Changelog
What's shipped in Gitrevio. We update this every release.
Causal inference layer — beyond DORA
DoWhy + EconML scaffolding (DAG construction, identification, estimation, refutation) shipped behind a cause-effect decomposition engine that answers 'why did metric X move?' across DORA and analytics metrics. Counterfactual simulator uses Abadie 2010 synthetic control with DiD fallback and placebo + leave-one-out refutation tests. BOCPD change-point detection (Adams-MacKay 2007) with calibrated posteriors. Survival analysis (Kaplan-Meier 1958 + Cox proportional hazards) for time-to-merge and time-to-resolve. Cohort lift via propensity-score matching (Rosenbaum-Rubin 1983) with doubly-robust AIPW. Bayesian network over joint engineering outcomes (delivery, quality, attrition). LinUCB policy search and Kalman filter (Joseph-form, MLE auto-tuned) for metric smoothing.
Initiative + capacity forecasting
Monte Carlo initiative-completion probability forecasts with Wilson confidence intervals. Capacity forecast with lognormal sum approximation (Fenton-Wilkinson) yielding p50/p75/p90 dates and per-factor decomposition. Predictive intervention scoring via Bayesian inverse-variance pooling against a prior catalog. Anomaly → root-cause traceback chains over the metric dependency graph.
CS / PM / CFO dashboard suite
CS dashboard (admin-side): customer health, days-since-skill-used, renewal countdown, next-action rule engine. PM dashboard (customer-side): rework rate, scope creep, PR cycle-time breakdown, WIP per team, initiative burndowns with forecasts. CFO dashboard (admin-side): cost-per-team, contractor-vs-FTE split, multi-quarter ROI, cost-per-output (per PR / deploy / incident), 4-quarter forecast. IA redesigned to Chats / Reports / Alerts / Settings — homepage and dashboard dropped. Six seed reports auto-provision after first ETL (AI Impact, Sprint Retro, Team Overview, IC Spotlight, Project Status, Repo Health). DORA baseline dashboard with elite / high / medium / low classification across the four metrics. Insight-of-the-week pushes the largest weekly movement with cause-effect narrative.
Privacy infrastructure for IC-level analytics
Per-customer min_team_size threshold gates IC metrics below the configured floor. IC-metric visibility mode toggle (visible_to_managers vs aggregate_only). Bot identification on git_author with filter from IC skills. 90-day purge on ai_assist_event.raw, schema-enforced and configurable. GDPR DSAR endpoints (Art. 15 access + Art. 17 erasure) with PII registry. Tamper-evident audit log — SHA-256 hash chain enforced by a Postgres trigger; monthly-partitioned audit_log_read table for SOX-grade traceability. Cookie consent banner with Google Analytics gated on consent.
Enterprise auth: SAML 2.0 + SCIM 2.0
SAML 2.0 service provider verified against Okta, Azure AD, Ping, and OneLogin. SCIM 2.0 Users + Groups endpoints with JIT provisioning and IdP-group → role mapping. org_unit closure-table schema + team_membership_history SCD-2. org_drift_detector and org_rollup_scorecard skills. Quarterly access-review export. Separation-of-duties workflow for sensitive operations.
Encryption: key rotation + BYOK KMS
Multi-key encryption-key registry with rotation. KMS bootstrap supports AWS KMS, GCP KMS, Azure Key Vault, and HashiCorp Vault. BYOK KMS for tenant-DB encryption — customers hold the key material; Gitrevio holds only encrypted references. EU data-residency tier flag at the customer level. Helm chart with three deployment modes: shared / dedicated_vpc / self_hosted.
Azure DevOps canonical wave
Full canonical coverage for Azure DevOps: sprint, PR discussion, PR note, work items, project_release relations, activity relations, issue relations, group memberships. Brings ADO to parity with the GitHub + GitLab connectors on the 3NF canonical schema.
Jira, Linear, HRIS, and chat datasources
Jira ETL worker (projects / issues / sprints / worklogs). Linear canonical (team / project / cycle / issue). Slack canonical chat_message + chat_message_metadata, generalised across Slack / Teams / Zulip. HRIS connectors (BambooHR, Workday, Personio) feed worker_employment_history SCD-2. New canonical entities: holidays / PTO (capacity input), employment-type SCD-2 (FTE / contractor / vendor / intern), labour-cost ledger per team / project / month.
Shareable links + digest email + PPT export
Tokenized shareable report links — expirable, password-protected, email-domain-whitelisted, watermarked. Scheduled analytics digest email, weekly + monthly opt-in. PowerPoint export for reports. Integration health page with remediation hints. Self-serve plan management (cancel / pause / downgrade / upgrade-to-sales). Working-agreements docs per team. IP allowlist for enterprise tenants. Feature flags (self-hosted, customer-scoped + global, rollout %). Mobile chat-only view.
Observability + edge: OTel, Caddy, on-call
OpenTelemetry tracing end-to-end (API → ETL → skills). Caddy + Let's Encrypt TLS termination with auto-renewal. DNS plan for gitrev.io: apex + preprod + email SPF/DKIM/DMARC + CAA. On-call rotation with severity tiers and Slack mention routing. CI cost reduction via path-gating and label-gating on expensive workflows. SBOM + signed builds (Syft + Cosign keyless via OIDC). Migration-chain integrity tests and tenant-isolation cache verification.
AI evaluation harness
Shadow-mode prompt deployment with A/B agreement scoring. LLM-as-judge evaluators on a 1% sample with explicit rubrics. Drift detection on AI outputs via KL divergence and chi-square. Privacy probes (prompt-injection and data-leak smoke tests). Human review queue for flagged outputs. MCP npm + PyPI publish workflow, tag-triggered and Cosign-signed. Public docs site (VitePress) live at docs.gitrev.io.
Twelve new skill prompts shipped
Activity classification, attrition risk, plan vs reality, org health score, sprint autopsy, release risk, tech debt radar, optimal reviewer, onboarding analysis, anomaly detection, context switching, and AI impact reporting all now run as builtin AI Skills — executable from API, MCP, chat, scheduled reports, and alert rules. Custom skill authoring guide and five example skills published.
MCP server expanded to 136 tools
The MCP surface grew to 136 tools across four groups: 19 read tools for direct entity queries, 17 persona-aware dashboard tools (me_*, team_*, portfolio_*, exec_*, company_*), 10 write tools (alert create, report schedule, skill install, skill run, webhook create, chat share), plus skill execution. Persona-aware filtering enforced. 50+ pre-built prompts curated across 5 personas. Audit logging, per-session rate limits, and SHA-256 key hashing live. Setup guides for Claude Desktop, Claude Code, Cursor, Cline, Continue.dev, Goose, and Aider published.
Mathematical moat: Shapley + lognormal + blast-radius
Three foundational capabilities shipped simultaneously. Shapley attribution library with axiom-verification tests (efficiency, symmetry, dummy-player, linearity). Lognormal probabilistic estimation calibrated per team via MLE — p50/p75/p90 dates with calibration tests on every release. Code blast-radius DAG built locally via LocalGit; formal reachability across Python, JavaScript, Java, Go, Clojure, and PHP imports. Only graph + scores leave the network.
What-If Simulator — 8 scenarios
Departure, hiring, restructuring, reassignment, vacation, AI rollout, framework migration, and contractor analysis. Each scenario runs against your real team data — knowledge graph, review patterns, sprint history. Monte Carlo sampling delivers p50/p75/p90 outcomes, not single-point estimates.
Intelligence layer expanded
Sprint Autopsy with six-section auto-generated retro narratives. Tech Debt Radar combining Lizard complexity, churn, AI-tagged TODO/FIXME signals, and incident attribution. Optimal Reviewer Assignment balancing file expertise, queue depth, review-quality history, and AI-authorship match. Contributor Typologies via per-customer K-means / GMM clustering. Anomaly Detection with z-score + EWMA + Bayesian smoothing for small teams.
Org Health Score + AI Impact MVP
Composite score across 20 signals (velocity, quality, engagement, risk) with full per-component decomposition and trend. AI Impact dashboard MVP — heuristic AI-authorship classification from commit signals, with quality and cycle-time comparison vs human-only PRs. GitHub Copilot Metrics API and Cursor Admin API integrations queued for Q3 2026.
8 report templates + alerts engine
Weekly Digest, Sprint Retro, Board Report, AI Impact, Onboarding Cohort, Attrition Risk, Project Forecast, Code Health — all schedulable, deliverable to PDF, email, Slack, or in-app. Alerts engine launched with three of nine rule types live: PR stuck, sprint at risk, attrition risk spike. Remaining six rule types ship through Q3 2026.
Activity classification + attrition + onboarding shipped
Six AI workers in production: activity classification, IC risk, duration estimation, file-type tagging, activity-type inference, onboarding/pairing/mentoring tags. Attrition risk scoring with Shapley factors. Onboarding analysis with cohort ramp curves and mentor effectiveness. Plan-vs-reality drift decomposition (scope creep, estimation error, blockers, dependencies, PTO, AI slowdown).
AI Chat with persistent history
Multi-turn conversations with reference resolution ('that team', 'why?'), shareable threads, and exportable transcripts. Charts generated inline. Integrated with skills and read API.
Per-PostgreSQL-role tenant isolation + AES-256-GCM
Each customer gets dedicated writer and reader Postgres roles. Cross-customer reads impossible at the database engine. AES-256-GCM credential encryption. Customer-staff vs central-staff isolation: support access is time-limited, role-gated, audit-logged, admin-revocable.
LocalGit on-prem agent + analyzers
Lightweight agent runs on your infrastructure. Lizard for complexity, flake8 + pylint + ruff for Python, eslint for JavaScript, go vet for Go, eastwood for Clojure. Source code never leaves the network — only structured metadata, hashed file IDs, and dependency-graph structure.
GitHub + GitLab connectors
Production-grade ingestion of commits, PRs (with reviews and comments), issues. GitHub Cloud + GHES, GitLab Cloud + self-hosted. Incremental sync, rate-limited, full backfill on first connection.
REST API v1 + OpenAPI 3.1
Seven Layer-1 endpoints: repos, commits, quality, team, chat, skills, audit. FastAPI backend, OpenAPI 3.1 auto-generated, RFC 7807 error responses, cursor-based pagination, mock-first framework with deterministic fixtures for every endpoint.