Amp

Amp authenticates via ~/.local/share/amp/secrets.json on your host (the file the Amp CLI writes the apiKey@https://ampcode.com/ token into). In sync mode (the default), jackin’ copies this file into the container on every launch — Amp inside the container sees the same account and model access you have locally.

Note

~/.config/amp/settings.json is Amp’s preferences file and never holds the authentication token. jackin’ forwards ~/.local/share/amp/secrets.json, not the preferences file.

Logging in on the host

Before sync can forward anything, you need a working Amp login on your host:

amp auth login

Follow the prompted flow. Once it completes, Amp is ready on your host and jackin’ will forward that login into every container launch.

Tip

To verify the host login is active, run amp briefly on the host — if it starts a session without prompting for credentials, you’re good.

Subscription

Amp does not require a separate subscription — access is included with your Sourcegraph account.

Get a Sourcegraph account

Sign up at ampcode.com. Amp is currently available as part of the Sourcegraph platform with no additional per-seat or per-token billing for agent usage. The account you have on the host is the one the container sees.

Modes available

Mode	Supported
sync (default)	Yes — forwards ~/.local/share/amp/secrets.json
api_key	Yes — injects AMP_API_KEY
oauth_token	No — rejected at config time
ignore	Yes — no forwarding

See Agent Authentication for what each mode does and how to switch between them.

Troubleshooting

If Amp inside the container shows “Not logged in”:

1. Check that the host login is active — run amp briefly on the host.
2. Open the Auth tab in jackin console and verify the effective mode for the (workspace × role × Amp) cell.
3. If the container has stale credentials and the host has fresh ones, restart: jackin eject <role> && jackin load <role>.