@link-assistant/hive-mind 1.48.2 → 1.48.3

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @link-assistant/hive-mind
 
+## 1.48.3
+
+### Patch Changes
+
+- 2ac7f3c: Fix CI/CD lint failure caused by code duplication exceeding jscpd threshold (11.03% > 11%). Refactored test files to use shared `test-helpers.mjs` instead of duplicating assert/summary boilerplate, reducing duplication to 10.93%.
+- 0b06bda: Fix `--isolation screen` session monitoring bug where sessions were prematurely detected as completed (Issue #1545). Add `screen -ls` fallback for screen-backend sessions to work around start-command UUID mismatch issues (link-foundation/start#101).
+- 94eeaac: Immediately reject queued tasks when disk space (or any reject-strategy threshold) is exceeded, instead of leaving them in a waiting state indefinitely
+- f955f0b: Add GitHub entity existence validation to /solve command to fail immediately on non-existent issues, PRs, repos, or users
+
 ## 1.48.2
 
 ### Patch Changes
@@ -11,6 +20,7 @@
 ### Patch Changes
 
 - 6d385ab: Simplified cost display when public and Anthropic costs match, removed USD suffix from Anthropic cost line
+- Validate GitHub entity existence (user/org, repository, issue/PR) before executing /solve command. The telegram bot and solve CLI now fail immediately with helpful error messages when targeting non-existent entities, preventing wasted resources and providing faster feedback.
 
 ## 1.48.0
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-assistant/hive-mind",
-  "version": "1.48.2",
+  "version": "1.48.3",
   "description": "AI-powered issue solver and hive mind for collaborative problem solving",
   "main": "src/hive.mjs",
   "type": "module",

package/src/github-entity-validation.lib.mjs

@@ -0,0 +1,129 @@
+/**
+ * GitHub entity existence validation for /solve command.
+ * Extracted from github.lib.mjs to keep files under 1500 line limit.
+ * @see https://github.com/link-assistant/hive-mind/issues/1552
+ */
+if (typeof globalThis.use === 'undefined') globalThis.use = (await eval(await (await fetch('https://unpkg.com/use-m/use.js')).text())).use;
+const { $ } = await use('command-stream');
+import { ghCmdRetry } from './lib.mjs';
+import { ghPrView, ghIssueView } from './github.lib.mjs';
+
+/**
+ * Validate existence of GitHub entities (user/org, repository, issue/PR) before executing a command.
+ * Checks each level in order: user/org → repository → issue/PR, failing fast at the first missing entity.
+ *
+ * When autoAcceptInvite is enabled, invitations should be accepted BEFORE calling this function,
+ * so that newly-accepted repos/orgs are visible to the API checks.
+ *
+ * @param {Object} options - Validation options
+ * @param {string} options.owner - Repository owner (user or organization login)
+ * @param {string} options.repo - Repository name
+ * @param {number|string} [options.number] - Issue or PR number (if applicable)
+ * @param {string} [options.type] - URL type: 'issue' or 'pull'
+ * @param {boolean} [options.verbose=false] - Whether verbose logging is enabled
+ * @returns {Promise<{valid: boolean, error?: string, level?: string, details?: string}>}
+ *   - valid: true if all entities exist and are accessible
+ *   - error: user-facing error message (when valid=false)
+ *   - level: which entity level failed ('user', 'repo', 'issue', 'pull')
+ *   - details: additional context for verbose logging
+ */
+export async function validateGitHubEntityExistence({ owner, repo, number, type, verbose = false }) {
+  // Step 1: Check user/organization existence
+  try {
+    const userResult = await ghCmdRetry(() => $`gh api users/${owner} --jq .login`, { label: `check user ${owner}` });
+    if (userResult.code !== 0) {
+      const errorOutput = (userResult.stderr ? userResult.stderr.toString() : '') + (userResult.stdout ? userResult.stdout.toString() : '');
+      if (errorOutput.includes('404') || errorOutput.includes('Not Found')) {
+        return {
+          valid: false,
+          error: `GitHub user or organization '${owner}' does not exist.\n\n💡 Please check:\n• The username/organization name is spelled correctly\n• The account has not been deleted or renamed`,
+          level: 'user',
+        };
+      }
+      // Non-404 errors (network, auth) - don't block, let downstream handle
+      verbose && console.log(`[VERBOSE] Entity check: Could not verify user '${owner}': ${errorOutput.trim()}`);
+    }
+  } catch (e) {
+    verbose && console.log(`[VERBOSE] Entity check: User check error for '${owner}': ${e.message}`);
+  }
+
+  // Step 2: Check repository existence
+  try {
+    const repoResult = await ghCmdRetry(() => $`gh api repos/${owner}/${repo} --jq .full_name`, { label: `check repo ${owner}/${repo}` });
+    if (repoResult.code !== 0) {
+      const errorOutput = (repoResult.stderr ? repoResult.stderr.toString() : '') + (repoResult.stdout ? repoResult.stdout.toString() : '');
+      if (errorOutput.includes('404') || errorOutput.includes('Not Found')) {
+        return {
+          valid: false,
+          error: `Repository '${owner}/${repo}' not found or not accessible.\n\n💡 Please check:\n• The repository name is spelled correctly\n• If it's a private repository, ensure the bot has been granted access (GitHub returns 404 for private repos without permissions)\n• The repository has not been deleted or transferred\n• If you were recently invited, try using --auto-accept-invite to accept pending invitations`,
+          level: 'repo',
+        };
+      }
+      verbose && console.log(`[VERBOSE] Entity check: Could not verify repo '${owner}/${repo}': ${errorOutput.trim()}`);
+    }
+  } catch (e) {
+    verbose && console.log(`[VERBOSE] Entity check: Repo check error for '${owner}/${repo}': ${e.message}`);
+  }
+
+  // Step 3: Check issue or PR existence (if number is provided)
+  if (number) {
+    if (type === 'pull') {
+      try {
+        const prResult = await ghPrView({ prNumber: number, owner, repo, jsonFields: 'number,state' });
+        if (prResult.code !== 0 || !prResult.data) {
+          const errorOutput = prResult.output || '';
+          if (errorOutput.includes('Could not resolve') || errorOutput.includes('not found') || errorOutput.includes('404')) {
+            // Check if an issue with this number exists (common confusion)
+            let suggestion = '';
+            try {
+              const issueCheck = await ghIssueView({ issueNumber: number, owner, repo, jsonFields: 'number,title' });
+              if (issueCheck.code === 0 && issueCheck.data) {
+                suggestion = `\n\n💡 However, Issue #${number} exists: "${issueCheck.data.title}"\n   Did you mean: https://github.com/${owner}/${repo}/issues/${number}`;
+              }
+            } catch {
+              /* ignore */
+            }
+            return {
+              valid: false,
+              error: `Pull request #${number} does not exist in ${owner}/${repo}.${suggestion}\n\n💡 Please check:\n• The PR number is correct\n• The PR has not been deleted`,
+              level: 'pull',
+            };
+          }
+          verbose && console.log(`[VERBOSE] Entity check: Could not verify PR #${number}: ${errorOutput.trim()}`);
+        }
+      } catch (e) {
+        verbose && console.log(`[VERBOSE] Entity check: PR check error for #${number}: ${e.message}`);
+      }
+    } else {
+      // type === 'issue' or default
+      try {
+        const issueResult = await ghIssueView({ issueNumber: number, owner, repo, jsonFields: 'number,title' });
+        if (issueResult.code !== 0 || !issueResult.data) {
+          const errorOutput = issueResult.output || '';
+          if (errorOutput.includes('Could not resolve') || errorOutput.includes('not found') || errorOutput.includes('404')) {
+            // Check if a PR with this number exists (common confusion)
+            let suggestion = '';
+            try {
+              const prCheck = await ghPrView({ prNumber: number, owner, repo, jsonFields: 'number,title' });
+              if (prCheck.code === 0 && prCheck.data) {
+                suggestion = `\n\n💡 However, Pull Request #${number} exists: "${prCheck.data.title}"\n   Did you mean: https://github.com/${owner}/${repo}/pull/${number}`;
+              }
+            } catch {
+              /* ignore */
+            }
+            return {
+              valid: false,
+              error: `Issue #${number} does not exist in ${owner}/${repo}.${suggestion}\n\n💡 Please check:\n• The issue number is correct\n• The issue has not been deleted or transferred`,
+              level: 'issue',
+            };
+          }
+          verbose && console.log(`[VERBOSE] Entity check: Could not verify issue #${number}: ${errorOutput.trim()}`);
+        }
+      } catch (e) {
+        verbose && console.log(`[VERBOSE] Entity check: Issue check error for #${number}: ${e.message}`);
+      }
+    }
+  }
+
+  return { valid: true };
+}

package/src/github.lib.mjs

@@ -1464,10 +1464,9 @@ export async function detectRepositoryVisibility(owner, repo) {
     return { isPublic: true, visibility: null };
   }
 }
-// Re-export batch archived check from separate module
-export const batchCheckArchivedRepositories = batchCheckArchived;
-// Re-export log upload function from separate module
-export { uploadLogWithGhUploadLog } from './log-upload.lib.mjs';
+export { validateGitHubEntityExistence } from './github-entity-validation.lib.mjs'; // Issue #1552
+export const batchCheckArchivedRepositories = batchCheckArchived; // Re-export batch archived check
+export { uploadLogWithGhUploadLog } from './log-upload.lib.mjs'; // Re-export log upload function
 // Export all functions as default object too
 export default {
   maskGitHubToken,

package/src/isolation-runner.lib.mjs

@@ -181,15 +181,65 @@ export async function querySessionStatus(sessionId, verbose = false) {
 }
 
 /**
- * Check if an isolated session is still running
+ * Check if a screen session exists via `screen -ls`.
+ * Used as a fallback when `$ --status` fails to find or correctly track
+ * screen-based isolation sessions.
  *
- * @param {string} sessionId - UUID of the session
+ * @param {string} sessionName - Name of the screen session to check
  * @param {boolean} [verbose] - Enable verbose logging
+ * @returns {Promise<boolean>} True if screen session exists
+ * @see https://github.com/link-assistant/hive-mind/issues/1545
+ */
+export async function checkScreenSessionRunning(sessionName, verbose = false) {
+  try {
+    const result = await $({ mirror: false })`screen -ls`;
+    const output = result.stdout?.toString() || '';
+    const exists = output.includes(sessionName);
+    if (verbose) {
+      console.log(`[VERBOSE] isolation-runner: screen -ls check for '${sessionName}': ${exists ? 'running' : 'not found'}`);
+    }
+    return exists;
+  } catch {
+    // screen -ls returns exit code 1 when no sessions exist
+    return false;
+  }
+}
+
+/**
+ * Check if an isolated session is still running.
+ * Uses `$ --status` first, with a `screen -ls` fallback for screen-backend
+ * sessions to work around start-command UUID mismatch issues.
+ *
+ * @param {string} sessionId - UUID of the session (used for both $ --status and screen session name)
+ * @param {Object} [options] - Options
+ * @param {string} [options.backend] - Isolation backend ('screen', 'tmux', 'docker')
+ * @param {boolean} [options.verbose] - Enable verbose logging
  * @returns {Promise<boolean>} True if session is still executing
  */
-export async function isSessionRunning(sessionId, verbose = false) {
+export async function isSessionRunning(sessionId, options = {}) {
+  // Support legacy call signature: isSessionRunning(sessionId, verbose)
+  const opts = typeof options === 'boolean' ? { verbose: options } : options;
+  const { backend, verbose = false } = opts;
+
   const result = await querySessionStatus(sessionId, verbose);
-  return result.exists && result.status === 'executing';
+  if (result.exists && result.status === 'executing') {
+    return true;
+  }
+
+  // Fallback: for screen backend, check screen -ls directly.
+  // This works around start-command bugs where:
+  // 1. $ --status can't find session by --session name (only by internal UUID)
+  // 2. $ --status reports "executed" immediately for --detached screen sessions
+  // See: https://github.com/link-assistant/hive-mind/issues/1545
+  if (backend === 'screen') {
+    const screenRunning = await checkScreenSessionRunning(sessionId, verbose);
+    if (screenRunning && verbose) {
+      console.log(`[VERBOSE] isolation-runner: $ --status says not running, but screen -ls confirms session '${sessionId}' is still active`);
+    }
+    return screenRunning;
+  }
+
+  return false;
 }
 
 /**

package/src/session-monitor.lib.mjs

@@ -21,13 +21,17 @@ import { exec as execCallback } from 'child_process';
 const exec = promisify(execCallback);
 
 // Lazy import for isolation runner (only when needed)
-let _querySessionStatus = null;
-async function getQuerySessionStatus() {
-  if (!_querySessionStatus) {
-    const mod = await import('./isolation-runner.lib.mjs');
-    _querySessionStatus = mod.querySessionStatus;
+let _isolationRunner = null;
+async function getIsolationRunner() {
+  if (!_isolationRunner) {
+    _isolationRunner = await import('./isolation-runner.lib.mjs');
   }
-  return _querySessionStatus;
+  return _isolationRunner;
+}
+// Legacy accessor for querySessionStatus
+async function getQuerySessionStatus() {
+  const mod = await getIsolationRunner();
+  return mod.querySessionStatus;
 }
 
 // In-memory session store
@@ -49,16 +53,23 @@ export async function checkScreenSessionExists(sessionName) {
 }
 
 /**
- * Check if an isolated session is still running using $ --status
- * @param {string} sessionId - UUID of the isolated session
- * @param {boolean} verbose - Whether to log verbose output
+ * Check if an isolated session is still running.
+ * Uses isolation-runner's isSessionRunning which includes screen -ls fallback
+ * for screen-backend sessions to work around start-command UUID mismatch.
+ *
+ * @param {string} sessionId - UUID of the isolated session (screen session name)
+ * @param {Object} [options] - Options
+ * @param {string} [options.backend] - Isolation backend ('screen', 'tmux', 'docker')
+ * @param {boolean} [options.verbose] - Whether to log verbose output
  * @returns {Promise<boolean>} True if session is still running
+ * @see https://github.com/link-assistant/hive-mind/issues/1545
  */
-async function checkIsolatedSessionRunning(sessionId, verbose = false) {
+async function checkIsolatedSessionRunning(sessionId, options = {}) {
+  const opts = typeof options === 'boolean' ? { verbose: options } : options;
+  const { backend, verbose = false } = opts;
   try {
-    const queryStatus = await getQuerySessionStatus();
-    const result = await queryStatus(sessionId, verbose);
-    return result.exists && result.status === 'executing';
+    const runner = await getIsolationRunner();
+    return await runner.isSessionRunning(sessionId, { backend, verbose });
   } catch (error) {
     if (verbose) {
       console.error(`[VERBOSE] Error checking isolated session ${sessionId}: ${error.message}`);
@@ -169,8 +180,12 @@ export async function monitorSessions(bot, verbose = false) {
     let exitCode = null;
 
     if (sessionInfo.isolationBackend && sessionInfo.sessionId) {
-      // Isolation mode: use $ --status for reliable tracking
-      stillRunning = await checkIsolatedSessionRunning(sessionInfo.sessionId, verbose);
+      // Isolation mode: use $ --status with screen -ls fallback for screen backend
+      // See: https://github.com/link-assistant/hive-mind/issues/1545
+      stillRunning = await checkIsolatedSessionRunning(sessionInfo.sessionId, {
+        backend: sessionInfo.isolationBackend,
+        verbose,
+      });
       if (!stillRunning) {
         exitCode = await getIsolatedSessionExitCode(sessionInfo.sessionId, verbose);
       }

package/src/solve.mjs

@@ -89,8 +89,7 @@ const { autoAcceptInviteForRepo } = await import('./solve.accept-invite.lib.mjs'
 
 // Initialize log file early (before argument parsing) to capture all output
 const logFile = await initializeLogFile(null);
-
-// Log version and raw command IMMEDIATELY after log file initialization (ensures they appear even if parsing fails)
+// Log version and raw command IMMEDIATELY after log file initialization
 const versionInfo = await getVersionInfo();
 await log('');
 await log(`🚀 solve v${versionInfo}`);
@@ -115,7 +114,6 @@ setupVerboseLogInterceptor(); // Issue #1466: capture [VERBOSE] output in log fi
 setupStdioLogInterceptor(); // Issue #1549: capture ALL terminal output in log file
 
 // Early logs go to cwd; custom log dir takes effect after argv is parsed
-
 // Conditionally import tool-specific functions after argv is parsed
 let checkForUncommittedChanges;
 if (argv.tool === 'opencode') {
@@ -206,8 +204,7 @@ if (!(await validateContinueOnlyOnFeedback(argv, isPrUrl, isIssueUrl))) {
   await safeExit(1, 'Feedback validation failed');
 }
 
-// Validate model name EARLY - this always runs regardless of --skip-tool-connection-check
-// Model validation is a simple string check and should always be performed
+// Validate model name EARLY - always runs regardless of --skip-tool-connection-check
 const tool = argv.tool || 'claude';
 await validateAndExitOnInvalidModel(argv.model, tool, safeExit);
 
@@ -233,12 +230,14 @@ if (argv.verbose) {
   await log(`   Is PR URL: ${!!isPrUrl}`, { verbose: true });
 }
 const claudePath = argv.executeToolWithBun ? 'bunx claude' : process.env.CLAUDE_PATH || 'claude';
-// Note: owner, repo, and urlNumber are extracted from validateGitHubUrl() above (parseUrlComponents() removed due to hash fragment bug)
-
+// Note: owner, repo, and urlNumber are extracted from validateGitHubUrl() above
+// Accept pending invitation BEFORE any access checks (auto-fork, permissions, entity validation)
+if (argv.autoAcceptInvite) {
+  await autoAcceptInviteForRepo(owner, repo, log, argv.verbose);
+}
 // Handle --auto-fork option: automatically fork public repositories without write access
 if (argv.autoFork && !argv.fork) {
   const { detectRepositoryVisibility } = githubLib;
-
   // Check if we have write access first (issue #1536: retry on transient network errors)
   await log('🔍 Checking repository access for auto-fork...');
   const permResult = await lib.ghCmdRetry(() => $`gh api repos/${owner}/${repo} --jq .permissions`, { label: 'auto-fork perms' });
@@ -304,14 +303,7 @@ if (argv.autoFork && !argv.fork) {
     argv.fork = true;
   }
 }
-
-// Accept pending GitHub invitation for the specific repo/org before checking write access
-if (argv.autoAcceptInvite) {
-  await autoAcceptInviteForRepo(owner, repo, log, argv.verbose);
-}
-
-// Early check: Verify repository write permissions BEFORE doing any work
-// This prevents wasting AI tokens when user doesn't have access and --fork is not used
+// Permission check BEFORE entity validation (#1552): avoids false 404 on private repos without access
 const { checkRepositoryWritePermission } = githubLib;
 const hasWriteAccess = await checkRepositoryWritePermission(owner, repo, {
   useFork: argv.fork,
@@ -324,6 +316,13 @@ if (!hasWriteAccess) {
   await safeExit(1, 'Permission check failed');
 }
 
+// Issue #1552: Validate entity existence AFTER permissions (cascade: user/org → repo → issue/PR)
+const entityCheck = await (await import('./github-entity-validation.lib.mjs')).validateGitHubEntityExistence({ owner, repo, number: urlNumber, type: isIssueUrl ? 'issue' : isPrUrl ? 'pull' : undefined, verbose: argv.verbose });
+if (!entityCheck.valid) {
+  await log(`\n❌ ${entityCheck.error}\n`, { level: 'error' });
+  await safeExit(1, `GitHub entity not found (${entityCheck.level})`);
+}
+
 // Detect repository visibility and set auto-cleanup default if not explicitly set
 if (argv.autoCleanup === undefined) {
   const { detectRepositoryVisibility } = githubLib;

package/src/telegram-bot.mjs

@@ -37,7 +37,7 @@ const _helpersBot = helpersModuleBot.default || helpersModuleBot;
 const hideBin = _helpersBot.hideBin || (argv => argv.slice(2));
 const { createYargsConfig: createSolveYargsConfig, detectMalformedFlags } = await import('./solve.config.lib.mjs');
 const { createYargsConfig: createHiveYargsConfig } = await import('./hive.config.lib.mjs');
-const { parseGitHubUrl } = await import('./github.lib.mjs');
+const { parseGitHubUrl, validateGitHubEntityExistence } = await import('./github.lib.mjs');
 const { validateModelName, buildModelOptionDescription } = await import('./models/index.mjs');
 const { validateBranchInArgs } = await import('./solve.branch.lib.mjs');
 const { extractIsolationFromArgs, isValidPerCommandIsolation, resolveIsolation, createIsolationAwareQueueCallback } = await import('./telegram-isolation.lib.mjs');
@@ -282,10 +282,7 @@ if (config.dryRun) {
 }
 
 // === HEAVY DEPENDENCIES LOADED BELOW (skipped in dry-run mode) ===
-// These imports are placed after the dry-run check to significantly speed up
-// configuration validation. The telegraf module in particular can take 3-8 seconds
-// to load on cold start due to network fetch from unpkg.com CDN.
-// See issue #801 for details.
+// These imports are after dry-run check to speed up config validation. Telegraf can take 3-8s to load on cold start (issue #801).
 
 // Initialize Sentry for error tracking
 await initializeSentry({
@@ -297,17 +294,12 @@ const telegrafModule = await use('telegraf');
 const { Telegraf } = telegrafModule;
 
 const bot = new Telegraf(BOT_TOKEN, {
-  // Remove the default 90-second timeout for message handlers
-  // This is important because command handlers (like /solve) spawn long-running processes
-  handlerTimeout: Infinity,
+  handlerTimeout: Infinity, // Remove default 90s timeout; command handlers like /solve spawn long-running processes
 });
 
-// Track bot startup time to ignore messages sent before bot started
-// Using Unix timestamp (seconds since epoch) to match Telegram's message.date format
+// Track bot startup time (Unix seconds to match Telegram's message.date format)
 const BOT_START_TIME = Math.floor(Date.now() / 1000);
-
-// Wrapper functions that bind extracted filter functions to bot-specific state
-// The actual logic is in telegram-message-filters.lib.mjs for testability (issue #1207)
+// Wrapper functions binding filter logic to bot state (actual logic in telegram-message-filters.lib.mjs, issue #1207)
 function isChatAuthorized(chatId) {
   return _isChatAuthorized(chatId, allowedChats);
 }
@@ -990,9 +982,20 @@ async function handleSolveCommand(ctx) {
     });
     return;
   }
-
-  // Use normalized URL from validation to ensure consistent duplicate detection
-  // See: https://github.com/link-assistant/hive-mind/issues/1080
+  // Issue #1552: Validate GitHub entity existence before queueing/executing
+  if (args.some(a => a === '--auto-accept-invite') && validation.parsed.owner && validation.parsed.repo) {
+    try {
+      await (await import('./solve.accept-invite.lib.mjs')).autoAcceptInviteForRepo(validation.parsed.owner, validation.parsed.repo, async () => {}, false);
+    } catch (e) {
+      VERBOSE && console.log(`[VERBOSE] Auto-accept invite pre-check failed: ${e.message}`);
+    }
+  }
+  const entityCheck = await validateGitHubEntityExistence({ owner: validation.parsed.owner, repo: validation.parsed.repo, number: validation.parsed.number, type: validation.parsed.type, verbose: VERBOSE });
+  if (!entityCheck.valid) {
+    await safeReply(ctx, `❌ ${escapeMarkdown(entityCheck.error)}`, { reply_to_message_id: ctx.message.message_id });
+    return;
+  }
+  // Use normalized URL from validation to ensure consistent duplicate detection (issue #1080)
   const normalizedUrl = validation.parsed.normalized;
 
   const requester = buildUserMention({ user: ctx.from, parseMode: 'Markdown' });

package/src/telegram-solve-queue.lib.mjs

@@ -480,8 +480,13 @@ export class SolveQueue {
    * Find startable items from each tool queue
    * Returns the first item from each tool queue that can start.
    * With separate queues, each tool is checked independently so they don't block each other.
+   *
+   * Also immediately rejects all queued items when a 'reject' strategy threshold
+   * is exceeded, instead of leaving them waiting indefinitely.
+   *
    * @returns {Promise<Array<{item: SolveQueueItem, tool: string, index: number, check: Object}>>}
    * @see https://github.com/link-assistant/hive-mind/issues/1159
+   * @see https://github.com/link-assistant/hive-mind/issues/1555
    */
   async findStartableItems() {
     const startableItems = [];
@@ -490,10 +495,18 @@ export class SolveQueue {
       if (toolQueue.length === 0) continue;
 
       // Check if first item in this tool's queue can start
-      const item = toolQueue[0];
       const check = await this.canStartCommand({ tool });
 
+      // When a 'reject' strategy threshold is exceeded, immediately reject
+      // all items in this tool's queue instead of leaving them waiting.
+      // See: https://github.com/link-assistant/hive-mind/issues/1555
+      if (check.rejected) {
+        await this.rejectAllItemsInQueue(tool, toolQueue, check.rejectReason);
+        continue;
+      }
+
       if (check.canStart) {
+        const item = toolQueue[0];
         // Also check one-at-a-time mode for this specific tool
         // For tool-specific one-at-a-time, only count that tool's processing items
         const toolProcessingCount = this.getProcessingCountByTool(tool);
@@ -509,6 +522,30 @@ export class SolveQueue {
     return startableItems;
   }
 
+  /**
+   * Reject all items in a tool queue and notify users.
+   * Called when a 'reject' strategy threshold is exceeded for queued items.
+   *
+   * @param {string} tool - Tool type (e.g., 'claude', 'agent')
+   * @param {SolveQueueItem[]} toolQueue - The tool's queue array
+   * @param {string} rejectReason - Reason for rejection
+   * @see https://github.com/link-assistant/hive-mind/issues/1555
+   */
+  async rejectAllItemsInQueue(tool, toolQueue, rejectReason) {
+    const reason = rejectReason || 'Resource limit exceeded';
+    while (toolQueue.length > 0) {
+      const item = toolQueue.shift();
+      item.setFailed(reason);
+      this.failed.push(item);
+      this.stats.totalFailed++;
+
+      this.log(`Rejected queued item: ${item.toString()} from ${tool} queue - ${reason}`);
+
+      await this.updateItemMessage(item, `❌ Solve command rejected.\n\n${item.infoBlock}\n\n🚫 Reason: ${reason}`);
+    }
+    while (this.failed.length > 100) this.failed.shift();
+  }
+
   /**
    * Find first queue item that can start based on its tool's limits (legacy compatibility)
    * With separate queues, returns the first startable item from any tool queue.
@@ -1069,22 +1106,31 @@ export class SolveQueue {
   }
 
   /**
-   * Update all waiting items with their tool-specific waiting reasons
+   * Update all waiting items with their tool-specific waiting reasons.
+   * Items blocked by a 'reject' strategy threshold are immediately rejected
+   * and removed from the queue, since they cannot proceed and keeping them
+   * queued would only confuse users (the queue is lost on restart anyway).
+   *
    * @see https://github.com/link-assistant/hive-mind/issues/1078
+   * @see https://github.com/link-assistant/hive-mind/issues/1555
    */
   async updateAllWaitingItems() {
     for (const [tool, toolQueue] of Object.entries(this.queues)) {
+      // First check if the tool's threshold triggers a 'reject' strategy.
+      // If so, reject all items at once rather than iterating one by one.
+      // See: https://github.com/link-assistant/hive-mind/issues/1555
+      const toolCheck = await this.canStartCommand({ tool });
+      if (toolCheck.rejected) {
+        await this.rejectAllItemsInQueue(tool, toolQueue, toolCheck.rejectReason);
+        continue;
+      }
+
       for (let i = 0; i < toolQueue.length; i++) {
         const item = toolQueue[i];
         if (item.status === QueueItemStatus.QUEUED || item.status === QueueItemStatus.WAITING) {
-          // Get the specific reason for this item's tool
-          const itemCheck = await this.canStartCommand({ tool: item.tool });
           const previousStatus = item.status;
           const previousReason = item.waitingReason;
-          // Use rejectReason when threshold strategy is 'reject', otherwise use reason
-          // This ensures disk-full and other rejection reasons are shown properly
-          // See: https://github.com/link-assistant/hive-mind/issues/1267
-          const waitReason = itemCheck.rejectReason || itemCheck.reason || 'Waiting in queue';
+          const waitReason = toolCheck.reason || 'Waiting in queue';
           item.setWaiting(waitReason);
 
           // Update message if status/reason changed or it's time for periodic update