Skip to content

feat(auth): implement Claude Code authentication and container session execution #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jmgilman merged 2 commits into from
Jan 1, 2026
Merged

feat(auth): implement Claude Code authentication and container session execution #20

jmgilman merged 2 commits into from
Jan 1, 2026

Conversation

@jmgilman
Copy link
Collaborator

@jmgilman jmgilman commented Jan 1, 2026

Summary

  • Implement hjk auth claude command for Claude Code OAuth authentication
  • Add keychain package for secure credential storage in macOS Keychain
  • Fix session commands to execute inside containers via container exec
  • Add Claude-specific setup to skip onboarding in headless environments

Changes

Authentication (internal/auth/, internal/keychain/)

  • New auth package with ClaudeProvider that runs claude setup-token flow
  • New keychain package wrapping macOS Keychain via security CLI
  • OAuth tokens stored under "headjack" service in Keychain

CLI (internal/cmd/)

  • hjk auth claude - interactive OAuth flow, stores token in Keychain
  • hjk run --agent=claude - retrieves token from Keychain, injects as env var

Session Execution (internal/instance/manager.go)

  • Bug fix: Sessions now execute inside containers instead of on host
  • Wrap commands with container exec -it -w /workspace -e ENV=val <id> <cmd>
  • Environment variables passed via -e flags to container exec
  • Add runAgentSetup() for agent-specific container preparation

Claude Headless Support

Test plan

  • Run hjk auth claude and complete OAuth flow
  • Verify token stored in Keychain: security find-generic-password -s headjack -a claude-oidc-token
  • Run hjk run --agent=claude <branch> and verify Claude starts authenticated
  • Verify whoami inside Claude session shows container user, not host user
  • Run hjk run <branch> (shell) and verify it works inside container

Closes JMG-17

🤖 Generated with Claude Code

@jmgilman @claude
feat(auth): implement Claude Code authentication and container sessio…
00cba7f 
…n execution

Add authentication infrastructure for Claude Code CLI:
- Add `hjk auth claude` command that runs `claude setup-token` flow
- Store OAuth tokens securely in macOS Keychain via new keychain package
- Inject CLAUDE_CODE_OAUTH_TOKEN into container sessions

Fix session execution to run inside containers:
- Wrap session commands with `container exec` to run in VM
- Pass environment variables via `-e` flags to container exec
- Add agent-specific setup (creates ~/.claude.json for Claude onboarding skip)

Closes JMG-17

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@linear
Copy link

linear bot commented Jan 1, 2026

JMG-17 Implement `hjk auth claude` command

@jmgilman jmgilman force-pushed the joshuagilman/jmg-17-implement-hjk-auth-claude-command branch from efb91e7 to 762be08 Compare January 1, 2026 07:22
@jmgilman @claude
fix(keychain): add build tags for cross-platform compilation
a03dbba 
Split keychain implementation into platform-specific files:
- keychain.go: interface and errors (all platforms)
- keychain_darwin.go: macOS Keychain implementation
- keychain_other.go: stub returning ErrUnsupportedPlatform

This fixes CI failures on Linux where go-keychain is unavailable.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@jmgilman jmgilman force-pushed the joshuagilman/jmg-17-implement-hjk-auth-claude-command branch from 762be08 to a03dbba Compare January 1, 2026 07:22
@jmgilman jmgilman merged commit 310cc10 into master Jan 1, 2026
1 check passed
@jmgilman jmgilman deleted the joshuagilman/jmg-17-implement-hjk-auth-claude-command branch January 1, 2026 07:27
jmgilman added a commit that referenced this pull request Jan 3, 2026
@jmgilman
feat(auth): implement Claude Code authentication and container sessio…
5af57ac 
…n execution

Current behavior:
N/A - new feature

New behavior:
Add authentication infrastructure for Claude Code CLI with hjk auth claude command that runs claude setup-token flow. Store OAuth tokens securely in macOS Keychain with cross-platform support. Inject CLAUDE_CODE_OAUTH_TOKEN into container sessions and wrap session commands with container exec to run inside VMs. Add agent-specific setup that creates ~/.claude.json for Claude onboarding skip.

Closes: #20
@github-actions github-actions bot mentioned this pull request Jan 3, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jmgilman