jackin config
Synopsis
Section titled “Synopsis”jackin config <SUBCOMMAND>Manage global operator configuration — mounts, agent trust, and agent authentication forwarding.
config mount
Section titled “config mount”Manage global mounts that apply to all (or scoped) agent launches.
Global mounts are best for caches, shared read-only reference material, or team-wide directories that should be available everywhere.
config mount add
Section titled “config mount add”jackin config mount add <NAME> --src <PATH> --dst <PATH> [OPTIONS]Register a new global mount.
If a global mount resolves to the same container destination as a workspace mount or load-time mount, jackin’ raises a conflict error at load time instead of silently overriding one of them.
| Option | Description |
|---|---|
--src <PATH> | Path on the host machine |
--dst <PATH> | Path inside the container |
--readonly | Make this mount read-only |
--scope <PATTERN> | Only apply to matching roles (glob pattern) |
# Mount Gradle cache for all rolesjackin config mount add gradle-cache \ --src ~/.gradle/caches \ --dst /home/agent/.gradle/caches \ --readonly
# Mount secrets only for chainargos rolesjackin config mount add secrets \ --src ~/.chainargos/secrets \ --dst /secrets \ --readonly \ --scope "chainargos/*"config mount list
Section titled “config mount list”jackin config mount listShow all registered global mounts with their source, destination, read-only status, and scope.
config mount remove
Section titled “config mount remove”jackin config mount remove <NAME> [OPTIONS]Unregister a global mount.
| Option | Description |
|---|---|
--scope <PATTERN> | Only remove from this scope (leave other scopes untouched) |
jackin config mount remove gradle-cachejackin config mount remove secrets --scope "chainargos/*"config auth
Section titled “config auth”Manage global agent auth-forwarding modes. See the
Authentication Forwarding guide for the full
layered model. Workspace and per (workspace × role × agent) overrides
are configured through the Auth tab in the jackin console
workspace editor (or by hand-editing TOML).
config auth set
Section titled “config auth set”jackin config auth set <MODE>Set the global auth-forwarding mode. Without --agent, this targets
Claude Code; use --agent codex, --agent amp, --agent kimi, or --agent opencode
for the other built-in agents. GitHub CLI auth is managed in jackin console today;
the dedicated --target github CLI is still planned.
| Mode | Description |
|---|---|
sync | Overwrite from host on each launch when host auth exists; preserve container auth when absent (default) |
api_key | Inject the selected agent’s API-key env var from your operator env vars |
oauth_token | Claude only: inject CLAUDE_CODE_OAUTH_TOKEN from your operator env vars |
ignore | Never forward; revoke any previously forwarded credentials |
jackin config auth set syncjackin config auth set ignorejackin config auth set oauth_tokenjackin config auth set api_keyjackin config auth set api_key --agent codexjackin config auth set sync --agent ampjackin config auth set sync --agent kimiconfig auth show
Section titled “config auth show”jackin config auth showShow the current global auth-forwarding modes for Claude Code, Codex, Amp, Kimi, and OpenCode.
jackin config auth showconfig env
Section titled “config env”Manage operator env vars at global and per-role scope.
Values are stored verbatim — whatever you type is what jackin’ resolves at launch time. No editor-side validation of key names or value shape. op://... 1Password references, $VAR / ${VAR} shell-style interpolations, and literal strings all work.
Without --role, writes and reads target the global scope (applies to every agent launch). With --role <SELECTOR>, they target the per-role scope (applies only when that role is loaded). The role selector is not pre-validated — the value is recorded even if the role is not registered.
config env set
Section titled “config env set”jackin config env set <KEY> <VALUE> [OPTIONS]Set or overwrite an env var at the chosen scope.
| Option | Description |
|---|---|
--role <SELECTOR> | Apply to the per-role scope instead of the global scope |
--comment <TEXT> | Attach an inline comment to the key |
# Global scope — 1Password referencejackin config env set API_TOKEN "op://Personal/api/token"
# Per-role overridejackin config env set LOG_LEVEL debug --role agent-smith
# Attach a comment (useful for rotation reminders)jackin config env set OPENAI_KEY "op://Work/OpenAI/key" --comment "rotate quarterly"config env unset
Section titled “config env unset”jackin config env unset <KEY> [OPTIONS]Remove an env var from the chosen scope. Idempotent: if the key is not present, prints <KEY> not set. and exits 0 without changing anything.
| Option | Description |
|---|---|
--role <SELECTOR> | Unset from the per-role scope instead of the global scope |
jackin config env unset API_TOKENjackin config env unset LOG_LEVEL --role agent-smithconfig env list
Section titled “config env list”jackin config env list [OPTIONS]Show the env vars registered at the chosen scope as a table with Key and Value columns. Prints No env vars set. when the scope is empty. Values are shown as-stored (no resolution, no masking).
| Option | Description |
|---|---|
--role <SELECTOR> | List vars from the per-role scope instead of the global scope |
jackin config env listjackin config env list --role agent-smithconfig git
Section titled “config git”Manage git-related global settings.
config git coauthor-trailer enable|disable
Section titled “config git coauthor-trailer enable|disable”jackin config git coauthor-trailer enablejackin config git coauthor-trailer disableEnable or disable automatic Co-authored-by trailer injection for agent commits. When enabled, jackin installs a prepare-commit-msg hook inside every container at launch. The hook appends the running agent’s Co-authored-by trailer whenever Git prepares a commit message, preserving existing agent trailers and deduplicating matching lines so the trailer appears in Git’s final trailer block.
Supported agents and their trailers:
| Agent | Trailer |
|---|---|
| Claude (Claude Code) | Co-authored-by: Claude <noreply@anthropic.com> |
| Codex | Co-authored-by: Codex <codex@openai.com> |
| Amp | Co-authored-by: Amp <amp@ampcode.com> |
| OpenCode | Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> |
This setting can also be toggled in jackin console via the General tab in the Settings panel (S from the workspace list).
jackin config git coauthor-trailer enable# → coauthor_trailer: enabled
jackin config git coauthor-trailer disable# → coauthor_trailer: disabledconfig git dco enable|disable
Section titled “config git dco enable|disable”jackin config git dco enablejackin config git dco disableEnable or disable automatic Signed-off-by (DCO) trailer injection for agent commits. When enabled, the same prepare-commit-msg hook that config git coauthor-trailer installs also appends a Signed-off-by trailer whenever Git prepares a commit message, deduplicating matching lines so the trailer appears in Git’s final trailer block. The trailer uses the git identity (user.name and user.email) forwarded from the host by jackin. If either is unset inside the container at commit time, the trailer is skipped with a warning.
The two flags are independent — you can enable either or both.
This setting can also be toggled in jackin console via the General tab in the Settings panel (S from the workspace list).
jackin config git dco enable# → dco: enabled
jackin config git dco disable# → dco: disabled