Summary
GitHub authentication (both git push and gh CLI) fails in Claude Code sessions despite the user having:
- A valid
GITHUB_TOKEN configured in Workspace Settings > Environment Variables
- The GitHub integration enabled and showing as connected
Neither credential path reaches the Claude Code shell process, making all GitHub operations fail silently.
Root Cause Analysis
The session uses a credential helper at /tmp/git-credential-ambient which resolves GitHub tokens via two sources, checked in order:
- Integration token file:
/tmp/.ambient_github_token (written by the platform when the GitHub integration is active)
- Environment variable fallback:
$GITHUB_TOKEN
Both sources are broken:
Issue 1: Workspace env var GITHUB_TOKEN stripped from shell process
The token IS present in the container's init process environment (/proc/1/environ), confirming the platform correctly injects it at container startup. However, it is not present in the Claude Code shell subprocess environment (/proc/self/environ, env).
Something in the process tree between PID 1 and the Claude Code shell is dropping or explicitly unsetting the variable.
Evidence:
# Token exists in init process
$ strings /proc/1/environ | grep GITHUB_TOKEN
GITHUB_TOKEN=ghp_****... (present, 40 chars)
# Token missing from shell session
$ env | grep GITHUB_TOKEN
(empty)
$ echo $GITHUB_TOKEN
(empty)
Issue 2: GitHub integration token file never written
Despite the GitHub integration showing as "connected" in the user's account settings, the file /tmp/.ambient_github_token is never created. The mcp__session__refresh_credentials tool also reports Active integrations: none detected after refresh.
Evidence:
$ ls -la /tmp/.ambient_github_token
ls: cannot access '/tmp/.ambient_github_token': No such file or directory
# After calling refresh_credentials MCP tool:
# Response: "Credentials refreshed successfully. Active integrations: none detected."
# File still does not exist.
Impact
git push / git pull to any private repo fails — credential helper returns empty output, git prompts for username and fails with fatal: could not read Usernamegh auth status reports not logged ingh api / gh pr create etc. all fail- Users see no error message explaining why — the failure is silent from the credential helper side
Reproduction Steps
- Create a workspace with
GITHUB_TOKEN set in Environment Variables
- Enable the GitHub integration on the account
- Start a Claude Code session
- Run
env | grep GITHUB_TOKEN → empty
- Run
ls /tmp/.ambient_github_token → file not found
- Run
gh auth status → not logged in
- Run
git push → auth failure
Workaround
Manually recovering the token from the init process restores full functionality, confirming the token itself is valid and the credential helper works correctly:
export GITHUB_TOKEN=$(strings /proc/1/environ | grep '^GITHUB_TOKEN=' | cut -d= -f2-)
# All git/gh commands now work
Expected Behavior
At least one of these should work:
- Workspace env vars (especially
GITHUB_TOKEN) should be propagated to the Claude Code shell subprocess environment
- When the GitHub integration is connected,
/tmp/.ambient_github_token should be written and kept up to date
Environment
- Platform: Linux (containerized)
- Credential helper:
/tmp/git-credential-ambient (platform-provided)
- Git user:
Ambient Code Bot <bot@ambient-code.local>
- Date observed: 2026-04-23
Summary
GitHub authentication (both
git pushandghCLI) fails in Claude Code sessions despite the user having:GITHUB_TOKENconfigured in Workspace Settings > Environment VariablesNeither credential path reaches the Claude Code shell process, making all GitHub operations fail silently.
Root Cause Analysis
The session uses a credential helper at
/tmp/git-credential-ambientwhich resolves GitHub tokens via two sources, checked in order:/tmp/.ambient_github_token(written by the platform when the GitHub integration is active)$GITHUB_TOKENBoth sources are broken:
Issue 1: Workspace env var
GITHUB_TOKENstripped from shell processThe token IS present in the container's init process environment (
/proc/1/environ), confirming the platform correctly injects it at container startup. However, it is not present in the Claude Code shell subprocess environment (/proc/self/environ,env).Something in the process tree between PID 1 and the Claude Code shell is dropping or explicitly unsetting the variable.
Evidence:
Issue 2: GitHub integration token file never written
Despite the GitHub integration showing as "connected" in the user's account settings, the file
/tmp/.ambient_github_tokenis never created. Themcp__session__refresh_credentialstool also reportsActive integrations: none detectedafter refresh.Evidence:
Impact
git push/git pullto any private repo fails — credential helper returns empty output, git prompts for username and fails withfatal: could not read Usernamegh auth statusreports not logged ingh api/gh pr createetc. all failReproduction Steps
GITHUB_TOKENset in Environment Variablesenv | grep GITHUB_TOKEN→ emptyls /tmp/.ambient_github_token→ file not foundgh auth status→ not logged ingit push→ auth failureWorkaround
Manually recovering the token from the init process restores full functionality, confirming the token itself is valid and the credential helper works correctly:
Expected Behavior
At least one of these should work:
GITHUB_TOKEN) should be propagated to the Claude Code shell subprocess environment/tmp/.ambient_github_tokenshould be written and kept up to dateEnvironment
/tmp/git-credential-ambient(platform-provided)Ambient Code Bot <bot@ambient-code.local>