v0.4.1

Performance

• ~45% main-entry bundle reduction — DeepCitationClient and all prompt helpers are no longer bundled into deepcitation (the main entry). Import from deepcitation/client and deepcitation/prompts directly; the main entry now covers only core parsing/verification. (#420)

Fixed

• getCitationKey field aliases — resolves old-CLI field names (anchorText, fullPhrase) so citations produced by older CLI versions are keyed correctly without manual migration. (#419)

Removed ⚠️ Breaking CLI changes

• deepcitation cite removed — use deepcitation verify --html <file> instead.
• deepcitation env (top-level) removed — use deepcitation auth env instead.
• deepcitation showcase removed (internal dev tool, no public API contract).

✅ Published to npm registry

v0.4.0

Added

• reviewUrl() SDK method — new client method with ReviewUrlOptions and ReviewUrlResponse types; full typed error coverage including ValidationError for HTTP 200 + status:error bodies. (#415)
• Page-collapse reverse animation — startEvidencePageCollapseTransition animates spotlight → keyhole strip with a two-phase pre/post-flushSync capture and a fast-tap guard against dual-ghost/orphaned-scrim race conditions. (#413)
• Mouse drag support for drawer — desktop users can drag the drawer handle to close; mouse listeners register on document only during active drag with preventDefault blocking text selection. (#412)
• New React exports — getStatusFromVerification, getStatusLabel, DefaultPopoverContent (with PopoverContentProps/PopoverViewState types), and SnippetZone exported for custom popover wrappers and Remotion stills. (#412)
• denseAnnotatePage() — annotates un-tagged page text with dense sequential <line id="N"> tags for lineId-based anchor lookup; exported from cite.ts. Must not be applied to pages with existing sparse OCR tags.
• TimeoutError class — structured error with phase (one of proxy_connect | tls_handshake | response_headers | response_idle | request_overall), elapsedMs, proxyUrl, and target fields. Exported from src/cli/proxy.ts. (#411)
• Structured CLI error output — formatNetworkError recognizes TimeoutError and emits a human-readable block with phase explanation, redacted proxy URL, and "Do NOT" guidance, followed by a __DC_ERROR__ {...} JSON marker line so agent-driven callers can short-circuit their recovery loop (retryable: false, recoverable: false). (#411)
• CliAuthPage agent-relay polish — hides the "copy key / copy command" toggle in agent-relay mode (isManual && !cliWasListening), forcing the full command format so agents receive actionable context instead of a bare sk-dc-…. (#411)
• Per-step timing and metrics.json — example scripts record upload/llm/verify step durations and write a summary file (provider, model, date, source, timing, citation counts/pct) to the cache dir after each run. (#416)

Changed

• sourceContext/sourceMatch rename — fullPhrase → sourceContext and anchorText → sourceMatch across the full codebase, types, i18n strings, and docs. LLMs emitting old field names are handled via backward-compat alias resolution in normalizeCitationInput. (#412)
• Drawer UX — URL/snippet zones in expanded view, claim-vs-source variance annotation, page badges before status icons, always-render fiber-stability pattern for evidence slots (display:none toggle), active/inactive indicator dot styling. (#412)
• Page-expand ghost — pure translate animation (no scale); clip-path iris convergence (0.42→0.88 progress) trims keyhole padding; border-radius morph from keyhole corners to 0 px at landing; new EASE_GHOST_EXPAND easing. (#413)
• Per-phase transport timeouts — createProxyFetch enforces proxy_connect / tls_handshake / response_headers / response_idle / request_overall timers (5 s / 10 s / 60 s / 30 s / 90 s), each overridable via DC_PROXY_*_MS env vars. Prevents indefinite hangs when a proxy accepts but then stalls. (#411)
• FormData multipart rides the CONNECT tunnel — createProxyFetch serializes FormData inline via encodeMultipart over the hand-rolled TLS tunnel; sendViaUndiciProxy and convertFormData deleted as dead code, eliminating the undici runtime dependency from all proxy paths. (#411)
• tsconfig moduleResolution: bundler — migrates from deprecated node/node10 to bundler, silencing TS5101/TS5107 errors that become hard failures in TypeScript 6.0. (#416)

Fixed

• Popover scrolls with page — portals into the Radix ScrollArea viewport (or nearest scrollable ancestor); with position:absolute inside the scroll container the popover sits in document space and scrolls away naturally. (#417)
• Ghost scale-up for miss/not_found — page-expand ghost for citations without annotations now uses source keyhole dimensions (pure translate, scale=1.0) instead of full viewport rect, eliminating the aggressive "keyhole filling the screen" effect. (#417)
• prepareUrl silent error swallowing — HTTP 200 responses with status:error in the JSON body now throw ValidationError with the server-supplied message instead of silently passing a poisoned response to callers. (#415)
• Date-only timezone shift — YYYY-MM-DD strings are now parsed as local noon (T12:00:00) instead of UTC midnight, preventing off-by-one day display in UTC− timezones. (#415)
• review_extract.py false positives — list-item PLACEMENT, bold-text PLACEMENT, and smart-quote NOT_SUBSTRING false positives fixed; file-handle resource leak and greedy fallback regex also corrected. (#415)
• Parsing truncation after start delimiter — parseCitationData now returns success:true with empty citations when input ends immediately after <<<CITATION_DATA>>> (token-limit cutoff), as distinct from a genuinely empty block (start + end delimiter with nothing between).
• Cowork verify hang — createCoworkFetch no longer routes through undici.EnvHttpProxyAgent, which hung indefinitely on JSON POSTs through localhost:3128 in Claude Cowork. Now delegates to createProxyFetch (built on Node built-ins only) with deterministic per-phase timeouts. (#411)

✅ Published to npm registry

v0.3.11

Added

• verifyIterative() SDK method — LLM-agnostic retry loop: verifies citations, invokes an onAttemptComplete callback so consumers can amend and re-verify up to maxAttempts. Includes LlmSearchAttempt, LlmAmendment types and computeAmendments() diff utility. (#404)
• Amendment timeline UI — AmendmentRow in the search narrative shows field-level diffs and false-positive rejections between LLM retry passes. Rendered as dashed-border markers in VerificationLog. i18n added for en/es/fr/vi. (#404)
• deepTextPagesByAttachmentId — replaces deepTextPages / deepTextPromptPortion with a per-attachment page array keyed by attachmentId, eliminating ambiguity in multi-attachment workflows. (#403)
• merge CLI command — merges citation JSON files from parallel-section workflows into a single output. (#403)
• Body-marker auto-cite — deepcitation verify --markdown auto-generates citations from cite:N markers in the body when no citations file is provided. Supports cite:N "anchor text" for explicit anchor control. (#403)
• AttachmentAssets type — pageImages, originalDownload, convertedDownload hoisted from per-citation objects to a top-level attachments map on VerifyCitationsResponse, eliminating per-citation duplication. normalizeVerifyResponse() handles backward-compat with legacy server responses. (#405)
• Interactive HTML reports in examples — fixture-to-html.ts converts offline fixtures to full interactive HTML reports; verify-html.ts Playwright tests validate citation span rendering and popover initialization. (#405)
• Update checker — CLI checks for new versions with a 24-hour throttle and prints a notice to stderr when an update is available. (#406)
• Unified auth command — new deepcitation auth triggers the browser login flow automatically; includes --text fallback for non-browser environments and IS_AI_AGENT detection for agent-aware auth messages. (#407)
• Favicon fallback chain — useFaviconSrc hook with StackedFavicon component; retries image loads on 404 during pending CDN renders. (#406)
• Download progress indicator — animated percentage counter with aria-live="polite" announcements at 25% buckets. i18n strings added for en/es/fr/vi. (#406)
• computeBracketTarget — tight bounding hull for anchor text highlights. (#406)

Changed

• Drawer UX — document icon for non-URL sources, status indicator converts to collapse caret on hover/focus, auto-scroll on expand and page-badge click, status border moved to expanded content area, CompactSingleCitationRow removed. (#404)
• StackedStatusIcons — drawer header verification indicators consolidated into a single row; gains activeIndex, size, gap, and onPage props. (#403)
• CDN popover — switches to position:fixed when expanded-page height exceeds 80% of viewport, preventing scroll-away. Resets lastCoords on mode switch to avoid stale coordinate comparisons. (#407)
• Keyhole image — simplified to natural-size rendering via AnchorTextFocusedImage; keyhole strips use alignX: "start" to show the anchor's left edge immediately. (#407, #404)
• anchor_text rules — hard 4-word maximum enforced; paraphrased anchor text is promoted to display_label automatically during hydration. (#407)
• CLI output co-location — URL source map enriches citations with verifiedUrl/verifiedDomain metadata for popover rendering. (#404)
• SKIP_DTS build toggle — set SKIP_DTS=true to skip declaration generation during iterative development. (#405)

Fixed

• U+2060 word joiner — inserted between anchor text and superscript/indicator in all CitationContentDisplay variants, preventing mid-citation line breaks. (#403)
• Body scroll lock in drawer — prevents double scrollbar when drawer is open. (#403)
• CDN popover coordinate reset — lastCoords cleared when switching between position:fixed and position:absolute modes. (#407)
• pages variable scope — was block-scoped inside an if branch and referenced outside, causing a compile error. (#407)
• Jump-to-top on expand — fixed scroll jump during side=top expand transitions. (#407)
• Stale-closure interval fix — download progress interval now always reads current state. (#406)
• safeTest() for untrusted inputs — replaces raw inline regex on downloadUrl and label values in commands.ts to prevent ReDoS. (#406, #403)
• Git Bash TTY detection — fixed false non-TTY detection in Git Bash on Windows. (#407)

Full Changelog: v...v0.3.11

✅ Published to npm registry

v0.3.10

Added

• Rich report header meta strip — report HTML shell now renders a SOURCE · ANALYZED · AUDIENCE · CITATIONS · PAGES meta strip using BEM dc-meta classes, replacing the single .meta paragraph. (#402)
• Brand logo SVG in report footer — square caps, crispEdges rendering per branding guidelines. (#402)
• Cowork notice banner — informational banner injected into both plain and report HTML shells when running in Cowork mode. (#402)

Changed

• undici for Cowork proxy — Cowork fetch now uses undici EnvHttpProxyAgent instead of globalThis.fetch, resolving proxy CONNECT failures in corporate network environments. createClient is now async; undici is externalized in the tsup bundle. (#402)
• Report table style — no fill, heavier separators, blue hover row highlight. (#402)
• Report link color — #3B82F6 → #0284C7; background #FDFBF7 → #F8FAFC. (#402)

Fixed

• Proxy error propagation — sendViaUndiciProxy outer catch narrowed to import-only errors; real network errors (DNS, TLS, proxy-auth) now propagate instead of silently retrying with globalThis.fetch. Falls back to EnvHttpProxyAgent with a console warning when ProxyAgent construction fails. (#402)

✅ Published to npm registry

v0.3.9

What's Changed

• feat(cli): cowork proxy fix + rich report header meta strip by @bensonwong in #402

Full Changelog: v0.3.8...v0.3.9

✅ Published to npm registry

v0.3.8

Added

• [anchor](cite:N) citation syntax — LLMs can now wrap the key phrase directly in markdown-link citation syntax, eliminating positional ambiguity of the legacy [N] suffix format. All parsing, rendering, and HTML conversion functions support both formats simultaneously. Old [N] format remains fully supported for backward compatibility.

Fixed

• verifiedFullPhrase preservation — strategy-result phrases are now kept intact so computeKeySpanHighlight draws the correct highlight span instead of falling back to a partial match.
• CLI auth copy — em dash removed from manual_done message; now uses a plain hyphen for terminal compatibility.
• CLI auth i18n — locale strings for the CLI authentication flow are now consistently applied across all copy variants.

✅ Published to npm registry

v0.3.6

Added

• display_label field on CitationData — compact key d, alias displayLabel; overrides anchor_text as the clickable trigger text. CLI injects data-dc-display-label attribute into verified HTML output. (#398)
• Per-group drawer page badges — multi-source drawers now show page badge strips inline with each source group header instead of one merged strip in the drawer header. (#398)
• CLI all-not-found diagnostics — when all citations are not-found, prints actionable hints (common format issues, page_id format, stale attachmentId). (#398)
• customPopoverActions prop — new PopoverAction interface threaded from CitationComponent → DefaultPopoverContent → SourceContextHeader / PopoverFallbackView. Each action renders as an icon-only button with reveal-on-hover. label doubles as aria-label and React key. (#397)
• Phrase trimming — trimPhraseToAnchorWindow() in textCleanup.ts: trims fullPhrase to a ±150-char context window when significantly longer than anchorText. Applied in HighlightedPhrase, LookingForSection, and PopoverFallbackView. (#397)
• Jest test suites — ~1980 tests across four new CLI suites (cliUnit, cliCommands, cliAuthScenarios, cliIntegration). npm test now uses Jest with forceExit. (#397)
• resolveAuth() helper — single source of truth for API key resolution (env var → .env files → credentials.json) used by all CLI commands via requireAuth(). (#395)
• Cowork (cloud) support — credentials stored in project-relative .deepcitation/; non-TTY login provides Cowork-specific setup instructions; proxy CONNECT errors suggest NO_PROXY workaround. (#395)
• Auth key source reporting — status and whoami show where the key was loaded from; logout gives source-aware removal instructions. (#395)

Changed

• CLI output co-location — verified HTML outputs now default to the same directory as the input file instead of CWD. inject strips -annotated/-draft suffixes from the output filename. (#398)
• CLI refactor — cli.ts shrunk from ~1260 → 127 lines by extracting command logic to src/cli/commands.ts, proxy utilities to src/cli/proxy.ts, and pure helpers to src/cli/cliUtils.ts. (#397)
• Anchor text validation thresholds — loosened from hard limits (40 chars / 4 words) to soft readability suggestions (60 chars / 6 words). (#395)
• IS_COWORK centralised — extracted to auth.ts as single source of truth (was duplicated). (#395)

Fixed

• CDN popover positioning — position:static portal targets no longer cause offset miscalculation (e.g. centred body with margin:auto). Added viewport Y-axis clamping for tall expanded popovers. (#398)
• Punctuation-only anchor handling — wrapCitationMarkers emits an empty data-cite span instead of wrapping garbage text; validation warnings added for punctuation-only and sub-3-char anchors. (#398)
• Login process hang — process.stdin.destroy() called after browser OAuth completes so the process exits cleanly. (#397)
• Billing URL — corrected from /api#billing to /billing in CLI help text. (#397)
• Double printFreeTierWelcome() — no longer called twice on terminal-paste login. (#395)
• Unhandled rejection on login() — properly handled. (#395)

Removed

• USAGE_WARN_PCT / USAGE_CRITICAL_PCT exports — these constants were inadvertent public exports; canonical definitions remain in packages/shared. warnUsage callback and its onUsageUpdate wiring removed from createClient(). src/billing.ts deleted. (#396)

Full Changelog: v...v0.3.6

✅ Published to npm registry

v0.3.5

What's Changed

• feat: --markdown verify mode, viewBoxOriginY CropBox fix, and get command by @bensonwong in #391
• ci: bump the github-actions group with 5 updates by @dependabot[bot] in #389
• fix: popover absolute positioning, anchor highlight guard, DC_LOGIN_URL validation by @bensonwong in #392
• feat: auto display labels, billing, login UX, and popover scroll fixes by @bensonwong in #394

Full Changelog: v0.3.4...v0.3.5

✅ Published to npm registry

v0.3.4

Added

• CDN drawer integration — citation drawer support in CDN popover API with [data-dc-drawer-trigger] binding, showDrawer/hideDrawer methods, and auto-refresh on update() (#387)
• Citation data validation — validateCitationData and detectExtractionArtifacts utilities catch common PDF/HTML text-extraction issues (collapsed spaces, broken hyphens, ligature loss, table fragments) before they reach the API (#387)
• content_word_match search method — new SearchMethod variant with i18n support for all locales (#386)
• truncateMiddle utility — exported middle-truncation function for long strings (API keys, hashes, URLs) (#388)
• DeepCitation branding on status labels — verified/partial-match/not-found UI labels now prefixed with "DeepCitation" for product attribution (#388)
• CDN data-citation-key resolution — human-readable data-citation-key attributes resolved to hashed keys at runtime via key-map (#386)
• CLI --indicator flag — choose icon, dot, or none for inject and verify-html commands (#387)
• Snippet text normalization — normalizeSnippetText fixes collapsed spaces and quote boundaries in verification API snippets (#387)
• Imprecise location note — EvidenceTray shows "Exact location not specified" when a verified citation lacks page/line IDs (#387)

Changed

• isImpreciseLocation moved to Verification type — pre-computed by the verification engine instead of re-derived in UI (#388)
• Citation chip text — removed hardcoded max-width truncation; chips now flow naturally with min-w-0 flex overflow (#388)

Fixed

• WSL2 auth callback — login callback server conditionally binds to 0.0.0.0 when WSL_DISTRO_NAME is set, so Windows browsers can reach it (#386)
• CDN double-processing guard — data-citation-key resolution skips elements already processed by legacy data-cite loop (#386)
• CDN stripExistingInjection — extracted to reportUtils.ts; tightened regex to require window.DeepCitationPopover= assignment (#387)
• ReDoS guard — validateRegexInput added to detectExtractionArtifacts (#387)

✅ Published to npm registry

v0.3.2

What's new in v0.3.2

CLI enhancements

• verify --html — parse citation markers directly from HTML input
• normalize command — normalize citation text via the CLI, with proxy support
• --proxy flag — route API requests through a proxy server
• login / keygen — interactive authentication with token persistence

formatting module (replaces markdown)

The deepcitation/markdown entry point has been renamed to deepcitation/formatting with a new indicators.ts module for citation status indicators.

- import { ... } from "deepcitation/markdown";
+ import { ... } from "deepcitation/formatting";

Build fixes

• CDN bundle now builds after tsup to prevent clean: true from deleting it
• Fixed TypeScript declaration file generation for new entry points

Removed

The following renderers have been removed in favor of the formatting module and terminalRenderer:

• renderMarkdown, githubRenderer, htmlRenderer, slackRenderer (and their test suites)
• buildProofUrl, buildProofUrls, buildSnippetImageUrl proof URL utilities
• Internal docs (brand-iteration-considerations.html, plan-universal-renderers.md)

Install

npm install deepcitation@0.3.2

Full Changelog: v0.3.1...v0.3.2

✅ Published to npm registry