Build(deps): Bump inquirer from 8.2.6 to 12.9.4#114
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Bumps [inquirer](https://github.com/SBoudrias/Inquirer.js) from 8.2.6 to 12.9.4. - [Release notes](https://github.com/SBoudrias/Inquirer.js/releases) - [Commits](https://github.com/SBoudrias/Inquirer.js/compare/inquirer@8.2.6...inquirer@12.9.4) --- updated-dependencies: - dependency-name: inquirer dependency-version: 12.9.4 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Contributor
Author
|
Superseded by #123. |
joelteply
added a commit
that referenced
this pull request
Jun 2, 2026
Enumerates every direct adapter.generate_text call site in the tree as of 2026-05-31. 19 hits total; classified as: - 4 canonical paths (the command + handle store implementations themselves; can%27t go through themselves) - 6 confirmed bypasses (cognition / persona / agent / http) — should route through InferenceHandleStore / Commands.execute - 1 debatable (rag_inspect probe — acceptable as a one-shot) - 8 test-only call sites (allowed; testing the adapter contract) The 6 bypasses split into 3 priority tiers and become tasks #112 (persona response — highest, the hot path), #113 (cognition gating + validation — medium), and #114 (agent + http — lower). The audit doc explains the boundary (when adapter.generate_text is canonical vs bypass), provides the grep command for re-running the audit before merging new inference-using code, and documents when to update the doc.
joelteply
added a commit
that referenced
this pull request
Jun 2, 2026
…trict opt-in (#128) ## Why Joel (2026-06-01) called out a recurring failure mode: "You mix this fake shit in and it's going live ALL THE TIME. Why fallbacks are forbidden. The fake shit is a CHOSEN model adapter no other form. Declaration. Gating in test is smart." The HeuristicInferenceAdapter was registered unconditionally at boot in `modules::ai_provider`, and its `supports_model()` returned `true` for any model name including production IDs like `anthropic/claude-opus-4-7`. Two structural leaks: auto-discovery could pick it via tier-3 walk in `AdapterRegistry::select()` when callers passed `model: None`; explicit-by-name lookups for real production models silently degraded to it when no real adapter was registered first. Both paths "go live ALL THE TIME." This commit closes the leaks structurally — not via runtime guards that can be forgotten, but via the compiler. ## What ships ### 1. Compile-time elimination (the no-going-back gate) - `Cargo.toml`: new `test-fixtures` feature flag. Production builds do not enable it. - `src/ai/mod.rs`: `pub mod heuristic_adapter` and re-exports gated behind `#[cfg(any(test, feature = "test-fixtures"))]`. Without the feature, the entire module + struct + constants don't exist in the binary. Unit tests in continuum-core get it free via `cfg(test)`; external test code / fixtures opts in via the feature. - `Cargo.toml`: `airc_chat_demo` bin target now declares `required-features = ["test-fixtures"]` — it uses heuristic and must opt in like any other test-fixture consumer. ### 2. Removal of unconditional production registration - `src/modules/ai_provider.rs`: deleted the unconditional `registry.register(HeuristicInferenceAdapter::new(), 99)` block. The comment about "lowest priority so never auto-selects" was wrong; nothing prevented `select()` with `model: None` from landing there. Tests that legitimately want heuristic register it explicitly in setup (no global default registration). ### 3. Trait-level self-declaration (belt-and-suspenders) - `src/ai/adapter.rs`: new `fn is_production_capable(&self) -> bool` on `AIProviderAdapter` (default `true`). Real adapters keep the default; heuristic returns `false`. - `src/ai/adapter.rs`: new `AdapterSelectionError` type with `Display` impl that names what was requested, what's registered, and what remediation looks like. Designed for downstream `select_production` callers in follow-up slices. - `src/ai/adapter.rs`: `AdapterRegistry::select()` now refuses calls with no `preferred_provider` AND no `model` — the textbook auto-discovery path forbidden by [[no-fallbacks-ever]]. Hard return None with a diagnostic. Callers must specify intent. ### 4. Heuristic strict opt-in - `src/ai/heuristic_adapter.rs`: `supports_model()` overridden to match ONLY model names starting with "heuristic" (case-insensitive). Previously returned `true` unconditionally — THE leak path. The test asserting that behavior (renamed: `supports_only_heuristic_model_names_never_substitutes_for_real_models`) now pins the opposite: production model names like `anthropic/claude-opus-4-7`, `gpt-4`, `qwen3.5-4b-code-forged-Q4_K_M` MUST NOT match. - `supported_model_prefixes()` declares `vec!["heuristic"]` (was empty + comment claimed "opt-in only" but the empty list combined with always-true `supports_model` meant anything went). The two methods now agree and the registry's prefix-based auto-routing cannot pick heuristic for any real model name. ## Layered defense Heuristic adapter cannot reach production traffic via FOUR independent barriers: 1. cfg-gate: not in the binary unless `test-fixtures` is on 2. No auto-registration: even with the feature, nothing in production code registers it 3. Trait self-declaration: `is_production_capable() = false` for `select_production` (follow-up #128 slice 2) 4. Strict model match: even at test time, only "heuristic-*" model names route here Joel: "No fallbacks ever it's forbidden." Now structural, not policy. ## Tests (47 passing, no regression) - `ai::heuristic_adapter::tests` — 10/10 pass with `test-fixtures` including the rewritten `supports_only_heuristic_model_names_never_substitutes_for_real_models`. - `ai::adapter::tests` — pass - `modules::generator::tests` — 8/8 pass (regression check) - `persona::hw_tier_descriptor::tests` — 11/11 pass (regression check) - `persona::orm_entity_registration_tests` — 2/2 pass (regression check) - `orm::entity::tests` — 10/10 pass (regression check) - Full lib test sweep with `test-fixtures` green (regression sweep) - Production build (`cargo build --lib --features metal,accelerate`) with NO test-fixtures: clean, heuristic adapter physically absent from the binary ## Follow-up (deferred) - Wire qwen3.5-4b-code-forged-Q4_K_M (the local GGUF on this Intel MacBookPro15,1) through the persona path so we have a REAL model running. The chat-flawless work continues on top of this clean base. - `select_production()` method that wraps `select()` and additionally filters `is_production_capable()`. Will land when the first production cognition call site is migrated to use it. - Audit existing `select()` callers — anyone passing `model: None` is now broken loud; either give them a real model or refactor. References: [[no-fallbacks-ever]], [[no-if-statements-use-llms-for- cognition]], [[persona-chat-flawless-before-video]], [[persona-webrtc-all-tiers-latency-obsessed]], #103 (heuristic promotion that this constrains), #105 (bypass audit), #112-#114 (routing the cognition path through inference command — chat-flawless slices C+). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps inquirer from 8.2.6 to 12.9.4.
Release notes
Sourced from inquirer's releases.
... (truncated)
Commits
fdc9201Publish3deee5cfix(@inquirer/core): Remove vim/emacs easter eggs conflicting with type-to-se...df341a8Publish2d8ddccfix(@inquirer/confirm): Fix when using with unix yes command. (#1815)f5c39a8chore: Document known issue with setRawMode(true). Closes #1721daf4d6fPublishb4992d3fix: lockfile regenerated7ddf02bchore (@inquirer/external-editor): Add keyword to help search82df7a2fix (@inquirer/external-editor): Make@types/nodean optional peer dependency28c2f20chore (@inquirer/external-editor): Add note to README about being a replacementDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)