v2.3.3

v2.3.3 — Web UX 개선

Pipeline Page

• WS 연결 없이도 ReviewTrigger 폼 표시 (이전: Disconnected면 빈 화면)
• idle 메시지 간결화: 3줄 → 1줄

ReviewTrigger

• 제출 후 폼 자동 리셋 (textarea, PR URL, provider, model 초기화)
• 성공 메시지 "Review started! Check Pipeline or Sessions page for results." 5초 표시

Empty States

• Models: "No models reviewed yet. Run a code review to see model performance."
• Costs: "No cost data yet. Costs are tracked after reviews with paid models."

Toast

• auto-dismiss 3초 → 5초 (Config 저장 등 피드백 놓침 방지)

Full Changelog: v2.3.2...v2.3.3

v2.3.2

v2.3.2 — Fallback/Retry 강화

Highlights

• 리뷰어 응답률 2/5 → 5/5 (무료 모델 기준)
• 리뷰 속도 196초 → 83초 (57% 단축)
• 이슈 발견 2개 → 9개 (retry 성공으로 더 많은 리뷰어 참여)

New: Error Classifier

에러를 4가지로 분류하여 최적 retry 전략 적용:

• rate-limited (429): retry-after 헤더 파싱, 해당 시간만큼 대기 후 재시도
• auth (401/403): 즉시 forfeit, 재시도 없음
• transient (5xx/timeout): exponential backoff 재시도
• permanent (기타 4xx): 즉시 skip, 시간 낭비 방지

Changes

• AI SDK maxRetries: 0 — 이중 재시도 제거 (SDK 2회 + 앱 2회 = 최대 9회 맹목 시도 → 앱만 2회)
• 429는 circuit breaker에 기록 안 함 — rate limit은 모델 고장이 아님, circuit이 조기 열리는 문제 해결
• Fallback chain에서 health monitor 체크 — 죽은 모델/예산 초과 모델 자동 skip
• L2 supporter 1회 재시도 — transient/rate-limited 에러 시 한 번 더 시도
• L3 head verdict 1회 재시도 — LLM 실패 시 한 번 더 시도 후 rule-based fallback

CI

• review.yml: OpenRouter 지원 + CI config 자동 생성

Tests

• Error classifier 27개 테스트 추가
• 총 3,163 tests, 0 failures

Full Changelog: v2.3.1...v2.3.2

v2.3.1

v2.3.1

Bug Fixes

• SARIF 출력 포맷 지원 추가 (--output sarif)
• 빈 stdin 입력 시 exit 1 반환 (기존 exit 0)
• agreement 커맨드 result.json 없을 때 reviews/ 폴더 fallback
• CI typecheck 에러 수정 (DiscussionVerdict import, MockInstance 타입, Dirent 타입)
• Node 20 AbortSignal 호환성 수정

Refactoring

• cli/index.ts 1,302줄 → 292줄 (8개 커맨드 모듈 추출)
• core/orchestrator.ts 1,092줄 → 550줄 (cache-manager, session-recovery, stage-executors, pipeline-helpers 분리)
• core/moderator.ts 888줄 → 774줄 (supporter-selector 분리)
• github/mapper.ts 597줄 → 186줄 (formatter.ts 분리)
• notifications 중복 코드 제거 (truncate, colors, retry 공통화)
• mcp 미사용 export 제거 (runQuickReview/runFullReview)
• pr-size.yml 62줄 → 36줄 간소화
• CI 워크플로우 안정성 개선 (release publish 에러 핸들링, review 타임아웃, build 검증)

Tests

• TUI: 0 → 37개 테스트 (5 파일)
• CLI review 커맨드: 64개 테스트
• Web API 통합: 46개 테스트
• TUI E2E flow: 4개 테스트
• 총 4,786 tests, 0 failures

Other

• TUI (experimental) 태그 제거
• MCP/Web 서버 버전 동기화

Full Changelog: v2.3.0...v2.3.1

v2.2.2

Full Changelog: v2.2.1...v2.2.2

Full Changelog: v2.2.1...v2.2.2

v2.2.1

What's Changed

• docs: comprehensive v2.2.0 documentation update by @justn-hyeok in #442

Full Changelog: v2.2.0...v2.2.1

What's Changed

• docs: comprehensive v2.2.0 documentation update by @justn-hyeok in #442

Full Changelog: v2.2.0...v2.2.1

What's Changed

• docs: comprehensive v2.2.0 documentation update by @justn-hyeok in #442

Full Changelog: v2.2.0...v2.2.1

v2.2.0 — Hallucination Filter & Review Quality

v2.2.0 — Hallucination Filter & Review Quality

4-Layer Hallucination Filter

Free-tier model false positive rate dropped from 100% to <25%. CRITICAL false positives: 9 → 0.

• Layer 1: Pre-debate check — removes findings referencing non-existent files/lines
• Layer 2: Corroboration scoring — single-reviewer findings penalized, triple+ boosted
• Layer 3a: HC debate required — no more unchallenged auto-escalation
• Layer 3b: Adversarial prompt — supporters must disprove claims, not just agree
• Layer 3c: Static analysis evidence in debate — tsc, file tags, impact data
• Self-contradiction filter — findings admitting "already handled" get penalized
• Evidence-level dedup — merges duplicate findings before debate

Pre-Analysis Layer

5 analyzers run before reviewers: semantic diff classification, TypeScript diagnostics, change impact analysis, external AI rule files, path-based rules.

Specialist Reviewer Personas

4 built-in: builtin:security, builtin:logic, builtin:api-contract, builtin:general. Auto reviewers cycle through for diverse perspectives.

Suggestion Verification

CRITICAL+ code suggestions verified via TypeScript transpiler. Failed = confidence penalty + warning badge.

Triage Digest

📋 Triage: N must-fix · N verify · N ignore at top of every review.

Stats

• 180 test files, 2846 tests
• Zero additional model cost — all improvements from pipeline logic
• Design doc: HALLUCINATION_FILTER_DESIGN.md

Full changelog: https://github.com/bssm-oss/CodeAgora/blob/main/CHANGELOG.md

What's Changed

• feat: Pre-Analysis infrastructure for enriched reviewer context by @justn-hyeok in #422
• feat: specialist reviewer personas (#412) by @justn-hyeok in #423
• feat: verify suggestion code before posting (#413) by @justn-hyeok in #424
• feat: add triage digest one-liner to review summary (#410) by @justn-hyeok in #425
• release: v2.2.0 by @justn-hyeok in #426
• feat: add pre-debate hallucination filter (#428) by @justn-hyeok in #433
• feat: require debate for HARSHLY_CRITICAL findings by @justn-hyeok in #434
• feat: adversarial supporter prompt with dual-reasoning requirement by @justn-hyeok in #435
• feat: inject static analysis evidence into debate (#431) by @justn-hyeok in #436
• feat: corroboration scoring with diff-size correction (#432) by @justn-hyeok in #437

Full Changelog: v2.1.1...v2.2.0

v2.2.0-rc.1

v2.2.0-rc.1 — Review Performance Improvements

New Features

• Pre-Analysis Layer — 5 analyzers run before reviewers: semantic diff classification, tsc diagnostics, change impact analysis, external AI rule files, path-based rules (#411, #414, #415, #407, #408)
• Specialist Personas — 4 built-in personas: builtin:security, builtin:logic, builtin:api-contract, builtin:general (#412)
• Suggestion Verification — CRITICAL+ code suggestions verified via TypeScript transpiler, failed suggestions get ❌ badge + 50% confidence penalty (#413)
• Triage Digest — 📋 Triage: N must-fix · N verify · N ignore at top of review summary (#410)

Bug Fixes

• grep --fixed-strings + --exclude-dir in impact analyzer
• Removed unnecessary type casts in suggestion verifier

Known Issues

• Model quality with free-tier models (llama, qwen, gemma) produces high false positive rate
• Planned for stable 2.2.0: grounded review prompts + post-L1 hallucination filter

Full changelog: https://github.com/bssm-oss/CodeAgora/blob/main/CHANGELOG.md

What's Changed

• feat: Pre-Analysis infrastructure for enriched reviewer context by @justn-hyeok in #422
• feat: specialist reviewer personas (#412) by @justn-hyeok in #423
• feat: verify suggestion code before posting (#413) by @justn-hyeok in #424
• feat: add triage digest one-liner to review summary (#410) by @justn-hyeok in #425
• release: v2.2.0 by @justn-hyeok in #426

Full Changelog: v2.1.1...v2.2.0-rc.1

v2.1.1

v2.1.1 — Bug Fixes

Quick Fixes

• SUGGESTION threshold no longer requires explicit null in config (#287)
• Session ID fallback uses crypto random instead of Date.now() % 99 (#290)
• MCP temp file uses crypto random bytes to prevent race conditions (#282)
• Webhook JSON.stringify wrapped in try/catch for circular payloads (#285)
• BanditStore default path computed at construction, not module load (#278)

Pipeline Fixes

• Cache key includes full config, not just reviewers (#276)
• Dead executeReviewer export removed — consolidated into executeReviewers (#279)
• PipelineTelemetry wired with L1/L2/L3 stage timing (#274)
• Objection prompt includes supporter reasoning, not just stance keyword (#311)
• Custom review rules support optional suggestion field (#301)
• initL0 mutex prevents concurrent initialization race condition (#395)
• Custom prompt templates support {{CONTEXT}} and {{PROJECT_CONTEXT}} placeholders (#312)

Test Infrastructure

• e2e mock tests updated for PipelineTelemetry wiring
• vitest pool changed to forks for process.chdir() support

Full changelog: https://github.com/bssm-oss/CodeAgora/blob/main/CHANGELOG.md

What's Changed

• fix: v2.1.1 bug fixes (12 issues) by @justn-hyeok in #421

Full Changelog: v2.1.0...v2.1.1

v2.1.0

v2.1.0

Security (7 fixes)

• CRITICAL — Rate limiter memory leak (#388), X-Forwarded-For spoofing (#389), path traversal (#392)
• HIGH — WebSocket token exposure (#390), stdout token leak (#391), fail-open permissions (#393), world-readable credentials (#394)

Pipeline (10 fixes)

• Parser severity escalation removed (#248)
• Mixed-severity group SUGGESTION downgrade fixed (#249)
• Build artifacts excluded by default (#228)
• L1 evidence content injected into moderator prompt (#246)
• Confidence-based verdict triage (#229, #236)
• Project context auto-detection (#237, #405)
• Suggestion quality requirements (#233)
• Thompson Sampling bias fix (#232)
• Finding dedup proximity increased (#234)

Build

• Core build script: echo skip → tsup (#226)
• Action build resolver + auth-app bundle (#387, #404)
• CLI failOnReject type fix (#386)

Other

• TUI marked as (experimental) — CLI + GitHub Action recommended
• reviewContext config: deployment type, notes, bundled outputs
• Tests: 174 files, 2749 passing

Contributors

• @HuiNeng6 — pipeline fixes, TUI, web dashboard
• @dagangtj — i18n migration
• @justn-hyeok — security, pipeline, architecture

Full changelog: https://github.com/bssm-oss/CodeAgora/blob/main/CHANGELOG.md

What's Changed

• chore: remove legacy src/ files, docs/archive, update root configs (#162) by @justn-hyeok in #162
• feat: implement 7 CLI improvements (#163-#169) by @justn-hyeok in #170
• feat: CLI improvements batch 2 — --staged, status, config-set, providers-test, --json-stream by @justn-hyeok in #171
• feat: L1 individual reviewer opinions + DA annotation in GitHub comments by @justn-hyeok in #198
• feat: add multi-provider review config (.ca/config.json) by @justn-hyeok in #200
• fix: specify pnpm version in action-setup to support npm-based repos by @justn-hyeok in #211
• fix: use --no-frozen-lockfile in action for npm-based repos by @justn-hyeok in #215
• fix: use github.action_path for correct module resolution by @justn-hyeok in #216
• fix: remove hardcoded pnpm version 9 from CI workflows by @justn-hyeok in #217
• fix: add build step to composite action for monorepo packages by @justn-hyeok in #218
• fix: remove ghost config options and wire L1 reviewer persona by @justn-hyeok in #212
• feat: add temperature config per agent by @justn-hyeok in #213
• feat: expose hardcoded timeouts in config schema by @justn-hyeok in #214
• fix: bundle GitHub Action into single dist/action.js by @justn-hyeok in #220
• chore: simplify review workflow to use bundled action by @justn-hyeok in #221
• chore: release prep — auto-rebuild CI + README update by @justn-hyeok in #222
• feat: add GitHub Actions setup to init wizard + bump v2.0.0 by @justn-hyeok in #223
• feat: unified presets + Head/Settings tabs in TUI by @justn-hyeok in #224
• feat: custom reviewer prompt via config by @justn-hyeok in #225
• fix: Add null guards to SupportersTab pickCount and pickStrategy access by @HuiNeng6 in #342
• fix: Guard against empty discussions list in DebateScreen by @HuiNeng6 in #343
• fix: Align LiveDiscussion severity class map with pipeline domain by @HuiNeng6 in #353
• fix: Add catch-all 404 route in web dashboard by @HuiNeng6 in #364
• fix: Bound ResultsScreen listHeight by terminal rows by @HuiNeng6 in #365
• fix: Pipeline improvements - reasoning truncation and dead code removal by @HuiNeng6 in #367
• fix: resolveImportPath returns null for root-level files by @HuiNeng6 in #368
• fix: Two pipeline bugs affecting rules loading and acceptance rate by @HuiNeng6 in #369
• docs: Fix Gemini CLI install command and layer count by @HuiNeng6 in #344
• fix: Validate non-empty model name before saving in HeadTab by @HuiNeng6 in #366
• fix(i18n): migrate hardcoded CLI error messages to t() calls by @dagangtj in #362
• fix: security hardening — 15 vulnerabilities resolved by @justn-hyeok in #370
• fix: resolve 17 GitHub integration bugs by @justn-hyeok in #371
• fix: resolve 2 critical bugs — L2 discussion trigger + exit code semantics by @justn-hyeok in #372
• fix: resolve all CLI issues — critical exit codes + 4 input validation bugs by @justn-hyeok in #373
• fix: L3 head prompt evidence and suggestionCount (#310, #298) by @justn-hyeok in #377
• fix: orchestrator, circuit breaker, and Windows path bugs (#300, #270, #272) by @justn-hyeok in #376
• fix: MCP error handling and reviewerCount wiring (#264, #262) by @justn-hyeok in #378
• fix: diff parser, supporter prompt, and parse failure logging (#253, #250, #308, #309) by @justn-hyeok in #379
• fix: add missing failOnReject to CLI options type by @justn-hyeok in #386
• fix: remove severity escalation for unknown filePath (#248) by @justn-hyeok in #380
• fix: exclude build artifacts from review scope by default (#228) by @justn-hyeok in #382
• fix: route mixed-severity group docs individually after threshold miss (#249) by @justn-hyeok in #381
• fix: inject actual L1 evidence content into moderator prompt (#246) by @justn-hyeok in #383
• fix: add confidence-based triage to L3 verdict (#229, #236) by @justn-hyeok in #384
• fix: inject project context and improve suggestion quality (#237, #233) by @justn-hyeok in #385
• fix: add notifications package to action build resolver by @justn-hyeok in #387
• fix: web session detail test mock uses endsWith for diff path by @justn-hyeok in #401
• fix: guarantee exploration slot and cap posterior in Thompson Sampling (#232) by @justn-hyeok in #402
• fix: increase line proximity for finding grouping and dedup (#234) by @justn-hyeok in #403
• fix: bundle @octokit/auth-app into action instead of external by @justn-hyeok in #404
• improve: expand reviewer context with build/deploy detection and user config (#405) by @justn-hyeok in #406
• security: web package hardening (#388, #389, #390, #391) by @justn-hyeok in #416
• security: core/shared package hardening (#392, #393, #394) by @justn-hyeok in #417
• fix(core): replace echo skip build script with actual build step (#226) by @justn-hyeok in #418
• fix: update root dedup test for increased LINE_PROXIMITY by @justn-hyeok in #419
• release: v2.1.0 by @justn-hyeok in #420

New Contributors

• @HuiNeng6 made their first contribution in #342
• @dagangtj made their first contribution in #362

Full Changelog: v2...v2.1.0

v2.0.0

What's Changed

• fix: loadPersona() path traversal — use validateDiffPath utility (#102) by @justn-hyeok in #112
• fix: validate SARIF output path to prevent path traversal (#107) by @justn-hyeok in #113
• fix: validate credentials file permissions before loading (#83) by @justn-hyeok in #114
• fix: enforce .ca/ directory permissions to 0o700 (#75) by @justn-hyeok in #115
• fix: rewrite parseStance() and parseForcedDecision() with structured parsing (#96, #110) by @justn-hyeok in #116
• fix: skip objection protocol on last round to prevent consensus loss (#88) by @justn-hyeok in #117
• refactor: consolidate circuit breakers — HealthMonitor delegates to L1 (#84) by @justn-hyeok in #118
• fix: spawn() SIGKILL escalation for reviewer timeout (#91) by @justn-hyeok in #119
• fix: config not found → suggest agora init (#79) by @justn-hyeok in #120
• fix: stdin temp file cleanup on error via try-finally (#77) by @justn-hyeok in #121
• refactor: readFileSync → async readFile in cost-estimator and chunker by @justn-hyeok in #122
• chore: monorepo workspace scaffolding (#123) by @justn-hyeok in #124
• refactor: extract all packages — monorepo file migration (#125) by @justn-hyeok in #126
• chore: vitest mock alignment + dependency dedup for monorepo (#127) by @justn-hyeok in #128
• fix: resolve all remaining test failures after monorepo migration by @justn-hyeok in #129
• feat: Sprint 1 — Foundation + Quick Wins (#130) by @justn-hyeok in #131
• feat: Sprint 2 — GitHub Comment Enrichment (#132) by @justn-hyeok in #133
• feat: Sprint 3 — Webhook + Discord (#134) by @justn-hyeok in #135
• feat: Sprint 4 — Meme Mode + CLI Intelligence (#136) by @justn-hyeok in #137
• feat: Sprint 5 — Advanced Features (#138) by @justn-hyeok in #139
• feat: wire all Sprint 1-5 modules into CLI and pipeline (#140) by @justn-hyeok in #141
• fix: resolve all 14 code review issues (#142) by @justn-hyeok in #143
• feat: Sprint 6 — MCP Server & Platform Integration (#144) by @justn-hyeok in #145
• test: add Sprint 6 MCP module tests by @justn-hyeok in #146
• docs: mark Sprint 0-6 completed, switch to Hono.js by @justn-hyeok in #147
• feat: Sprint 7.1 — Web server infrastructure (@codeagora/web) by @justn-hyeok in #148
• feat: Sprint 7.2 — review results dashboard by @justn-hyeok in #149
• feat: Sprint 7.3 — real-time pipeline progress by @justn-hyeok in #150
• feat: Sprint 7.5 — session history browser by @justn-hyeok in #151
• feat: Sprint 7.4 — model intelligence dashboard by @justn-hyeok in #152
• feat: Sprint 7.6 — cost analytics dashboard by @justn-hyeok in #153
• feat: Sprint 7.7 — discussion/debate viewer by @justn-hyeok in #154
• feat: Sprint 7.8 — config management UI by @justn-hyeok in #155
• test: Sprint 7 component rendering tests (130 tests) by @justn-hyeok in #156
• fix: resolve all 12 Sprint 7 code review issues (#157) by @justn-hyeok in #157
• fix: resolve 3 remaining Sprint 7 re-review issues (#158) by @justn-hyeok in #158
• fix: restore CSS rules lost during merge conflict resolution (#159) by @justn-hyeok in #159
• fix: resolve 5 final Sprint 7 review issues (#160) by @justn-hyeok in #160
• chore: remove legacy src/ files, docs/archive, update root configs (#162) by @justn-hyeok in #162
• feat: implement 7 CLI improvements (#163-#169) by @justn-hyeok in #170
• feat: CLI improvements batch 2 — --staged, status, config-set, providers-test, --json-stream by @justn-hyeok in #171
• feat: L1 individual reviewer opinions + DA annotation in GitHub comments by @justn-hyeok in #198
• feat: add multi-provider review config (.ca/config.json) by @justn-hyeok in #200
• fix: specify pnpm version in action-setup to support npm-based repos by @justn-hyeok in #211
• fix: use --no-frozen-lockfile in action for npm-based repos by @justn-hyeok in #215
• fix: use github.action_path for correct module resolution by @justn-hyeok in #216
• fix: remove hardcoded pnpm version 9 from CI workflows by @justn-hyeok in #217
• fix: add build step to composite action for monorepo packages by @justn-hyeok in #218
• fix: remove ghost config options and wire L1 reviewer persona by @justn-hyeok in #212
• feat: add temperature config per agent by @justn-hyeok in #213
• feat: expose hardcoded timeouts in config schema by @justn-hyeok in #214
• fix: bundle GitHub Action into single dist/action.js by @justn-hyeok in #220
• chore: simplify review workflow to use bundled action by @justn-hyeok in #221
• chore: release prep — auto-rebuild CI + README update by @justn-hyeok in #222

Full Changelog: v1.1.0...v2.0.0

What's Changed

• fix: loadPersona() path traversal — use validateDiffPath utility (#102) by @justn-hyeok in #112
• fix: validate SARIF output path to prevent path traversal (#107) by @justn-hyeok in #113
• fix: validate credentials file permissions before loading (#83) by @justn-hyeok in #114
• fix: enforce .ca/ directory permissions to 0o700 (#75) by @justn-hyeok in #115
• fix: rewrite parseStance() and parseForcedDecision() with structured parsing (#96, #110) by @justn-hyeok in #116
• fix: skip objection protocol on last round to prevent consensus loss (#88) by @justn-hyeok in #117
• refactor: consolidate circuit breakers — HealthMonitor delegates to L1 (#84) by @justn-hyeok in #118
• fix: spawn() SIGKILL escalation for reviewer timeout (#91) by @justn-hyeok in #119
• fix: config not found → suggest agora init (#79) by @justn-hyeok in #120
• fix: stdin temp file cleanup on error via try-finally (#77) by @justn-hyeok in #121
• refactor: readFileSync → async readFile in cost-estimator and chunker by @justn-hyeok in #122
• chore: monorepo workspace scaffolding (#123) by @justn-hyeok in #124
• refactor: extract all packages — monorepo file migration (#125) by @justn-hyeok in #126
• chore: vitest mock alignment + dependency dedup for monorepo (#127) by @justn-hyeok in #128
• fix: resolve all remaining test failures after monorepo migration by @justn-hyeok in #129
• feat: Sprint 1 — Foundation + Quick Wins (#130) by @justn-hyeok in #131
• feat: Sprint 2 — GitHub Comment Enrichment (#132) by @justn-hyeok in #133
• feat: Sprint 3 — Webhook + Discord (#134) by @justn-hyeok in #135
• feat: Sprint 4 — Meme Mode + CLI Intelligence (#136) by @justn-hyeok in #137
• feat: Sprint 5 — Advanced Features (#138) by @justn-hyeok in #139
• feat: wire all Sprint 1-5 modules into CLI and pipeline (#140) by @justn-hyeok in #141
• fix: resolve all 14 code review issues (#142) by @justn-hyeok in #143
• feat: Sprint 6 — MCP Server & Platform Integration (#144) by @justn-hyeok in #145
• test: add Sprint 6 MCP module tests by @justn-hyeok in #146
• docs: mark Sprint 0-6 completed, switch to Hono.js by @justn-hyeok in h...