Module fallible 

try_reserve_exact wrapper at ingress boundaries so allocator failures surface as typed events. fallible::testing is a stub-allocator seam under test-components. Fallible Vec::try_reserve_exact wrapper used at engine ingress boundaries per docs/internal/superpowers/specs/2026-06-24-engine-boundary-fallibility-and-backend-owned-tensors.md §1 (Principle 1) + §2.1 sites S4 / S5.

Production code calls Vec::try_reserve_exact directly through this single wrapper so the test harness can intercept the call and force a TryReserveError without monkey-patching the global allocator — keeps the peak_alloc / dhat test infrastructure free of conflicts.

At runtime the wrapper is a zero-cost forward to Vec::try_reserve_exact; the cfg(any(test, feature = "test-components")) arm threads the injection state through a thread-local Cell so integration tests in the facade crate can drive the seam through the same one-shot fault primitive the crate-internal tests use.

Hot path: one branch + one fn call (LLVM inlines the non-test arm).

Modules

testing

Thread-local one-shot fault for the try_reserve_exact seam in the enclosing module. Reachable under cfg(any(test, feature = "test-components")) so integration tests in the facade crate can drive the same seam the crate-internal sibling tests use. FailOnce::install returns an RAII guard that clears the thread-local on drop so a panicking assertion does not poison the next test on the thread.