Auth health and operator visibility
Status: Partially implemented — Capsule now exposes usage/account status surfaces for running sessions, launch already records auth provisioning outcomes, jackin doctor checks coarse GitHub CLI auth, and jackin config auth show prints global modes; per-agent credential health probes, jackin auth status, config-wide probes, and console Auth-tab health glyphs remain open
Shipped facts
Capsule has gained session-local status surfaces that make provider usage/account state visible while an operator is already inside a running session. The daemon owns the usage cache, exposes focused usage and account-list control replies, and refreshes usage when an agent session starts. Launch also records per-agent auth provisioning outcomes for the launch summary, GitHub sync resolves gh auth token --hostname github.com before falling back to hosts.yml, jackin doctor has a coarse gh_auth check, and jackin config auth show prints global auth-forwarding modes. That is useful baseline visibility, but it is not a jackin❯-level auth health layer.
The remaining gap is credential-specific health before and around launch: jackin❯ still needs to validate the credentials it is about to provision, expose that result without entering a container, and show config-wide health in the console Auth tab.
Remaining work
-
Pre-launch credential probe. Before
docker run, check the resolved auth mode and source for each agent/GitHub axis. Keep it local-only: file exists/non-empty, expected JSON parses, obvious JWT/Claude expiry fields decode, env vars are set, and GitHub sync reports a resolved token or typed missing reason from the existing resolver. Emit health warnings in the launch summary; do not make provider network validity calls or block offline workflows. -
jackin auth status. Add a CLI command that walks configured workspaces and roles, resolves auth the same way launch does, and prints health for each axis. Include--jsonfor scripts and for the console. This is distinct fromjackin config auth show, which only prints global modes. Running-instance rows can read provisioned local state first; daemon-backed live health remains a later extension. -
Config-wide console indicators. Add Auth-tab health glyphs for each agent/provider row and refresh them when the tab gains focus or config changes. The console should make missing source folders, missing env vars, expired tokens, and ignored auth visible before launch.
-
Instance glyphs. Add small auth-health glyphs to running instance rows using the launch/provisioned-state snapshot. Do not claim live in-container auth health until the daemon/runtime status authority exists.
Out of scope
- Live in-container 401 detection; that belongs with the daemon and agent runtime status authority.
- Provider network validation; local health must not make launches flaky offline.
- GitHub token scope checks; those stay in GitHub CLI authentication strategy.
- Recovery automation; this item names the problem and points to the fix, but host-bridge approval flows are separate work.
Related work
- Auth reliability and convenience program — parent auth roadmap.
- Workspace Claude token setup — Claude OAuth-token setup; this page owns the pre-launch validity probe.
- GitHub CLI authentication strategy — scope and GH-specific checks.
- jackin❯ daemon — future live health source.