Fix non-auth CI test selection and Codex smoke isolation

KSemenenko · KSemenenko · commit eb25afdd785f · 2026-03-05T20:56:13.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -45,7 +45,7 @@ jobs:
         run: dotnet build ManagedCode.CodexSharpSDK.slnx -c Release -warnaserror --no-restore
 
       - name: Test (full solution)
-        run: dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release --no-build
+        run: dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release --no-build -- --treenode-filter "/*/*/*/*[RequiresCodexAuth!=true]"
 
       - name: Smoke tests (Codex CLI discover + invoke)
         run: dotnet test --project CodexSharpSDK.Tests/CodexSharpSDK.Tests.csproj -c Release --no-build -- --treenode-filter "/*/*/*/CodexCli_Smoke_*"
diff --git a/.github/workflows/real-integration.yml b/.github/workflows/real-integration.yml
@@ -47,7 +47,7 @@ jobs:
         run: dotnet build ManagedCode.CodexSharpSDK.slnx -c Release -warnaserror --no-restore
 
       - name: Test (full solution)
-        run: dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release --no-build
+        run: dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release --no-build -- --treenode-filter "/*/*/*/*[RequiresCodexAuth!=true]"
 
       - name: Smoke tests (Codex CLI discover + invoke)
         run: dotnet test --project CodexSharpSDK.Tests/CodexSharpSDK.Tests.csproj -c Release --no-build -- --treenode-filter "/*/*/*/CodexCli_Smoke_*"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -62,7 +62,7 @@ jobs:
       run: dotnet build ManagedCode.CodexSharpSDK.slnx --configuration Release --warnaserror --no-restore
 
     - name: Test (full solution)
-      run: dotnet test --solution ManagedCode.CodexSharpSDK.slnx --configuration Release --no-build
+      run: dotnet test --solution ManagedCode.CodexSharpSDK.slnx --configuration Release --no-build -- --treenode-filter "/*/*/*/*[RequiresCodexAuth!=true]"
 
     - name: Codex CLI smoke tests
       run: dotnet test --project CodexSharpSDK.Tests/CodexSharpSDK.Tests.csproj --configuration Release --no-build -- --treenode-filter "/*/*/*/CodexCli_Smoke_*"
diff --git a/AGENTS.md b/AGENTS.md
@@ -115,6 +115,7 @@ If no new rule is detected -> do not update the file.
 - Testing framework is TUnit (`tests`).
 - TUnit/MTP does not support `--filter`; for focused runs use `dotnet test ... -- --treenode-filter "<pattern>"`.
 - Always invoke runner options after `--` (for example `dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release -- --treenode-filter "<pattern>"`); if a focused filter runs zero tests, treat it as an invalid filter and correct it before reporting results.
+- Before changing TUnit test-selection logic (tree node filters, properties, UIDs), read official TUnit docs first and validate syntax with a local no-auth run before updating CI/release workflows.
 - In this repository, method-level `treenode-filter` patterns resolve at depth 3 (`/*/*/*/<TestMethodName>`). For integration subset runs use `dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release -- --treenode-filter "/*/*/*/RunAsync_*_EndToEnd"` (matches current `CodexExecIntegrationTests`).
 - For reliable discovery when selecting focused tests, use the built test app directly: `tests/bin/Release/net10.0/ManagedCode.CodexSharpSDK.Tests --list-tests` (the `dotnet test ... -- --list-tests` wrapper can report zero tests in this setup).
 - Every behavior change must include or update tests.
@@ -124,6 +125,7 @@ If no new rule is detected -> do not update the file.
 - Treat `codex` CLI as a test prerequisite: ensure local/CI test setup installs `codex` before running CLI interaction tests; do not replace this with fakes.
 - CI must validate SDK on all Codex-supported desktop/server platforms (macOS, Linux, Windows): run build + tests and include a non-auth smoke check that `codex` is discoverable and invokable.
 - CI/release workflow smoke checks are additive gates; they must not replace full `dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release` execution.
+- CI/release full-solution runs must exclude auth-required tests using `-- --treenode-filter "/*/*/*/*[RequiresCodexAuth!=true]"` so pipelines remain non-auth and deterministic.
 - Cross-platform non-auth smoke must run `codex` from local installation in CI and verify unauthenticated behavior explicitly (for example `codex login status` in isolated profile returns "Not logged in"), proving binary discovery + process launch on each platform.
 - Real Codex integration tests must rely on existing local Codex CLI login/session only; do not read or require `OPENAI_API_KEY` in test setup.
 - Do not use nullable `TryGetSettings()` + early `return` skip patterns in real integration tests; resolve required settings directly and fail fast with actionable errors when missing.
diff --git a/CodexSharpSDK.Tests/Integration/CodexCliSmokeTests.cs b/CodexSharpSDK.Tests/Integration/CodexCliSmokeTests.cs
@@ -18,6 +18,7 @@ public class CodexCliSmokeTests
     private const string OpenAiApiKeyEnvironmentVariable = "OPENAI_API_KEY";
     private const string OpenAiBaseUrlEnvironmentVariable = "OPENAI_BASE_URL";
     private const string CodexApiKeyEnvironmentVariable = "CODEX_API_KEY";
+    private const string CodexHomeEnvironmentVariable = "CODEX_HOME";
     private const string CodexHomeDirectoryName = ".codex";
     private const string AppDataDirectoryName = "AppData";
     private const string RoamingDirectoryName = "Roaming";
@@ -31,6 +32,8 @@ public class CodexCliSmokeTests
     private const string VersionToken = "codex-cli";
     private const string ExecHelpToken = "Run Codex non-interactively";
     private const string NotLoggedInToken = "Not logged in";
+    private const string NotAuthenticatedToken = "Not authenticated";
+    private const string LoginGuidanceToken = "codex login";
 
     [Test]
     public async Task CodexCli_Smoke_FindExecutablePath_ResolvesExistingBinary()
@@ -76,7 +79,7 @@ public async Task CodexCli_Smoke_LoginStatusWithoutAuth_ReportsNotLoggedIn()
             await Assert.That(result.ExitCode).IsNotEqualTo(0);
 
             var output = string.Concat(result.StandardOutput, result.StandardError);
-            await Assert.That(output.Contains(NotLoggedInToken, StringComparison.OrdinalIgnoreCase)).IsTrue();
+            await Assert.That(ContainsUnauthenticatedSignal(output)).IsTrue();
         }
         finally
         {
@@ -150,6 +153,7 @@ private static Dictionary<string, string> CreateUnauthenticatedEnvironmentOverri
 
         return new Dictionary<string, string>(StringComparer.Ordinal)
         {
+            [CodexHomeEnvironmentVariable] = codexHome,
             [HomeEnvironmentVariable] = sandboxDirectory,
             [UserProfileEnvironmentVariable] = sandboxDirectory,
             [XdgConfigHomeEnvironmentVariable] = configHome,
@@ -215,6 +219,13 @@ private static async Task<CodexProcessResult> RunCodexAsync(
         return new CodexProcessResult(process.ExitCode, standardOutput, standardError);
     }
 
+    private static bool ContainsUnauthenticatedSignal(string output)
+    {
+        return output.Contains(NotLoggedInToken, StringComparison.OrdinalIgnoreCase)
+               || output.Contains(NotAuthenticatedToken, StringComparison.OrdinalIgnoreCase)
+               || output.Contains(LoginGuidanceToken, StringComparison.OrdinalIgnoreCase);
+    }
+
     private sealed record CodexProcessResult(
         int ExitCode,
         string StandardOutput,
diff --git a/CodexSharpSDK.Tests/Integration/CodexExecIntegrationTests.cs b/CodexSharpSDK.Tests/Integration/CodexExecIntegrationTests.cs
@@ -4,6 +4,7 @@
 
 namespace ManagedCode.CodexSharpSDK.Tests.Integration;
 
+[Property("RequiresCodexAuth", "true")]
 public class CodexExecIntegrationTests
 {
     private const string FirstPrompt = "Reply with short plain text: first.";
diff --git a/CodexSharpSDK.Tests/Integration/RealCodexIntegrationTests.cs b/CodexSharpSDK.Tests/Integration/RealCodexIntegrationTests.cs
@@ -4,6 +4,7 @@
 
 namespace ManagedCode.CodexSharpSDK.Tests.Integration;
 
+[Property("RequiresCodexAuth", "true")]
 public class RealCodexIntegrationTests
 {
     [Test]
diff --git a/CodexSharpSDK.Tests/Unit/CodexClientTests.cs b/CodexSharpSDK.Tests/Unit/CodexClientTests.cs
@@ -251,6 +251,7 @@ public async Task CodexCli_Smoke_GetCliUpdateStatus_ReturnsInstalledVersion()
     }
 
     [Test]
+    [Property("RequiresCodexAuth", "true")]
     public async Task ResumeThread_WithThreadOptions_RunsWithRealCodexCli()
     {
         var settings = RealCodexTestSupport.GetRequiredSettings();
diff --git a/CodexSharpSDK.Tests/Unit/CodexExecTests.cs b/CodexSharpSDK.Tests/Unit/CodexExecTests.cs
@@ -253,6 +253,7 @@ public async Task RunAsync_WithNullLogger_StillPropagatesFailure()
     }
 
     [Test]
+    [Property("RequiresCodexAuth", "true")]
     public async Task RunAsync_WithNullLogger_CompletesSuccessfully_WithRealCodexCli()
     {
         var settings = RealCodexTestSupport.GetRequiredSettings();
diff --git a/CodexSharpSDK.Tests/Unit/CodexThreadTests.cs b/CodexSharpSDK.Tests/Unit/CodexThreadTests.cs
@@ -12,6 +12,7 @@ namespace ManagedCode.CodexSharpSDK.Tests.Unit;
 public class CodexThreadTests
 {
     [Test]
+    [Property("RequiresCodexAuth", "true")]
     public async Task RunAsync_WithRealCodexCli_ReturnsCompletedTurnAndUpdatesThreadId()
     {
         var settings = RealCodexTestSupport.GetRequiredSettings();
@@ -30,6 +31,7 @@ public async Task RunAsync_WithRealCodexCli_ReturnsCompletedTurnAndUpdatesThread
     }
 
     [Test]
+    [Property("RequiresCodexAuth", "true")]
     public async Task RunAsync_WithStructuredInput_ReturnsTypedJson()
     {
         var settings = RealCodexTestSupport.GetRequiredSettings();
@@ -53,6 +55,7 @@ public async Task RunAsync_WithStructuredInput_ReturnsTypedJson()
     }
 
     [Test]
+    [Property("RequiresCodexAuth", "true")]
     public async Task RunAsync_GenericStructuredOutput_ReturnsTypedResponse()
     {
         var settings = RealCodexTestSupport.GetRequiredSettings();
@@ -78,6 +81,7 @@ public async Task RunAsync_GenericStructuredOutput_ReturnsTypedResponse()
     }
 
     [Test]
+    [Property("RequiresCodexAuth", "true")]
     public async Task RunAsync_GenericStructuredOutput_WithSchemaShortcutAndStringInput_ReturnsTypedResponse()
     {
         var settings = RealCodexTestSupport.GetRequiredSettings();
@@ -99,6 +103,7 @@ public async Task RunAsync_GenericStructuredOutput_WithSchemaShortcutAndStringIn
     }
 
     [Test]
+    [Property("RequiresCodexAuth", "true")]
     public async Task RunAsync_SecondTurnKeepsThreadId_WithRealCodexCli()
     {
         var settings = RealCodexTestSupport.GetRequiredSettings();
@@ -124,6 +129,7 @@ public async Task RunAsync_SecondTurnKeepsThreadId_WithRealCodexCli()
     }
 
     [Test]
+    [Property("RequiresCodexAuth", "true")]
     public async Task RunStreamedAsync_YieldsCompletedTurnEvent_WithRealCodexCli()
     {
         var settings = RealCodexTestSupport.GetRequiredSettings();
diff --git a/docs/Features/release-and-sync-automation.md b/docs/Features/release-and-sync-automation.md
@@ -33,7 +33,7 @@ Keep package quality and upstream Codex CLI parity automatically verified throug
 ## Business Rules
 
 - CI must run build and tests on every push/PR.
-- CI and Release workflows must execute full solution tests (`dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release`) before smoke subsets.
+- CI and Release workflows must execute full solution tests before smoke subsets, excluding auth-required tests with `-- --treenode-filter "/*/*/*/*[RequiresCodexAuth!=true]"`.
 - Codex CLI smoke test workflow steps must run `CodexCli_Smoke_*` via `CodexSharpSDK.Tests` project scope to avoid false `zero tests ran` failures in non-smoke test assemblies.
 - Release workflow must build/test before pack/publish.
 - Release workflow must read package version from `Directory.Build.props`.
diff --git a/docs/Testing/strategy.md b/docs/Testing/strategy.md
@@ -28,6 +28,7 @@ Verify `ManagedCode.CodexSharpSDK` behavior against real Codex CLI contracts, wi
 - test: `dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release`
 - coverage: `dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release -- --coverage --coverage-output-format cobertura --coverage-output coverage.cobertura.xml`
 - codex smoke subset: `dotnet test --project CodexSharpSDK.Tests/CodexSharpSDK.Tests.csproj -c Release -- --treenode-filter "/*/*/*/CodexCli_Smoke_*"`
+- ci/release non-auth full run: `dotnet test --solution ManagedCode.CodexSharpSDK.slnx -c Release -- --treenode-filter "/*/*/*/*[RequiresCodexAuth!=true]"`
 
 Smoke subset is an additional gate and does not replace full-solution test execution.
 

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`
`5`	`5`	`namespace ManagedCode.CodexSharpSDK.Tests.Integration;`
`6`	`6`
	`7`	`+[Property("RequiresCodexAuth", "true")]`
`7`	`8`	`public class CodexExecIntegrationTests`
`8`	`9`	`{`
`9`	`10`	`private const string FirstPrompt = "Reply with short plain text: first.";`
Original file line number	Diff line number	Diff line change
`@@ -251,6 +251,7 @@ public async Task CodexCli_Smoke_GetCliUpdateStatus_ReturnsInstalledVersion()`
`251`	`251`	`}`
`252`	`252`
`253`	`253`	`[Test]`
	`254`	`+ [Property("RequiresCodexAuth", "true")]`
`254`	`255`	`public async Task ResumeThread_WithThreadOptions_RunsWithRealCodexCli()`
`255`	`256`	`{`
`256`	`257`	`var settings = RealCodexTestSupport.GetRequiredSettings();`
Original file line number	Diff line number	Diff line change
`@@ -253,6 +253,7 @@ public async Task RunAsync_WithNullLogger_StillPropagatesFailure()`
`253`	`253`	`}`
`254`	`254`
`255`	`255`	`[Test]`
	`256`	`+ [Property("RequiresCodexAuth", "true")]`
`256`	`257`	`public async Task RunAsync_WithNullLogger_CompletesSuccessfully_WithRealCodexCli()`
`257`	`258`	`{`
`258`	`259`	`var settings = RealCodexTestSupport.GetRequiredSettings();`
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@ namespace ManagedCode.CodexSharpSDK.Tests.Unit;`
`12`	`12`	`public class CodexThreadTests`
`13`	`13`	`{`
`14`	`14`	`[Test]`
	`15`	`+ [Property("RequiresCodexAuth", "true")]`
`15`	`16`	`public async Task RunAsync_WithRealCodexCli_ReturnsCompletedTurnAndUpdatesThreadId()`
`16`	`17`	`{`
`17`	`18`	`var settings = RealCodexTestSupport.GetRequiredSettings();`
`@@ -30,6 +31,7 @@ public async Task RunAsync_WithRealCodexCli_ReturnsCompletedTurnAndUpdatesThread`
`30`	`31`	`}`
`31`	`32`
`32`	`33`	`[Test]`
	`34`	`+ [Property("RequiresCodexAuth", "true")]`
`33`	`35`	`public async Task RunAsync_WithStructuredInput_ReturnsTypedJson()`
`34`	`36`	`{`
`35`	`37`	`var settings = RealCodexTestSupport.GetRequiredSettings();`
`@@ -53,6 +55,7 @@ public async Task RunAsync_WithStructuredInput_ReturnsTypedJson()`
`53`	`55`	`}`
`54`	`56`
`55`	`57`	`[Test]`
	`58`	`+ [Property("RequiresCodexAuth", "true")]`
`56`	`59`	`public async Task RunAsync_GenericStructuredOutput_ReturnsTypedResponse()`
`57`	`60`	`{`
`58`	`61`	`var settings = RealCodexTestSupport.GetRequiredSettings();`
`@@ -78,6 +81,7 @@ public async Task RunAsync_GenericStructuredOutput_ReturnsTypedResponse()`
`78`	`81`	`}`
`79`	`82`
`80`	`83`	`[Test]`
	`84`	`+ [Property("RequiresCodexAuth", "true")]`
`81`	`85`	`public async Task RunAsync_GenericStructuredOutput_WithSchemaShortcutAndStringInput_ReturnsTypedResponse()`
`82`	`86`	`{`
`83`	`87`	`var settings = RealCodexTestSupport.GetRequiredSettings();`
`@@ -99,6 +103,7 @@ public async Task RunAsync_GenericStructuredOutput_WithSchemaShortcutAndStringIn`
`99`	`103`	`}`
`100`	`104`
`101`	`105`	`[Test]`
	`106`	`+ [Property("RequiresCodexAuth", "true")]`
`102`	`107`	`public async Task RunAsync_SecondTurnKeepsThreadId_WithRealCodexCli()`
`103`	`108`	`{`
`104`	`109`	`var settings = RealCodexTestSupport.GetRequiredSettings();`
`@@ -124,6 +129,7 @@ public async Task RunAsync_SecondTurnKeepsThreadId_WithRealCodexCli()`
`124`	`129`	`}`
`125`	`130`
`126`	`131`	`[Test]`
	`132`	`+ [Property("RequiresCodexAuth", "true")]`
`127`	`133`	`public async Task RunStreamedAsync_YieldsCompletedTurnEvent_WithRealCodexCli()`
`128`	`134`	`{`
`129`	`135`	`var settings = RealCodexTestSupport.GetRequiredSettings();`