Agent OrchestrationFleet phase 5 — Distributed & extensibility

Credential Source Pattern (cross-cutting)

Status: Partially implemented — EnvValue covers literals, host-env references, structured op:// refs, and on-demand jackin-exec delivery; auth/provider-key forms reuse those env values through shared console source pickers. A general CredentialSource abstraction spanning non-env consumers (command, OS secret store, file backends) has not been started in source.

Shipped baseline

EnvValue (crates/jackin-core/src/env_value.rs) is the persisted operator-env vocabulary: Plain(String), structured OpRef (canonical op:// URI, display breadcrumb, optional account, on_demand flag), and Extended { value, on_demand } for literal/$VAR values that opt into on-demand delivery.

CLI/config paths and console pickers turn a selected or typed 1Password value into EnvValue::OpRef; typed non-op values stay Plain/Extended. Auth/provider-key forms use the same literal-vs-1Password source picker and persist credentials back through env values (crates/jackin-console/src/tui/auth_config.rs, crates/jackin-console/src/tui/input/auth.rs).

jackin-exec filters on_demand env values out of launch env, advertises their names to the container via JACKIN_EXEC_BINDINGS (never the values), then resolves selected op://, host-env, or literal values through the host socket for one command (crates/jackin-runtime/src/runtime/launch/launch_pipeline.rs, crates/jackin-protocol/src/lib.rs).

That baseline is env-shaped: it does not model command, OS secret store, or file backends, and there is no reusable type for non-env consumers (GitHub link tracking, task sources, daemon/MCP credential requests).

Remaining work

  1. CredentialSource enum + TOML deserialization for literal, host env, command, 1Password, OS secret store, and file backends — no such type exists in source yet.
  2. Adapter from the shipped EnvValue/OpRef vocabulary into CredentialSource, so existing operator env, auth/provider-key forms, and jackin-exec behavior keep working during migration.
  3. Missing shared backends: command (run without shell, minimal env, stdout-only secret), OS secret store (Keychain/secret-tool/Credential Manager), and file.
  4. Secret wrapper (SecretString or equivalent) with zeroize-on-drop and redacted debug output.
  5. Replace existing env-shaped credential lookups with the unified type where the consumer is not inherently an environment variable.
  6. New consumers (GitHub link tracking, task source abstraction, daemon/MCP credential requests) accept CredentialSource from day one instead of rolling their own resolution.
  7. New docs page docs/content/docs/(public)/guides/credentials.mdx: shipped baseline, target backends, delivery modes, security tradeoffs, recommended pattern per use case.

Out of scope

  • Vault / AWS Secrets Manager / GCP Secret Manager backends — defer until a real user asks; file-mount + K8s secrets covers most of the space.
  • Per-source resolution caching with TTL — lazy-once-per-run is enough for V1.
  • A jackin secrets test CLI that resolves every configured credential and reports status.

On this page