Store Credentials. Inject At Runtime. Agents Never Store The Keys.
Website · Documentation · Dashboard · Discord
Kontext CLI is an open-source command-line tool that wraps AI coding agents with enterprise-grade identity, credential management, and governance — without changing how developers work.
Why we built it: AI coding agents need access to GitHub, Stripe, databases, and dozens of other services. Today, teams copy-paste long-lived API keys into .env files and hope for the best. Kontext replaces that with short-lived, scoped credentials that are injected at session start and gone when the session ends. Every tool call is logged. Every secret is accounted for.
How it works: On first run, kontext start authenticates you, bootstraps the shared Kontext CLI application for your org, creates a local .env.kontext file if needed, opens hosted connect for any missing preset providers, exchanges placeholders for short-lived tokens via RFC 8693 token exchange, and launches your agent with those credentials injected. When the session ends, credentials expire automatically.
Install the CLI:
brew install kontext-security/tap/kontextRun it from a project with Claude Code installed:
kontext start --agent claudeThe first run opens your browser for login and provider connection. After that, kontext start resolves credentials, injects them into the agent process, and starts streaming governed tool events. The CLI session is stored in your system keyring and can be cleared with kontext logout.
Prefer a direct binary? Download the latest build from GitHub Releases.
The CLI creates .env.kontext locally on first run:
GITHUB_TOKEN={{kontext:github}}
LINEAR_API_KEY={{kontext:linear}}Keep .env.kontext out of source control in repos that do not already ignore it. The CLI may append more preset provider placeholders later if your org attaches them to the shared Kontext CLI application. Literal values you add stay untouched. Providers connected after the agent has already started become available on the next kontext start.
Provider setup and trace review live in the hosted dashboard at app.kontext.security. Use the same account you used for kontext login.
Add providers
- Open Providers in the dashboard.
- Add a built-in provider, such as GitHub or Linear, or create a custom provider.
- For built-in providers, configure allowed scopes and any provider-specific OAuth settings shown in the dashboard. For custom providers, choose end-user OAuth, end-user key, or organization key.
- Open Applications → kontext-cli → Providers and attach the providers the CLI application can use.
- Reference the provider handles in
.env.kontext.
Check traces
- Run
kontext start --agent claude. - Ask Claude Code to perform a tool-using task.
- Open Traces in the dashboard to inspect live hook events, tool calls, outcomes, user attribution, and session context.
| Capability | What it means |
|---|---|
| Ephemeral credentials | Short-lived tokens are injected only for the active agent session. |
| Managed env file | The CLI creates and updates .env.kontext with provider placeholders. |
| Hosted connect | Missing user providers open a browser flow instead of leaking keys locally. |
| Governed sessions | PreToolUse, PostToolUse, and UserPromptSubmit events stream to Kontext. |
| Native runtime | A small Go binary, no local daemon, no Docker, no Node or Python runtime. |
- OIDC browser login with refresh tokens stored in the system keyring.
- RFC 8693 token exchange for short-lived, provider-scoped runtime credentials.
- AES-256-GCM encryption at rest for provider credentials stored in Kontext.
- No long-lived provider keys are written to the project or agent config.
| Agent | Flag | Status |
|---|---|---|
| Claude Code | --agent claude |
Active |
Cursor and Codex support are planned, but they are not shipped in this repo yet.
kontext start --agent claude
│
├─ Auth: OIDC refresh token from system keyring
├─ ConnectRPC: CreateSession → governed session in dashboard
├─ BootstrapCli: sync managed provider entries into .env.kontext
├─ Token exchange: {{kontext:provider}} → short-lived credential
├─ Sidecar: Unix socket server + heartbeat loop
├─ Hooks: generated Claude Code settings.json
│ │
│ ├─ PreToolUse → kontext hook → sidecar → ProcessHookEvent
│ ├─ PostToolUse → kontext hook → sidecar → ProcessHookEvent
│ └─ UserPromptSubmit → kontext hook → sidecar → ProcessHookEvent
│
└─ Exit: EndSession → credential expiry + temp file cleanup
The CLI communicates with the Kontext backend through ConnectRPC. Hook handlers talk to the sidecar over a Unix socket using length-prefixed JSON, keeping agent-specific hook parsing local to the CLI.
Kontext captures what the agent tried to do and what happened. It does not capture LLM reasoning, token usage, or conversation history.
go build -o bin/kontext ./cmd/kontext
go test ./...
go test -race ./...
go vet ./...
gofmt -w ./cmd ./internalGenerate protobuf code with buf generate.
Service definitions live in kontext-security/proto agent.proto.
- Read SUPPORT.md for support channels.
- Read CONTRIBUTING.md before opening a contribution.
- Kontext CLI is released under the MIT License.