The AI agents (issue monitor and PR review monitor) run directly on the host machine instead of in Docker containers. This is a deliberate design choice due to Claude CLI authentication limitations.
Claude CLI subscription authentication (obtained via claude login) is tied to the specific machine and user session where the login was performed. The authentication tokens are stored in various possible locations:
~/.claude.json(most common)~/.config/claude/claude.json~/.claude/claude.json/home/runner/.claude.json(on GitHub runners)
These tokens are not portable to other environments, particularly containers.
When you try to use these credentials in a container, you'll see:
Invalid API key · Please run /login
- Session-based Auth: Claude subscription authentication creates session tokens that are machine-specific
- Container Isolation: Containers run in isolated environments with different system characteristics
- Security Design: This is likely by design to prevent credential sharing across different environments
We've modified the GitHub Actions workflows to run the AI agents directly on the self-hosted runner machine instead of in containers. This allows the agents to:
- Access the host's Claude authentication files (automatically searched in multiple locations)
- Use the same environment where
claude loginwas performed - Maintain the security context that Claude CLI expects
- Fall back to
ANTHROPIC_API_KEYif subscription auth is not available
Running on the host machine means:
- Python Dependencies: Must be installed on the host with
pip3 install --user - Claude CLI Required: Must be installed on the host machine
- Less Isolation: The agents run with the same permissions as the runner user
- Environment Consistency: The host must maintain consistent Python and tool versions
For the AI agents to work on your self-hosted runner:
- Install nvm and Node.js 22.16.0:
- Claude CLI requires Node.js 22.16.0 specifically
- Install nvm, then run
nvm install 22.16.0
- Install Claude CLI:
- First run
nvm use 22.16.0 - Then
npm install -g @anthropic-ai/claude-code
- First run
- Authenticate Claude:
- Run
nvm use 22.16.0first - Then
claude loginon the host machine
- Run
- Install Python Dependencies: The workflows will attempt to install required packages
- GitHub CLI: Must be available on the host (usually pre-installed on runners)
We provide a setup script to help prepare your host machine:
# Run from the project root directory
./automation/setup/agents/setup-host-for-agents.shThis script will:
- Check for required tools (Python, pip, Claude CLI, GitHub CLI)
- Verify authentication status
- Install Python dependencies with
pip3 install --user - Provide guidance for any missing components
The AI agents now automatically check for ANTHROPIC_API_KEY before attempting subscription authentication. If you have access to Anthropic API keys:
- Set
ANTHROPIC_API_KEYenvironment variable in your GitHub secrets or runner environment - This works across all environments including containers
- More suitable for automated/CI environments
- The agents will automatically prefer this over subscription auth when available
If you're using self-hosted GitHub Actions runners on the same machine where you use Claude:
- The agents could potentially run outside containers
- Direct access to host's
~/.claude.json - Requires modifying workflows to not use Docker
Claude CLI mentions a setup-token command that might support long-lived tokens for CI/CD, but this feature may not be fully available yet.
The AI agents now have enhanced authentication handling:
- Automatic Detection: The agents search multiple locations for Claude authentication files
- API Key Priority: If
ANTHROPIC_API_KEYis set, it's used automatically (no subscription auth needed) - Better Error Messages: Detailed troubleshooting information when authentication fails
- PATH Enhancement: Automatically adds common npm global directories to find Claude CLI
We should monitor Claude CLI updates for:
- Long-lived token support for CI/CD
- Portable authentication methods
- Official guidance for containerized environments