Lesson Learned #093: CI Triggering Blocked Without GitHub PAT (Jan 7, 2026)
ID: LL-093
Date: January 7, 2026
Severity: CRITICAL
Category: Infrastructure, CI/CD, Authentication
What Happened
CEO asked: "Why didn't we trade today?"
Investigation revealed:
- Daily trading workflow is scheduled at 9:35 AM ET
- No
data/trades_2026-01-07.jsonwas created - System cannot verify if workflow ran or failed
- Cannot trigger workflow manually from sandbox (no GitHub PAT)
Root Cause
Missing GitHub PAT in sandbox environment.
The sandbox can:
- Read files ✅
- Write files ✅
- Make git commits ✅
- Push to feature branches ✅
The sandbox CANNOT:
- Push to main (403 blocked by branch protection)
- Create PRs via API (401 requires auth)
- Trigger workflow_dispatch (401 requires auth)
- Call Alpaca API (Access denied - network blocked)
Impact
- Cannot verify paper account status in real-time
- Cannot trigger trading workflows on demand
- Cannot merge PRs automatically
- CEO must manually merge PRs or trigger workflows from GitHub UI
Solution Required
Add GitHub PAT to sandbox environment or CLAUDE.md:
# In sandbox environment or .env:
GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx
Workaround (Current)
- Commit changes to feature branch ✅ Done
- Push feature branch ✅ Done (claude/review-trading-strategy-J61FA)
- CEO must: Go to GitHub → Actions → Daily Trading → Run workflow
- Or: Merge PR from branch to main
Branch with Trigger Ready
Branch: claude/review-trading-strategy-J61FA
File changed: TRIGGER_TRADE.md
Commit: aab777f
Once merged to main, workflow will automatically run.
Prevention
- Store GitHub PAT as environment variable in sandbox
- Or create webhook that Claude can call to trigger CI
- Or give Claude direct access to GitHub Actions API
Tags
github, ci-cd, authentication, sandbox, pat, infrastructure
This lesson was auto-published from our AI Trading repository.
More lessons: rag_knowledge/lessons_learned
Top comments (0)