What
Starting sometime on 2026-05-06 (UTC), the upstream anthropics/claude-code-action@v1 action started failing on every PR across the fleet with:
```
SDK execution error: ReferenceError: Claude Code native binary not found at /home/runner/.local/bin/claude.
Please ensure Claude Code is installed via native installer or specify a valid path with options.pathToClaudeCodeExecutable.
```
Plus a separate internal-bug log line:
```
Internal error: directory mismatch for directory "/home/runner/work/_actions/anthropics/claude-code-action/v1/tsconfig.json", fd 4. You don't need to do anything, but this indicates a bug.
```
Confirmed scope
Spot-checked three PRs opened today — all fail Claude Review with the same error:
- whois-api-llc/wxa-jake-ai#294 (doc-only, was admin-merged via bypass actor)
- whois-api-llc/wxa-jake-ai#295
- whois-api-llc/wxa_vpn#287
Yesterday's PR (topcoder1/wxa_webcat#221) passed Claude Review — confirms regression is recent.
Impact
Every PR opened in fleet repos right now blocks on `review / Claude Review` (required check in the standard ruleset). Maintainers must admin-merge to land anything until upstream fixes the action OR we pin to a working SHA.
Proposed fix
Two paths, in order of preference:
- Pin to a known-working SHA in
pr-review.yml (and any sibling that uses anthropics/claude-code-action). Pick the last-good SHA from before 2026-05-06; verify against #221 timestamp. Roll out fleet-wide via ci-install re-runs (idempotent) or a targeted PR opener.
- Wait for upstream fix. Lower effort but maintainers eat admin-merges in the meantime, and pre-merge AI review coverage drops to zero until the fix lands.
Recommend (1). The whole point of pinning third-party actions to a SHA is to avoid exactly this kind of silent regression.
Related
- Same bug shows up in
claude-code-action itself — the error message includes "this indicates a bug." If we can find the upstream issue thread, link it here.
- Once fixed, also revisit whether
Claude Adversarial Review and Codex Review should follow the same pin-to-SHA pattern (Codex is on openai/codex CLI; check whether it has an equivalent risk).
What
Starting sometime on 2026-05-06 (UTC), the upstream
anthropics/claude-code-action@v1action started failing on every PR across the fleet with:```
SDK execution error: ReferenceError: Claude Code native binary not found at /home/runner/.local/bin/claude.
Please ensure Claude Code is installed via native installer or specify a valid path with options.pathToClaudeCodeExecutable.
```
Plus a separate internal-bug log line:
```
Internal error: directory mismatch for directory "/home/runner/work/_actions/anthropics/claude-code-action/v1/tsconfig.json", fd 4. You don't need to do anything, but this indicates a bug.
```
Confirmed scope
Spot-checked three PRs opened today — all fail Claude Review with the same error:
Yesterday's PR (topcoder1/wxa_webcat#221) passed Claude Review — confirms regression is recent.
Impact
Every PR opened in fleet repos right now blocks on `review / Claude Review` (required check in the standard ruleset). Maintainers must admin-merge to land anything until upstream fixes the action OR we pin to a working SHA.
Proposed fix
Two paths, in order of preference:
pr-review.yml(and any sibling that usesanthropics/claude-code-action). Pick the last-good SHA from before 2026-05-06; verify against #221 timestamp. Roll out fleet-wide viaci-installre-runs (idempotent) or a targeted PR opener.Recommend (1). The whole point of pinning third-party actions to a SHA is to avoid exactly this kind of silent regression.
Related
claude-code-actionitself — the error message includes "this indicates a bug." If we can find the upstream issue thread, link it here.Claude Adversarial ReviewandCodex Reviewshould follow the same pin-to-SHA pattern (Codex is onopenai/codexCLI; check whether it has an equivalent risk).