instar 1.3.426 → 1.3.427

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "instar",
3
- "version": "1.3.426",
3
+ "version": "1.3.427",
4
4
  "description": "Coherence infrastructure for self-evolving AI agents — on the Claude Code or Codex subscription you already have.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "./builtin-manifest.schema.json",
3
3
  "schemaVersion": 1,
4
- "generatedAt": "2026-06-08T05:39:52.430Z",
5
- "instarVersion": "1.3.426",
4
+ "generatedAt": "2026-06-08T05:54:27.957Z",
5
+ "instarVersion": "1.3.427",
6
6
  "entryCount": 199,
7
7
  "entries": {
8
8
  "hook:session-start": {
@@ -0,0 +1,20 @@
1
+ # Upgrade Guide — vNEXT
2
+
3
+ <!-- assembled-by: assemble-next-md -->
4
+ <!-- bump: patch -->
5
+
6
+ ## What Changed
7
+
8
+ Added the forward-ratchet enforcement for the "No Silent Degradation to Brittle Fallback" safety standard: `tests/unit/no-silent-llm-fallback.test.ts`. It enumerates every file that calls an LLM (`IntelligenceProvider.evaluate()`) and requires each to either carry a safety marker (degradation is reported, or the call is marked gating so it swaps providers and fails closed) or be listed as reviewed-advisory with a reason. A new LLM call that ships a silent brittle fallback in a gating path now fails CI instead of slipping through. Also recorded the round-2 convergence audit in the standard's spec: 44 callsites swept, zero dangerous fail-open gates remaining (the two that existed were fixed earlier), 23 classified as benign-advisory.
9
+
10
+ ## What to Tell Your User
11
+
12
+ I added a guard that makes it impossible to quietly ship a safety check that silently falls back to dumb logic when its AI is unavailable — any new one has to either switch to a backup provider, refuse safely, or be explicitly reviewed. I also finished a full sweep and confirmed there are no remaining dangerous spots.
13
+
14
+ ## Summary of New Capabilities
15
+
16
+ - A CI ratchet over every LLM call site that prevents new silent LLM-to-heuristic fallbacks in gating paths, backed by a documented, staleness-checked classification of every existing call site.
17
+
18
+ ## Evidence
19
+
20
+ The audit that prompted this standard found two safety gates that returned a permissive verdict when their LLM was rate-limited — failing open exactly when they mattered. Those were fixed (fail-closed) and the provider-swap was added. This lint is the structural guard that stops a new one from being introduced: before it, a fresh gate with a silent heuristic fallback would pass CI unnoticed; now it fails the ratchet until the author swaps, fails closed, reports the degradation, or explicitly classifies the call as advisory. Verified by running the test against current main — it discovers 44 callsites and passes only because all are marked or reviewed; adding an unmarked gating callsite makes it fail with the offending file named.