neohive 6.2.2 → 6.4.0

package/tools/governance.js

@@ -115,11 +115,13 @@ module.exports = function (ctx) {
     reviews.push(review);
     writeJsonFile(REVIEWS_FILE, reviews);
 
-    broadcastSystemMessage(`[REVIEW] ${state.registeredName} requests review of "${review.file}": ${review.description || 'No description'}. Call submit_review("${review.id}", "approved"/"changes_requested", "your feedback") to review.`, state.registeredName);
+    broadcastSystemMessage(`[REVIEW REQUEST] ${state.registeredName} requests review of "${review.file}": ${review.description || 'No description'}. To review: (1) read the file "${review.file}", (2) call submit_review("${review.id}", "approved"/"changes_requested", "<your findings — min 50 chars>"). Feedback is required and must be substantive.`, state.registeredName);
     touchActivity();
-    return { success: true, review_id: review.id, file: review.file, message: 'Review requested. Team has been notified.' };
+    return { success: true, review_id: review.id, file: review.file, next_action: 'Call listen() to wait for the review.' };
   }
 
+  const REVIEW_FEEDBACK_MIN_LENGTH = 50;
+
   function toolSubmitReview(reviewId, status, feedback) {
     if (!state.registeredName) return { error: 'You must call register() first' };
 
@@ -131,6 +133,26 @@ module.exports = function (ctx) {
     if (!review) return { error: `Review not found: ${reviewId}` };
     if (review.requested_by === state.registeredName) return { error: 'Cannot review your own code.' };
 
+    // Enforce substantive feedback — rubber-stamping is not allowed
+    const feedbackText = (feedback || '').trim();
+    if (!feedbackText) {
+      return {
+        error: `Feedback is required. You must read "${review.file}" and describe what you found before submitting a review.`,
+        next_action: `Read the file "${review.file}" first, then call submit_review("${reviewId}", "${status}", "<your findings>").`,
+      };
+    }
+    if (feedbackText.length < REVIEW_FEEDBACK_MIN_LENGTH) {
+      return {
+        error: `Feedback too short (${feedbackText.length} chars, minimum ${REVIEW_FEEDBACK_MIN_LENGTH}). Describe specific findings — what you read, what issues you found or verified, and why you ${status === 'approved' ? 'approve' : 'request changes'}.`,
+        next_action: `Read the file "${review.file}" first, then call submit_review("${reviewId}", "${status}", "<your detailed findings>").`,
+      };
+    }
+
+    // Log audit entry for thin approvals (short feedback on an approval)
+    if (status === 'approved' && feedbackText.length < 150) {
+      logViolation('thin_review', state.registeredName, `Approved "${review.file}" with minimal feedback (${feedbackText.length} chars): "${feedbackText.substring(0, 100)}"`);
+    }
+
     review.status = status;
     review.reviewer = state.registeredName;
     review.feedback = (feedback || '').substring(0, 2000);
@@ -191,7 +213,10 @@ module.exports = function (ctx) {
     writeJsonFile(REVIEWS_FILE, reviews);
     touchActivity();
 
-    const result = { success: true, review_id: reviewId, status: review.status, message: `Review submitted: ${review.status}` };
+    const reviewNextAction = review.status === 'approved'
+      ? 'Call listen() to continue.'
+      : 'Call listen() — the author will fix and resubmit.';
+    const result = { success: true, review_id: reviewId, status: review.status, next_action: reviewNextAction };
     if (review.review_round) result.review_round = review.review_round;
     if (review.auto_approved) result.auto_approved = true;
     return result;
@@ -381,12 +406,12 @@ module.exports = function (ctx) {
     {
       name: 'request_review',
       description: 'Request a code review from the team. Creates a review request and notifies all agents.',
-      inputSchema: { type: 'object', properties: { file_path: { type: 'string', description: 'File to review' }, description: { type: 'string', description: 'What to focus on in the review' } }, required: ['file_path'], additionalProperties: false },
+      inputSchema: { type: 'object', properties: { file_path: { type: 'string', description: 'File to review', maxLength: 500 }, description: { type: 'string', description: 'What to focus on in the review', maxLength: 2000 } }, required: ['file_path'], additionalProperties: false },
     },
     {
       name: 'submit_review',
-      description: 'Submit a code review — approve or request changes with feedback.',
-      inputSchema: { type: 'object', properties: { review_id: { type: 'string', description: 'Review ID' }, status: { type: 'string', enum: ['approved', 'changes_requested'], description: 'Review result' }, feedback: { type: 'string', description: 'Your review feedback (max 2000 chars)' } }, required: ['review_id', 'status'], additionalProperties: false },
+      description: 'Submit a code review — approve or request changes. You MUST read the file under review before calling this. Feedback is required (minimum 50 chars) and must describe specific findings — what you read, what issues you found or confirmed. Rubber-stamp approvals are rejected.',
+      inputSchema: { type: 'object', properties: { review_id: { type: 'string', description: 'Review ID', maxLength: 50 }, status: { type: 'string', enum: ['approved', 'changes_requested'], description: 'Review result' }, feedback: { type: 'string', description: 'Your findings from reading the file (required, min 50 chars). Describe what you read and what you found — bugs, security issues, correctness, or confirmation that the code is clean.', maxLength: 2000, minLength: 50 } }, required: ['review_id', 'status', 'feedback'], additionalProperties: false },
     },
     // Rules
     {
@@ -395,7 +420,7 @@ module.exports = function (ctx) {
       inputSchema: {
         type: 'object',
         properties: {
-          text: { type: 'string', description: 'The rule text' },
+          text: { type: 'string', description: 'The rule text', maxLength: 2000 },
           category: { type: 'string', description: 'Rule category: safety, workflow, code-style, communication, custom' },
           scope: {
             type: 'object',
@@ -430,7 +455,7 @@ module.exports = function (ctx) {
     {
       name: 'log_violation',
       description: 'Log a workflow rule violation to the audit trail. Used automatically by review gates, or manually to flag issues.',
-      inputSchema: { type: 'object', properties: { type: { type: 'string', description: 'Violation type: review_skipped, push_without_approval, rule_violated, etc.' }, details: { type: 'string', description: 'Description of the violation' } }, required: ['type'], additionalProperties: false },
+      inputSchema: { type: 'object', properties: { type: { type: 'string', description: 'Violation type: review_skipped, push_without_approval, rule_violated, etc.', maxLength: 100 }, details: { type: 'string', description: 'Description of the violation', maxLength: 2000 } }, required: ['type'], additionalProperties: false },
     },
     {
       name: 'request_push_approval',

package/tools/knowledge.js

@@ -132,7 +132,7 @@ module.exports = function (ctx) {
       total_messages: compressed.segments.reduce((s, seg) => s + seg.message_count, 0) + recent.length,
       compressed_count: compressed.segments.reduce((s, seg) => s + seg.message_count, 0),
       recent_count: recent.length,
-      hint: 'Compressed segments summarize older messages. Recent messages are shown verbatim.',
+      next_action: 'Call listen() to receive messages.',
     };
   }
 
@@ -223,9 +223,9 @@ module.exports = function (ctx) {
       progress,
       your_tasks: myActiveTasks.map(t => ({ id: t.id, title: t.title, status: t.status })),
       your_completed: myCompletedCount,
-      hint: myActiveTasks.length > 0
-        ? `You have ${myActiveTasks.length} active task(s). Continue working.`
-        : 'You are now briefed. Check active tasks and start contributing.',
+      next_action: myActiveTasks.length > 0
+        ? `You have ${myActiveTasks.length} active task(s). Continue working, then call listen().`
+        : 'Call listen() to receive messages and start working.',
     };
   }
 

package/tools/messaging.js

@@ -56,7 +56,9 @@ module.exports = function (ctx) {
       result.preview = `${latest.from}: "${latest.content.substring(0, 80).replace(/\n/g, ' ')}..."`;
       const oldestAge = Math.round((Date.now() - new Date(unconsumed[0].timestamp).getTime()) / 1000);
       result.urgency = oldestAge > 120 ? 'critical' : oldestAge > 30 ? 'urgent' : 'normal';
-      result.action_required = 'You have unread messages. Call listen() to receive and process them. Do NOT call check_messages() again — it does not consume messages and you will see the same messages repeatedly.';
+      result.next_action = 'Call listen() to receive and process these messages.';
+    } else {
+      result.next_action = 'Call listen() to wait for new messages.';
     }
 
     return result;

package/tools/safety.js

@@ -34,7 +34,7 @@ module.exports = function (ctx) {
     locks[normalized] = { agent: state.registeredName, since: new Date().toISOString() };
     writeJsonFile(LOCKS_FILE, locks);
     touchActivity();
-    return { success: true, file: normalized, message: `File locked. Other agents cannot edit "${normalized}" until you call unlock_file().` };
+    return { success: true, file: normalized, next_action: 'Edit the file, then call unlock_file() when done.' };
   }
 
   function toolUnlockFile(filePath) {
@@ -48,15 +48,15 @@ module.exports = function (ctx) {
         if (lock.agent === state.registeredName) { delete locks[fp]; count++; }
       }
       writeJsonFile(LOCKS_FILE, locks);
-      return { success: true, unlocked: count, message: `Unlocked ${count} file(s).` };
+      return { success: true, unlocked: count, message: `Unlocked ${count} file(s).`, next_action: 'Call listen() to receive messages.' };
     }
 
-    if (!locks[normalized]) return { success: true, message: 'File was not locked.' };
+    if (!locks[normalized]) return { success: true, message: 'File was not locked.', next_action: 'Call listen() to receive messages.' };
     if (locks[normalized].agent !== state.registeredName) return { error: `File is locked by ${locks[normalized].agent}, not you.` };
 
     delete locks[normalized];
     writeJsonFile(LOCKS_FILE, locks);
-    return { success: true, file: normalized, message: 'File unlocked.' };
+    return { success: true, file: normalized, message: 'File unlocked.', next_action: 'Call listen() to receive messages.' };
   }
 
   // --- Dependencies ---

package/tools/tasks.js

@@ -81,7 +81,7 @@ module.exports = function (ctx) {
     saveTasks(tasks);
     touchActivity();
 
-    const result = { success: true, task_id: task.id, assignee: task.assignee };
+    const result = { success: true, task_id: task.id, assignee: task.assignee, next_action: 'Call listen() to receive updates.' };
     if (taskChannel) result.channel = taskChannel;
     return result;
   }
@@ -160,6 +160,7 @@ module.exports = function (ctx) {
             task_id: task.id,
             status: 'in_review',
             review_id: reviewId,
+            next_action: 'Call listen() to wait for the reviewer to approve.',
             message: `Cannot mark done — a reviewer is online and no approval exists. Review ${reviewId} auto-created. Wait for approval, then try again.`,
           };
         }
@@ -291,7 +292,11 @@ module.exports = function (ctx) {
       for (const n of notifications) { helpers.sendSystemMessage(n.agent, n.message); }
     } catch (e) { /* hooks not available */ }
 
-    return { success: true, task_id: task.id, status: task.status, title: task.title };
+    const nextAction = status === 'done' ? 'Send a summary of what you did via send_message(), then call listen().'
+      : status === 'in_progress' ? `Do the work on "${task.title}", then call update_task("${task.id}", "done") when finished.`
+      : status === 'blocked' ? 'Send a message explaining the blocker, then call listen().'
+      : 'Call listen() to receive updates.';
+    return { success: true, task_id: task.id, status: task.status, title: task.title, next_action: nextAction };
   }
 
   // --- List Tasks ---
@@ -393,9 +398,9 @@ module.exports = function (ctx) {
       inputSchema: {
         type: 'object',
         properties: {
-          title: { type: 'string', description: 'Short task title' },
-          description: { type: 'string', description: 'Detailed task description' },
-          assignee: { type: 'string', description: 'Agent to assign to (optional, auto-assigns with 2 agents)' },
+          title: { type: 'string', description: 'Short task title', maxLength: 200 },
+          description: { type: 'string', description: 'Detailed task description', maxLength: 5000 },
+          assignee: { type: 'string', description: 'Agent to assign to (optional, auto-assigns with 2 agents)', maxLength: 50 },
         },
         required: ['title'],
         additionalProperties: false,
@@ -407,9 +412,9 @@ module.exports = function (ctx) {
       inputSchema: {
         type: 'object',
         properties: {
-          task_id: { type: 'string', description: 'Task ID to update' },
+          task_id: { type: 'string', description: 'Task ID to update', maxLength: 50 },
           status: { type: 'string', enum: ['pending', 'in_progress', 'in_review', 'done', 'blocked', 'blocked_permanent'], description: 'New status' },
-          notes: { type: 'string', description: 'Optional progress note' },
+          notes: { type: 'string', description: 'Optional progress note', maxLength: 2000 },
         },
         required: ['task_id', 'status'],
         additionalProperties: false,

package/tools/workflows.js

@@ -102,7 +102,7 @@ module.exports = function (ctx) {
       autonomous,
       parallel,
       started_steps: startedSteps.map(s => ({ id: s.id, description: s.description, assignee: s.assignee })),
-      message: autonomous ? 'Autonomous workflow created. All agents should call get_work() to enter the proactive work loop.' : undefined,
+      next_action: autonomous ? 'Call get_work() for your assignment.' : 'Call listen() to receive updates.',
     };
   }
 
@@ -179,6 +179,7 @@ module.exports = function (ctx) {
       next_steps: nextSteps.length > 0 ? nextSteps.map(s => ({ id: s.id, description: s.description, assignee: s.assignee })) : null,
       progress: `${doneCount}/${wf.steps.length} (${pct}%)`,
       workflow_status: wf.status,
+      next_action: wf.autonomous ? 'Call get_work() for your next assignment.' : 'Call listen() to receive the next step.',
     };
   }