> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kontext.security/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Get scoped, short-lived credentials for your agent in under 5 minutes.

By the end of this guide, your agent will have its own identity, your users will be able to connect their accounts, and every API call will use fresh, scoped credentials.

## How it works

Four steps. Zero long-lived secrets.

<Steps>
  <Step title="Register your agent">
    ```bash theme={"system"}
    npx skills add kontext-dev/skills
    ```

    Your AI coding agent gets the Kontext SDK skill and can create applications, configure integrations, and add credentials to your app. Or set up manually in the [dashboard](https://app.kontext.security).
  </Step>

  <Step title="User connects their accounts">
    Your app sends the user to a connect page where they link the services your agent needs. Standard OAuth. They connect once.
  </Step>

  <Step title="Agent receives scoped credentials">
    Your server calls `kontext.require("github", token)` and gets a short-lived access token, scoped to this user and this task.
  </Step>

  <Step title="Tokens expire automatically">
    Each credential your agent receives is short-lived and scoped to the task. When the TTL passes, it's gone. The user's connection stays. The secrets don't linger.
  </Step>
</Steps>

## Prerequisites

* A [Kontext account](https://app.kontext.security)
* Node.js 18+

## Choose your path

<Tabs>
  <Tab title="With your AI agent">
    The fastest way. Install the Kontext skill and let your AI coding agent handle the setup.

    ### 1. Install the skill

    ```bash theme={"system"}
    npx skills add kontext-dev/skills
    ```

    Auto-detects your AI harness (Claude Code, Cursor, Gemini CLI, etc.) and installs to the right location.

    ### 2. Ask your agent

    Tell your agent what you need. It can create applications, configure integrations, and wire up credentials through the Management API. For example:

    > "Add Kontext to my MCP server so it can access GitHub on behalf of users"

    > "Set up a Kontext application with GitHub and Slack integrations"

    The skill covers the full lifecycle: Server SDK (Express + MCP), Client SDK (auth flows), Vercel AI SDK adapter, React hooks, Cloudflare Agents, and Management API.

    ### 3. Test it

    Once your agent has wired everything up, run your app. The first request that needs credentials will trigger the OAuth connect flow for your user.
  </Tab>

  <Tab title="Manual setup">
    Step-by-step integration if you prefer to wire things up yourself.

    ### 1. Create an application

    Open the [Kontext dashboard](https://app.kontext.security) and create a new application. Copy the **Client ID** (formatted as `app_<uuid>`) and **Client Secret** from the application settings.

    ### 2. Install the SDK

    ```bash theme={"system"}
    npm install @kontext-dev/js-sdk @modelcontextprotocol/sdk express
    ```

    ### 3. Initialize the server SDK

    ```typescript theme={"system"}
    import { Kontext } from "@kontext-dev/js-sdk/server";

    const kontext = new Kontext({
      clientId: "app_your-client-id",
      clientSecret: "your-client-secret",
    });
    ```

    Or set `KONTEXT_CLIENT_SECRET` as an environment variable and omit it from the constructor.

    ### 4. Request a credential

    ```typescript theme={"system"}
    const github = await kontext.require("github", {
      userId: "user-123",
    });

    const res = await fetch("https://api.github.com/user/repos", {
      headers: { Authorization: github.authorization },
    });
    const repos = await res.json();
    ```

    `kontext.require()` returns a short-lived, scoped credential for the integration. If the user hasn't connected their account yet, the SDK throws an error with a connect URL you can present to the user.
  </Tab>
</Tabs>

## Complete example

Get a scoped GitHub credential and use it to call the GitHub API:

```typescript theme={"system"}
import { Kontext } from "@kontext-dev/js-sdk/server";

const kontext = new Kontext({
  clientId: "app_your-client-id",
  clientSecret: "your-client-secret",
});

// Get a scoped, short-lived GitHub token for this user
const github = await kontext.require("github", {
  userId: "user-123",
});

// Use it like any other token
const res = await fetch("https://api.github.com/user/repos", {
  headers: { Authorization: github.authorization },
});

const repos = await res.json();
console.log(`Found ${repos.length} repos`);
```

Inside an MCP tool handler, you get the user identity from the auth context instead:

```typescript theme={"system"}
server.tool("list-repos", async (_params, { authInfo }) => {
  const github = await kontext.require("github", authInfo!.token);

  const res = await fetch("https://api.github.com/user/repos", {
    headers: { Authorization: github.authorization },
  });
  const repos = await res.json();

  return { content: [{ type: "text", text: JSON.stringify(repos) }] };
});
```

## Next steps

<CardGroup cols={3}>
  <Card title="Server SDK" icon="server" href="/server/overview">
    Build your own MCP server with Kontext credential brokering.
  </Card>

  <Card title="Client SDK" icon="desktop" href="/client/overview">
    Deep dive into the client SDK -- auth flows, tool execution, and storage.
  </Card>

  <Card title="Framework Guides" icon="puzzle-piece" href="/frameworks/vercel-ai">
    Use Kontext with Vercel AI SDK, Cloudflare Agents, or React.
  </Card>
</CardGroup>