Show HN: Kontext CLI – Credential broker for AI coding agents in Go
TL;DR Highlight
This open-source CLI tool securely injects short-lived tokens into AI coding agents when accessing external services like GitHub, Stripe, and databases, avoiding the exposure of long-term API keys. It's gaining attention as a replacement for the risky practice of copy-pasting keys into .env files.
Who Should Read
Developers or team leads who have deployed AI coding agents like Claude or Copilot but are concerned about API key management. Specifically, backend/DevOps engineers who need to grant agents access to external services and want to reduce security risks.
Core Mechanics
- AI coding agents need access to external services like GitHub, Stripe, and databases, but most teams currently copy and paste long-term API keys into .env files. This approach carries a high risk of key leakage and lacks governance.
- Kontext CLI solves this problem by acting as a 'Credential Broker'. Agents don't directly hold keys; instead, they receive short-lived tokens at session start, which automatically expire at the end of the session.
- By declaring the credentials a project needs in a `.env.kontext` file, the CLI replaces placeholders with actual short-lived tokens using the RFC 8693 Token Exchange standard when the `kontext start` command is executed, then runs the agent.
- Every Tool Call made by the agent is streamed to the Kontext dashboard and recorded for audit and governance purposes. You can track which agent accessed which service and when.
- For static API keys (services that don't support OIDC), the backend directly injects the keys into the agent's runtime environment. However, it was noted that the keys could still be readable within the agent's environment.
- Installation is simple with `brew install kontext-security/tap/kontext`, and direct binary installation is also supported from GitHub Releases. It's an open-source project written in Go.
- The OSS CLI appears to function as a client for a paid backend service. There have been many questions from the community about the credential storage model and the boundary between OSS and paid features, but an official answer remains unclear.
Evidence
- Questions were raised about whether the OSS CLI is a client of a paid service and whether credentials are stored on the Kontext server. Concerns were expressed about the lack of transparency in the custody model (where my keys are stored), and opinions were shared that a clear trust model is necessary for a security tool.
- In response to the explanation that static API keys are directly injected into the agent's runtime environment by the backend, a counterargument was made: 'Then what prevents the agent from reading and storing or leaking the key from the environment variable?' A deeper security concern was also raised that if the agent process runs with the same user privileges, the key could be extracted from the kontext process memory.
- Comments compared it to projects with similar approaches, such as Tailscale Aperture and OneCLI. Questions were asked about the differentiators, indicating that competition in this area has begun.
- An alternative idea using eBPF was suggested. By monitoring network I/O and intercepting requests, tokens and signatures could be injected at runtime, allowing agents to only be given placeholder tokens and eliminating the need for additional abstraction layers.
- The context-based authorization feature – 'issuing credentials only when the intention of the agent's reasoning trace matches what the user has authorized' – received attention. This feature was evaluated as a key differentiator from existing solutions.
How to Apply
- If you need to give an AI coding agent like Claude or Cursor access to the GitHub API or Stripe keys, declare the necessary credentials in a `.env.kontext` file and run the agent with `kontext start` to operate with session-limited tokens without exposing long-term keys.
- If you're using AI agents as a team and need audit logs of who accessed which services, leverage Kontext's dashboard streaming feature to record all Tool Calls and establish a governance system.
- If you need to allow agent access to legacy services (internal APIs, older SaaS, etc.) that don't support OIDC, use Kontext's static key injection method, but additionally review sandboxing to prevent the agent from directly reading environment variables.
- If you're interested in an eBPF-based approach, refer to the riptides.io case mentioned in the comments to explore the option of replacing tokens at the network layer without modifying the agent code.
Code Example
# Installation
brew install kontext-security/tap/kontext
# Or direct binary installation (macOS ARM)
tmpdir="$(mktemp -d)" \
&& gh release download --repo kontext-security/kontext-cli \
--pattern 'kontext_*_darwin_arm64.tar.gz' \
--dir "$tmpdir"
# Declare necessary credentials in .env.kontext file and run agent
kontext startTerminology
Related Papers
Migrating a production AI agent to GPT-5.6: 2.2x faster, 27% cheaper
마케팅 웹사이트를 자동 생성하는 프로덕션 AI 에이전트를 Claude Opus 4.8에서 GPT-5.6 Sol로 전환한 실전 경험담으로, 단순 모델 교체가 아니라 eval 하네스, 툴 스키마, 캐싱, 추론 리플레이까지 손봐야 했던 과정을 구체적인 수치와 함께 정리했다.
What xAI's Grok build CLI sends to xAI: A wire-level analysis
xAI의 공식 코딩 CLI 도구 Grok Build가 사용자 동의 없이 전체 Git 저장소와 .env 시크릿 파일을 xAI 서버로 업로드한다는 사실이 네트워크 트래픽 분석으로 밝혀졌다.
Remember When It Matters: Proactive Memory Agent for Long-Horizon Agents
LLM 에이전트가 긴 작업 중 중요한 정보를 잊어버리는 문제를 별도의 메모리 에이전트가 '적절한 타이밍에' 끼어들어 해결하는 방법
WebSwarm: Recursive Multi-Agent Orchestration for Deep-and-Wide Web Search
복잡한 웹 검색을 재귀적으로 분해하고 각 노드에 적합한 검색 모드를 동적으로 할당하는 멀티에이전트 프레임워크
Show HN: Reverse-engineering web apps into agent tools
로그인된 웹 앱의 API 호출을 브라우저에서 감시해 자동으로 MCP 도구로 변환하는 에이전트를 만들었다. 소스 코드나 공식 API 문서 없이도 Jira, Spotify 같은 서비스에 AI 어시스턴트를 붙일 수 있다.
Show HN: FableCut – A browser video editor AI agents can drive (zero deps)
타임라인 전체를 JSON 파일 하나로 표현하고 MCP/REST로 AI 에이전트가 직접 편집할 수 있는 브라우저 비디오 에디터로, Claude 같은 AI가 프롬프트 하나로 영상을 자동 컷편집하고 결과를 실시간으로 UI에 반영해준다.