Published 2026-03-14.
Every AI agent that does something useful needs to call an API on behalf of a user. Today, that means a long-lived API key in an .env file, shared across every user and every session. It works in a demo. It fails in production. That gap is why security teams block agents from shipping.
The problem isn't OAuth complexity. It's that agents are a fundamentally new kind of principal. They're not users. They're not service accounts. They act on behalf of someone else, with delegated authority, often without that person present. Existing identity systems have no model for this.
Kontext does.
Kontext is a single SDK that gives your AI agents proper identity, scoped access, and audit trails. So they work in production, not just in demos.
---
Three principles
Delegation, not impersonation. An agent should never hold a user's full credentials. Kontext implements explicit delegation: users authorize specific agents to act on their behalf, with scoped permissions, for a limited time. Every credential is resolved at runtime and revocable per-agent.
Observable by default. If an agent acts on behalf of a user, you should see exactly what it did. Kontext traces every tool call, every credential issued, every session. The full chain: who requested what, on whose behalf, and what happened.
Fits your stack. Kontext is not a rip-and-replace. Your users keep authenticating through your existing IdP. Your app keeps running on your existing framework. Kontext sits alongside Auth0, Clerk, Okta and ships adapters for Vercel AI SDK, Cloudflare Agents, React, and MCP servers.
---
What you get
One-line credential resolution. Your agent calls kontext.require("github", token). Kontext validates the user, checks policy, and returns a scoped, short-lived credential. No secrets in your codebase.
const kontext = new Kontext({ clientId: "your-client-id" });
server.tool(
"send_email",
{ to: z.string(), body: z.string() },
async (args, { authInfo }) => {
const gmail = await kontext.require("google-gmail", authInfo!.token);
return await gmail.send(gmail.accessToken, args.to, args.body);
},
);Per-user isolation. Each user connects their own accounts. Your agent resolves the right credential for the right user at runtime.
Full audit trail. Every action is logged with agent identity, user identity, scopes, and outcome.
Bring your own auth. Already have login handled? Pass your user ID and Kontext resolves credentials server-side. One integration, no frontend changes.
---
Who this is for
You're building an MCP server and your tools need to act on behalf of authenticated users. You're building an AI app where each user needs their own GitHub, Slack, or Linear credentials. You're a platform with hardcoded API keys you need to make per-user.
In all three cases, Kontext is one SDK integration.
---
What's next
We're rolling out policy enforcement, new integrations, and deeper framework guides over the coming weeks.
AI agents are becoming the primary interface between users and the services they depend on. The identity infrastructure underneath needs to be built for that reality.
This starts at kontext.require().
Get started at app.kontext.security or read the docs.