#21954: Prevent bootstrap hook truncation crash in prompt report

# Prevent bootstrap hook truncation crash in prompt report Closes #19623 ## Summary This patch prevents a runtime crash when malformed bootstrap hook payloads include injected files with missing or non-string `path` values. The system prompt report builder now defensively skips invalid path entries and keeps path matching robust for both raw and normalized separators. ## Problem - Expected: Oversized injected bootstrap content should be truncated safely without crashing the agent pipeline. - Actual: Prompt report generation can throw `TypeError: Cannot read properties of undefined (reading 'replace')` when an injected context file has an invalid `path`. - Impact: Agent runs can fail before reply generation, causing dropped turns and startup/session instability. ## Reproduction 1. Register a bootstrap hook that appends an injected file entry with missing/invalid `path` and large content to trigger truncation/report paths. 2. Trigger an agent run that builds system prompt context and report. - Expected result: Context/report generation completes safely. - Actual result: Runtime throws on `.replace(...)` against `undefined` path. ## Issues Found Severity: high Confidence: high Status: fixed | ID | Severity | Confidence | Area | Summary | Evidence | Status | | --- | --- | --- | --- | --- | --- | --- | | PR-21954-BUG-01 | high | high | `src/agents/system-prompt-report.ts` | Report builder assumed injected `path` was always a string and crashed on malformed hook payloads | `src/agents/system-prompt-report.ts:46` | fixed | ## Fix Approach - Validate injected file `path` before normalization; skip malformed entries. - Index injected files by both raw and normalized path forms to preserve matching behavior. - Guard bootstrap file path/name reads to avoid runtime assumptions in report generation. - Add regression coverage for malformed injected file entries. ## Testing - `pnpm test src/agents/system-prompt-report.test.ts` (pass) - `pnpm lint` (pass) - `pnpm tsgo` (pass) ## Risk / Notes - `pnpm check` currently fails in this branch due a pre-existing unrelated formatting issue in `docs/style.css` after syncing upstream. <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds defensive guards to prevent runtime crashes when malformed bootstrap hook payloads include injected files with invalid `path` values. The fix validates `path` types before normalization and safely skips entries with missing/non-string paths. This prevents `TypeError: Cannot read properties of undefined (reading 'replace')` crashes during prompt report generation, ensuring agent runs complete successfully even when hooks inject malformed context. <h3>Confidence Score: 5/5</h3> - Safe to merge - defensive fix prevents runtime crashes without changing expected behavior - The fix adds proper type guards to handle malformed input gracefully, includes comprehensive test coverage for the regression case, and maintains backward compatibility by preserving all existing path matching behavior (raw, normalized, and basename lookups). The implementation follows TypeScript best practices with explicit type checks rather than unsafe assumptions. - No files require special attention _{Last reviewed commit: 49d8118} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->