chore(THU-645): update default models#1044
Conversation
Semgrep Security ScanNo security issues found. |
PR Metrics
Updated Thu, 02 Jul 2026 11:10:02 GMT · run #2159 |
387579f to
ac0186d
Compare
There was a problem hiding this comment.
🔭 thunder-deep-review (advisory)
Complements the other bots — surfaces only what they did not flag. Never approves, never requests changes, never gates merge.
head: 51675882f920 · mode: single · deferred 1 item(s) already reported by other bots (best-effort dedup)
| * surface as "model retired" rather than broken. | ||
| */ | ||
| export const defaultModelDeepseekV4Flash: Model = { | ||
| id: '019f227e-d640-727d-ba12-d51bd7d0a3d6', |
There was a problem hiding this comment.
Love that Flash ships under a fresh id, the reasoning above checks out on every enforcement point I traced. One thing worries me though: any device still on an older build already runs cleanupRemovedDefaults, and its defaults array doesn't contain this id. When the Flash row syncs to that device it looks like an unedited system model that's no longer shipped, so the old client soft deletes it. And since hashModel includes deletedAt, updated clients then treat the row as user modified and never bring it back, so the whole account loses the new default for good. A lagging desktop app next to an updated web session is enough to trigger it. Maybe cleanup should only touch an explicit list of retired ids, or reconcile could resurrect a row whose hash matches the shipped default plus deletedAt?
| defaultModelOpus48, | ||
| defaultModelDeepseekV4Pro, | ||
| defaultModelKimiK26, | ||
| defaultModelDeepseekV4Flash, |
There was a problem hiding this comment.
Flagging with no strong feelings: user edited Pro or Kimi rows survive by design, still pointing at Tinfoil ids that are presumably going away upstream. Those users will hit raw upstream errors with no hint the model was retired. If that's the accepted tradeoff, all good.
| test('contains four profiles', () => { | ||
| expect(defaultModelProfiles).toHaveLength(4) | ||
| test('contains three profiles', () => { | ||
| expect(defaultModelProfiles).toHaveLength(3) |
There was a problem hiding this comment.
Tiny thought, feel free to ignore: these count tests need a manual bump every time the lineup changes. An assertion that every default profile's modelId maps to a default model (and the other way around) would catch real wiring mistakes without the ceremony.
|
Superseded by #1049, which bundles this lineup change with the THU-637 version-gate and adds a resurrect guard for the pre-THU-637 cleanup race flagged in the review here. Closing. |
|
Preview environment destroyed 🧹 Stack |
Drop Kimi K2.6 and rename DeepSeek V4 Pro → V4 Flash. Row id is preserved so reconciliation upgrades unmodified rows in place; edited rows survive.
Note
Medium Risk
Changes which system models users see and how DeepSeek is served (Tinfoil confidential → Thunderbolt/Fireworks), with migration behavior hinging on soft-deleting the old Pro default rather than reusing its id.
Overview
Updates the provided default model lineup: Kimi K2.6 and its default profile are removed, and DeepSeek V4 Pro (confidential Tinfoil) is replaced by DeepSeek V4 Flash as a standard Thunderbolt model (
deepseek-v4-flash, non-confidential).DeepSeek V4 Flash uses a new row id (not V4 Pro’s) so encrypted threads tied to Pro’s confidential row are not stranded by an
isConfidentialflip; existing Pro rows are expected to be soft-deleted via default cleanup so those chats show as retired instead of breaking. A matching default model profile is wired to the new model id.On the backend,
deepseek-v4-flashis added to inferencesupportedModels, routed to Fireworks (accounts/fireworks/models/deepseek-v4-flash). Tests and fixtures are updated (including Tinfoil proxy examples usingglm-5-2instead of retired DeepSeek Tinfoil ids).Reviewed by Cursor Bugbot for commit 5b3019c. Bugbot is set up for automated code reviews on this repo. Configure here.