Identity and Access for Agentic Software Engineering
Native integration for Claude Code, Cursor, Codex, and other coding agents. Keycard resolves identity first so tools, skills, memories, and credentials can be scoped to the work being done.
Software engineering is becoming agentic.
The most advanced autonomous workflows running in production today are writing code. Reading repositories, planning changes, retrieving context, calling tools, coordinating work, shipping software. These workflows touch shell, scripts, MCP tools, cloud APIs, and internal services on every run.
But these workflows ship on static secrets and borrowed credentials. Over-scoped environment variables copied across machines, tools, and sessions. Context without identity. Authority without a clear enforcement point.
We built Keycard for Code because that model breaks the moment software engineering becomes agentic. And these are the agents building every other automation in the org. The access patterns they inherit are the access patterns they spread.
Identity first.
Keycard for Code brings identity and access natively into Claude Code, Cursor, and Codex. For every agentic session, it forms a composite identity from the full execution context: the user behind the work, the device and workload in play, the resources being accessed, the task being carried forward. That identity becomes the basis for policy evaluation and delegated access issuance.
That evaluation is continuous. Identity in agentic systems is a live execution context, re-evaluated as work unfolds. Access can be issued or constrained per request, per task, every few minutes, or whenever risk and context change.
The result is a bounded session: a governable unit of work that carries identity, policy outcome, and delegated capabilities forward across the workflow. Tools, skills, memories, and credentials are revealed progressively as the work requires them, instead of being granted wholesale up front.
Built on standards. Built below the protocol layer.
Under the hood, Keycard is standards-based. It uses authorization primitives like OAuth grants to issue delegated access, while abstracting over whichever agent protocol matters now or next. MCP will evolve. A2A will evolve. Something else will show up after that. Keycard bakes identity and access into the tools and agents you use and build, regardless of what protocol they speak.
Centralized governance for every coding session.
For organizations, Keycard for Code creates centralized enablement, visibility, and control without turning every coding workflow into a ticketing system.
Policy can be configured centrally and enforced consistently across sessions. Resource relationships can be modeled explicitly. External context (from classification systems, runtime security tools, or SIEM risk signals) can be mapped into policy evaluation. When something changes, access can be pruned surgically from live sessions instead of relying on long-lived credentials, broad secret rotation, and hope.
Security and platform teams get governance and auditability. Developers get leverage.
# Copied from shared 1Password vault
# Last rotated: "sometime in Q3"
AWS_ACCESS_KEY_ID=AKIA3E...7VXN
AWS_SECRET_ACCESS_KEY=wJalrX...2JkRE
GITHUB_TOKEN=ghp_x7Kd...mN4q
SLACK_BOT_TOKEN=xoxb-2918...f0c3
DATABASE_URL=postgres://admin:[email protected]
# Full admin. Every agent. Every session.# Injected in-memory. Scoped to session.
# Expires in 15 minutes.
AWS_ACCESS_KEY_ID=kc_sts_a3f2..7x
AWS_SECRET_ACCESS_KEY=kc_sts_9e1c..4m
GITHUB_TOKEN=ghu_kc_sess_7f3a
SLACK_BOT_TOKEN=kc_delegated_c8
DATABASE_URL=postgres://kc_sara:[email protected]
# Scoped. Short-lived. Attributed. No file on disk.Programmers are at the center of this shift.
In the teams we work with, programmers are the ones being asked to lead the transition to agentic software engineering. They're being given enormous leverage through coding agents, and that leverage shouldn't depend on copying secrets across environments, over-scoping credentials, or stitching together brittle access workflows that were already failing before agents showed up.
Keycard for Code connects traditional development workflows to autonomous software engineering. It honors the tools and interfaces developers already use while moving organizations toward delegated, continuously governed software workflows.
Get started.
keycard run wraps your coding agent and governs every execution path. Install the CLI, authenticate your first session, and see composite identity and scoped access working in your terminal.
$ keycard run -- claude
✓ Authenticated as [email protected]
✓ .env mounted (3 secrets, scoped to session kc_sess_7f3a)
✓ mcp.json loaded (4 servers from catalog, 2 shadow servers blocked)
✓ Hooks verified (checksum match)
Claude Code v4.2.1
Session kc_sess_7f3a · governed by Keycard
> fix the rate limiter in api/middleware.go
Reading api/middleware.go...
✓ github.com/acme/api token issued repo:read
Planning changes...
Writing api/middleware.go, api/middleware_test.go...
✓ github.com/acme/api token issued repo:write
Running tests...
✓ shell: go test credentials injected in-memory
✗ aws:s3 DeleteBucket denied policy: read-only task scope
All tests passing. PR ready.
Session ended. 4 tokens issued, 1 denied, 0 secrets on disk.Identity has to be resolved first. Without it, there's nothing to anchor context, constraints, delegation, or trust to. With identity resolved as a live execution context, access becomes scoped, auditable, revocable, and adaptive as work progresses.
Early access is open.
