README.md

June 25, 2026 ยท View on GitHub

Kontext CLI banner

Website | Documentation | Dashboard | Discord

License: MIT Latest release Built with Go

Kontext is an authorization platform for AI agents. It helps teams control what agents can access and do with scoped credentials, policy enforcement, approvals, and audit trails. Kontext can run local-first for developer agents and extend to managed or self-hosted deployments for security-sensitive environments.

Quickstart

brew install kontext-security/tap/kontext

Connect your machine to your workspace

Use self-serve setup to stream agent activity from your machine into your team's Kontext dashboard.

Generate an install token on your workspace's Deployments page, then run:

kontext setup

Re-run kontext setup to rotate the stored token. Run kontext setup --uninstall to remove the user-level config, hooks, LaunchAgent, and keychain token that setup installed; local logs and observe data are kept, and organization-managed hooks are left in place. Self-serve setup is currently macOS only.

Core features

Kontext balances security and utility for AI agents: low-risk actions keep moving, and unsafe actions can be blocked before they execute.

  • Audit trails: Record who instructed which agent to do what, what the agent accessed, which tools it called, what policy decisions were made, and what happened next. Build a chain of custody for security review, incident investigation, and compliance evidence.
  • Deterministic policy: Apply allow and deny rules to agent actions at runtime, before they execute. Use hard policies for known boundaries such as destructive commands, production resources, sensitive files, data exports, and credential access.
  • Probabilistic risk detection: Route actions that deterministic policy allows through a local judge for an additional allow/deny decision without sending tool context to hosted services.
  • Credential injection: Inject scoped OAuth credentials at runtime using RFC 8693-compliant OAuth 2.0 Token Exchange, so agents can access approved tools without users pasting secrets into chat, config files, or project environments. Credentials can be short-lived, least-privilege, and bound to the current user, session, or workflow.

The decision path is:

Agent tool call
  -> agent hook
  -> daemon
  -> action classification
  -> deterministic policy
  -> probabilistic risk score
  -> allow / deny
  -> hosted dashboard stream

Managed deployments

For enterprise identity, audit retention, organization controls, deployment planning, custom usage volume, and onboarding for security and platform teams, contact michel@kontext.security or book here.

Security defaults

DefaultBehavior
User-scope daemonkontext setup installs a user LaunchAgent that runs kontext managed-observe-daemon.
Observe modeDecisions are recorded as would allow or would deny without blocking the agent.
Keychain token storageSelf-serve install tokens are stored in the user's login keychain.
Redacted storageTool events and decisions are stored locally with redaction.
Managed local judgeHomebrew installs llama-server via llama.cpp; Kontext downloads and caches the default GGUF judge model when needed.
No reasoning captureKontext captures tool events and outcomes, not LLM reasoning, token usage, or full conversation history.

Agent support

AgentStatusSelf-serve pathSupport level
Claude CodeActivekontext setupDaemon, dashboard stream, observe by default (enforce only when managed config sets enforce).
Claude CoworkActivekontext setupCowork activity appears in the dashboard after setup.
GoosePlannedComing soonAdapter not shipped yet.
CodexPlannedComing soonAdapter not shipped yet.
CursorPlannedComing soonAdapter not shipped yet.

Additional agents can be added through adapters that send compatible tool events into the local runtime.

Architecture

kontext setup
  |
  |-- User managed config: ~/Library/Application Support/Kontext/managed.json
  |-- Agent integration: hooks or observer
  |     |-- PreToolUse  -> kontext hook pre-tool-use
  |     |-- PostToolUse -> kontext hook post-tool-use
  |
  |-- LaunchAgent: security.kontext.managed-observe
  |-- Daemon: Unix socket service + RuntimeCore
  |-- Deterministic policy: curated rule categories + active profile
  |-- Probabilistic risk: local allow/deny decision after deterministic allow
  |-- Store: local SQLite with redacted events and decision metadata
  |-- Stream: governed activity to the hosted workspace dashboard

Development

go build -o bin/kontext ./cmd/kontext
go test ./...
go test -race ./...
go vet ./...
pnpm install --frozen-lockfile
pnpm build

Generate protobuf code with:

buf generate

Service definitions live in kontext-security/proto agent.proto.

Community