v0.13.0 — Public API

The "Public API" Release

Stable public API for web consumers — dynamic provider/model registry, OAuth passthrough, and clean package exports.

New Exports

• quorum-ai/registry — dynamic provider/model discovery (22 providers from pi-ai with pricing, context windows, capabilities)
• quorum-ai/oauth — OAuth login, refresh, and API key extraction for 5 providers
• quorum-ai/providers — stable export for createProvider() (replaces fragile dist/ imports)

OAuth Support

• 5 OAuth providers: Anthropic, GitHub Copilot, Google Gemini CLI, Google Antigravity, OpenAI Codex
• All work in web contexts via onManualCodeInput callback
• New oauth_piai auth method for passing stored OAuth credentials through ProviderConfig
• Auto-refresh and API key extraction via pi-ai

Web Migration Path

import { createProvider } from "quorum-ai/providers";
import { getProviderRegistry } from "quorum-ai/registry";
import { startOAuthLogin } from "quorum-ai/oauth";

Other

• api_key fast path in resolveApiKey() — skips CLI-specific probing
• 19 new tests (210 total)

Full Changelog: v0.12.0...v0.13.0

v0.12.0 — Lean & Clean

The "Lean & Clean" Release

Dependency diet, config safety, CLI discoverability, and provider layer simplification.

Dependency Changes

• chalk → picocolors — 15KB → 3KB color library across all CLI modules
• pdf-lib → optionalDependencies — saves ~2.5MB for users who never export PDFs
• Added zod — runtime config validation with soft warnings

Config Validation

• Zod schema for CounselConfig — validates provider shapes, auth methods, provider enums
• Soft validation — warns on malformed configs but doesn't crash

CLI Discoverability

• --help examples on 14 commands — ask, review, ci, versus, follow-up, watch, replay, rerun, explain, diff, stats, init, memory search, arena run

Provider Layer Simplification

• mapProvider() reduced from 12-entry record to 4-case switch
• resolveApiDetails() reduced from 12-case switch to 3 + pi-ai delegation
• Bug fix: groq, xai, and mistral were incorrectly mapped to openai, preventing pi-ai from finding their models

Fixes

• Fixed stale eslint-disable directive in attestation-export.ts
• Fixed type errors in streaming.test.ts

Full Changelog: v0.11.1...v0.12.0

v0.11.1 — CI Fixes

CI Fixes

Follow-up to v0.11.0 addressing CI failures:

• Node 18 → 20 — transitive dep @aws-sdk/client-bedrock-runtime (via pi-ai) requires Node >= 20. The engine-strict=true setting added in v0.11.0 correctly caught this.
• CI matrix — dropped Node 18, now tests on Node 20 + 22
• Prettier — formatted all split CLI modules
• Stale test path — tests/streaming.test.ts still referenced dist/cli.js (now dist/cli/index.js)

All 191 tests pass. CI green on Node 20 and 22.

v0.11.0 — Audit Remediation

The "Audit Remediation" Release

Comprehensive code audit and remediation — bug fixes, major refactoring, dependency cleanup, and test coverage.

Bug Fixes

• Version mismatch — CLI was reporting 0.4.1 instead of 0.10.2; now reads version dynamically from package.json
• Groq/xAI provider routing — both providers were in the type system but missing from routing, detection, and CLI menu; now fully supported
• Gemini CLI error message — pointed users to the wrong npm package
• macOS Keychain — added explicit platform guard instead of relying on catch block

Major Refactoring

• CLI monolith split — decomposed src/cli.ts (5,214 lines) into 9 focused modules in src/cli/
• CLIError pattern — replaced 120 of 123 process.exit() calls with throwable errors, enabling testability
• inquirer → @inquirer/prompts — migrated to lighter, tree-shakeable prompt library

Testing

• 19 CLI integration tests — first-ever CLI command tests (version, help, providers, error paths, subcommand help)
• Vitest config — fixed double-running tests from dist/ (was reporting 319, actually 191)
• Type-check script — npm run typecheck now covers both src/ and tests/

Packaging

• Cleaned 26 stale test files from dist/ that shipped to npm
• Comprehensive .npmignore safety net
• engine-strict=true enforces Node >= 18

Full details: CHANGELOG.md | AUDIT.md

v0.10.2

Allow Ollama by default with slow-provider warning

v0.10.1 — Workspace bugfixes

• Fix short session ID resolution in workspace (ESM compat)
• Fix workspace server staying alive (parseAsync)

v0.10.0 — Streaming & Live Workspace

What's New

🎙️ Streaming Support (--live flag)

• quorum ask --live streams provider responses in real-time
• Structured stream:start/delta/end events for external consumers

🖥️ Live Deliberation Workspace (#32)

• quorum workspace <session-id> — replay sessions in a web UI
• quorum workspace --live — watch deliberations unfold in real-time
• Dark theme, responsive, human intervention controls (challenge, redirect, pause)
• WebSocket + REST API, default port 3737

Closes

• #14, #32, #24 (epic complete 🎉)

319 tests, 30 test files, 4 reliable providers

v0.9.0 — PR Summary Cards + Policy Controls

What's New

📋 Embedded Summary Cards (#28)

• quorum ci --card generates compact verdict cards (≤500 chars)
• Formats: markdown, JSON, HTML (--card-format)
• Detailed mode (--card-detailed) for full context
• GitHub Actions annotations (--annotations) — ::notice/::warning/::error
• Verdict with emoji, confidence/consensus %, top finding, dissent, provider breakdown

🛡️ Reliability & Policy Controls (#31)

• Risk tier classification: low/medium/high/critical based on consensus, confidence, dissent severity, provider agreement
• Policy config: .quorum/policy.yml with customizable thresholds and actions per tier
• quorum ask --policy <file> applies policy controls to deliberation
• Calibration tracking: logs prediction vs outcome over time
• CLI: quorum policy init|show|validate|calibration
• Default policy is warn-only (no breaking changes)

Stats

• 309 tests passing, zero regressions
• 1,847 lines added across 9 new files

Full Changelog: v0.8.0...v0.9.0

v0.8.0 — Attested Deliberation Graphs + Constitutional Intervention

What's New

🔐 Cryptographic Attestation System

• Phase-boundary attestation records with SHA-256 hash chains
• quorum attest <session> — view attestation chain
• quorum attest diff <s1> <s2> — compare where two sessions' reasoning diverged
• quorum attest export <session> --format pdf|html|json — export audit certificates for compliance

🏛️ Constitutional Intervention Points

• quorum ask --interactive — structured human involvement at phase boundaries
• 4 intervention types: halt, redirect, inject-evidence, request-clarification
• Every intervention is itself attested in the hash chain (tamper-evident)

📊 Calibrated Uncertainty Signaling

• Vote disagreement, position drift, evidence conflicts, novelty detection
• Composite uncertainty score displayed in synthesis output
• quorum uncertainty trends — track uncertainty across sessions over time

🧠 Reasoning Schemas

• Define structured reasoning frameworks for domain-specific deliberations
• quorum ask --schema <name> — apply a schema to guide model reasoning
• quorum schema init — install 3 built-in schemas: legal, technical-review, risk-assessment
• quorum schema list|show|create — manage custom schemas
• Schema-guided prompts inject structure into GATHER and PLAN phases

Stats

• 9 new modules, 3,280 lines added
• 187 tests passing (20 test files), zero regressions

Full Changelog: v0.7.0...v0.8.0

v0.7.0 — Canonical Deliberation Record + Integrity Hash Chain

What's New

Canonical Deliberation Record & Integrity Hash Chain (#25, #26)

Deliberation sessions now produce a tamper-evident audit trail:

• Each phase generates a canonical JSON record with deterministic serialization
• SHA-256 hash chain links phases together — each phase's hash includes the previous phase's hash
• quorum verify <session> validates the entire chain integrity
• Recursive stable serialization ensures consistent hashing regardless of key order

Verify a session

quorum verify last
# ✅ Integrity verified — 7 phases, hash chain intact

Other

• Prettier formatting fixes
• 15 tests passing (new: canonical + integrity test suites)

Full Changelog: v0.6.0...v0.7.0