Revert PR #56: Avoid interactive Codex auth probe in installer preflight

[nickbeau]

Summary

• Reverts [codex] Avoid interactive Codex auth probe in installer preflight #56 which introduced changes to avoid interactive Codex auth probe in installer preflight

Test plan

• Verify installer preflight works correctly after revert

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Reverts PR #56 by restoring the installer preflight’s Codex authentication check to use codex login status (instead of directly validating auth.json), and updates tests/docs to match the reverted behavior.

Changes:

• Replace auth.json content inspection with a codex login status probe and a simplified LoginConfigured flag.
• Update installer output to report login readiness instead of auth mode/configuration details.
• Remove/adjust integration tests and update the package guide to reflect the reverted preflight behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
tests/Symphony.Integration.Tests/InstallCommandTests.cs	Updates preflight result stubs/remediation text to align with LoginConfigured.
tests/Symphony.Integration.Tests/CodexCliPreflightEvaluatorTests.cs	Adjusts tests to mock codex login status and removes auth.json-content-based scenarios from #56.
src/Symphony.Host/Setup/SymphonyInstallCommand.cs	Updates preflight reporting output to show “Login status”.
src/Symphony.Host/Setup/CodexCliPreflightEvaluator.cs	Reverts to invoking codex login status; replaces auth inspection with File.Exists + LoginConfigured.
docs/PackageGuide.md	Updates documentation to state auth is validated via codex login status and removes non-interactive claim from #56.

Comments suppressed due to low confidence (2)

src/Symphony.Host/Setup/CodexCliPreflightEvaluator.cs:120

• codex login status is executed even when auth.json is missing (the hasAuthJson check happens later). This can add redundant blocking issues (both login-status failure and missing auth file) and runs an extra external process unnecessarily. Consider short-circuiting when !hasAuthJson (or gating the login-status probe on hasAuthJson) so the reported issues/remediation are consistent and the installer does less work.

            var loginStatus = await SafeRunAsync(
                runCommandAsync,
                "codex login status",
                probeTimeout,
                cancellationToken);
            loginConfigured = loginStatus is { ExitCode: 0 };
            if (!loginConfigured)
            {
                blockingIssues.Add("Codex authentication is not configured or `codex login status` failed.");
                AddUnique(
                    remediationSteps,
                    "Run `codex login` in another terminal, finish the sign-in flow, then return here.");
            }
        }

        if (!hasAuthJson)
        {
            blockingIssues.Add($"Codex auth file is missing: '{authJsonPath}'.");
            AddUnique(
                remediationSteps,
                $"Make sure Codex writes credentials to '{authJsonPath}' before starting Symphony.");
        }

tests/Symphony.Integration.Tests/CodexCliPreflightEvaluatorTests.cs:38

• Test coverage no longer exercises the failure path for the new login-status gate. Please add a test where codex login status returns non-zero/throws (or times out) and assert that IsReadyToStart is false and the expected blocking issue/remediation step is present.

    public async Task CheckAsync_ShouldAcceptReadyCodexCli()
    {
        var codexHome = CreateTempDirectory("codex-home");

        try
        {
            await File.WriteAllTextAsync(Path.Combine(codexHome, "auth.json"), "{}");

            var result = await CodexCliPreflightEvaluator.CheckAsync(
                CreateRunner(new Dictionary<string, CodexCliCommandResult>(StringComparer.Ordinal)
                {
                    ["codex --version"] = new(0, "codex-cli 0.114.0", string.Empty),
                    ["npm view @openai/codex version"] = new(0, "0.114.0", string.Empty),
                    ["codex login status"] = new(0, "Logged in using ChatGPT", string.Empty)
                }),
                codexHome,
                TimeSpan.FromSeconds(1),
                CancellationToken.None);

            Assert.True(result.IsReadyToStart);
            Assert.Equal("0.114.0", result.InstalledVersion);
            Assert.Equal("0.114.0", result.LatestVersion);
            Assert.True(result.LatestVersionVerified);
            Assert.True(result.HasAuthJson);
            Assert.True(result.LoginConfigured);
        }
        finally
        {
            TryDeleteDirectory(codexHome);
        }
    }

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The blocking issue "Codex authentication is not configured or codex login status failed." drops the actual failure details (exit code / stderr), which makes it hard to diagnose CI/path issues vs. authentication problems. Consider including the exit code and a trimmed stderr message (or surfacing stderr as a warning) when the command returns non-zero or times out.

[Copilot]

This reintroduces invoking codex login status during installer preflight. PR #56 was specifically addressing reports that this path can trigger external/interactive auth flows (e.g., az login) during setup. If this revert is required, consider adding a non-interactive guard (env flag/option) or falling back to local auth.json inspection to keep preflight non-interactive.