-json-schema) section for the full JSON schema.
+Nested attributes appear indented from their parent. For example, "headers" is a child attribute of "remotes", and "name" and "value" are child attributes of "headers".
+Attribute | Description | Optional? | Example value  
+---|---|---|---  
+**Common attributes**  
+name | Server name. Must be unique within a given registry file. |  | "aws-ccapi-mcp"  
+title | Human-readable server name. | Yes | "AWS CC API"  
+description | Description of server. |  | "Manage AWS infra through natural language."  
+version | Version of server. Semantic versioning (x.y.z) is strongly recommended. |  | "1.0.2"  
+**Remote (HTTP) server attributes**  
+remotes | Array with exactly one entry specifying the remote endpoint. |  | -  
+type | Must be one of "streamable-http" or "sse". |  | "streamable-http"  
+url | MCP server endpoint URL. |  | "<https://mcp.figma.com/mcp>"  
+headers | Array of HTTP headers to include in each request. | Yes | -  
+name | HTTP header name. |  | "Authorization"  
+value | HTTP header value. |  | "Bearer mF_9.B5f-4.1JqM"  
+**Local (stdio) server attributes**  
+packages | Array with exactly one entry containing the MCP server definition. |  | -  
+registryType |  Must be one of "npm", "pypi", or "oci". The following package runners are used to download and run the MCP server package:
+  * For registry type "npm", the "npx" runner is used
+  * For "pypi", "uvx" is used
+  * For "oci", "docker" is used
+
+Client machines must have the appropriate package runners pre-installed. |  | “npm”  
+registryBaseUrl | Package registry URL. | Yes | "<https://npm.acme.com>"  
+identifier | Server package identifier. |  | "@acme/my-server"  
+transport | Object with exactly one property, "type". |  | -  
+type | Must be "stdio". |  | “stdio”  
+runtimeArguments | Array of arguments provided to the runtime, that is, to npx, uvx or docker. | Yes | -  
+type | Must be "positional". |  | “positional”  
+value | Runtime argument value. |  | “-q”  
+packageArguments | Array of arguments provided to the MCP server. | Yes | -  
+type | Must be "positional". |  | “positional”  
+value | Package argument value. |  | “start”  
+environmentVariables | Array of env vars to set before starting the server. | Yes | -  
+name | Environment variable name. |  | "LOG_LEVEL"  
+value | Environment variable value. |  | “INFO”  
+### Serving the MCP registry file[](https://kiro.dev/docs/cli/mcp/governance/#serving-the-mcp-registry-file)
+Serve the MCP registry JSON file over HTTPS using any web server, such as Amazon S3, Apache, or nginx. The URL must be accessible to Kiro clients on your users' computers but can be private to your corporate network.
+The HTTPS endpoint must have a valid SSL certificate signed by a trusted Certificate Authority. Self-signed certificates are not supported.
+Kiro fetches the MCP registry at startup and every 24 hours. During periodic synchronization, if a locally installed MCP server is no longer in the registry, Kiro terminates that server and prevents users from adding it back. If the locally installed server has a different version than the server in the registry, Kiro relaunches the server with the version defined in the registry.
+### Kiro CLI[](https://kiro.dev/docs/cli/mcp/governance/#kiro-cli)
+When users launch Kiro CLI, it checks whether a registry URL is defined in the profile. If so, it retrieves the registry JSON at that URL and enforces that users can only use the MCP servers defined in the registry. When users run **/mcp add** , Kiro displays a list of servers from the registry they can select from.
+Registry MCP server parameters (URL, package identifier, runtimeArguments, and so forth) are read-only. However, users can:
+  1. Specify additional environment variables for local MCP servers.
+  2. Specify additional HTTP headers for remote MCP servers.
+  3. Change the request timeout.
+  4. Set the MCP server scope (Global, Workspace, or a specific Agent Configuration).
+  5. Set MCP tool trust permissions.
+
+
+User-specified environment variables or HTTP headers override registry definitions. This allows users to specify attributes specific to their setup, such as authentication keys or local folder paths.
+### MCP registry JSON schema[](https://kiro.dev/docs/cli/mcp/governance/#mcp-registry-json-schema)
+The following JSON schema defines the MCP registry file format supported by Kiro. You can use this schema to validate any registry files that you create.
+```
+
+{
+  "$schema": "https://json-schema.org/draft-07/schema",
+  "properties": {
+    "servers": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "server": {
+            "$ref": "#/definitions/ServerDetail"
+          }
+        },
+        "required": [
+          "server"
+        ]
+      }
+    }
+  },
+  "definitions": {
+    "ServerDetail": {
+      "properties": {
+        "name": {
+          "description": "Server name. Must be unique within a given registry file.",
+          "example": "weather-mcp",
+          "maxLength": 200,
+          "minLength": 3,
+          "pattern": "^[a-zA-Z0-9._-]+$",
+          "type": "string"
+        },
+        "title": {
+          "description": "Optional human-readable title or display name for the MCP server. MCP subregistries or clients MAY choose to use this for display purposes.",
+          "example": "Weather API",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string"
+        },
+        "description": {
+          "description": "Clear human-readable explanation of server functionality. Should focus on capabilities, not implementation details.",
+          "example": "MCP server providing weather data and forecasts via OpenWeatherMap API",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string"
+        },
+        "version": {
+          "description": "Version string for this server. SHOULD follow semantic versioning (e.g., '1.0.2', '2.1.0-alpha'). Equivalent of Implementation.version in MCP specification. Non-semantic versions are allowed but may not sort predictably. Version ranges are rejected (e.g., '^1.2.3', '~1.2.3', '\u003e=1.2.3', '1.x', '1.*').",
+          "example": "1.0.2",
+          "maxLength": 255,
+          "type": "string"
+        },
+        "packages": {
+          "items": {
+            "$ref": "#/definitions/Package"
+          },
+          "type": "array"
+        },
+        "remotes": {
+          "items": {
+            "anyOf": [
+              {
+                "$ref": "#/definitions/StreamableHttpTransport"
+              },
+              {
+                "$ref": "#/definitions/SseTransport"
+              }
+            ]
+          },
+          "type": "array"
+        }
+      },
+      "required": [
+        "name",
+        "description",
+        "version"
+      ],
+      "type": "object"
+    },
+    "Package": {
+      "properties": {
+        "registryType": {
+          "description": "Registry type indicating how to download packages (e.g., 'npm', 'pypi', 'oci')",
+          "enum": [
+            "npm",
+            "pypi",
+            "oci"
+          ],
+          "type": "string"
+        },
+        "registryBaseUrl": {
+          "description": "Base URL of the package registry",
+          "examples": [
+            "https://registry.npmjs.org",
+            "https://pypi.org",
+            "https://docker.io"
+          ],
+          "format": "uri",
+          "type": "string"
+        },
+        "identifier": {
+          "description": "Package identifier - either a package name (for registries) or URL (for direct downloads)",
+          "examples": [
+            "@modelcontextprotocol/server-brave-search",
+            "https://github.com/example/releases/download/v1.0.0/package.mcpb"
+          ],
+          "type": "string"
+        },
+        "transport": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/StdioTransport"
+            },
+            {
+              "$ref": "#/definitions/StreamableHttpTransport"
+            },
+            {
+              "$ref": "#/definitions/SseTransport"
+            }
+          ],
+          "description": "Transport protocol configuration for the package"
+        },
+
+        "runtimeArguments": {
+          "description": "A list of arguments to be passed to the package's runtime command (such as docker or npx).",
+          "items": {
+            "$ref": "#/definitions/PositionalArgument"
+          },
+          "type": "array"
+        },
+        "packageArguments": {
+          "description": "A list of arguments to be passed to the package's binary.",
+          "items": {
+            "$ref": "#/definitions/PositionalArgument"
+          },
+          "type": "array"
+        },
+        "environmentVariables": {
+          "description": "A mapping of environment variables to be set when running the package.",
+          "items": {
+            "$ref": "#/definitions/KeyValueInput"
+          },
+          "type": "array"
+        }
+      },
+      "required": [
+        "registryType",
+        "identifier",
+        "transport"
+      ],
+      "type": "object"
+    },
+    "StdioTransport": {
+      "properties": {
+        "type": {
+          "description": "Transport type",
+          "enum": [
+            "stdio"
+          ],
+          "example": "stdio",
+          "type": "string"
+        }
+      },
+      "required": [
+        "type"
+      ],
+      "type": "object"
+    },
+    "StreamableHttpTransport": {
+      "properties": {
+        "type": {
+          "description": "Transport type",
+          "enum": [
+            "streamable-http"
+          ],
+          "example": "streamable-http",
+          "type": "string"
+        },
+        "url": {
+          "description": "URL template for the streamable-http transport. Variables in {curly_braces} reference argument valueHints, argument names, or environment variable names. After variable substitution, this should produce a valid URI.",
+          "example": "https://api.example.com/mcp",
+          "type": "string"
+        },
+        "headers": {
+          "description": "HTTP headers to include",
+          "items": {
+            "$ref": "#/definitions/KeyValueInput"
+          },
+          "type": "array"
+        }
+      },
+      "required": [
+        "type",
+        "url"
+      ],
+      "type": "object"
+    },
+    "SseTransport": {
+      "properties": {
+        "type": {
+          "description": "Transport type",
+          "enum": [
+            "sse"
+          ],
+          "example": "sse",
+          "type": "string"
+        },
+        "url": {
+          "description": "Server-Sent Events endpoint URL",
+          "example": "https://mcp-fs.example.com/sse",
+          "format": "uri",
+          "type": "string"
+        },
+        "headers": {
+          "description": "HTTP headers to include",
+          "items": {
+            "$ref": "#/definitions/KeyValueInput"
+          },
+          "type": "array"
+        }
+      },
+      "required": [
+        "type",
+        "url"
+      ],
+      "type": "object"
+    },
+    "PositionalArgument": {
+      "properties": {
+        "type": {
+          "enum": [
+            "positional"
+          ],
+          "example": "positional",
+          "type": "string"
+        },
+        "value": {
+          "description": "The value for the input.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "type",
+        "value"
+      ],
+      "type": "object"
+    },
+    "KeyValueInput": {
+      "properties": {
+        "name": {
+          "description": "Name of the header or environment variable.",
+          "example": "SOME_VARIABLE",
+          "type": "string"
+        },
+        "value": {
+          "description": "The value for the input.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "name"
+      ],
+      "type": "object"
+    }
+  },
+  "required": [
+    "servers"
+  ],
+  "type": "object"
+}
+
+
+```
+
+Page updated: December 20, 2025
+[Security](https://kiro.dev/docs/cli/mcp/security/)
+[Steering](https://kiro.dev/docs/cli/steering/)
+On this page
+  * [Disabling MCP for your organization](https://kiro.dev/docs/cli/mcp/governance/#disabling-mcp-for-your-organization)
+  * [Specifying an MCP allow-list for your organization](https://kiro.dev/docs/cli/mcp/governance/#specifying-an-mcp-allow-list-for-your-organization)
+  * [Specifying the MCP registry URL](https://kiro.dev/docs/cli/mcp/governance/#specifying-the-mcp-registry-url)
+  * [MCP registry file format](https://kiro.dev/docs/cli/mcp/governance/#mcp-registry-file-format)
+  * [Serving the MCP registry file](https://kiro.dev/docs/cli/mcp/governance/#serving-the-mcp-registry-file)
+  * [Kiro CLI](https://kiro.dev/docs/cli/mcp/governance/#kiro-cli)
+  * [MCP registry JSON schema](https://kiro.dev/docs/cli/mcp/governance/#mcp-registry-json-schema)

package/.kiro/documentation/docs_cli_mcp_security.md

@@ -0,0 +1,77 @@
+# Security
+Security is critical when integrating external MCP servers with your development workflow. The MCP security model in Kiro CLI is designed with these principles:
+  1. **Explicit Permission** : Tools require explicit user permission before execution
+  2. **Local Execution** : MCP servers run locally on your machine
+  3. **Isolation** : Each MCP server runs as a separate process
+  4. **Transparency** : Users can see what tools are available and what they do
+
+
+## Security considerations[](https://kiro.dev/docs/cli/mcp/security/#security-considerations)
+When using MCP servers with Kiro CLI, keep these security principles in mind:
+### Trust and verification[](https://kiro.dev/docs/cli/mcp/security/#trust-and-verification)
+  * Only install MCP servers from trusted sources
+  * Review tool descriptions and documentation before installation
+  * Check for security advisories and updates
+
+
+### Access control[](https://kiro.dev/docs/cli/mcp/security/#access-control)
+  * Use least-privilege principles for server permissions
+  * Limit file system access to necessary directories only
+  * Restrict network access where possible
+  * Use environment variables for sensitive credentials
+
+
+### Credential management[](https://kiro.dev/docs/cli/mcp/security/#credential-management)
+  * Never hardcode API keys or tokens in configuration files
+  * Use environment variables for sensitive data
+  * Rotate credentials regularly
+  * Store credentials securely using system keychains
+
+
+### Network security[](https://kiro.dev/docs/cli/mcp/security/#network-security)
+  * Use HTTPS for remote MCP servers
+  * Verify SSL/TLS certificates
+  * Be cautious with servers that require broad network access
+  * Monitor network traffic for unusual activity
+
+
+### Monitoring and auditing[](https://kiro.dev/docs/cli/mcp/security/#monitoring-and-auditing)
+  * Review MCP server logs regularly
+  * Monitor for unexpected behavior
+  * Keep track of installed servers and their permissions
+  * Remove unused or untrusted servers promptly
+
+
+## Best practices[](https://kiro.dev/docs/cli/mcp/security/#best-practices)
+### Configuration security[](https://kiro.dev/docs/cli/mcp/security/#configuration-security)
+bash
+```
+
+# Use environment variables for sensitive data
+export MCP_API_KEY="your-secure-key"
+export DATABASE_URL="your-connection-string"
+
+# Configure MCP server with environment variables
+kiro-cli mcp add my-server --env MCP_API_KEY --env DATABASE_URL
+
+
+```
+
+## Next steps[](https://kiro.dev/docs/cli/mcp/security/#next-steps)
+  * Explore [Examples](https://kiro.dev/docs/cli/mcp/examples)
+  * Return to [MCP Overview](https://kiro.dev/docs/cli/mcp)
+
+
+Page updated: November 16, 2025
+[Examples](https://kiro.dev/docs/cli/mcp/examples/)
+[Governance](https://kiro.dev/docs/cli/mcp/governance/)
+On this page
+  * [Security considerations](https://kiro.dev/docs/cli/mcp/security/#security-considerations)
+  * [Trust and verification](https://kiro.dev/docs/cli/mcp/security/#trust-and-verification)
+  * [Access control](https://kiro.dev/docs/cli/mcp/security/#access-control)
+  * [Credential management](https://kiro.dev/docs/cli/mcp/security/#credential-management)
+  * [Network security](https://kiro.dev/docs/cli/mcp/security/#network-security)
+  * [Monitoring and auditing](https://kiro.dev/docs/cli/mcp/security/#monitoring-and-auditing)
+  * [Best practices](https://kiro.dev/docs/cli/mcp/security/#best-practices)
+  * [Configuration security](https://kiro.dev/docs/cli/mcp/security/#configuration-security)
+  * [Next steps](https://kiro.dev/docs/cli/mcp/security/#next-steps)

package/.kiro/documentation/docs_cli_migrating-from-q.md

@@ -0,0 +1,129 @@
+# Upgrading from Amazon Q Developer CLI
+## Overview[](https://kiro.dev/docs/cli/migrating-from-q/#overview)
+Kiro CLI is the next update of the Q CLI. Your existing Q Developer CLI workflows, subscription, and authentication continue to work without any changes.
+Kiro CLI leverages the Auto agent to deliver the best results at the best price, and supports advanced agent functionality and technology similar to what customers are familiar with in the Q Developer CLI (including agent mode, MCP, steering, and custom agents). Existing Q Developer CLI users will find onboarding straightforward, with additional options for logging in via social accounts and GitHub.
+**Tip**
+Kiro CLI will be available starting **November 17th, 2025**. If you had auto-update enabled, then on **November 24th 2025** Q Developer CLI will be automatically updated to Kiro CLI. If you had disabled auto-update, then you have to manually update Q Developer CLI using `q update` or select "Check for updates" in the Amazon Q application.
+If you're familiar with Amazon Q CLI, upgrading to Kiro CLI will feel natural. This guide highlights the key differences and helps you get started quickly.
+## Key differences[](https://kiro.dev/docs/cli/migrating-from-q/#key-differences)
+Here is the side-by-side comparison of Kiro CLI and Amazon Q Developer
+Area | Kiro CLI | Q Developer CLI  
+---|---|---  
+Installation | native install | dmg and zip based install  
+Authentication | GitHub, Gmail, BuilderId, IAM Identity Center | BuilderId, IAM Identity Center  
+Entry point | kiro-cli | q / q chat  
+Rules | Kiro steering | Amazon Q rules  
+Subscriptions | Q Developer and Kiro | Q Developer and Kiro  
+Features | MCP, Custom agents, hooks | MCP, Custom agents, hooks  
+License | AWS Intellectual Property License | Apache  
+See the [Authentication guide](https://kiro.dev/docs/cli/authentication) for details.
+## Frequently asked questions[](https://kiro.dev/docs/cli/migrating-from-q/#frequently-asked-questions)
+**1. What is Kiro, and how does it relate to Q Developer?**
+Kiro is a standalone agentic development experience that helps you go from concept to production with spec-driven development. From simple to complex tasks, Kiro works alongside you to turn prompts into detailed specs, then into working code, docs, and tests—so what you build is exactly what you want and ready to share with your team. Kiro leverages some of the advanced Q Developer functionality and technology (agent mode, MCP, steering, CLI) and adds a streamlined but opinionated developer experience for working with AI which feels familiar because it's based on Q Developer CLI.
+**2. How will I upgrade from Q Developer CLI to the Kiro CLI?**
+You can simply do `q update` or enable auto-update to switch to Kiro CLI.
+**3. What if I don’t want to upgrade to the Kiro CLI? Can I keep my Q Developer CLI access?**
+Yes, you can continue to use Amazon Q Developer CLI. However, new features and fixes will only be available for Kiro CLI, which leverages some of the underlying agentic CLI features of Q CLI in a streamlined developer experience. Existing Q Developer CLI users will find the experience familiar, and onboarding straightforward, so we strongly recommend they should consider switching.
+**4. What terms will apply to Kiro CLI?**
+Just like with Q Developer CLI, your use of the underlying agentic capabilities in Kiro CLI is subject to the AWS Customer Agreement (or other agreement with us governing your use of AWS services) and Service Terms. However, the Kiro CLI software is licensed under the AWS Intellectual Property License, while the Q Developer CLI software was licensed under Apache 2.0.
+**5. What is the impact to my current usage of Amazon Q Developer CLI? Do I have to change my automation and configuration files?**
+Kiro CLI is backwards compatible with Amazon Q Developer CLI. You can still continue using the `q` and `q chat` entry points. All the functionality in Amazon Q Developer CLI is available in Kiro CLI. You can continue using Amazon Q rules and configuration with Kiro CLI.
+**6. What will change when I switch to Kiro CLI?**
+We are making it easy for your team to work with Kiro regardless of whether developers prefer Kiro IDE or Kiro CLI. To learn more about the changes, review the [changes in detail](https://kiro.dev/docs/cli/migrating-from-q/#kiro-cli-changes).
+**7. Will Kiro CLI work with my Q Developer Pro subscription?**
+Yes, you can use Kiro CLI with your Q Developer Pro subscription. Kiro CLI will also support a Kiro subscription.
+**8. How does Kiro pricing work?**
+Kiro offers flexible pricing tiers designed around how developers use Kiro. For more on pricing, see <https://kiro.dev/pricing/>.
+**9. As a current Q Developer Pro subscription user, why should I consider upgrading to a paid Kiro subscription plan?**
+Kiro offers 3 different pricing tiers that better map to developer needs, and each pricing tier supports overages. Overages are not supported with the Q Developer Pro subscription plan.
+**10: As a current Q Developer Pro user, what is the process for upgrading to a Kiro subscription plan?**
+The Kiro dashboard will show the subscriptions for both Kiro and Q Developer separately. For every group or user, an admin can go to their Q subscriptions, select them and upgrade to a Kiro subscription. Changes in subscription will move groups and users from the subscription tab under Q Developer to the subscription tab in Kiro. Customers can migrate users as they see fit, across an entire profile from a member account, or across groups or individual users from the same profile. Upgrades happen at a user level, so customers have fine-grained control over the migration process.
+**11. Do you provide an output indemnity for Kiro subscribers? If I’m a Q Developer Pro tier user and I upgrade to a paid Kiro subscription, does the output indemnity apply to me?**
+Yes, just like we do for Q Developer Pro users, we provide an output indemnity for paid Kiro subscribers. See Section 50.10 of the Service Terms for more details.
+**12. Does Kiro use my content to train any models?**
+We do not use content from Kiro Pro, Pro+, or Power users that access Kiro through AWS IAM Identity Center. If you have an Amazon Q Developer Pro subscription and access Kiro through your AWS account with the Amazon Q Developer Pro subscription, then Kiro will not use your content for service improvement. We may use certain content from Kiro Free Tier and Kiro individual subscribers (those that access Kiro through a social login provider or AWS Builder ID) for service improvement.
+**13. Can I control telemetry sharing (usage data, performance metrics) for Kiro at the Org level?**
+We do not collect telemetry from Kiro Pro, Pro+, or Power users that access Kiro through AWS IAM Identity Center. However, enterprise admins can configure Kiro to collect user activity reports for the users in your org.
+**14. Can I go back to Amazon Q Developer CLI?**
+To install Amazon Q Developer CLI, download the binary for your platform/OS. Uninstall Kiro CLI using `kiro-cli uninstall` and install the Amazon Q Developer CLI.
+You can download Amazon Q Developer CLI v1.19.7 for the specific platform:
+  * [MacOS](https://desktop-release.q.us-east-1.amazonaws.com/latest/Amazon%20Q.dmg)
+  * [Linux x86-64](https://desktop-release.q.us-east-1.amazonaws.com/latest/q-x86_64-linux.zip)
+  * [Linux ARM](https://desktop-release.q.us-east-1.amazonaws.com/latest/q-aarch64-linux.zip)
+
+
+**Warning**
+Any new prompts, agents and steering files you created using Kiro CLI will not be available in Amazon Q Developer CLI. Refer to the configuration file path section to copy files.
+## Kiro CLI Changes[](https://kiro.dev/docs/cli/migrating-from-q/#kiro-cli-changes)
+### One-time migration during Kiro CLI installation[](https://kiro.dev/docs/cli/migrating-from-q/#one-time-migration-during-kiro-cli-installation)
+Here's what happens during the one-time migration when you install Kiro CLI:
+  1. Prompts, agents from `~/.aws/amazonq` folder are copied to `~/.kiro` folder with the same names
+  2. MCP configuration from `~/.aws/amazonq/mcp.json` is copied to `~/.kiro/settings/mcp.json`. If there are conflicts, skip copying those MCP servers
+  3. Files from `rules` folder in ~/.aws/amazonq folder are copied to `~/.kiro/steering` folder with the same names
+  4. A `cli.json` file is created with settings from Amazon Q Developer CLI
+  5. Kiro CLI will continue to read `.amazonq` folder in your project. So your existing rules, agents, and MCP settings in your project will continue to work as-is 
+     * If you save a new prompt or agent configurations, they will be saved to `.kiro` folder in your projeect.
+     * If both folders exist in your project, we'll read from `.kiro` folder
+
+
+**Important**
+When you add new project level prompts or agents, they will be saved to the `.kiro` folder in the project and not `.amazonq` folder
+  1. q and q chat will continue to work, although we recommend using kiro-cli (both kiro-cli and kiro-cli chat will work)
+  2. Tools names have been simplified, but existing tool names will continue to work: 
+     * Changes -> `fs_read` to `read`, `fs_write` to `write` , `use_aws` to `aws`, `execute_bash` to `shell`, `report_issue` to `report`
+
+
+### Configuration file paths[](https://kiro.dev/docs/cli/migrating-from-q/#configuration-file-paths)
+Kiro CLI uses different configuration paths than Amazon Q Developer CLI, but maintains backward compatibility:
+Configuration | Scope | Kiro CLI | Q Developer CLI  
+---|---|---|---  
+MCP servers | User | `~/.kiro/settings/mcp.json` | `~/.aws/amazonq/mcp.json`  
+| Workspace | `.kiro/settings/mcp.json` | `.amazonq/mcp.json`  
+Prompts | User | `~/.kiro/prompts` | `~/.aws/amazonq/prompts`  
+| Workspace | `.kiro/prompts` | `.amazonq/prompts`  
+Custom agents | User | `~/.kiro/agents` | `~/.aws/amazonq/cli-agents`  
+| Workspace | `.kiro/agents` | `.amazonq/cli-agents`  
+Rules / Steering | User | `~/.kiro/steering` | `~/.aws/amazonq/rules`  
+| Workspace | `.kiro/steering` | `.amazonq/rules`  
+Settings | Global | `~/.kiro/settings/cli.json` | -  
+### Important changes[](https://kiro.dev/docs/cli/migrating-from-q/#important-changes)
+  * Kiro CLI will **not modify** your existing `.amazonq` folders
+  * Authentication and subscription management will use Kiro web portal
+  * MCP servers, agents, rules, and prompts automatically copied from `~/.aws/amazonq` folder to the appropriate folders (refer above) in `~/.kiro` during installation
+  * Logs will be written to `$TMPDIR/kiro-log`
+  * Tool names are different, but are backwards compatible so that your existing custom agents will continue to work
+  * Default agent name changed to `kiro_default`. Default agent includes paths for both Amazon Q and Kiro. 
+    * `/agent list` will list `kiro_default` as an agent with "No path found", because the agent configuration is in memory.
+  * UI with updated colors and names
+  * Default agent will support both Amazon Q rules and Kiro steering
+  * Kiro CLI supports Gmail and GitHub authentication alongside Builder ID and IAM Identity Center
+
+
+**Important**
+If your project has both `.kiro` and `.amazonq` folders, configuration will be loaded from the `.kiro` folder. You will see a warning about this when you start a new session.
+### Getting help[](https://kiro.dev/docs/cli/migrating-from-q/#getting-help)
+If you encounter issues during migration:
+  1. Check the [CLI Commands Reference](https://kiro.dev/docs/cli/reference/cli-commands)
+  2. Review [Chat documentation](https://kiro.dev/docs/cli/chat)
+  3. Contact support through the Kiro dashboard
+
+
+### Next steps[](https://kiro.dev/docs/cli/migrating-from-q/#next-steps)
+  * Explore [Chat features](https://kiro.dev/docs/cli/chat)
+  * Learn about [Custom Agents](https://kiro.dev/docs/cli/custom-agents)
+  * Try [MCP integration](https://kiro.dev/docs/cli/mcp)
+  * Set up [Agent Hooks](https://kiro.dev/docs/cli/hooks)
+
+
+Page updated: November 19, 2025
+[Settings](https://kiro.dev/docs/cli/reference/settings/)
+On this page
+  * [Overview](https://kiro.dev/docs/cli/migrating-from-q/#overview)
+  * [Key differences](https://kiro.dev/docs/cli/migrating-from-q/#key-differences)
+  * [Frequently asked questions](https://kiro.dev/docs/cli/migrating-from-q/#frequently-asked-questions)
+  * [Kiro CLI Changes](https://kiro.dev/docs/cli/migrating-from-q/#kiro-cli-changes)
+  * [One-time migration during Kiro CLI installation](https://kiro.dev/docs/cli/migrating-from-q/#one-time-migration-during-kiro-cli-installation)
+  * [Configuration file paths](https://kiro.dev/docs/cli/migrating-from-q/#configuration-file-paths)
+  * [Important changes](https://kiro.dev/docs/cli/migrating-from-q/#important-changes)
+  * [Getting help](https://kiro.dev/docs/cli/migrating-from-q/#getting-help)
+  * [Next steps](https://kiro.dev/docs/cli/migrating-from-q/#next-steps)