After writing a peer certificate to disk, the fetchCert path returned true and continued as if TLS was ready — even when the trust store reload loaded zero certificates (e.g., the file was corrupt or the trust dir was empty). No warning appeared at the call site, only deep in HttpClientProvider.rebuild().
HttpClientProvider.rebuild() called trustManager.reload() (which already returned a loaded count) but returned Unit, discarding the count. The rebuildHttpClient() wrapper propagated the same opaque Unit. Callers in HttpClient.jvm.kt and HttpClient.android.kt had no signal to detect a failed reload after writing a cert.
Additionally, KrillAppMeta.kt’s is MenuCommand -> ServerMetaData() catch-all fired silently when .meta() was called on an SSE-discriminator type — with no log, making it invisible at runtime.
HttpClientProvider.rebuild() now returns Int (the cert count from trustManager.reload()).rebuildHttpClient() propagates this count to callers.HttpClient.jvm.kt and HttpClient.android.kt now log at WARN if rebuildHttpClient() returns 0 after writing a cert — confirming the write succeeded but TLS will not work.KrillAppMeta.kt is MenuCommand -> ServerMetaData() branch now logs at WARN so unexpected calls are not invisible.HttpClientProviderConcurrencyTest extended with two new cases that verify the return value of provider.rebuild() (zero on empty dir, positive on valid cert).Unit to its own callers is a hidden silencer. Propagate the count or at minimum log at the call site.when arm in a metadata factory silently returns a placeholder (e.g., ServerMetaData() for a non-node type), add a logger.w() so the fallback is always visible in logs.