Skip to content
Changelog

Every release is about more signal and less noise

Follow the product as it gets sharper: better findings, cleaner controls, and fewer reasons to leave GitHub. Follow @prquorum for release notes.

Filter
17 entries · last 90d
2026-05-30
v0.2.0
improvement

Rebrand to PR Quorum — action items for existing customers

We renamed the product, the domain, the GitHub App, and the outbound webhook headers. Everything still works without changes, but two integrations need attention before 2026-08-31 if you rely on them.

  • Action: GitHub branch protection rules that required the Quorum / review check should be edited to reference the new PR Quorum check name — GitHub treats them as separate checks.
  • Action: Webhook consumers should switch from X-Quorum-* headers to X-PRQuorum-*. We send both for a 90-day transition window; the legacy aliases stop on 2026-08-31.
  • Changed: Customer-facing URLs and brand strings now use prquorum.com.
  • Changed: Bot username on PR comments derives from the new GitHub App slug pr-quorum[bot].
  • Improved: Customer Portal now lets you switch between Pro and Team on monthly and annual cycles, with end-of-period cancel and a reason picker.
  • New: Public status page at /status with live reachability + latency probes for Supabase, GitHub, Stripe, OpenRouter, Inngest, and Resend.
  • New: Billing webhook side-effects — audit trail for paid/failed invoices, customer-facing email on payment failures, account freeze on chargebacks, and a 3-retry / 7-day dunning policy that auto-downgrades to Free.
2026-05-07
v0.1.2
fix

Backoff for OpenRouter 429s

Rate-limit responses were failing the whole review run instead of retrying. Backoff is now exponential with jitter, capped at 30s per attempt, and honors Retry-After when present.

  • Fixed: 429 + Retry-After header is honored before falling back to exponential backoff
  • Fixed: Cancelled runs were still counted against the per-repo concurrency cap
  • Fixed: Settings page incorrectly cached the previous account when switching orgs
2026-05-05
v0.1.1
improvement

Inline comments render as GitHub suggestions

When a finding includes a suggestion field, the inline comment now uses a fenced ```suggestion block so maintainers can apply the fix in one click. Existing reviews are not regenerated.

  • Improved: ```suggestion block emitted only when suggestion is non-empty and matches the diff context
  • Improved: Severity colors in the summary footer now match the policy palette
  • Improved: Removed the legacy diff-as-prose fallback so suggestion output stays consistent
2026-05-02
v0.1.0
feature

Three-reviewer panel ships

Correctness, Security, and Architecture run in parallel through OpenRouter on every PR. The aggregator dedupes findings and posts a single GitHub review.

  • New: Inngest function reviewPullRequest with concurrency 5/repo, 2 retries
  • New: Reviewer fan-out via Promise.all on OpenRouter chat-completions
  • New: Single POST /pulls/n/reviews with summary + inline comments
  • New: All findings persisted to review_findings; usage_events ledger written per call
2026-04-28
v0.0.10
fix

Webhook signature + GitHub auth resilience

Webhook and GitHub auth handling are now more resilient.

  • Fixed: HMAC verification was rejecting valid webhooks when the body included certain unicode whitespace
  • Fixed: GitHub App JWT signing now retries on 502 instead of crashing the worker
  • Fixed: Repositories without a default branch (mirrors, archived) no longer poison the install sync
2026-04-26
v0.0.9
feature

Aggregator + diff-position mapping

Findings are filtered by min_confidence, deduped by (file, line, lowercased title), sorted by severity, and truncated at max_inline_comments. Inline comments are only posted on lines that map to a unified-diff position.

  • New: aggregateFindings with severity rank (critical=4 … low=1) + confidence tiebreak
  • New: mapPatchLineToPosition parser walks @@ hunks and +/context lines
  • New: verdictForFindings → clean | minor | needs_attention
  • Note: findings without a diff position stay in DB but drop from inline post
2026-04-22
v0.0.8.1
improvement

Housekeeping

Dependency bumps and a small dead-code sweep. No behavioral changes for end users.

  • Changed: @inngest/sdk 3.18 → 3.21
  • Changed: zod 3.23 → 3.24 (no deprecation warnings)
  • Removed: Two unused peer deps from the migration scripts
2026-04-15
v0.0.8
feature

.ai-review.yml policy parsing

Repo-level policy parsed with Zod. Loaded from the PR head SHA when policy_source is "repository". Override per-reviewer model, raise min_confidence, or skip drafts.

  • New: parsePolicyYaml accepting trigger, skip.draft_prs, skip.labels, rules.*, reviewers[]
  • New: review_policies table with policy JSON per repo
  • New: defaults — min_confidence 0.75, max_inline_comments 10
  • New: skip.paths and skip.labels enforced before queueing when GitHub file listing is available
2026-04-09
v0.0.7.2
fix

Quota counter + BYOK attribution

Quota and BYOK attribution now line up with the actual review activity shown in the usage dashboard.

  • Fixed: 30-day quota chart no longer double-counts retried runs
  • Fixed: BYOK runs were attributed to "platform" in usage_events; per-account BYOK runs are now correctly tagged
  • Fixed: Empty .ai-review.yml files were rejected with a confusing error; now treated as "use defaults"
2026-04-03
v0.0.7
feature

GitHub App webhook + signature verification

GitHub pull_request webhooks are HMAC-verified, then upsert accounts, github_installations, repositories, and review_policies before queuing the Inngest event.

  • New: HMAC verification with constant-time comparison
  • New: GitHub App JWT signing in lib/github/client.ts (no Octokit, fetch-only)
  • New: Auto-account-create on first install with plan_key=free
2026-03-28
v0.0.6.1
security

Dependency security refresh

Refreshed HTTP client dependencies and GitHub App key handling as part of the security maintenance cycle.

  • Security: Updated transitive HTTP client dependencies
  • Security: Refreshed GitHub App key handling for managed deployments
2026-03-22
v0.0.6
feature

Stripe billing + quota enforcement

Stripe customer.subscription.* webhooks update stripe_subscriptions. The Inngest pipeline enforces monthly_review_quota by counting review_runs in the calendar month and hard-stopping on overage.

  • New: Plan ladder wired — Free, Pro, Team, and Scale, each with its own monthly review quota (Beta granted manually to early testers)
  • New: Stripe webhook upserts on subscription created/updated/deleted
  • New: Quota check inside reviewPullRequest before any reviewer call
2026-03-15
v0.0.5.2
improvement

Logs that are useful in support tickets

Run detail pages now expose the debugging context maintainers need when a review fails or looks expensive.

  • Improved: Each reviewer call now shows the OpenRouter request id (paste it into a support ticket)
  • Improved: Stack traces in failed runs are collapsible and copyable
  • Improved: Aggregator decisions (kept / dropped / deduped) are listed in the run timeline
2026-03-08
v0.0.5
security

BYOK key storage (AES-256-GCM)

OpenRouter API keys are stored encrypted at rest in account_ai_settings.openrouter_key_encrypted using AES-256-GCM with a per-row IV.

  • New: lib/crypto/secrets.ts — encrypt / decrypt helpers
  • New: Settings UI to add, rotate, and revoke an OpenRouter key
  • New: per-account BYOK routing used at review runtime on Pro and above
2026-03-01
v0.0.4.1
fix

Cost rounding + CSV export

Two small cost-related bugs surfaced during month-end reconciliation.

  • Fixed: Tokens-per-call were rounded down before multiplying by the per-token rate, undercounting cost by ~3% on long PRs
  • Fixed: Daily cost CSV export had a stray UTF-8 BOM that broke Excel imports on Windows
2026-02-22
v0.0.4
improvement

Run + finding history

Every review writes a review_runs row with verdict, summary, cost, and duration. Per-finding rows hold the file, line, severity, confidence, body, and optional suggestion.

  • Improved: Cost estimation at $1.50 per 1M tokens (flat, model-agnostic for now)
  • Improved: Run dashboard shows status timeline + cost breakdown
  • Fixed: Status correctly transitions queued → running → completed | failed
2026-02-09
v0.0.3
fix

Advisory review mode

Reviews are posted with event 'COMMENT'. The summary footer reminds maintainers that the panel is advisory and humans decide merge.

  • Fixed: System prompt now explicitly forbids requesting changes
  • Fixed: Verdict shown as a label, never enforced as a status check