Quorum
Sign inInstall
Documentation

Set up Quorum and tune the reviewer panel.

Quorum is a GitHub App that reviews pull requests with configurable AI reviewers through OpenRouter. This page reflects the launch product surface: GitHub reviews, configurable agents, model choice, BYOK, cost visibility, team controls, and self-deploy basics.

Install on GitHub

Quick Start

1
Sign in

Use GitHub OAuth or a magic link. A personal workspace is provisioned automatically on normal signup.

2
Install the GitHub App

Choose the organization and repositories. Quorum seeds the repo list and lets you enable repos from the dashboard.

3
Open or update a PR

Quorum queues a review on opened, synchronize, reopened, and ready_for_review pull-request events. Draft PRs are skipped by default.

4
Tune the policy

Use dashboard agent settings, per-repo reviewer overrides, or a repo-level .ai-review.yml file.

GitHub App

Quorum verifies GitHub webhook signatures before queueing work. Installation and repository webhooks keep the dashboard in sync, and pull-request webhooks queue review runs through Inngest.

Required permissions

Contents: read, Metadata: read, Pull requests: read/write, Checks: read/write, Issues: read/write.

Subscribed events

installation, installation_repositories, pull_request.

Status checks

Quorum creates GitHub check runs when Checks write permission is installed. Review comments still post without checks.

Review behavior

Reviews are advisory by design. Quorum posts review comments and status checks for visibility while humans keep merge control.

Reviewer Panel

The default panel is Correctness, Security, and Architecture. The catalog also includes Tests, Performance, Frontend UX, Migrations, and Accessibility reviewers. You can save a custom account-level panel and per-repo overrides.

Persisted controls

Name, model, focus list, system prompt, paused state, min confidence, max findings, inline posting, duplicate handling, and learnings preference.

Execution

Reviewers run in parallel. A failed reviewer is recorded, and the run only fails when every reviewer fails.

Aggregation

Findings are filtered, deduped, sorted by severity and confidence, then capped before inline posting.

Models And BYOK

The default model is deepseek/deepseek-v4-pro. The model picker is backed by the live OpenRouter catalog, so any valid OpenRouter model slug can be selected.

BYO OpenRouter key

Bring your own key from the dashboard. Keys are AES-256-GCM encrypted at rest and used at review runtime when platform-key routing is disabled.

Platform key

Accounts without BYOK use the platform OpenRouter key.

Cost estimates

Usage events record model, tokens, reviewer timing, failures, and estimated cost, surfaced on the cost dashboard.

Noise Controls

Modes

Balanced is the default. Quiet, balanced, and paranoid reviewer modes are available.

Confidence floor

The default min_confidence is 0.75. Findings below the effective threshold are dropped before posting.

Inline cap

Up to 10 inline comments per review by default. The cap is enforced server-side.

Skips

Draft PRs, skip labels, and skip path globs are enforced before a review is queued where possible.

Per-reviewer controls

A reviewer can be paused, capped by max_findings, or set to summary-only with post_inline=false.

Policy YAML

Commit .ai-review.yml at the repository root to override dashboard policy for that repo. It is loaded from the PR head SHA and merged into the active policy.

review:
  enabled: true
  language: en
  mode: balanced
  trigger:
    - opened
    - synchronize
    - reopened
    - ready_for_review

  skip:
    draft_prs: true
    labels:
      - skip-ai-review
    paths:
      - dist/**
      - build/**
      - yarn.lock
      - package-lock.json

  rules:
    min_confidence: 0.75
    max_inline_comments: 10
    post_summary_when_clean: true
    human_approval_required: true
    paths:
      - glob: "src/auth/**"
        min_confidence: 0.85
        max_inline_comments: 5

  reviewers:
    - id: correctness
      name: Correctness Reviewer
      model: deepseek/deepseek-v4-pro
      focus:
        - likely bugs
        - regressions
        - edge cases
    - id: security
      name: Security Reviewer
      model: deepseek/deepseek-v4-pro
      focus:
        - auth bypasses
        - injection risks
        - unsafe data handling

Feedback And Learning

Review findings can be marked open, accepted, dismissed, or suppressed. These states power dashboard acceptance metrics and give the reviewer panel a clean signal for future tuning.

Self-Host

A lightweight Docker self-deploy path is available for early customer environments. It runs the Next.js app and expects Supabase, Inngest, GitHub App, and OpenRouter credentials in the environment. Helm, Terraform, SAML, and air-gapped model routing are handled as guided enterprise rollout work.

cp .env.example .env.local
docker compose -f docker-compose.selfhost.yml up --build

The source tree includes SELF_HOST.md and docker-compose.selfhost.yml with the same setup path.

Availability

Launch surface

GitHub review workflow, agents, BYOK, cost dashboard, team controls, and self-deploy setup are part of the product today.

Feedback memory

Finding states are stored and surfaced in metrics; reviewer memory uses that signal as the dataset grows.

Rate limiting

The default limiter is process-local. Redis or Upstash is the recommended store for multi-replica deployments.

Open core

Self-host setup is available now; the formal open-core packaging and license split can be rolled out cleanly around it.

Developer API

Workspace API keys ship with read scopes for reviews, repos, and usage, plus a learning-write scope. Health is available at GET /api/health.