diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
index 29c024e86..5296c354f 100644
--- a/.github/workflows/run-tests.yml
+++ b/.github/workflows/run-tests.yml
@@ -14,8 +14,13 @@ on:
       - "pyproject.toml"
       - ".github/workflows/**"
 
-  # run on all pull requests because these checks are required and will block merges otherwise
   pull_request:
+    paths:
+      - "src/**"
+      - "tests/**"
+      - "uv.lock"
+      - "pyproject.toml"
+      - ".github/workflows/**"
 
   workflow_dispatch:
 
diff --git a/tests/client/auth/test_oauth_client.py b/tests/client/auth/test_oauth_client.py
index dbf41dd0b..18fb66da8 100644
--- a/tests/client/auth/test_oauth_client.py
+++ b/tests/client/auth/test_oauth_client.py
@@ -52,10 +52,15 @@ def client_unauthorized(streamable_http_server: str) -> Client:
 @pytest.fixture
 def client_with_headless_oauth(streamable_http_server: str) -> Client:
     """Client with headless OAuth that bypasses browser interaction."""
-    return Client(
-        transport=StreamableHttpTransport(streamable_http_server),
-        auth=HeadlessOAuth(mcp_url=streamable_http_server),
-    )
+    # Expect warning about in-memory token storage
+    with pytest.warns(
+        UserWarning,
+        match="Using in-memory token storage is not recommended for production use",
+    ):
+        return Client(
+            transport=StreamableHttpTransport(streamable_http_server),
+            auth=HeadlessOAuth(mcp_url=streamable_http_server),
+        )
 
 
 async def test_unauthorized(client_unauthorized: Client):
diff --git a/tests/client/test_client.py b/tests/client/test_client.py
index a32e92073..e47b15260 100644
--- a/tests/client/test_client.py
+++ b/tests/client/test_client.py
@@ -968,26 +968,52 @@ def test_stdio_doesnt_support_auth(self):
             Client(transport=StdioTransport("echo", ["hello"]), auth="oauth")
 
     def test_oauth_literal_sets_up_oauth_shttp(self):
-        client = Client(
-            transport=StreamableHttpTransport("http://localhost:8000"), auth="oauth"
-        )
+        # Expect warning about in-memory token storage
+        with pytest.warns(
+            UserWarning,
+            match="Using in-memory token storage is not recommended for production use",
+        ):
+            client = Client(
+                transport=StreamableHttpTransport("http://localhost:8000"), auth="oauth"
+            )
         assert isinstance(client.transport, StreamableHttpTransport)
         assert isinstance(client.transport.auth, OAuthClientProvider)
 
     def test_oauth_literal_pass_direct_to_transport(self):
-        client = Client(
-            transport=StreamableHttpTransport("http://localhost:8000", auth="oauth"),
-        )
+        # Expect warning about in-memory token storage
+        with pytest.warns(
+            UserWarning,
+            match="Using in-memory token storage is not recommended for production use",
+        ):
+            client = Client(
+                transport=StreamableHttpTransport(
+                    "http://localhost:8000", auth="oauth"
+                ),
+            )
         assert isinstance(client.transport, StreamableHttpTransport)
         assert isinstance(client.transport.auth, OAuthClientProvider)
 
     def test_oauth_literal_sets_up_oauth_sse(self):
-        client = Client(transport=SSETransport("http://localhost:8000"), auth="oauth")
+        # Expect warning about in-memory token storage
+        with pytest.warns(
+            UserWarning,
+            match="Using in-memory token storage is not recommended for production use",
+        ):
+            client = Client(
+                transport=SSETransport("http://localhost:8000"), auth="oauth"
+            )
         assert isinstance(client.transport, SSETransport)
         assert isinstance(client.transport.auth, OAuthClientProvider)
 
     def test_oauth_literal_pass_direct_to_transport_sse(self):
-        client = Client(transport=SSETransport("http://localhost:8000", auth="oauth"))
+        # Expect warning about in-memory token storage
+        with pytest.warns(
+            UserWarning,
+            match="Using in-memory token storage is not recommended for production use",
+        ):
+            client = Client(
+                transport=SSETransport("http://localhost:8000", auth="oauth")
+            )
         assert isinstance(client.transport, SSETransport)
         assert isinstance(client.transport.auth, OAuthClientProvider)
 
diff --git a/tests/client/test_sse.py b/tests/client/test_sse.py
index 914b505a2..8c0e69cac 100644
--- a/tests/client/test_sse.py
+++ b/tests/client/test_sse.py
@@ -97,7 +97,12 @@ async def nested_sse_server():
     from fastmcp.utilities.http import find_available_port
 
     server = create_test_server()
-    sse_app = server.sse_app(path="/mcp/sse/", message_path="/mcp/messages")
+    # Expect deprecation warning for sse_app method
+    with pytest.warns(
+        DeprecationWarning,
+        match="The sse_app method is deprecated .* Use http_app as a modern .* alternative",
+    ):
+        sse_app = server.sse_app(path="/mcp/sse/", message_path="/mcp/messages")
 
     # Nest the app under multiple mounts to test URL resolution
     inner = Starlette(routes=[Mount("/nest-inner", app=sse_app)])
diff --git a/tests/test_mcp_config.py b/tests/test_mcp_config.py
index d0cac215e..f1f9eb564 100644
--- a/tests/test_mcp_config.py
+++ b/tests/test_mcp_config.py
@@ -461,7 +461,12 @@ async def test_remote_config_with_oauth_literal():
             }
         }
     }
-    client = Client(config)
+    # Expect warning about in-memory token storage
+    with pytest.warns(
+        UserWarning,
+        match="Using in-memory token storage is not recommended for production use",
+    ):
+        client = Client(config)
     assert isinstance(client.transport.transport, StreamableHttpTransport)
     assert isinstance(client.transport.transport.auth, OAuthClientProvider)