Runtime Authorization for AI Agents
Enforce least privilege at the tool call and audit every credential, user, session, and decision without slowing developers down.
Agent security for real tool use
Kontext helps teams see, understand, and control what AI agents do when they run commands, edit files, call APIs, use MCP tools, or request credentials. Instead of relying only on login-time roles or prompt instructions, Kontext evaluates the concrete action at runtime: who is acting, which agent session is involved, which tool is being called, what resource is touched, whether credentials are required, and whether the request matches policy.
The result is a local safety decision before sensitive execution. Known hard boundaries such as destructive commands, credential access, provider APIs, production resources, and risky paths are handled by deterministic policy. Ambiguous actions can be scored by local risk logic and escalated to ask. Every decision records the outcome and reason so developers and security teams can review what happened.
Local-first runtime control
Kontext starts on the developer machine. kontext start launches Claude Code with Kontext in the loop, evaluates tool events through the local runtime, stores redacted decision traces, and shows diagnostics in the local dashboard. Observe mode records what Kontext would allow, ask, or deny without blocking work. Enforce mode can block supported pre-tool actions when a policy or risk decision requires it.
Teams can add the managed layer when agents need organization controls, shared traces, browser login, provider connections, and short-lived scoped credentials. The local policy and risk path remains the core runtime, while managed sessions keep long-lived provider secrets out of agent config and project files.
Use cases
- Security teams: enforce least privilege for agent tool calls, credential use, production access, and high-impact operations.
- Platform engineers: connect agents to cloud, GitHub, Linear, internal APIs, and MCP servers without spreading long-lived keys.
- AI engineering teams: ship agent workflows with clear allow, ask, and deny decisions instead of relying on prompt-only guardrails.
- Compliance teams: review structured traces that show the actor, session, tool, resource, policy, decision, credential event, and outcome.
Credential lifecycle
Kontext replaces ambient secrets with scoped credentials issued only when a governed session needs them. A project can reference provider placeholders in .env.kontext, while Kontext evaluates the request and exchanges an approved placeholder for a short-lived credential. If the session, user, provider, action, or scope does not match policy, the credential request can be narrowed, escalated, or denied before the agent receives access.
Integrations and agent workflows
Kontext is designed for coding agents, MCP tools, cloud APIs, SaaS providers, and internal systems where autonomous actions carry real security risk. Claude Code is the first supported workflow. Codex, Cursor, Claude Desktop, Copilot, and additional agent runtimes are planned as the runtime model expands across local development and team-managed environments.
Pricing
Kontext includes a Starter plan at $0 for early usage, a Pro plan at $149 per month for growing teams, and a Scale plan at $499 per month for larger deployments. Teams with custom identity, audit retention, deployment, or volume requirements can contact Kontext for enterprise planning.
Get Started or explore the guides.