`Kontext CLI`: short-lived credential broker for AI coding agents

Instead of dumping API keys into .env or chat, it swaps declared placeholders for short-lived, scoped creds and streams every tool call for audit. Clean security model, but Codex support is still pending, so the immediate use case is narrower.

[ KEY POINTS ]

A .env.kontext file maps services like github, stripe, and linear to placeholders, then kontext start --agent claude resolves them at runtime.
For OAuth services it uses OIDC plus RFC 8693 token exchange; for static keys, the backend injects creds directly, so secrets stay memory-only during the session.
Each tool call is logged with action, result, allow status, user, session, and org attribution, which fixes the usual blind spot after handing raw keys to an agent.
The CLI is written in Go, adds about 5ms hook overhead per tool call, talks to the backend over ConnectRPC, and stores auth in the system keyring.
Server-side allow/deny enforcement is not closed yet. Audit exists now; hard policy blocking is the next step.

Originalgithub.com/kontext-dev/kontext-cliRead original →

// related

#0001
#0001Agents & tools Google AI Forum3 hours ago
`Google Antigravity` shifts toward weekly quotas, hurting long coding sessions
60radar
Google AntigravityAI coding agent — developer tool powered by Gemini
Short-reset Flash access is gone, pushing heavy use into 7-day quotas. The tool now fits burst work better than daily agentic coding.
- Gemini 3.0 Flash with roughly 5-hour resets was the practical daily driver; its removal breaks predictable iteration loops.
- Paid Ultra users are also hitting tighter limits, so this is not just a free-tier downgrade.
- Weekly cooldowns turn debugging, refactoring, review, and test loops into prompt budgeting. Keep a fallback agent ready.
Source: discuss.ai.google.dev/t/google-antigravity-has-come-to-aRead original →
FIG-0011:1
60radar
FIG-0011:1
#0002
#0002Agents & tools Simon Willison6 hours ago
`Gemini Spark`, Google’s hosted agent tied to Workspace apps
60radar
Gemini SparkHosted AI agent — native Google app connections
Google is packaging app-connected agents around Workspace, but much is still coming soon. Security and credential handling decide whether it becomes useful or risky.
- Gemini Spark connects natively to Gmail, Calendar, Drive, Docs, Sheets, Slides, YouTube, and Maps. That makes it closer to a work agent than a chat UI.
- FAQ says it runs on Gemini 3.5 Flash and Antigravity. The Antigravity stack spans a desktop app, CLI, SDK, and VS Code fork.
- Enterprise notes mention fresh isolated ephemeral VMs, Agent Gateway DLP, and encrypted credentials. That is the right threat model, not proof it is solved.
- Since the product is not broadly testable yet, treat it as a roadmap signal. Do not build critical automations around it until GA behavior is clear.
Source: simonwillison.net/2026/May/20/google-io/#atom-everythingRead original →
60radar
PHOTO
FIG-0021:1
#0003
#0003Agents & tools GitHub Changelog6 hours ago
`GitHub Copilot` in VS Code gets task-based auto model routing
70radar
Model choice moves from manual picking to routing by task, utilization, and health. Useful for lower-friction coding, but less control over exact model behavior.
- GitHub Copilot now selects a model using task fit, utilization, and model health metrics, aiming for reliable and token-efficient runs.
- The change matters most in VS Code, where model switching interrupts small coding loops; default auto mode should reduce that friction.
- Tradeoff: less explicit model control. Keep manual model selection for debugging, refactors, or prompts where output variance matters.
Source: github.blog/changelog/2026-05-20-auto-model-selection-noRead original →
FIG-0031:1
70radar
FIG-0031:1

`Kontext CLI`: short-lived credential broker for AI coding agents

// related

`Google Antigravity` shifts toward weekly quotas, hurting long coding sessions

`Gemini Spark`, Google’s hosted agent tied to Workspace apps

`GitHub Copilot` in VS Code gets task-based auto model routing