jackin-capsule
In-container control plane for jackin❯ role containers.
jackin-capsule is copied into derived role images and runs as PID 1 under /jackin/runtime/jackin-capsule. It owns the terminal sessions, PTYs, pane layout, status bar, attach socket, runtime setup, and the in-container git trailer hook. The host jackin binary starts containers detached and attaches through the Capsule client so the operator sees the multiplexer instead of raw container logs.
Design rationale and cross-cutting capsule behaviour live under Capsule reference — this README is the crate orientation record only.
What this crate owns
- PID 1 + the in-container multiplexer daemon (session/PTY supervision, attach socket, status bar, control protocol).
- Host-side capsule client (stdin/stdout forward, resize, host-affordance bridge).
- In-container runtime setup (git/GitHub init, trailer hooks, agent home seeding, auth handoff, Claude MCP registration).
- Capsule TUI surfaces, clipboard image staging, firewall/sudo-provision helpers, and usage/telemetry re-exports from
jackin-usage.
Not responsible for: protocol encoding (jackin-protocol), host-side launch orchestration (jackin-runtime), or config schema migration.
Architecture tier and allowed dependencies
L4 entry/glue (binary + lib). Allowed workspace dependencies: jackin-core, jackin-diagnostics (OTLP), jackin-protocol, jackin-usage, jackin-term, jackin-tui, jackin-agent-status, jackin-build-meta (build.rs). Must not depend on host-side runtime (jackin-runtime) or other host binary crates — the capsule is a different process tree.
Structure
| Module | Owns | Tests |
|---|---|---|
| crate root, logging/usage re-exports | — |
| binary entry (PID 1 / client / exec subcommands) | — |
· | multiplexer daemon event loop | |
· | per-agent PTY sessions | |
· | host-side attach client | |
| sole attach-socket writer | — |
| single host-connection state | — |
| attach lifecycle helpers | — |
· | capsule wire framing helpers | — |
· | in-container TUI render/input | nested |
· | clipboard image staging + idle expiry | |
· | in-container git/auth/MCP setup | |
| CapsuleConfig load/validate | — |
· | container identity metadata | |
· | capsule-facing status hooks | nested |
· | reaper + signal forward | |
· | jackin-exec / capsule exec | |
· | allowlist egress apply | |
· | per-profile sudo grant | |
· | dirty-exit modal assessment | |
| branch/dirty/PR for status bar | — |
| GitHub PR lookup | — |
· | PR snapshots for TUI | |
· | Unix attach socket helpers | |
| MCP stdio for jackin_exec | — |
| plain stdout/stderr writers | — |
· | side-effect adapters | — |
· | shared bounded helpers | |
· | tab codenames | |
· | opt-in heap telemetry | |
· | force-panic debug hook | |
Public API
tui::pane_snapshot exposes pane_content_from_damagegrid and range-scoped pane_content_range_from_damagegrid for content-coordinate row materialization (bench + selection/link paths).
Library surface for integration tests and the binary: daemon, client, config, session, tui, protocol, runtime_setup, plus logging/telemetry/usage re-exports from jackin-usage. Most modules are pub so tests/ and the binary can call them without spawning a PTY; production consumers outside this crate should not depend on capsule internals.
How to verify
cargo nextest run -p jackin-capsule
cargo clippy -p jackin-capsule --all-targets -- -D warningsCapsule e2e/smoke is a CI mandate under .github/ — any PR that touches this crate must note the smoke block.