Claude Code
Claude Code authenticates via a credentials file on your host machine. On macOS it uses the Keychain; on Linux it writes to ~/.claude/.credentials.json. In sync mode (the default), jackin’ copies your host login into the container on every launch — Claude Code inside the container picks up the same account and model access you have locally.
Logging in on the host
Section titled “Logging in on the host”Before sync can forward anything, you need a working Claude Code login on your host:
claude loginFollow the browser-based OAuth flow. Once it completes, claude is ready on your host and jackin’ will forward that login into every container launch.
Subscription
Section titled “Subscription”Claude Code is included with an Anthropic Max plan subscription, or you can use pay-as-you-go API credits.
A Max plan subscription gives you a fixed monthly rate with generous usage included — typically much cheaper than pay-as-you-go API credits for heavy agent use. If you run agents regularly through jackin’, a subscription is usually the more cost-effective option.
The plan you have on the host is the one the container sees — jackin’ forwards the same credentials, so model access and rate limits travel with them.
Modes available
Section titled “Modes available”| Mode | Supported |
|---|---|
sync (default) | Yes — forwards host credentials file |
api_key | Yes — injects ANTHROPIC_API_KEY |
oauth_token | Yes — injects CLAUDE_CODE_OAUTH_TOKEN |
ignore | Yes — no forwarding |
See Agent Authentication for what each mode does and how to switch between them.
oauth_token (Claude Code only)
Section titled “oauth_token (Claude Code only)”oauth_token is a Claude-specific mode designed for long-lived and concurrent jackin’ sessions. Instead of forwarding the host’s credentials file, jackin’ injects a long-lived OAuth token into the container’s process environment.
The recommended setup path:
jackin workspace claude-token setup my-app --vault PersonalThis drives claude setup-token interactively, captures the token, stores it in 1Password, and switches the workspace’s Claude auth to OAuth-token mode.
Subsequent operations:
jackin workspace claude-token rotate my-app— capture a fresh token.jackin workspace claude-token revoke my-app— clear the token and switch back toignore.jackin workspace claude-token doctor my-app— verify the token resolves throughop.
See the workspace claude-token command reference for full option coverage.
Troubleshooting
Section titled “Troubleshooting”If Claude Code inside the container shows “Not logged in” or falls back to a lower model tier:
- Check that the host login is active — run
claudebriefly on the host. - Open the Auth tab in
jackin consoleand verify the effective mode for the (workspace × role × Claude) cell. - If the container has stale credentials and the host has fresh ones, restart:
jackin eject <role> && jackin load <role>.