skz-sloptrap/tests/README.md

Test Scenarios

This directory contains cases that stress sloptrap's hardening and deployment flow. Each subdirectory mimics a user repository and focuses on a single class of behaviour. Use run_tests.sh to execute the automated checks with stubbed tooling.

Current scenarios:

• mount_injection/ — exercises .sloptrapignore entries with , and = to ensure mount escape characters remain escaped and forces build_if_missing to execute the Codex download/build path.
• root_target/ — ensures attempts to mask the project root are rejected.
• symlink_escape/ — confirms symlink targets resolving outside the project are blocked.
• manifest_injection/ — ensures disallowed make.* overrides abort parsing.
• helper_symlink/ — ensures .sloptrap-ignores cannot be a symlink to directories outside the project.
• secret_mask/ — verifies masked files remain hidden even when sloptrap remaps the workspace mount.
• resume_target/ — verifies the resume target passes the requested session identifier to Codex.
• auth_file_mount — verifies ~/.codex/auth.json is mounted directly into /codex/auth.json.
• project_state_isolation — verifies different projects map /codex to different host state directories.
• auto_login_empty_auth — verifies an empty auth.json still triggers automatic login before the main target.
• host_network_packet_capture/ — exercises the per-run acknowledgement path for host networking combined with packet-capture.