npm - neohive - Versions diffs - 6.3.0 → 6.4.1 - Mend

neohive 6.3.0 → 6.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/tools/governance.js CHANGED Viewed

@@ -115,11 +115,13 @@ module.exports = function (ctx) {
     reviews.push(review);
     writeJsonFile(REVIEWS_FILE, reviews);
-    broadcastSystemMessage(`[REVIEW] ${state.registeredName} requests review of "${review.file}": ${review.description || 'No description'}. Call submit_review("${review.id}", "approved"/"changes_requested", "your feedback") to review.`, state.registeredName);
+    broadcastSystemMessage(`[REVIEW REQUEST] ${state.registeredName} requests review of "${review.file}": ${review.description || 'No description'}. To review: (1) read the file "${review.file}", (2) call submit_review("${review.id}", "approved"/"changes_requested", "<your findings — min 50 chars>"). Feedback is required and must be substantive.`, state.registeredName);
     touchActivity();
     return { success: true, review_id: review.id, file: review.file, next_action: 'Call listen() to wait for the review.' };
   }
+  const REVIEW_FEEDBACK_MIN_LENGTH = 50;
   function toolSubmitReview(reviewId, status, feedback) {
     if (!state.registeredName) return { error: 'You must call register() first' };
@@ -131,6 +133,26 @@ module.exports = function (ctx) {
     if (!review) return { error: `Review not found: ${reviewId}` };
     if (review.requested_by === state.registeredName) return { error: 'Cannot review your own code.' };
+    // Enforce substantive feedback — rubber-stamping is not allowed
+    const feedbackText = (feedback || '').trim();
+    if (!feedbackText) {
+      return {
+        error: `Feedback is required. You must read "${review.file}" and describe what you found before submitting a review.`,
+        next_action: `Read the file "${review.file}" first, then call submit_review("${reviewId}", "${status}", "<your findings>").`,
+      };
+    }
+    if (feedbackText.length < REVIEW_FEEDBACK_MIN_LENGTH) {
+      return {
+        error: `Feedback too short (${feedbackText.length} chars, minimum ${REVIEW_FEEDBACK_MIN_LENGTH}). Describe specific findings — what you read, what issues you found or verified, and why you ${status === 'approved' ? 'approve' : 'request changes'}.`,
+        next_action: `Read the file "${review.file}" first, then call submit_review("${reviewId}", "${status}", "<your detailed findings>").`,
+      };
+    }
+    // Log audit entry for thin approvals (short feedback on an approval)
+    if (status === 'approved' && feedbackText.length < 150) {
+      logViolation('thin_review', state.registeredName, `Approved "${review.file}" with minimal feedback (${feedbackText.length} chars): "${feedbackText.substring(0, 100)}"`);
+    }
     review.status = status;
     review.reviewer = state.registeredName;
     review.feedback = (feedback || '').substring(0, 2000);
@@ -384,12 +406,12 @@ module.exports = function (ctx) {
     {
       name: 'request_review',
       description: 'Request a code review from the team. Creates a review request and notifies all agents.',
-      inputSchema: { type: 'object', properties: { file_path: { type: 'string', description: 'File to review' }, description: { type: 'string', description: 'What to focus on in the review' } }, required: ['file_path'], additionalProperties: false },
+      inputSchema: { type: 'object', properties: { file_path: { type: 'string', description: 'File to review', maxLength: 500 }, description: { type: 'string', description: 'What to focus on in the review', maxLength: 2000 } }, required: ['file_path'], additionalProperties: false },
     },
     {
       name: 'submit_review',
-      description: 'Submit a code review — approve or request changes with feedback.',
-      inputSchema: { type: 'object', properties: { review_id: { type: 'string', description: 'Review ID' }, status: { type: 'string', enum: ['approved', 'changes_requested'], description: 'Review result' }, feedback: { type: 'string', description: 'Your review feedback (max 2000 chars)' } }, required: ['review_id', 'status'], additionalProperties: false },
+      description: 'Submit a code review — approve or request changes. You MUST read the file under review before calling this. Feedback is required (minimum 50 chars) and must describe specific findings — what you read, what issues you found or confirmed. Rubber-stamp approvals are rejected.',
+      inputSchema: { type: 'object', properties: { review_id: { type: 'string', description: 'Review ID', maxLength: 50 }, status: { type: 'string', enum: ['approved', 'changes_requested'], description: 'Review result' }, feedback: { type: 'string', description: 'Your findings from reading the file (required, min 50 chars). Describe what you read and what you found — bugs, security issues, correctness, or confirmation that the code is clean.', maxLength: 2000, minLength: 50 } }, required: ['review_id', 'status', 'feedback'], additionalProperties: false },
     },
     // Rules
     {
@@ -398,7 +420,7 @@ module.exports = function (ctx) {
       inputSchema: {
         type: 'object',
         properties: {
-          text: { type: 'string', description: 'The rule text' },
+          text: { type: 'string', description: 'The rule text', maxLength: 2000 },
           category: { type: 'string', description: 'Rule category: safety, workflow, code-style, communication, custom' },
           scope: {
             type: 'object',
@@ -433,7 +455,7 @@ module.exports = function (ctx) {
     {
       name: 'log_violation',
       description: 'Log a workflow rule violation to the audit trail. Used automatically by review gates, or manually to flag issues.',
-      inputSchema: { type: 'object', properties: { type: { type: 'string', description: 'Violation type: review_skipped, push_without_approval, rule_violated, etc.' }, details: { type: 'string', description: 'Description of the violation' } }, required: ['type'], additionalProperties: false },
+      inputSchema: { type: 'object', properties: { type: { type: 'string', description: 'Violation type: review_skipped, push_without_approval, rule_violated, etc.', maxLength: 100 }, details: { type: 'string', description: 'Description of the violation', maxLength: 2000 } }, required: ['type'], additionalProperties: false },
     },
     {
       name: 'request_push_approval',

package/tools/messaging.js CHANGED Viewed

@@ -57,6 +57,8 @@ module.exports = function (ctx) {
       const oldestAge = Math.round((Date.now() - new Date(unconsumed[0].timestamp).getTime()) / 1000);
       result.urgency = oldestAge > 120 ? 'critical' : oldestAge > 30 ? 'urgent' : 'normal';
       result.next_action = 'Call listen() to receive and process these messages.';
+    } else {
+      result.next_action = 'Call listen() to wait for new messages.';
     }
     return result;

package/tools/safety.js CHANGED Viewed

@@ -48,15 +48,15 @@ module.exports = function (ctx) {
         if (lock.agent === state.registeredName) { delete locks[fp]; count++; }
       }
       writeJsonFile(LOCKS_FILE, locks);
-      return { success: true, unlocked: count, message: `Unlocked ${count} file(s).` };
+      return { success: true, unlocked: count, message: `Unlocked ${count} file(s).`, next_action: 'Call listen() to receive messages.' };
     }
-    if (!locks[normalized]) return { success: true, message: 'File was not locked.' };
+    if (!locks[normalized]) return { success: true, message: 'File was not locked.', next_action: 'Call listen() to receive messages.' };
     if (locks[normalized].agent !== state.registeredName) return { error: `File is locked by ${locks[normalized].agent}, not you.` };
     delete locks[normalized];
     writeJsonFile(LOCKS_FILE, locks);
-    return { success: true, file: normalized, message: 'File unlocked.' };
+    return { success: true, file: normalized, message: 'File unlocked.', next_action: 'Call listen() to receive messages.' };
   }
   // --- Dependencies ---

package/tools/tasks.js CHANGED Viewed

@@ -398,9 +398,9 @@ module.exports = function (ctx) {
       inputSchema: {
         type: 'object',
         properties: {
-          title: { type: 'string', description: 'Short task title' },
-          description: { type: 'string', description: 'Detailed task description' },
-          assignee: { type: 'string', description: 'Agent to assign to (optional, auto-assigns with 2 agents)' },
+          title: { type: 'string', description: 'Short task title', maxLength: 200 },
+          description: { type: 'string', description: 'Detailed task description', maxLength: 5000 },
+          assignee: { type: 'string', description: 'Agent to assign to (optional, auto-assigns with 2 agents)', maxLength: 50 },
         },
         required: ['title'],
         additionalProperties: false,
@@ -412,9 +412,9 @@ module.exports = function (ctx) {
       inputSchema: {
         type: 'object',
         properties: {
-          task_id: { type: 'string', description: 'Task ID to update' },
+          task_id: { type: 'string', description: 'Task ID to update', maxLength: 50 },
           status: { type: 'string', enum: ['pending', 'in_progress', 'in_review', 'done', 'blocked', 'blocked_permanent'], description: 'New status' },
-          notes: { type: 'string', description: 'Optional progress note' },
+          notes: { type: 'string', description: 'Optional progress note', maxLength: 2000 },
         },
         required: ['task_id', 'status'],
         additionalProperties: false,