Website | Documentation | Dashboard | Discord
Kontext is an authorization platform for AI agents. It helps teams control what agents can access and do with scoped credentials, policy enforcement, approvals, and audit trails. Kontext can run local-first for developer agents and extend to managed or self-hosted deployments for security-sensitive environments.
brew install kontext-security/tap/kontextUse self-serve setup to stream agent activity from your machine into your team's Kontext dashboard.
Generate an install token on your workspace's Deployments page, then run:
kontext setupRe-run kontext setup to rotate the stored token. Run kontext setup --uninstall to remove the user-level config, hooks, LaunchAgent, and keychain token that setup installed; local logs and observe data are kept, and organization-managed hooks are left in place. Self-serve setup is currently macOS only.
Kontext balances security and utility for AI agents: low-risk actions keep moving, and unsafe actions can be blocked before they execute.
- Audit trails: Record who instructed which agent to do what, what the agent accessed, which tools it called, what policy decisions were made, and what happened next. Build a chain of custody for security review, incident investigation, and compliance evidence.
- Deterministic policy: Apply
allowanddenyrules to agent actions at runtime, before they execute. Use hard policies for known boundaries such as destructive commands, production resources, sensitive files, data exports, and credential access. - Probabilistic risk detection: Route actions that deterministic policy allows through a local judge for an additional allow/deny decision without sending tool context to hosted services.
- Credential injection: Inject scoped OAuth credentials at runtime using RFC 8693-compliant OAuth 2.0 Token Exchange, so agents can access approved tools without users pasting secrets into chat, config files, or project environments. Credentials can be short-lived, least-privilege, and bound to the current user, session, or workflow.
The decision path is:
Agent tool call
-> agent hook
-> daemon
-> action classification
-> deterministic policy
-> probabilistic risk score
-> allow / deny
-> hosted dashboard stream
For enterprise identity, audit retention, organization controls, deployment planning, custom usage volume, and onboarding for security and platform teams, contact michel@kontext.security or book here.
| Default | Behavior |
|---|---|
| User-scope daemon | kontext setup installs a user LaunchAgent that runs kontext managed-observe-daemon. |
| Observe mode | Decisions are recorded as would allow or would deny without blocking the agent. |
| Keychain token storage | Self-serve install tokens are stored in the user's login keychain. |
| Redacted storage | Tool events and decisions are stored locally with redaction. |
| Managed local judge | Homebrew installs llama-server via llama.cpp; Kontext downloads and caches the default GGUF judge model when needed. |
| No reasoning capture | Kontext captures tool events and outcomes, not LLM reasoning, token usage, or full conversation history. |
| Agent | Status | Self-serve path | Support level |
|---|---|---|---|
| Claude Code | Active | kontext setup |
Daemon, dashboard stream, observe by default (enforce only when managed config sets enforce). |
| Claude Cowork | Active | kontext setup |
Cowork activity appears in the dashboard after setup. |
| Goose | Planned | Coming soon | Adapter not shipped yet. |
| Codex | Planned | Coming soon | Adapter not shipped yet. |
| Cursor | Planned | Coming soon | Adapter not shipped yet. |
Additional agents can be added through adapters that send compatible tool events into the local runtime.
kontext setup
|
|-- User managed config: ~/Library/Application Support/Kontext/managed.json
|-- Agent integration: hooks or observer
| |-- PreToolUse -> kontext hook pre-tool-use
| |-- PostToolUse -> kontext hook post-tool-use
|
|-- LaunchAgent: security.kontext.managed-observe
|-- Daemon: Unix socket service + RuntimeCore
|-- Deterministic policy: curated rule categories + active profile
|-- Probabilistic risk: local allow/deny decision after deterministic allow
|-- Store: local SQLite with redacted events and decision metadata
|-- Stream: governed activity to the hosted workspace dashboard
go build -o bin/kontext ./cmd/kontext
go test ./...
go test -race ./...
go vet ./...
pnpm install --frozen-lockfile
pnpm buildGenerate protobuf code with:
buf generateService definitions live in kontext-security/proto agent.proto.
- Read SUPPORT.md for support channels.
- Read CONTRIBUTING.md before opening a contribution.
- Kontext CLI is released under the MIT License.