Priority: low — non-urgent. Test exists, regression fence works. This issue is about widening coverage adjacent to the fix, not about a missing test for the v4.1.0 bug itself.
Context
v4.1.0 added regression test [6b] in .claude/hooks/__tests__/sentinel-hook.test.cjs to ensure cold-start dispatch of pipeline-controller is permitted (PR #3). The test covers exactly the happy path that was broken: cwd with no prior .pipeline/docs/Pre-*-action/, no PIPELINE_DOC_PATH env var, controller dispatched.
What's not covered today
The test exercises the minimal cold-start scenario. Adjacent scenarios that could regress without [6b] catching them:
PIPELINE_DOC_PATH env var set, but state file absent — controller dispatched should still bootstrap (env exists but points to empty/uninitialized dir).- State file exists but is corrupt JSON — controller dispatch should fail-open with a
SENTINEL WARN to stderr, not crash the hook.
- State file exists but is empty (zero bytes) — same expected behavior as above.
- Race condition: state file being written by another process at the moment of dispatch — partial-read scenarios.
None of these cause regression of the original v4.1.0 fix, so the absence of these tests does not invalidate the release. They would harden the contract that pipeline-controller now occupies as a bootstrap agent.
Proposed work
Add 3 tests in sentinel-hook.test.cjs:
[6c] — PIPELINE_DOC_PATH set, state file absent → bootstrap permitted (exit 0).[6d] — corrupt state file → fail-open with SENTINEL WARN to stderr; controller dispatch still permitted.[6e] — empty state file → same as [6d].
Race condition test (#4) is harder to write deterministically; defer unless an actual incident shows the race matters.
Acceptance criteria
Where to ship
Suggested release: v4.1.1 patch (bundle with the FQ_BOOTSTRAP hardening from the sibling issue) or any later release where the test harness is being touched.
Discovery
Adversarial review of v4.1.0 release artifacts (Real-2 finding).
Context
v4.1.0added regression test[6b]in.claude/hooks/__tests__/sentinel-hook.test.cjsto ensure cold-start dispatch ofpipeline-controlleris permitted (PR #3). The test covers exactly the happy path that was broken: cwd with no prior.pipeline/docs/Pre-*-action/, noPIPELINE_DOC_PATHenv var, controller dispatched.What's not covered today
The test exercises the minimal cold-start scenario. Adjacent scenarios that could regress without
[6b]catching them:PIPELINE_DOC_PATHenv var set, but state file absent — controller dispatched should still bootstrap (env exists but points to empty/uninitialized dir).SENTINEL WARNto stderr, not crash the hook.None of these cause regression of the original v4.1.0 fix, so the absence of these tests does not invalidate the release. They would harden the contract that
pipeline-controllernow occupies as a bootstrap agent.Proposed work
Add 3 tests in
sentinel-hook.test.cjs:[6c]—PIPELINE_DOC_PATHset, state file absent → bootstrap permitted (exit 0).[6d]— corrupt state file → fail-open withSENTINEL WARNto stderr; controller dispatch still permitted.[6e]— empty state file → same as[6d].Race condition test (#4) is harder to write deterministically; defer unless an actual incident shows the race matters.
Acceptance criteria
[6c],[6d],[6e])sentinel-hook.test.cjsWhere to ship
Suggested release:
v4.1.1patch (bundle with the FQ_BOOTSTRAP hardening from the sibling issue) or any later release where the test harness is being touched.Discovery
Adversarial review of v4.1.0 release artifacts (Real-2 finding).