HN

Need help?
<- Back
Show HN: Kontext CLI – Credential broker for AI coding agents in Go

Show HN: Kontext CLI – Credential broker for AI coding agents in Go

mc-serious

Comments (25)

  • james-clef
    Very cool project. Providing credentials agents and standardizing that whole process seems like valuable work. Question though on the OSS/paid boundary... is the OSS cli the client for the paid service? What is the custody model? Does this service store all my credentials?
  • e12e
    > for static API keys, the backend injects the credential directly into the agent's runtime environment.What prevents the agent from presisering or leaking the API key - or reading it from the environment?
  • zimbatm
    This is how keychains should be designed. Never return the secret, but mint a new token, or sign a request.We need this also for normal usage like development environments. Or when invoking a command on a remote server.Are you going to add support for services that don't support OIDC or this going to be a known limitation?
  • sjdv1982
    What if kontext runs under the same user as Claude? Could it in principle inspect the kontext process and extract the key from memory?
  • amjd
    Congrats on the launch! What are the key advantages of this compared to OneCLI[1]?[1]: https://github.com/onecli/onecli
  • traceroute66
    Sounds awfully similar to Tailscale Aperture[1][1] https://tailscale.com/blog/aperture-self-serve
  • sarahroehm
    Finally a solution which focuses on contextual authorization - evaluating the agent's reasoning trace when it requests a credential, only issuing it if the intent matches what the user authorized.. developer-focused and self-serve.Happy Launch day!!
  • airstrike
    Really cool and much needed!I was actually just about to get started writing this but in Rust....
  • 0xOsprey
    Yup I needed this bad for my NanoClawNice work
  • measurablefunc
    It should be possible to do this w/ eBPF. Monitor network i/o & rewrite the request on the fly to include the proper tokens & signatures. The agent can just be given placeholder tokens. That way all the usual libraries work as expected & the secrets/signatures are handled w/o worrying about another abstraction layer. Here is some prior art: https://riptides.io/blog/when-ebpf-isnt-enough-why-we-went-w...
  • Vishi3
    Can I integrate this with my coding agents?
  • priyac-dev8bca
    [dead]
  • yarivk
    [dead]
  • augmentedmike
    [dead]