diff --git a/.github/docker/Dockerfile.ci b/.github/docker/Dockerfile.ci
index 7da412f1..8393ffcb 100644
--- a/.github/docker/Dockerfile.ci
+++ b/.github/docker/Dockerfile.ci
@@ -58,4 +58,8 @@ RUN mv /workspace/node_modules /opt/node_modules_cache \
 RUN useradd -m -s /bin/bash runner \
     && chmod -R a+rX /opt/node_modules_cache \
     && mkdir -p /home/runner/.gstack && chown -R runner:runner /home/runner/.gstack \
-    && chmod 1777 /tmp
+    && chmod 1777 /tmp \
+    && mkdir -p /home/runner/.bun && chown -R runner:runner /home/runner/.bun
+
+# Switch to runner user — bun needs HOME-writable for temp files
+USER runner
diff --git a/.github/workflows/evals.yml b/.github/workflows/evals.yml
index fb1d26a4..9d7397ac 100644
--- a/.github/workflows/evals.yml
+++ b/.github/workflows/evals.yml
@@ -62,7 +62,7 @@ jobs:
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
-      options: --user runner --tmpfs /tmp:exec
+      options: --tmpfs /tmp:exec
     timeout-minutes: 20
     strategy:
       fail-fast: false
@@ -123,9 +123,10 @@ jobs:
       - name: Verify Chromium
         if: matrix.suite.name == 'e2e-browse'
         run: |
-          echo "TMPDIR=$TMPDIR BUN_TMPDIR=$BUN_TMPDIR HOME=$HOME"
-          ls -la "$TMPDIR" || echo "TMPDIR not accessible"
-          TMPDIR="$HOME/tmp" BUN_TMPDIR="$HOME/tmp" bun -e "import {chromium} from 'playwright';const b=await chromium.launch({args:['--no-sandbox']});console.log('Chromium OK');await b.close()"
+          echo "whoami=$(whoami) HOME=$HOME TMPDIR=${TMPDIR:-unset}"
+          ls -la /tmp | head -3
+          touch /tmp/.bun-write-test && rm /tmp/.bun-write-test && echo "/tmp writable"
+          bun -e "import {chromium} from 'playwright';const b=await chromium.launch({args:['--no-sandbox']});console.log('Chromium OK');await b.close()"
 
       - name: Run ${{ matrix.suite.name }}
         env: