Public Kontext skills:
codex-reviewget-started-with-kontextnpm-supply-chain-protectionuse-graphite
npx skills add kontext-security/skillsThen tell your agent:
Use the Get Started with Kontext skill.
For npm/Bun supply-chain hardening, tell your agent:
Use the NPM Supply-Chain Protection skill.
For stacked PRs with Graphite, tell your agent:
Use the use-graphite skill.
For code review closeout, tell your agent:
Use the codex-review skill.
Runs Codex's built-in code review as the golden-standard closeout check for PRs, Graphite stacks, branches, and local patches.
It keeps review report-first, verifies findings against the real code path, and uses concise human review comments only after approval.
The skill supports exactly two paths:
| Flow | What it does |
|---|---|
| Claude Code on this machine | Verifies or installs kontext-cli, then starts Claude Code through Kontext. |
| Long-running Go agent in this repo | Creates the runtime app, lets you choose a Go setup mode in the browser, then patches supported Anthropic Go SDK repos. |
For Go agents, the browser setup offers:
| Mode | Behavior |
|---|---|
| Inject credentials | Removes direct ANTHROPIC_API_KEY usage and lets Kontext provide the Anthropic credential. |
| Trace only | Keeps the existing ANTHROPIC_API_KEY path and adds request/tool-call telemetry. |
Hardens the current machine and repo against npm/Bun supply-chain attacks by:
- adding package-age cooldowns to
~/.npmrcand~/.bunfig.toml - pinning project dependency ranges to exact versions
- regenerating and committing the repo lockfile
Keeps coding agents on the Graphite workflow for stacked PRs by:
- creating and submitting stacks with
gt - updating mid-stack review feedback safely
- syncing, restacking, and repairing Graphite branch metadata