Claude Code
How jackin❯ forwards your Claude Code login into agent containers
Claude Code authenticates via a credentials file on your host machine. On macOS it uses the Keychain; on Linux it writes to ~/.claude/.credentials.json. In sync mode (the default), jackin❯ copies your host login into the container on every launch — Claude Code inside the container picks up the same account and model access you have locally.
Logging in on the host
Before sync can forward anything, you need a working Claude Code login on your host:
claude loginFollow the browser-based OAuth flow. Once it completes, claude is ready on your host and jackin❯ will forward that login into every container launch.
To verify the host login is active, run claude briefly on the host — if it starts a session without prompting for credentials, you're good.
Runtime trust prompts
jackin❯ launches Claude Code with its bypass-permissions warning already accepted inside the container, so workspace-backed launches do not stop on Claude Code's trust or bypass warning dialogs. This applies only inside the jackin❯ container runtime; jackin❯ does not mark host directories trusted or write to your host Claude Code settings.
Subscription
Claude Code is included with an Anthropic Max plan subscription, or you can use pay-as-you-go API credits.
A Max plan subscription gives you a fixed monthly rate with generous usage included — typically much cheaper than pay-as-you-go API credits for heavy agent use. If you run agents regularly through jackin❯, a subscription is usually the more cost-effective option.
The plan you have on the host is the one the container sees — jackin❯ forwards the same credentials, so model access and rate limits travel with them.
Alternative providers
Claude Code sessions can also run against Anthropic-compatible providers. Z.AI (GLM Coding Plan) is the provider jackin❯ supports today; once you configure a ZAI_API_KEY in jackin❯ Auth settings, Claude Code launches can choose Z.AI instead of Anthropic.
Z.AI works with Claude Code because Claude Code already honors Anthropic-compatible endpoint settings. jackin❯ keeps that provider setup inside its own Auth settings and the selected container process, so you do not edit host Claude Code settings to use Z.AI through jackin❯.
For subscription, API-key, and provider-picker details, see Z.AI authentication. Z.AI is a provider choice at session launch time; it does not change the Claude Code auth modes below.
Modes available
| Mode | Supported |
|---|---|
sync (default) | Yes — forwards host credentials file |
api_key | Yes — injects ANTHROPIC_API_KEY |
oauth_token | Yes — injects CLAUDE_CODE_OAUTH_TOKEN |
ignore | Yes — no forwarding |
See Agent Authentication for what each mode does and how to switch between them.
oauth_token (Claude Code only)
oauth_token is a Claude-specific mode designed for long-lived and concurrent jackin❯ sessions. Instead of forwarding the host's credentials file, jackin❯ injects a long-lived OAuth token into the container's process environment.
The recommended setup path:
jackin workspace claude-token setup my-app --vault PersonalThis drives claude setup-token interactively, captures the token, stores it in 1Password, and switches the workspace's Claude auth to OAuth-token mode.
Subsequent operations:
jackin workspace claude-token rotate my-app— capture a fresh token.jackin workspace claude-token revoke my-app— clear the token and switch back toignore.jackin workspace claude-token doctor my-app— verify the token resolves throughop.
See the workspace claude-token command reference for full option coverage.
Troubleshooting
If Claude Code inside the container shows "Not logged in" or falls back to a lower model tier:
- Check that the host login is active — run
claudebriefly on the host. - Open the Auth tab in
jackin consoleand verify the effective mode for the (workspace × role × Claude) cell. - If the container has stale credentials and the host has fresh ones, restart:
jackin eject <role> && jackin load <role>.