Agents get their own identity
Each agent is a distinct principal, not a shared bot account.Users delegate explicitly
Users approve what an agent can do through OAuth 2.0 consent. The agent receives delegated access, not the user’s full session. From the user’s perspective, this is what happens:Agent requests access
Your agent starts a task that needs GitHub access. It initiates an OAuth flow through Kontext.
User sees a consent screen
The consent screen shows exactly what is being requested — which integrations, what scopes, how long:
Credentials are scoped and short-lived
Compare static tokens with per-request delegated credentials:Fresh credentials, every time. The agent does not store a token and reuse it across tasks. Each call to
kontext.require() returns a credential scoped to the current request with its own TTL. When it expires, the agent requests a new one. There is no single long-lived secret that grants access to everything.Policy enforcement is centralized
A control plane evaluates each request across layered policy.Every action is audited
Each credential issuance and API call is logged with actor, delegation context, scope, and outcome.Revocation is surgical
If one agent misbehaves, revoke that agent only.Fits your existing stack
This layer augments existing IAM, IdP, and secrets systems.This is the architecture Kontext implements. Start with the quickstart.