GoKawiilKontext CLI Store Credentials. Inject At Runtime. Agents Never Store The Keys. Website · Documentation · Discord
What is Kontext CLI?
Kontext CLI is an open-source command-line tool that wraps AI coding agents with enterprise-grade identity, credential management, and governance — without changing how developers work.
Why we built it: AI coding agents need access to GitHub, Stripe, databases, and dozens of other services. Today, teams copy-paste long-lived API keys into .env files and hope for the best. Kontext replaces that with short-lived, scoped credentials that are injected at session start and gone when the session ends. Every tool call is logged. Every secret is accounted for.
How it works: You declare what credentials your project needs in a single .env.kontext file. When you run kontext start , the CLI authenticates you, exchanges placeholders for short-lived tokens via RFC 8693 token exchange, launches your agent with those credentials injected, and streams every tool call to the Kontext dashboard for audit and governance. When the session ends, credentials expire automatically.
Quick Start
brew install kontext-dev/tap/kontext
If you prefer a direct binary install, download the latest GitHub Release instead:
tmpdir= " $( mktemp -d ) " \ && gh release download --repo kontext-dev/kontext-cli --pattern ' kontext_*_darwin_arm64.tar.gz ' --dir " $tmpdir " \ && archive= " $( find " $tmpdir " -maxdepth 1 -name ' kontext_*_darwin_arm64.tar.gz ' -print -quit ) " \ && tar -xzf " $archive " -C " $tmpdir " \ && sudo install -m 0755 " $tmpdir /kontext " /usr/local/bin/kontext
Then, from any project directory with Claude Code installed:
... continue reading