alt Hacker NewsThank you for posting the project, I was actively looking for a solution, even vibe coded a throw away one. One question - how do you pass the credentials for agents inside the cage? I would be interested in a way to use not just claude code, but also codex cli and other coding agents inside. Considering the many subscription types and storage locations credentials can have (like Claude), it can be complicated.
Of course the question comes because we always lack tokens and have to dance around many providers.
Replies
codex have auth.json. claude is using credentials.json on Linux, Keychain on MacBook. I prefer to just use a long lived token instead for Claude due to this.
I have my own Docker image for similar purpose, which is for multiple agent providers. Works great so far.
The credential have been a PITA. I was working on a PR this morning before work; I should have it tonight. You have to be careful because if you look like you're spoofing the client, you can get banned.
For Claude specifically, there are two places where it tracks state:
~/.claude.json -- contains a bunch of identity stuff and something about oauth
~/claude/ -- also contains something about oauth, plus conversation history, etc
If they're not _both_ present and well-formed, then it forces you back through the auth flow. On an ordinary desktop setup, that's transparent. But if you want to sandbox each thread, then sharing just the token requires a level of involvement that feels icky, even if the purpose is TOS-compliant.