snow-flow 10.0.78 → 10.0.79

package/package.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
-  "version": "10.0.78",
+  "version": "10.0.79",
   "name": "snow-flow",
   "description": "Snow-Flow - ServiceNow Multi-Agent Development Framework powered by AI",
   "license": "Elastic-2.0",

package/src/agent/agent.ts

@@ -132,6 +132,19 @@ export namespace Agent {
             websearch: "allow",
             codesearch: "allow",
             review_exit: "allow",
+            external_directory: {
+              [path.join(Global.Path.data, "reviews", "*")]: "allow",
+            },
+            edit: {
+              "*": "deny",
+              [path.join(".snow-code", "reviews", "*.md")]: "allow",
+              [path.relative(Instance.worktree, path.join(Global.Path.data, path.join("reviews", "*.md")))]: "allow",
+            },
+            write: {
+              "*": "deny",
+              [path.join(".snow-code", "reviews", "*.md")]: "allow",
+              [path.relative(Instance.worktree, path.join(Global.Path.data, path.join("reviews", "*.md")))]: "allow",
+            },
           }),
           user,
         ),

package/src/agent/prompt/review.txt

@@ -1,8 +1,8 @@
 You are the Code Reuse Reviewer Agent for Snow-Flow. Your role is to analyze ServiceNow artifacts created or modified during development activities and identify opportunities for code reuse and standardization.
 
-IMPORTANT: You are in READ-ONLY analysis mode. You cannot and should not modify any code. Your role is purely analysis and feedback.
+IMPORTANT: You are in READ-ONLY analysis mode. You cannot and should not modify any code. The ONLY file you are allowed to write to is the review file (you will be told its path when entering review mode).
 
-## Review Process
+## Review Workflow
 
 ### Step 1: Gather Activity Context
 - Read the activity details to understand what was created/modified
@@ -29,38 +29,32 @@ Look for these common reuse opportunities:
 - Date/time utilities: Duration calculations, timezone handling
 - User/group utilities: Role checks, assignment logic
 
-### Step 5: Generate Review Report
-Structure your findings as JSON:
-
-```json
-{
-  "activityId": "string",
-  "reviewStatus": "approved" | "needs_revision",
-  "summary": "Brief summary of findings",
-  "artifactsReviewed": [
-    {
-      "sys_id": "string",
-      "type": "widget|business_rule|client_script|etc",
-      "name": "artifact name"
-    }
-  ],
-  "reuseOpportunities": [
-    {
-      "type": "existing_script_include" | "duplicate_pattern" | "refactor_suggestion",
-      "severity": "high" | "medium" | "low",
-      "description": "What was found",
-      "existingArtifact": {
-        "sys_id": "optional - sys_id of existing Script Include",
-        "name": "optional - name of existing artifact"
-      },
-      "recommendation": "Specific action to take",
-      "codeLocation": "Where in the new code this applies"
-    }
-  ],
-  "approved": true | false,
-  "feedback": "If not approved, explanation for the developer"
-}
-```
+### Step 5: Write Review Report
+Write your findings to the review file. Structure as markdown with:
+
+# Code Reuse Review
+
+## Summary
+Brief summary of findings and decision (approved / needs revision).
+
+## Artifacts Reviewed
+List of artifacts analyzed with type and name.
+
+## Reuse Opportunities
+For each finding:
+- **Type**: existing_script_include / duplicate_pattern / refactor_suggestion
+- **Severity**: high / medium / low
+- **Description**: What was found
+- **Existing Artifact**: Name and sys_id of existing Script Include (if applicable)
+- **Recommendation**: Specific action to take
+- **Code Location**: Where in the new code this applies
+
+## Decision
+- **Approved**: yes / no
+- **Feedback**: If not approved, detailed explanation for the developer
+
+### Step 6: Call review_exit
+Once you have written your complete review to the review file, call `review_exit` to switch back to the build agent. The build agent will read your review file and act on the feedback.
 
 ## Decision Criteria
 
@@ -85,15 +79,9 @@ Structure your findings as JSON:
 
 ## Important Guidelines
 
-1. READ-ONLY: You cannot modify any code. Your role is purely analysis and feedback.
+1. READ-ONLY: You cannot modify any code. Only the review file can be written to.
 2. ES5 Awareness: ServiceNow uses ES5. If you see ES6+ syntax, flag it as a concern.
 3. Be Constructive: When requesting revision, provide specific, actionable feedback with examples.
 4. Consider Context: Not all code needs to be in Script Includes. Consider frequency of reuse, complexity, and scope.
 5. Document Reasoning: Always explain WHY you made your decision, not just WHAT you decided.
-
-## Completing Your Review
-
-After completing your review, call `review_exit` with your JSON review report.
-
-- If APPROVED: Include any low-severity suggestions as informational notes in the report.
-- If NEEDS REVISION: Provide detailed feedback explaining what needs to change. The build agent will address the feedback.
+6. Your turn should only end with calling review_exit. Do not stop without calling it.

package/src/session/index.ts

@@ -242,6 +242,13 @@ export namespace Session {
     return path.join(base, [input.time.created, input.slug].join("-") + ".md")
   }
 
+  export function review(input: { slug: string; time: { created: number } }) {
+    const base = Instance.project.vcs
+      ? path.join(Instance.worktree, ".snow-code", "reviews")
+      : path.join(Global.Path.data, "reviews")
+    return path.join(base, [input.time.created, input.slug].join("-") + ".md")
+  }
+
   export const get = fn(Identifier.schema("session"), async (id) => {
     const read = await Storage.read<Info>(["session", Instance.project.id, id])
     return read as Info

package/src/session/prompt/review-switch.txt

@@ -1,6 +1,7 @@
 <system-reminder>
 Your operational mode has changed from review to build.
 You are no longer in read-only analysis mode.
-The code review results have been provided. Act on the review feedback.
-If approved, proceed with activity_complete. If revision needed, address the feedback.
+You are permitted to make file changes, run shell commands, and utilize your arsenal of tools as needed.
+The code review results have been provided in the review file. Read it and act on the review feedback.
+If approved, proceed with activity_complete. If revision needed, address the feedback first.
 </system-reminder>

package/src/session/prompt.ts

@@ -1333,27 +1333,49 @@ NOTE: At any point in time through this workflow you should feel free to ask the
 
     // Switching from review to build
     if (input.agent.name === "build" && assistantMessage?.info.agent === "review") {
-      clonedUser.parts.push({
-        id: Identifier.ascending("part"),
-        messageID: userMessage.info.id,
-        sessionID: userMessage.info.sessionID,
-        type: "text",
-        text: REVIEW_SWITCH,
-        synthetic: true,
-      })
+      const reviewPath = Session.review(input.session)
+      const reviewExists = await Bun.file(reviewPath).exists()
+      if (reviewExists) {
+        const part = await Session.updatePart({
+          id: Identifier.ascending("part"),
+          messageID: userMessage.info.id,
+          sessionID: userMessage.info.sessionID,
+          type: "text",
+          text:
+            REVIEW_SWITCH +
+            "\n\n" +
+            `A review file exists at ${reviewPath}. You should read it and act on the review feedback within it`,
+          synthetic: true,
+        })
+        clonedUser.parts.push(part)
+      }
       return replaceUser()
     }
 
     // Entering review mode
     if (input.agent.name === "review" && assistantMessage?.info.agent !== "review") {
-      clonedUser.parts.push({
+      const reviewPath = Session.review(input.session)
+      const reviewExists = await Bun.file(reviewPath).exists()
+      if (!reviewExists) await fs.mkdir(path.dirname(reviewPath), { recursive: true })
+      const part = await Session.updatePart({
         id: Identifier.ascending("part"),
         messageID: userMessage.info.id,
         sessionID: userMessage.info.sessionID,
         type: "text",
-        text: `<system-reminder>\nReview mode is active. You are in READ-ONLY analysis mode.\nYour role is to analyze ServiceNow artifacts for code reuse opportunities.\nUse snow_analyze_artifact, snow_find_artifact, snow_comprehensive_search, and snow_query_table.\nCall review_exit when your review is complete with a JSON review report.\n</system-reminder>`,
+        text: `<system-reminder>
+Review mode is active. You are in READ-ONLY analysis mode (except for the review file).
+Your role is to analyze ServiceNow artifacts for code reuse opportunities.
+Use snow_analyze_artifact, snow_find_artifact, snow_comprehensive_search, and snow_query_table.
+
+## Review File Info:
+${reviewExists ? `A review file already exists at ${reviewPath}. You can read it and make incremental edits using the edit tool.` : `No review file exists yet. You should create your review at ${reviewPath} using the write tool.`}
+Write your review findings to this file. NOTE that this is the only file you are allowed to edit.
+
+When your review is complete, call review_exit to switch back to the build agent.
+</system-reminder>`,
         synthetic: true,
       })
+      clonedUser.parts.push(part)
       return replaceUser()
     }
 

package/src/tool/review.ts

@@ -1,10 +1,12 @@
 import z from "zod"
+import path from "path"
 import { Tool } from "./tool"
 import { Question } from "../question"
 import { Session } from "../session"
 import { MessageV2 } from "../session/message-v2"
 import { Identifier } from "../id/id"
 import { Provider } from "../provider/provider"
+import { Instance } from "../project/instance"
 import EXIT_DESCRIPTION from "./review-exit.txt"
 import ENTER_DESCRIPTION from "./review-enter.txt"
 
@@ -17,16 +19,15 @@ async function getLastModel(sessionID: string) {
 
 export const ReviewExitTool = Tool.define("review_exit", {
   description: EXIT_DESCRIPTION,
-  parameters: z.object({
-    reviewResult: z.string().optional().describe("JSON review report with findings"),
-    approved: z.boolean().optional().describe("Whether the review approved the artifacts"),
-  }),
-  async execute(params, ctx) {
+  parameters: z.object({}),
+  async execute(_params, ctx) {
+    const session = await Session.get(ctx.sessionID)
+    const reviewFile = path.relative(Instance.worktree, Session.review(session))
     const answers = await Question.ask({
       sessionID: ctx.sessionID,
       questions: [
         {
-          question: `Code reuse review is complete. Would you like to switch back to the build agent?`,
+          question: `Review at ${reviewFile} is complete. Would you like to switch to the build agent and start acting on the feedback?`,
           header: "Build Agent",
           custom: false,
           options: [
@@ -54,20 +55,12 @@ export const ReviewExitTool = Tool.define("review_exit", {
       model,
     }
     await Session.updateMessage(userMsg)
-
-    const reviewSummary = params.reviewResult
-      ? `\n\nReview result:\n${params.reviewResult}`
-      : ""
-    const approvalStatus = params.approved !== undefined
-      ? `\nApproved: ${params.approved}`
-      : ""
-
     await Session.updatePart({
       id: Identifier.ascending("part"),
       messageID: userMsg.id,
       sessionID: ctx.sessionID,
       type: "text",
-      text: `The code reuse review has been completed.${approvalStatus}${reviewSummary}`,
+      text: `The review at ${reviewFile} has been approved, you can now edit files. Act on the review feedback`,
       synthetic: true,
     } satisfies MessageV2.TextPart)
 
@@ -87,11 +80,14 @@ export const ReviewEnterTool = Tool.define("review_enter", {
     updateSetName: z.string().optional().describe("Name of the update set being reviewed"),
   }),
   async execute(params, ctx) {
+    const session = await Session.get(ctx.sessionID)
+    const reviewFile = path.relative(Instance.worktree, Session.review(session))
+
     const answers = await Question.ask({
       sessionID: ctx.sessionID,
       questions: [
         {
-          question: `Activity is ready for code reuse review. Would you like to switch to the review agent?`,
+          question: `Activity is ready for code reuse review. Would you like to switch to the review agent and save findings to ${reviewFile}?`,
           header: "Review Mode",
           custom: false,
           options: [
@@ -122,6 +118,7 @@ export const ReviewEnterTool = Tool.define("review_enter", {
 
     const context = [
       "User has requested to enter review mode. Switch to review mode and begin code reuse analysis.",
+      `The review file will be at ${reviewFile}.`,
       params.activityId ? `Activity ID: ${params.activityId}` : "",
       params.updateSetName ? `Update Set: ${params.updateSetName}` : "",
       params.artifacts ? `Artifacts to review:\n${params.artifacts}` : "",
@@ -140,7 +137,7 @@ export const ReviewEnterTool = Tool.define("review_enter", {
 
     return {
       title: "Switching to review agent",
-      output: "User confirmed to switch to review mode. A new message has been created to switch you to review mode. Begin code reuse analysis.",
+      output: `User confirmed to switch to review mode. A new message has been created to switch you to review mode. The review file will be at ${reviewFile}. Begin code reuse analysis.`,
       metadata: {},
     }
   },