CodingOpen SourceFreeActiveMachine-verified· beginner · ~5 min setup

Kilo Code: a mode that can only edit the files you let it

Build a docs mode that can read the whole repo but only write to Markdown, using a fileRegex restriction on the edit group.

by Shilpa Mitra· verified today· v1.0.0

Run this workflow

CI-verified, 2/2 fixtures passing.

Build this with your agent

One copy-paste hands Claude Code, Codex, or Cursor the full recipe, steps included, nothing to fetch.

Intended Use

Anyone who wants per-file-type edit limits, not a coarse allow/ask/deny. CI validates that .kilocodemodes parses and the docs-writer mode's edit group carries a fileRegex restriction. No key, no model call. The actual writing is fenced.

Not for

  • Treating fileRegex as a security sandbox, it's a guardrail; a mode with the command group can still run terminal commands
  • Expecting CI to test the regex against real files, it checks the restriction is present; test your pattern on a throwaway change

The Stack

Kilo Codecoding agent

Tested Against

kilocode@7.3.45kilo.ai/docs (2026-06)ruby@3.x (YAML stdlib)

Side effects & data flow

Network
none, local only
Writes
./.kilocodemodes
Credentials
none required

Prerequisites

  • Kilo Code extension installed
  • A provider/API key to actually run the mode

Steps

  1. 1

    Write a fileRegex-scoped docs mode and validate

    In .kilocodemodes, give the docs-writer mode the read group plus an edit group restricted to .md/.mdx via fileRegex. Create it through 'Edit Project Modes' so the nested structure is written correctly. CI parses the file and asserts the edit group carries a fileRegex.

    cat > .kilocodemodes <<'YAML'
customModes:
  - slug: docs-writer
    name: Docs Writer
    roleDefinition: You are a technical writer who keeps project docs accurate and clear.
    groups:
      - read
      - - edit
        - fileRegex: \.(md|mdx)$
          description: Markdown and MDX files only
YAML
ruby -ryaml -e '
c = YAML.load_file(".kilocodemodes")
m = (c["customModes"] || []).find { |x| x["slug"] == "docs-writer" }
abort "BAD: no docs-writer mode" unless m
edit = (m["groups"] || []).find { |g| g.is_a?(Array) && g[0] == "edit" }
abort "BAD: edit group is not fileRegex-scoped" unless edit && edit[1].is_a?(Hash) && !edit[1]["fileRegex"].to_s.empty?
puts "config OK: docs-writer edit group is fileRegex-scoped (" + edit[1]["fileRegex"] + ")"
'
  2. 2

    Use the docs mode (the model step, not checked by CI)

    Switch to the docs-writer mode and ask it to update the docs. It can read the whole repo but the editor tool can only write to files matching the pattern. Quality and what it writes are fenced.

Eval, 2 fixtures

Last passed: verified today
  • fileregex-presentcontainstimeout 30s · max $0

    Expected: config OK: docs-writer edit group is fileRegex-scoped

  • clean-exitexit_codetimeout 30s · max $0

    Expected: 0

Results

File-scoped permissions, not all-or-nothing: a tech-writer mode that physically cannot wander into your source while updating docs. The change that makes you comfortable letting an agent touch a real repo.

Did this work for you?

Our CI checks the setup runs. You tell us if the whole thing worked. Tell us straight.

Liked this workflow?

Get new verified workflows in WebAfterAI, three issues a week (Tue, Thu, Sat).