@ijfw/memory-server 1.4.0 → 1.4.1

package/src/dispatch/extension.js

@@ -29,7 +29,19 @@ import {
   addTrustedPublisher,
   removeTrustedPublisher,
   readTrustedPublishers,
+  loadPublisherKeypair,
+  signRotationToken,
+  verifyRotationToken,
 } from '../extension-signer.js';
+import {
+  refreshTrustFromRegistry,
+  readCachedRegistry,
+  verifyRegistry,
+  keygenMeta,
+  signRegistry,
+  verifyRegistryFile,
+  DEFAULT_REGISTRY_URL,
+} from '../extension-registry.js';
 import {
   deployExtensionSkillsToPlatforms,
   deployExtensionToAgentsMd,
@@ -355,6 +367,220 @@ async function deployOneExtension({ scope, name, extDir, projectRoot, result })
   }
 }
 
+// === B6: Registry commands ================================================
+
+async function cmdTrustRegistry({ args }) {
+  const url = args.trim() || DEFAULT_REGISTRY_URL;
+  try {
+    const r = await refreshTrustFromRegistry(url);
+    if (!r.ok) return { ok: false, command: 'trust-registry', error: r.error };
+    const lines = [];
+    if (r.fromCache) {
+      lines.push('(loaded from cache — network unavailable)');
+    } else if (r.diff) {
+      for (const kid of r.diff.added) lines.push(`+ added: ${kid}`);
+      for (const kid of r.diff.removed) lines.push(`- removed (revoked): ${kid}`);
+      for (const kid of r.diff.unchanged) lines.push(`  unchanged: ${kid}`);
+      for (const kid of r.diff.rejected) lines.push(`! rejected: ${kid}`);
+      if (lines.length === 0) lines.push('registry applied — no changes');
+    }
+    for (const w of (r.warnings || [])) lines.push(`[warn] ${w}`);
+    return { ok: true, command: 'trust-registry', result: { url, diff: r.diff, fromCache: r.fromCache, lines } };
+  } catch (err) {
+    return { ok: false, command: 'trust-registry', error: err.message };
+  }
+}
+
+async function cmdRegistryStatus() {
+  try {
+    const cached = await readCachedRegistry();
+    if (!cached.registry) {
+      return { ok: true, command: 'registry-status', result: { cached: false, message: 'no cached registry' } };
+    }
+    const ageMs = cached.cachedAt ? Date.now() - cached.cachedAt : null;
+    const ageHours = ageMs !== null ? (ageMs / 3600000).toFixed(1) : null;
+    const body = JSON.stringify(cached.registry);
+    const sizeBytes = Buffer.byteLength(body, 'utf8');
+    const sigStatus = verifyRegistry(body);
+    return {
+      ok: true,
+      command: 'registry-status',
+      result: {
+        cached: true,
+        stale: cached.stale,
+        cached_at: cached.cachedAt ? new Date(cached.cachedAt).toISOString() : null,
+        age_hours: ageHours,
+        size_bytes: sizeBytes,
+        signature_valid: sigStatus.valid,
+        signature_reason: sigStatus.reason,
+        publisher_count: Object.keys(cached.registry.publishers || {}).length,
+        revoked_count: (cached.registry.revoked || []).length,
+      },
+    };
+  } catch (err) {
+    return { ok: false, command: 'registry-status', error: err.message };
+  }
+}
+
+async function cmdKeygenMeta({ args }) {
+  const author = args.trim();
+  if (!author) return { ok: false, command: 'keygen-meta', error: 'missing author name; usage: keygen-meta <author>' };
+  try {
+    const r = await keygenMeta(author);
+    return {
+      ok: true,
+      command: 'keygen-meta',
+      result: { keyId: r.keyId, publicKey: r.publicKey, dir: r.dir },
+    };
+  } catch (err) {
+    return { ok: false, command: 'keygen-meta', error: err.message };
+  }
+}
+
+async function cmdSignRegistry({ args }) {
+  const registryPath = args.trim();
+  if (!registryPath) return { ok: false, command: 'sign-registry', error: 'missing path; usage: sign-registry <path>' };
+  try {
+    const r = await signRegistry(registryPath);
+    return r.ok
+      ? { ok: true, command: 'sign-registry', result: { path: registryPath } }
+      : { ok: false, command: 'sign-registry', error: r.error };
+  } catch (err) {
+    return { ok: false, command: 'sign-registry', error: err.message };
+  }
+}
+
+async function cmdVerifyRegistry({ args }) {
+  const registryPath = args.trim();
+  if (!registryPath) return { ok: false, command: 'verify-registry', error: 'missing path; usage: verify-registry <path>' };
+  try {
+    const r = await verifyRegistryFile(registryPath);
+    return {
+      ok: r.ok,
+      command: 'verify-registry',
+      result: { path: registryPath, valid: r.valid, reason: r.reason },
+    };
+  } catch (err) {
+    return { ok: false, command: 'verify-registry', error: err.message };
+  }
+}
+
+// === B8: Key rotation + revocation =========================================
+
+/**
+ * rotate-keys <oldKeyId> <newKeyId> [--out <file>]
+ *
+ * Loads both keypairs from ~/.ijfw/keys/<keyId>/, produces a rotation token
+ * signed by the old private key, writes JSON to --out or stdout.
+ */
+async function cmdRotateKeys({ args }) {
+  const tokens = String(args || '').split(/\s+/).filter(Boolean);
+
+  // Extract --out flag
+  let outFile = null;
+  const keep = [];
+  for (let i = 0; i < tokens.length; i++) {
+    if (tokens[i] === '--out' && tokens[i + 1]) {
+      outFile = tokens[i + 1];
+      i++;
+    } else {
+      keep.push(tokens[i]);
+    }
+  }
+
+  const [oldKeyId, newKeyId] = keep;
+  if (!oldKeyId || !newKeyId) {
+    return { ok: false, command: 'rotate-keys', error: 'usage: rotate-keys <oldKeyId> <newKeyId> [--out <file>]' };
+  }
+
+  const oldKp = await loadPublisherKeypair(oldKeyId);
+  if (!oldKp) return { ok: false, command: 'rotate-keys', error: `old keypair not found: ${oldKeyId}` };
+
+  const newKp = await loadPublisherKeypair(newKeyId);
+  if (!newKp) return { ok: false, command: 'rotate-keys', error: `new keypair not found: ${newKeyId}` };
+
+  let token;
+  try {
+    token = signRotationToken(oldKp.privateKey, newKp.publicKey);
+  } catch (err) {
+    return { ok: false, command: 'rotate-keys', error: `sign failed: ${err.message}` };
+  }
+
+  const json = JSON.stringify(token, null, 2) + '\n';
+
+  if (outFile) {
+    try {
+      await fs.writeFile(path.resolve(outFile), json, 'utf8');
+    } catch (err) {
+      return { ok: false, command: 'rotate-keys', error: `write failed: ${err.message}` };
+    }
+    return { ok: true, command: 'rotate-keys', result: { token, out: path.resolve(outFile) } };
+  }
+
+  return { ok: true, command: 'rotate-keys', result: { token } };
+}
+
+/**
+ * verify-rotation-token <file>
+ *
+ * Reads a rotation token JSON, looks up the old public key from the local
+ * trusted-publishers store (or ~/.ijfw/keys/<oldKeyId>/public.pem as fallback),
+ * calls verifyRotationToken, prints verdict.
+ */
+async function cmdVerifyRotationToken({ args }) {
+  const filePath = String(args || '').trim();
+  if (!filePath) {
+    return { ok: false, command: 'verify-rotation-token', error: 'usage: verify-rotation-token <file>' };
+  }
+
+  let raw;
+  try {
+    raw = await fs.readFile(path.resolve(filePath), 'utf8');
+  } catch (err) {
+    return { ok: false, command: 'verify-rotation-token', error: `read failed: ${err.message}` };
+  }
+
+  let token;
+  try {
+    token = JSON.parse(raw);
+  } catch (err) {
+    return { ok: false, command: 'verify-rotation-token', error: `JSON parse failed: ${err.message}` };
+  }
+
+  const oldKeyId = token && token.old_key_id;
+  if (!oldKeyId) {
+    return { ok: false, command: 'verify-rotation-token', error: 'token missing old_key_id' };
+  }
+
+  // Look up old public key: trusted-publishers store first, then key-dir fallback.
+  let oldPublicKey = null;
+  const store = await readTrustedPublishers();
+  const entry = store.publishers && store.publishers[oldKeyId];
+  if (entry && entry.publicKey) {
+    oldPublicKey = entry.publicKey;
+  } else {
+    // Fallback: key may be on disk even if not in trust store (already revoked).
+    const kp = await loadPublisherKeypair(oldKeyId);
+    if (kp) oldPublicKey = kp.publicKey;
+  }
+
+  if (!oldPublicKey) {
+    return { ok: false, command: 'verify-rotation-token', error: `old public key not found for keyId: ${oldKeyId}` };
+  }
+
+  const verdict = verifyRotationToken(token, oldPublicKey);
+  return {
+    ok: verdict.valid,
+    command: 'verify-rotation-token',
+    result: {
+      valid: verdict.valid,
+      reason: verdict.reason,
+      old_key_id: token.old_key_id,
+      new_key_id: token.new_key_id,
+    },
+  };
+}
+
 async function cmdActivate({ args, projectRoot }) {
   const name = args && args.trim();
   if (!name) return { ok: false, command: 'activate', error: 'missing extension name; usage: activate <name>' };
@@ -394,11 +620,18 @@ export async function extensionDispatch({ command, args = '', projectRoot }) {
     case 'trusted': return cmdTrusted(ctx);
     case 'activate': return cmdActivate(ctx);
     case 'deactivate': return cmdDeactivate(ctx);
+    case 'trust-registry': return cmdTrustRegistry(ctx);
+    case 'registry-status': return cmdRegistryStatus(ctx);
+    case 'keygen-meta': return cmdKeygenMeta(ctx);
+    case 'sign-registry': return cmdSignRegistry(ctx);
+    case 'verify-registry': return cmdVerifyRegistry(ctx);
+    case 'rotate-keys': return cmdRotateKeys(ctx);
+    case 'verify-rotation-token': return cmdVerifyRotationToken(ctx);
     default:
       return {
         ok: false,
         command,
-        error: `unknown extension command: ${command}. Supported: add | list | remove | audit | deploy-lazy | keygen | trust | untrust | trusted | activate | deactivate`,
+        error: `unknown extension command: ${command}. Supported: add | list | remove | audit | deploy-lazy | keygen | trust | untrust | trusted | activate | deactivate | trust-registry | registry-status | keygen-meta | sign-registry | verify-registry | rotate-keys | verify-rotation-token`,
       };
   }
 }

package/src/extension-installer.js

@@ -36,6 +36,7 @@ import { randomBytes } from 'node:crypto';
 import { spawn } from 'node:child_process';
 import { get as httpsGet } from 'node:https';
 import { pipeline } from 'node:stream/promises';
+import { createInterface } from 'node:readline';
 
 import {
   validateExtensionManifest,
@@ -79,6 +80,35 @@ const EXTENSION_NAME_PATTERN = /^(@[a-z0-9-]+\/)?[a-z][a-z0-9-]*$/;
 // Verdicts considered acceptable for a normal install (3/3 lenses).
 const ACCEPTABLE_VERDICTS = new Set(['PASS', 'CONDITIONAL']);
 
+// --- helpers: TTY confirmation ---------------------------------------------
+
+/**
+ * Prompt the user to confirm an untrusted publisher by typing the last 8 chars
+ * of the keyId. Returns true on match, false on mismatch or EOF.
+ * Only called when process.stdin.isTTY === true.
+ *
+ * @param {string} keyId
+ * @returns {Promise<boolean>}
+ */
+export async function promptUntrustedConfirmation(keyId) {
+  const expected = keyId.slice(-8);
+  return new Promise((resolve) => {
+    const rl = createInterface({ input: process.stdin, output: process.stdout, terminal: true });
+    const prompt =
+      `⚠️  Extension is signed by publisher keyId ${keyId} but ${keyId} is not in your trusted publishers store.\n` +
+      `   Type the LAST 8 CHARS of the keyId (lowercase hex) to confirm: `;
+    let answered = false;
+    rl.question(prompt, (line) => {
+      answered = true;
+      rl.close();
+      resolve(line.trim() === expected);
+    });
+    rl.once('close', () => {
+      if (!answered) resolve(false); // EOF / ctrl-D
+    });
+  });
+}
+
 // --- helpers: source resolution -------------------------------------------
 
 /**
@@ -763,6 +793,15 @@ export async function installExtension(source, opts = {}) {
             errors: [`signature: verify failed: ${sigCheck.reason}${kidHint}`],
           };
         }
+        // B11: when stdin is a TTY, require the user to confirm by typing the
+        // last 8 chars of the keyId. Non-TTY (CI / scripted) falls through to
+        // the stderr-warn path unchanged — no regression for automation.
+        if (process.stdin.isTTY === true && sigCheck.publisherKeyId) {
+          const confirmed = await promptUntrustedConfirmation(sigCheck.publisherKeyId);
+          if (!confirmed) {
+            return { ok: false, errors: ['signature: untrusted confirmation cancelled'] };
+          }
+        }
         process.stderr.write(
           `[ijfw] extension-installer: signature unverified for ${manifest.name}: ${sigCheck.reason}\n`,
         );

package/src/extension-permission-check.mjs

@@ -0,0 +1,79 @@
+#!/usr/bin/env node
+// IJFW v1.4.1 B7 -- shared extension permission checker.
+//
+// Reads ~/.ijfw/state/active-extension.json. Accepts a JSON payload on stdin
+// with shape { hook_event_name, tool_name, tool_input } (Claude/Codex shape --
+// callers reshape platform-specific payloads before piping here).
+//
+// Exit 0 = allow. Exit 1 = deny (stderr message emitted).
+// With no active-extension.json: always exit 0 (backwards-compat invariant).
+//
+// Also appends one JSON line per check to ~/.ijfw/state/permission-events.jsonl
+// (best-effort: failures are swallowed so logging never breaks tool dispatch).
+
+import { readFile, appendFile, mkdir } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+async function emitEvent(home, extensionName, toolName, allowed, reason) {
+  try {
+    const stateDir = join(home, '.ijfw', 'state');
+    await mkdir(stateDir, { recursive: true });
+    const event = { ts: new Date().toISOString(), extension: extensionName, tool: toolName, allowed };
+    if (reason) event.reason = reason;
+    await appendFile(join(stateDir, 'permission-events.jsonl'), JSON.stringify(event) + '\n', 'utf8');
+  } catch {
+    // Best-effort: swallow all errors.
+  }
+}
+
+const home = process.env.HOME || process.env.USERPROFILE || homedir();
+const stateFile = join(home, '.ijfw', 'state', 'active-extension.json');
+
+let active;
+try {
+  const raw = await readFile(stateFile, 'utf8');
+  active = JSON.parse(raw);
+  if (!active || typeof active !== 'object' || !active.name || !active.permissions) {
+    process.stderr.write('ijfw extension permission check: malformed active-extension state\n');
+    process.exit(1);
+  }
+} catch (err) {
+  if (err.code === 'ENOENT') process.exit(0); // no active extension -- allow
+  process.stderr.write(`ijfw extension permission check: ${err.message}\n`);
+  process.exit(1);
+}
+
+const chunks = [];
+for await (const c of process.stdin) chunks.push(c);
+const payload_str = chunks.join('');
+if (!payload_str.trim()) process.exit(0);
+
+let req;
+try { req = JSON.parse(payload_str); } catch { process.exit(0); }
+
+const tool = req.tool_name || '';
+const writes = new Set(active.permissions.writes || []);
+const reads = new Set(active.permissions.reads || []);
+const writeTools = new Set(['Edit', 'Write', 'NotebookEdit', 'Bash']);
+const readTools = new Set(['Read', 'Glob', 'Grep', 'LS', 'NotebookRead', 'WebFetch', 'WebSearch']);
+
+const has = (set, want) =>
+  set.has(want) ||
+  set.has('*') ||
+  [...set].some((p) => p.endsWith(':*') && want.startsWith(p.slice(0, -1)));
+
+if (writeTools.has(tool) && !has(writes, `tool:${tool.toLowerCase()}`) && !has(writes, 'tool:*')) {
+  const reason = `not in permissions.writes`;
+  process.stderr.write(`extension "${active.name}" not permitted to use ${tool} (declare tool:${tool.toLowerCase()} in permissions.writes)\n`);
+  await emitEvent(home, active.name, tool, false, reason);
+  process.exit(1);
+}
+if (readTools.has(tool) && !has(reads, `tool:${tool.toLowerCase()}`) && !has(reads, 'tool:*')) {
+  const reason = `not in permissions.reads`;
+  process.stderr.write(`extension "${active.name}" not permitted to use ${tool} (declare tool:${tool.toLowerCase()} in permissions.reads)\n`);
+  await emitEvent(home, active.name, tool, false, reason);
+  process.exit(1);
+}
+await emitEvent(home, active.name, tool, true);
+process.exit(0);