fix: support provider-based auth and stabilize cross-machine tests

[kylezk777]

Summary

• Fix false “not authenticated” blocks when Codex is configured with non-OpenAI
  providers (for example litellm).
• Keep existing auth behavior for OpenAI provider unchanged.
• Make tests portable across machines (remove hardcoded local absolute paths).
• Improve runtime test stability for background/cancel timing-sensitive flows.

Problem

• The plugin previously relied on codex login status to determine readiness.
• In provider-based setups (for example model_provider = "litellm"), codex login status can return “Not logged in” even though the provider config is
  valid.
• This incorrectly blocked /codex:setup readiness and review/task flows.

What Changed

• Added provider-aware auth gating in getCodexLoginStatus:
• Parse user/project Codex config to resolve effective model_provider.
• If provider is non-OpenAI, treat login as not required and return a clear
  detail message.
• Preserve codex login status checks for OpenAI flows.
• Added targeted tests for provider auth behavior.
• Updated test roots to dynamic path resolution instead of machine-specific
  absolute paths.
• Isolated test HOME in fixture env to prevent local developer config bleed-
  through.
• Increased timing tolerances in a few background/cancel runtime tests to
  reduce flaky failures.

Verification

• npm test (67/67 passing)
• node --test tests/runtime.test.mjs (43/43 passing)
• node --test tests/commands.test.mjs tests/auth-provider.test.mjs tests/ git.test.mjs tests/process.test.mjs tests/state.test.mjs tests/render.test.mjs
  (22/22 passing)
• node --test tests/broker-endpoint.test.mjs (2/2 passing)

Notes

• This change is intentionally scoped to auth/readiness detection and test
  reliability.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9cd494b225

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Don't treat unconfigured providers as authenticated

This branch marks loggedIn: true for every non-OpenAI model_provider, including cases where hasProviderConfig is false (for example, a typo like model_provider = "litelmm" or a missing [model_providers.*] block). In those scenarios /codex:setup reports ready and skips login guidance, but review/task runs will still fail when Codex validates provider setup. Only bypass codex login status when the provider is known login-free or has usable provider config; otherwise fall back to the existing login check.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Respect project trust before using project config for auth

Project config files are always added to provider resolution, but the plugin docs explicitly note project overrides only apply when the project is trusted. Because this logic has no trust check, an untrusted repo’s .codex/config.toml can force a non-OpenAI provider and make auth appear ready even though Codex CLI may ignore that config and still require OpenAI login. This creates false-positive readiness in /codex:setup and gating flows.

Useful? React with 👍 / 👎.