Bug: Agent Violates "Never Hardcode" Rule When Generating Tools and Scripts #3553
Description
Bug: Agent Violates "Never Hardcode" Rule When Generating Tools and Scripts
Note: This issue affects Kiro CLI agent code generation practices.
Problem
- Agents generate tools and scripts with hardcoded values despite explicit "never hardcode" instructions
- Session management tools contain hardcoded project names, work types, and content templates
- Generated code violates fundamental coding best practices and creates misleading outputs
- Scripts fail to detect current project context or work being performed
- Results in multiple incorrect session documents when tool is reused across projects
Proposed Solution
Add enforcement mechanisms to prevent hardcoding in agent-generated code:
// Instead of hardcoded values
const projectName = "SpecificProject";
const workType = "Security Audit";
// Should generate dynamic detection
const projectName = detectCurrentProject();
const workType = analyzeCurrentWork();Implement validation checks that:
- Detect hardcoded strings in generated code
- Suggest dynamic alternatives
- Warn when context-specific values are embedded
Benefits
- Ensures agent-generated tools work correctly across different projects
- Maintains coding best practices and golden rules
- Prevents misleading documentation and context pollution
- Creates reusable, context-aware tooling
- Reduces need for manual fixes and regeneration
Alternatives Considered
- Manual code review (doesn't scale with agent usage)
- Post-generation fixes (reactive rather than preventive)
- User-side validation (places burden on users to catch violations)