test: cover cleanupAliases save failure, setAlias save failure, and validate-commands statSync catch

Round 73: Add 3 tests for genuine untested code paths:
- session-aliases cleanupAliases returns failure when save blocked after removing aliases
- session-aliases setAlias returns failure when save blocked on new alias creation
- validate-commands silently skips broken symlinks in skill directory scanning

tests/ci/validators.test.js

@@ -1960,6 +1960,37 @@ function runTests() {
     cleanupTestDir(testDir);
   })) passed++; else failed++;
 
+  // ── Round 73: validate-commands.js skill directory statSync catch ──
+  console.log('\nRound 73: validate-commands.js (unreadable skill entry — statSync catch):');
+
+  if (test('skips unreadable skill directory entries without error (broken symlink)', () => {
+    const testDir = createTestDir();
+    const agentsDir = createTestDir();
+    const skillsDir = createTestDir();
+
+    // Create one valid skill directory and one broken symlink
+    const validSkill = path.join(skillsDir, 'valid-skill');
+    fs.mkdirSync(validSkill, { recursive: true });
+    // Broken symlink: target does not exist — statSync will throw ENOENT
+    const brokenLink = path.join(skillsDir, 'broken-skill');
+    fs.symlinkSync('/nonexistent/target/path', brokenLink);
+
+    // Command that references the valid skill (should resolve)
+    fs.writeFileSync(path.join(testDir, 'cmd.md'),
+      '# Command\nSee skills/valid-skill/ for details.');
+
+    const result = runValidatorWithDirs('validate-commands', {
+      COMMANDS_DIR: testDir, AGENTS_DIR: agentsDir, SKILLS_DIR: skillsDir
+    });
+    assert.strictEqual(result.code, 0,
+      'Should pass — broken symlink in skills dir should be skipped silently');
+    // The broken-skill should NOT be in validSkills, so referencing it would warn
+    // but the valid-skill reference should resolve fine
+    cleanupTestDir(testDir);
+    cleanupTestDir(agentsDir);
+    fs.rmSync(skillsDir, { recursive: true, force: true });
+  })) passed++; else failed++;
+
   // Summary
   console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`);
   process.exit(failed > 0 ? 1 : 0);

tests/lib/session-aliases.test.js

@@ -1072,6 +1072,88 @@ function runTests() {
     }
   })) passed++; else failed++;
 
+  // ── Round 73: cleanupAliases save failure path ──
+  console.log('\nRound 73: cleanupAliases (save failure):');
+
+  if (test('cleanupAliases returns failure when saveAliases fails after removing aliases', () => {
+    if (process.platform === 'win32' || process.getuid?.() === 0) {
+      console.log('    (skipped — chmod ineffective on Windows/root)');
+      return;
+    }
+    const isoHome = path.join(os.tmpdir(), `ecc-alias-r73-cleanup-${Date.now()}`);
+    const isoClaudeDir = path.join(isoHome, '.claude');
+    fs.mkdirSync(isoClaudeDir, { recursive: true });
+    const savedHome = process.env.HOME;
+    const savedProfile = process.env.USERPROFILE;
+    try {
+      process.env.HOME = isoHome;
+      process.env.USERPROFILE = isoHome;
+      delete require.cache[require.resolve('../../scripts/lib/session-aliases')];
+      delete require.cache[require.resolve('../../scripts/lib/utils')];
+      const freshAliases = require('../../scripts/lib/session-aliases');
+
+      // Create aliases — one to keep, one to remove
+      freshAliases.setAlias('keep-me', '/sessions/real', 'Kept');
+      freshAliases.setAlias('remove-me', '/sessions/gone', 'Gone');
+
+      // Make .claude dir read-only so save will fail
+      fs.chmodSync(isoClaudeDir, 0o555);
+
+      // Cleanup: "gone" session doesn't exist, so remove-me should be removed
+      const result = freshAliases.cleanupAliases((p) => p === '/sessions/real');
+      assert.strictEqual(result.success, false, 'Should fail when save is blocked');
+      assert.ok(result.error.includes('Failed to save after cleanup'),
+        `Should return cleanup save failure error, got: ${result.error}`);
+      assert.strictEqual(result.removed, 1, 'Should report 1 removed alias');
+      assert.ok(result.removedAliases.some(a => a.name === 'remove-me'),
+        'Should report remove-me in removedAliases');
+    } finally {
+      try { fs.chmodSync(isoClaudeDir, 0o755); } catch { /* best-effort */ }
+      process.env.HOME = savedHome;
+      process.env.USERPROFILE = savedProfile;
+      delete require.cache[require.resolve('../../scripts/lib/session-aliases')];
+      delete require.cache[require.resolve('../../scripts/lib/utils')];
+      fs.rmSync(isoHome, { recursive: true, force: true });
+    }
+  })) passed++; else failed++;
+
+  // ── Round 73: setAlias save failure path ──
+  console.log('\nRound 73: setAlias (save failure):');
+
+  if (test('setAlias returns failure when saveAliases fails', () => {
+    if (process.platform === 'win32' || process.getuid?.() === 0) {
+      console.log('    (skipped — chmod ineffective on Windows/root)');
+      return;
+    }
+    const isoHome = path.join(os.tmpdir(), `ecc-alias-r73-set-${Date.now()}`);
+    const isoClaudeDir = path.join(isoHome, '.claude');
+    fs.mkdirSync(isoClaudeDir, { recursive: true });
+    const savedHome = process.env.HOME;
+    const savedProfile = process.env.USERPROFILE;
+    try {
+      process.env.HOME = isoHome;
+      process.env.USERPROFILE = isoHome;
+      delete require.cache[require.resolve('../../scripts/lib/session-aliases')];
+      delete require.cache[require.resolve('../../scripts/lib/utils')];
+      const freshAliases = require('../../scripts/lib/session-aliases');
+
+      // Make .claude dir read-only BEFORE any setAlias call
+      fs.chmodSync(isoClaudeDir, 0o555);
+
+      const result = freshAliases.setAlias('my-alias', '/sessions/test', 'Test');
+      assert.strictEqual(result.success, false, 'Should fail when save is blocked');
+      assert.ok(result.error.includes('Failed to save alias'),
+        `Should return save failure error, got: ${result.error}`);
+    } finally {
+      try { fs.chmodSync(isoClaudeDir, 0o755); } catch { /* best-effort */ }
+      process.env.HOME = savedHome;
+      process.env.USERPROFILE = savedProfile;
+      delete require.cache[require.resolve('../../scripts/lib/session-aliases')];
+      delete require.cache[require.resolve('../../scripts/lib/utils')];
+      fs.rmSync(isoHome, { recursive: true, force: true });
+    }
+  })) passed++; else failed++;
+
   // Summary
   console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`);
   process.exit(failed > 0 ? 1 : 0);