diff --git a/.github/docker/Dockerfile.ci b/.github/docker/Dockerfile.ci
index c1fcec68..84f40eaa 100644
--- a/.github/docker/Dockerfile.ci
+++ b/.github/docker/Dockerfile.ci
@@ -43,3 +43,9 @@ RUN bun --version && node --version && claude --version && jq --version && gh --
 # Save node_modules + package.json snapshot for cache validation at runtime
 RUN mv /workspace/node_modules /opt/node_modules_cache \
     && cp /workspace/package.json /opt/node_modules_cache/.package.json
+
+# Claude CLI refuses --dangerously-skip-permissions as root.
+# Create a non-root user for eval runs (GH Actions overrides USER, so
+# the workflow must set options.user or use gosu/su-exec at runtime).
+RUN useradd -m -s /bin/bash runner \
+    && chmod -R a+rX /opt/node_modules_cache
diff --git a/.github/workflows/evals.yml b/.github/workflows/evals.yml
index 000b99f9..3ca708d5 100644
--- a/.github/workflows/evals.yml
+++ b/.github/workflows/evals.yml
@@ -62,6 +62,7 @@ jobs:
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
+      options: --user runner
     timeout-minutes: 20
     strategy:
       fail-fast: false
@@ -108,18 +109,6 @@ jobs:
 
       - run: bun run build
 
-      - name: Debug claude CLI
-        env:
-          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-        run: |
-          echo "=== which claude ===" && which claude 2>&1 || true
-          echo "=== claude path ===" && ls -la $(which claude 2>/dev/null) 2>&1 || true
-          echo "=== node version ===" && node --version 2>&1 || true
-          echo "=== claude version ===" && claude --version 2>&1 || true
-          echo "=== claude smoke ===" && echo "say hi" | claude -p --output-format text --dangerously-skip-permissions 2>&1 | head -10 || true
-          echo "=== HOME ===" && echo $HOME
-          echo "=== id ===" && id 2>&1 || true
-
       - name: Run ${{ matrix.suite.name }}
         env:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}