@ijfw/memory-server 1.4.0 → 1.4.1

package/src/extension-signer.js

@@ -641,6 +641,52 @@ export function verifyManifestSignature(manifest, trustedKeys) {
   return { valid: true, publisherKeyId: kid, reason: 'ok' };
 }
 
+// === B6: Revoked publishers store ========================================
+
+/**
+ * Read the revoked publishers list from ~/.ijfw/state/revoked-publishers.json.
+ * Returns an empty list when absent or malformed.
+ *
+ * @returns {Promise<Array<{keyId: string, revoked_at: string, reason: string, superseded_by: string|null}>>}
+ */
+export async function readRevokedPublishers() {
+  const path = join(homedir(), '.ijfw', 'state', 'revoked-publishers.json');
+  let raw;
+  try {
+    raw = await readFile(path, 'utf8');
+  } catch {
+    return [];
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return [];
+  }
+  if (!parsed || !Array.isArray(parsed.revoked)) return [];
+  return parsed.revoked.filter(r => typeof r.keyId === 'string');
+}
+
+// Module-level revoked set cache — loaded once per process, refreshed by applyRegistry.
+// Export for test isolation only (allows tests to reset after changing HOME).
+export function _resetRevokedCacheForTest() { _revokedSet = null; }
+let _revokedSet = null;
+
+/**
+ * O(1) check: is a keyId on the revoked list?
+ * Loads the set on first call; cached for the process lifetime.
+ *
+ * @param {string} keyId
+ * @returns {Promise<boolean>}
+ */
+export async function isRevoked(keyId) {
+  if (_revokedSet === null) {
+    const list = await readRevokedPublishers();
+    _revokedSet = new Set(list.map(r => r.keyId));
+  }
+  return _revokedSet.has(keyId);
+}
+
 /**
  * Read the trusted publishers JSON. Returns `{publishers: {}}` when absent or
  * malformed (fail-closed for verification: no trusted keys means nothing is
@@ -701,6 +747,10 @@ export async function addTrustedPublisher(keyId, publicKey, name) {
   if (typeof publicKey !== 'string' || publicKey.indexOf('BEGIN PUBLIC KEY') === -1) {
     return { ok: false, error: 'publicKey must be PEM-encoded' };
   }
+  // B6: refuse to add a revoked publisher
+  if (await isRevoked(keyId)) {
+    return { ok: false, error: 'publisher revoked by IJFW registry' };
+  }
   let fp;
   try {
     fp = publicKeyFingerprint(publicKey);
@@ -720,6 +770,121 @@ export async function addTrustedPublisher(keyId, publicKey, name) {
   return { ok: true, store };
 }
 
+// === B8: Key rotation + revocation ==========================================
+//
+// Rotation token is signed by the OLD private key — proof of control.
+// An attacker without the old private key cannot produce a valid token.
+// A publisher who lost their old private key must contact the registry
+// maintainer for out-of-band manual key replacement (see docs/REGISTRY-MAINTAINER.md).
+//
+// Token shape: { rotated_at, old_key_id, new_key_id, new_public_key, signature }
+// Canonical signing bytes: all fields except `signature`, sorted by key (sortKeysDeep).
+
+/**
+ * Produce a rotation token asserting that newPublicKey supersedes the key
+ * identified by oldPrivateKey. Signed by the old private key.
+ *
+ * @param {string} oldPrivateKeyPem
+ * @param {string} newPublicKeyPem
+ * @param {object} [opts]
+ * @param {string} [opts.rotated_at] ISO timestamp (defaults to now)
+ * @returns {{ rotated_at: string, old_key_id: string, new_key_id: string, new_public_key: string, signature: string }}
+ */
+export function signRotationToken(oldPrivateKeyPem, newPublicKeyPem, opts = {}) {
+  const priv = createPrivateKey(oldPrivateKeyPem);
+  // Derive old_key_id from the old private key's matching public key.
+  const oldPub = createPublicKey(priv);
+  const old_key_id = publicKeyFingerprint(oldPub.export({ type: 'spki', format: 'pem' }).toString());
+  const new_key_id = publicKeyFingerprint(newPublicKeyPem);
+
+  const token = {
+    rotated_at: opts.rotated_at || new Date().toISOString(),
+    old_key_id,
+    new_key_id,
+    new_public_key: newPublicKeyPem,
+  };
+
+  // Canonical signing bytes: sortKeysDeep of token (signature excluded — not present yet).
+  const bytes = Buffer.from(JSON.stringify(sortKeysDeep(token)), 'utf8');
+  const sigBuf = cryptoSign(null, bytes, priv);
+  return { ...token, signature: `ed25519:${sigBuf.toString('base64')}` };
+}
+
+/**
+ * Verify a rotation token against the old public key.
+ * Checks:
+ *   1. Signature is valid Ed25519 over canonical bytes (signature field excluded).
+ *   2. fingerprint(oldPublicKey) === token.old_key_id.
+ *   3. token.rotated_at is within opts.max_age_ms (default 90 days).
+ *
+ * @param {object} token
+ * @param {string} oldPublicKeyPem
+ * @param {object} [opts]
+ * @param {number} [opts.max_age_ms] Maximum token age in ms (default 90 days)
+ * @returns {{ valid: boolean, reason: string }}
+ */
+export function verifyRotationToken(token, oldPublicKeyPem, opts = {}) {
+  if (!token || typeof token !== 'object') {
+    return { valid: false, reason: 'token must be an object' };
+  }
+  const { rotated_at, old_key_id, new_key_id, new_public_key, signature } = token;
+  if (!rotated_at || !old_key_id || !new_key_id || !new_public_key || !signature) {
+    return { valid: false, reason: 'token missing required fields' };
+  }
+  if (typeof signature !== 'string' || !signature.startsWith('ed25519:')) {
+    return { valid: false, reason: 'signature must be "ed25519:<base64>"' };
+  }
+
+  // Expiry check: reject tokens older than max_age_ms (default 90 days).
+  const MAX_AGE_MS = opts.max_age_ms ?? (90 * 24 * 60 * 60 * 1000);
+  const rotatedAtMs = new Date(rotated_at).getTime();
+  if (isNaN(rotatedAtMs)) {
+    return { valid: false, reason: 'rotated_at is not a valid date' };
+  }
+  if (Date.now() - rotatedAtMs > MAX_AGE_MS) {
+    return { valid: false, reason: 'rotation token expired' };
+  }
+
+  // Check old_key_id matches the supplied public key fingerprint.
+  let fp;
+  try {
+    fp = publicKeyFingerprint(oldPublicKeyPem);
+  } catch (err) {
+    return { valid: false, reason: `old public key parse failed: ${err.message}` };
+  }
+  if (fp !== old_key_id) {
+    return { valid: false, reason: `old_key_id mismatch: token says ${old_key_id} but supplied key fingerprints to ${fp}` };
+  }
+
+  // Reconstruct canonical signing bytes (exclude signature field).
+  const payload = { rotated_at, old_key_id, new_key_id, new_public_key };
+  const bytes = Buffer.from(JSON.stringify(sortKeysDeep(payload)), 'utf8');
+
+  let pubKey;
+  try {
+    pubKey = createPublicKey(oldPublicKeyPem);
+  } catch (err) {
+    return { valid: false, reason: `old public key unparseable: ${err.message}` };
+  }
+
+  let sigBuf;
+  try {
+    sigBuf = Buffer.from(signature.slice('ed25519:'.length), 'base64');
+  } catch {
+    return { valid: false, reason: 'signature base64 decode failed' };
+  }
+
+  let ok;
+  try {
+    ok = cryptoVerify(null, bytes, pubKey, sigBuf);
+  } catch (err) {
+    return { valid: false, reason: `verify threw: ${err.message}` };
+  }
+
+  if (!ok) return { valid: false, reason: 'signature does not verify' };
+  return { valid: true, reason: 'ok' };
+}
+
 /**
  * Remove a trusted publisher entry by keyId. Idempotent.
  *

package/src/memory-feedback.js

@@ -89,20 +89,16 @@ export async function readRecentReceipts(projectRoot, limit = 50) {
 }
 
 /**
- * detectPatterns(receipts, opts)
+ * detectRepeatedFail(receipts, opts)
  *
  * Examines the last `opts.window` (default 10) receipts for repeated FAIL/FLAG
  * on the same affected_artifacts[].type value.
  *
- * If a single artifact_type appears in >= opts.threshold (default 3) receipts
- * within the window with a FAIL or FLAG verdict, one pattern object is emitted
- * for that artifact_type.
- *
  * @param {object[]} receipts
  * @param {{ threshold?: number, window?: number }} [opts]
  * @returns {Array<{ kind: string, artifact_type: string, count: number, threshold: number, sample: string[] }>}
  */
-export function detectPatterns(receipts, opts = {}) {
+function detectRepeatedFail(receipts, opts = {}) {
   const threshold = typeof opts.threshold === 'number' ? opts.threshold : 3;
   const window = typeof opts.window === 'number' ? opts.window : 10;
 
@@ -152,6 +148,192 @@ export function detectPatterns(receipts, opts = {}) {
   return patterns;
 }
 
+/**
+ * detectRisingFailRate(receipts, opts)
+ *
+ * Compares the fail rate in the most recent `window` receipts to the `window`
+ * receipts before that. If the rate rose by >= minRise (absolute), emits a
+ * rising-fail-rate pattern.
+ *
+ * @param {object[]} receipts
+ * @param {{ window?: number, minRise?: number }} [opts]
+ * @returns {Array<{ kind: string, from_rate: number, to_rate: number, window: number, suggestion: string }>}
+ */
+export function detectRisingFailRate(receipts, opts = {}) {
+  try {
+    const window = typeof opts.window === 'number' && opts.window > 0 ? opts.window : 20;
+    const minRise = typeof opts.minRise === 'number' ? opts.minRise : 0.2;
+
+    if (!Array.isArray(receipts) || receipts.length < 2) return [];
+
+    const recent = receipts.slice(0, window);
+    const prior = receipts.slice(window, window * 2);
+
+    if (prior.length === 0) return [];
+
+    const failRate = (arr) => {
+      const valid = arr.filter((r) => r && typeof r === 'object' && typeof r.verdict === 'string');
+      if (valid.length === 0) return 0;
+      return valid.filter((r) => FAIL_VERDICTS.has(r.verdict)).length / valid.length;
+    };
+
+    const fromRate = failRate(prior);
+    const toRate = failRate(recent);
+
+    if (toRate - fromRate < minRise) return [];
+
+    const fromPct = Math.round(fromRate * 100);
+    const toPct = Math.round(toRate * 100);
+
+    return [{
+      kind: 'rising-fail-rate',
+      from_rate: fromRate,
+      to_rate: toRate,
+      window,
+      suggestion: `gate fail rate rose from ${fromPct}% to ${toPct}% in the last ${window} receipts — consider rolling back the most recent changes`,
+    }];
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * detectCrossSkillCorrelation(receipts, opts)
+ *
+ * Looks at the last `window` receipts. If >= minDistinctGates distinct gate_id
+ * prefixes (split on first `-` or `:`) have a FAIL/FLAG verdict, emits a
+ * cross-skill-correlation pattern.
+ *
+ * @param {object[]} receipts
+ * @param {{ window?: number, minDistinctGates?: number }} [opts]
+ * @returns {Array<{ kind: string, distinct_gates: number, window: number, suggestion: string }>}
+ */
+export function detectCrossSkillCorrelation(receipts, opts = {}) {
+  try {
+    const window = typeof opts.window === 'number' && opts.window > 0 ? opts.window : 10;
+    const minDistinctGates = typeof opts.minDistinctGates === 'number' ? opts.minDistinctGates : 3;
+
+    if (!Array.isArray(receipts) || receipts.length === 0) return [];
+
+    const windowReceipts = receipts.slice(0, window);
+    const prefixes = new Set();
+
+    for (const receipt of windowReceipts) {
+      if (!receipt || typeof receipt !== 'object') continue;
+      if (!FAIL_VERDICTS.has(receipt.verdict)) continue;
+      if (typeof receipt.gate_id !== 'string' || receipt.gate_id.length === 0) continue;
+
+      // Take the prefix before the first `-` or `:`
+      const prefix = receipt.gate_id.split(/[-:]/)[0];
+      if (prefix) prefixes.add(prefix);
+    }
+
+    if (prefixes.size < minDistinctGates) return [];
+
+    return [{
+      kind: 'cross-skill-correlation',
+      distinct_gates: prefixes.size,
+      window,
+      suggestion: `${prefixes.size} different gates flagged in the last ${window} receipts — review project state, not individual artifacts`,
+    }];
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * detectRegression(receipts, opts)
+ *
+ * For each unique (gate_id, artifact_type) key in receipts: if the most recent
+ * `failWindow` receipts were all FAIL/FLAG but the `passWindow` receipts before
+ * that were all PASS, emits a regression pattern.
+ *
+ * artifact_type is the TYPE field (e.g. 'chapter'), never the ID.
+ *
+ * @param {object[]} receipts
+ * @param {{ passWindow?: number, failWindow?: number }} [opts]
+ * @returns {Array<{ kind: string, gate_id: string, artifact_type: string, suggestion: string }>}
+ */
+export function detectRegression(receipts, opts = {}) {
+  try {
+    const passWindow = typeof opts.passWindow === 'number' && opts.passWindow > 0 ? opts.passWindow : 5;
+    const failWindow = typeof opts.failWindow === 'number' && opts.failWindow > 0 ? opts.failWindow : 2;
+
+    if (!Array.isArray(receipts) || receipts.length === 0) return [];
+
+    // Build per-(gate_id, artifact_type) ordered lists (receipts[0] = most recent).
+    // receipts are assumed newest-first (as returned by readRecentReceipts).
+    const streams = new Map(); // key -> [receipt, ...]
+
+    for (const receipt of receipts) {
+      if (!receipt || typeof receipt !== 'object') continue;
+      if (typeof receipt.gate_id !== 'string' || receipt.gate_id.length === 0) continue;
+      if (!Array.isArray(receipt.affected_artifacts)) continue;
+
+      const seenTypes = new Set();
+      for (const artifact of receipt.affected_artifacts) {
+        if (!artifact || typeof artifact !== 'object') continue;
+        if (typeof artifact.type !== 'string' || artifact.type.length === 0) continue;
+
+        const t = artifact.type;
+        if (seenTypes.has(t)) continue;
+        seenTypes.add(t);
+
+        const key = `${receipt.gate_id}\x00${t}`;
+        if (!streams.has(key)) streams.set(key, []);
+        streams.get(key).push(receipt);
+      }
+    }
+
+    const patterns = [];
+
+    for (const [key, stream] of streams.entries()) {
+      if (stream.length < failWindow + passWindow) continue;
+
+      const recentSlice = stream.slice(0, failWindow);
+      const priorSlice = stream.slice(failWindow, failWindow + passWindow);
+
+      const allRecentFail = recentSlice.every((r) => FAIL_VERDICTS.has(r.verdict));
+      const allPriorPass = priorSlice.every((r) => r.verdict === 'PASS');
+
+      if (!allRecentFail || !allPriorPass) continue;
+
+      const [gate_id, artifact_type] = key.split('\x00');
+      patterns.push({
+        kind: 'regression',
+        gate_id,
+        artifact_type,
+        suggestion: `gate ${gate_id} on ${artifact_type} was passing last ${passWindow} runs; failing now — likely regression`,
+      });
+    }
+
+    return patterns;
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * detectPatterns(receipts, opts)
+ *
+ * Dispatcher: runs all four detectors and returns the union in deterministic
+ * order: repeated-fail-on-same-artifact, rising-fail-rate, cross-skill-correlation,
+ * regression.
+ *
+ * @param {object[]} receipts
+ * @param {{ threshold?: number, window?: number }} [opts]
+ * @returns {object[]}
+ */
+export function detectPatterns(receipts, opts = {}) {
+  if (!Array.isArray(receipts)) return [];
+  return [
+    ...detectRepeatedFail(receipts, opts),
+    ...detectRisingFailRate(receipts, opts),
+    ...detectCrossSkillCorrelation(receipts, opts),
+    ...detectRegression(receipts, opts),
+  ];
+}
+
 /**
  * getFeedbackSuggestions(projectRoot, opts)
  *
@@ -178,10 +360,12 @@ export async function getFeedbackSuggestions(projectRoot, opts = {}) {
     const receipts = await readRecentReceipts(projectRoot, limit);
     const patterns = detectPatterns(receipts, { threshold, window });
 
-    return patterns.map(
-      (p) =>
-        `Pattern detected: ${p.count}/${window} recent gates flagged on ${p.artifact_type} -- consider reviewing ${p.artifact_type} scope`,
-    );
+    return patterns.map((p) => {
+      if (p.kind === 'repeated-fail-on-same-artifact') {
+        return `Pattern detected: ${p.count}/${window} recent gates flagged on ${p.artifact_type} -- consider reviewing ${p.artifact_type} scope`;
+      }
+      return `Pattern detected: ${p.suggestion}`;
+    });
   } catch {
     return [];
   }

package/src/runtime-mediator.js

@@ -17,10 +17,14 @@
  * pass -- that would defeat the sandbox.
  */
 
-import { readFile, mkdir, appendFile } from 'node:fs/promises';
+import { readFile, mkdir, appendFile, rename, stat } from 'node:fs/promises';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
 
+// Log rotation: when permission-events.jsonl exceeds this many lines, rename
+// to .0 (overwriting any prior .0) and start fresh. Total on disk = 2 * cap.
+const ROTATION_LINE_CAP = 10_000;
+
 // Sentinel returned from getActiveExtension when the file exists but is
 // invalid. Callers compare with === to distinguish from null (no file).
 const MALFORMED = Object.freeze({ __malformed: true });
@@ -123,14 +127,39 @@ export function checkPermission(action, target, activeExt) {
   };
 }
 
+/**
+ * Rotate permission-events.jsonl if it exceeds ROTATION_LINE_CAP lines.
+ * Renames current file to .0 (overwriting any prior .0) then the caller
+ * appends to the fresh empty file. Best effort -- never throws.
+ */
+async function maybeRotateEventLog(logPath) {
+  try {
+    let st;
+    try { st = await stat(logPath); } catch { return; } // ENOENT = no rotation needed
+    if (st.size === 0) return;
+    // Count newlines in a single Buffer read. This is the amortised cost.
+    const buf = await readFile(logPath);
+    let count = 0;
+    for (let i = 0; i < buf.length; i++) {
+      if (buf[i] === 0x0a) count++; // '\n'
+    }
+    if (count < ROTATION_LINE_CAP) return;
+    await rename(logPath, logPath + '.0');
+  } catch {
+    // Rotation failure is non-fatal.
+  }
+}
+
 /**
  * Append one JSON line to ~/.ijfw/state/permission-events.jsonl. Best effort:
  * never throws. The forensic trail is a nice-to-have, not a critical path.
+ * Rotation check runs on each append (cost amortised).
  */
 export async function logPermissionEvent(event, opts = {}) {
   try {
     const home = opts.homeDir || process.env.HOME || homedir();
     await mkdir(stateDir(home), { recursive: true });
+    await maybeRotateEventLog(eventLogPath(home));
     const line = JSON.stringify(event) + '\n';
     await appendFile(eventLogPath(home), line, 'utf8');
   } catch {