Skip to content

How to Run Kiro CLI in CICD Pipelines (Headless Mode)

Β· 2 min read

Can Kiro CLI Run in CICD?

Yes. Kiro CLI 2.0 introduced headless mode for unattended environments. The core command:

kiro-cli chat --no-interactive --trust-all-tools "your instruction"

Key flags:

FlagPurpose
--no-interactiveNever waits for user input
--trust-all-toolsSkips all tool confirmation prompts
--agent <name>Uses a specific custom agent

Authentication in CI uses KIRO_API_KEY β€” no browser login needed.

How to Set Up GitHub Actions Integration?

Complete PR auto-review config:

# .github/workflows/kiro-review.yml
name: Kiro Code Review
on:
  pull_request:
    branches: [main]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install Kiro CLI
        run: curl -fsSL https://kiro.dev/install.sh | bash

      - name: Run review
        env:
          KIRO_API_KEY: ${{ secrets.KIRO_API_KEY }}
        run: |
          CHANGED=$(git diff --name-only origin/main...HEAD | grep -E '\.(ts|js|py)$')
          if [ -z "$CHANGED" ]; then exit 0; fi
          kiro-cli chat --no-interactive --trust-all-tools \
            "Review these files for bugs and security issues: $CHANGED"

What Else Can Headless Mode Do?

Security Scanning

kiro-cli chat --no-interactive --trust-all-tools \
  "Scan src/ for hardcoded secrets, SQL injection, and unvalidated input. Output JSON."

Changelog Generation

LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "HEAD~20")
kiro-cli chat --no-interactive --trust-all-tools \
  "Generate changelog from these commits: $(git log $LAST_TAG..HEAD --oneline)"

Batch Documentation

find src -name "*.ts" -not -name "*.test.*" | while read file; do
  kiro-cli chat --no-interactive --trust-all-tools \
    "Add JSDoc to exported functions in $file that are missing it."
done

How to Create a CI-Specific Agent?

Create .kiro/agents/ci-reviewer.json:

{
  "name": "ci-reviewer",
  "description": "CI code reviewer - strict, concise",
  "prompt": "You are a strict code reviewer. Focus on bugs, security, and performance. Be concise. Output markdown.",
  "tools": ["fs_read", "grep", "glob", "code"],
  "allowedTools": ["fs_read", "grep", "glob", "code"]
}

Use it:

kiro-cli chat --no-interactive --trust-all-tools --agent ci-reviewer "Review src/"

Commit the agent file to git. Your whole team uses the same review rules.

Things to Watch Out For

  • Never hardcode API keys. Use GitHub Secrets or CI variables.
  • Pipe long output. Use | tee report.md to save results.
  • Control costs. Only review changed files, not the full repo.
  • Use --require-mcp-startup to fail fast if MCP servers don’t start.

FAQ

Does Kiro CLI headless mode need browser login?
No. Set the KIRO_API_KEY environment variable for CI authentication. No browser OAuth required.
Will headless mode wait for user confirmation?
No. With --no-interactive --trust-all-tools flags, it runs fully automated without pausing.
How do I control token costs in CI?
Only run against changed files, not the entire repo. Split large batches into smaller runs.
Can I use custom agents in headless mode?
Yes. Use --agent flag to specify an agent, e.g., --agent ci-reviewer.

Related Posts