Show HN: Kontext CLI – Credential broker for AI coding agents in Go (github.com)

Kontext CLI has been launched as an open-source command-line tool designed to enhance the security and governance of AI coding agents by managing credentials without altering developers' workflows. Traditionally, developers have relied on long-lived API keys stored in .env files, which pose significant security risks. Kontext addresses this issue by introducing short-lived, scoped credentials that are injected at the start of a session and expire once the session ends. This method ensures that sensitive information is not stored in source control and minimizes the risk of credential leakage. The tool operates by allowing users to define required credentials in a .env.kontext file, which the CLI parses upon execution. It seamlessly authenticates users, exchanges credential placeholders for temporary tokens via RFC 8693 token exchange, and launches the AI agent—such as Claude Code—with those injected credentials. Moreover, each action taken by the agent is logged, enhancing transparency and enabling thorough oversight of interactions. With built-in governance features, real-time monitoring, and secure by default practices—including OIDC authentication and AES-256-GCM encryption—Kontext CLI stands to significantly improve the security posture of teams utilizing AI coding agents in their development processes.