Is Tribunal production-ready at 1.0.0?
Yes. 117 tests pass under Vitest 4 with 96% coverage; TypeScript 6 maximum strict mode is clean; Biome 2.5
lint is clean; publint and @arethetypeswrong/cli are clean across all fourteen
subpaths. The suite and the distribution smoke test are run on the Node 20, 22, and 24 matrix. Every
published release carries SLSA provenance produced by GitHub Actions.
Why not just use a regex or one judge prompt?
You can, and Tribunal lets you: a single evaluator or one heuristic judge is a one-liner. The gap shows up
at scale: ad-hoc checks have no shared contract, a single judge is imperfectly calibrated, and nothing is
signed or auditable. Tribunal folds deterministic evaluators and a cross-verifying panel into one governed
verdict you define, then signs and seals it, so a high-risk output gets a verdict you can prove.
Why not use a closed verifier?
A closed endpoint verifies internally and opaquely: you cannot configure the verifier, cannot inspect the
verdict, and cannot sign it. Tribunal puts the rubric, the evaluators, the quorum, and the severity that
fails a verdict in your hands, runs in your process with your keys, and hands back a signed, tamper-evident
verdict with provenance, so you can prove the judgment to a reviewer or a regulator.
Does Tribunal call any model itself?
No. The core is verification logic over an injectable judge. You provide the model-as-judge, an
OpenAI-style chat function, a Vercel AI SDK call, or the deterministic heuristic judge, and Tribunal scores,
governs, signs, and seals it. That keeps the package provider-agnostic, dependency-free, and testable with
no network, and it means your provider keys live in your judge, never in Tribunal.
Does this work in Cloudflare Workers, Vercel Edge, Bun, or Deno?
Yes. The core is node-free; the Ed25519 signatures and the audit seal use the Web Crypto API, not
node:crypto. Import @takk/tribunal or @takk/tribunal/edge on any
runtime with Web Crypto. Only @takk/tribunal/node, the JSON loaders, requires the Node
standard library.
How does Tribunal handle my data?
Tribunal holds the candidate content you submit, the rubric and policy you configure, and the verdicts it
builds, nothing else. It makes no outbound network calls of its own; the only model calls are the ones your
injected judge makes to your chosen providers. With the file loaders, only the case, rubric, key-pair,
verdict, or chain files you point it at are read from disk, and no provider credentials are ever held by
Tribunal.
What does the panel decide?
A panel runs several judges over the same candidate and folds their votes under the quorum you choose,
majority, unanimous, any, or at-least-N. It reports how many judges passed, the quorum needed, the mean
score, and the agreement fraction. Diverse judges catch failure modes a single judge misses; you set the
quorum, and the verdict records which judges weighed in.
Is the audit trail a digital signature?
Both, and they are distinct. Each chain entry is bound to the previous one through a SHA-256 hash of its
canonical form, so any later edit breaks the chain, that is the integrity seal. Separately, a verdict can be
signed with Ed25519, which proves who issued it, that is authenticity. Use sealedVerdict to get
a signed verdict sealed into a tamper-evident chain in one call.
Which providers does it support?
Any of them. Because you inject the judge, Tribunal scores against OpenAI, Anthropic, Google, a local
model, or a mix, treated uniformly. Adapters are included for an OpenAI-style chat function and the Vercel
AI SDK, so wrapping your existing call is two lines.
Where does the state live?
In-process memory by default. Tribunal holds the candidate content, the rubric, and the policy while
it verifies; snapshot() returns a descriptive view of the configured evaluators, judges, and
policy for inspection. For disk-backed input, load a case, a rubric, a key pair, a verdict, or a chain from
JSON with @takk/tribunal/node. For an edge runtime, persist verdicts and the audit chain to
your own KV store.
How do I keep verification cost down?
Run the cheap deterministic evaluators first; they make no network calls. Reserve the model-as-judge panel
for outputs that need it, and keep the panel small. Selective, confidence-gated verification, running the
expensive panel only when confidence is low, is on the roadmap. Cross-verification trades more judge calls
for fewer escaped errors, the Condorcet effect, so size the panel to the risk.
How do I verify a published version's provenance?
Every release is published with npm publish --provenance. Check the attestations with
npm view @takk/tribunal@<version> --json | jq .dist.attestations. The attestation
links the tarball you installed to the GitHub Actions workflow that built it from a specific source commit.
What is the policy on breaking changes?
Strict SemVer 2.0.0, starting from 1.0.0. The binding stability surface is documented in SPEC.md section
5. Major bumps require a deprecation cycle; security fixes follow the disclosure flow in SECURITY.md.