@ijfw/memory-server 1.4.0 → 1.4.3

package/src/memory-feedback.js

@@ -89,20 +89,16 @@ export async function readRecentReceipts(projectRoot, limit = 50) {
 }
 
 /**
- * detectPatterns(receipts, opts)
+ * detectRepeatedFail(receipts, opts)
  *
  * Examines the last `opts.window` (default 10) receipts for repeated FAIL/FLAG
  * on the same affected_artifacts[].type value.
  *
- * If a single artifact_type appears in >= opts.threshold (default 3) receipts
- * within the window with a FAIL or FLAG verdict, one pattern object is emitted
- * for that artifact_type.
- *
  * @param {object[]} receipts
  * @param {{ threshold?: number, window?: number }} [opts]
  * @returns {Array<{ kind: string, artifact_type: string, count: number, threshold: number, sample: string[] }>}
  */
-export function detectPatterns(receipts, opts = {}) {
+function detectRepeatedFail(receipts, opts = {}) {
   const threshold = typeof opts.threshold === 'number' ? opts.threshold : 3;
   const window = typeof opts.window === 'number' ? opts.window : 10;
 
@@ -152,6 +148,192 @@ export function detectPatterns(receipts, opts = {}) {
   return patterns;
 }
 
+/**
+ * detectRisingFailRate(receipts, opts)
+ *
+ * Compares the fail rate in the most recent `window` receipts to the `window`
+ * receipts before that. If the rate rose by >= minRise (absolute), emits a
+ * rising-fail-rate pattern.
+ *
+ * @param {object[]} receipts
+ * @param {{ window?: number, minRise?: number }} [opts]
+ * @returns {Array<{ kind: string, from_rate: number, to_rate: number, window: number, suggestion: string }>}
+ */
+export function detectRisingFailRate(receipts, opts = {}) {
+  try {
+    const window = typeof opts.window === 'number' && opts.window > 0 ? opts.window : 20;
+    const minRise = typeof opts.minRise === 'number' ? opts.minRise : 0.2;
+
+    if (!Array.isArray(receipts) || receipts.length < 2) return [];
+
+    const recent = receipts.slice(0, window);
+    const prior = receipts.slice(window, window * 2);
+
+    if (prior.length === 0) return [];
+
+    const failRate = (arr) => {
+      const valid = arr.filter((r) => r && typeof r === 'object' && typeof r.verdict === 'string');
+      if (valid.length === 0) return 0;
+      return valid.filter((r) => FAIL_VERDICTS.has(r.verdict)).length / valid.length;
+    };
+
+    const fromRate = failRate(prior);
+    const toRate = failRate(recent);
+
+    if (toRate - fromRate < minRise) return [];
+
+    const fromPct = Math.round(fromRate * 100);
+    const toPct = Math.round(toRate * 100);
+
+    return [{
+      kind: 'rising-fail-rate',
+      from_rate: fromRate,
+      to_rate: toRate,
+      window,
+      suggestion: `gate fail rate rose from ${fromPct}% to ${toPct}% in the last ${window} receipts — consider rolling back the most recent changes`,
+    }];
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * detectCrossSkillCorrelation(receipts, opts)
+ *
+ * Looks at the last `window` receipts. If >= minDistinctGates distinct gate_id
+ * prefixes (split on first `-` or `:`) have a FAIL/FLAG verdict, emits a
+ * cross-skill-correlation pattern.
+ *
+ * @param {object[]} receipts
+ * @param {{ window?: number, minDistinctGates?: number }} [opts]
+ * @returns {Array<{ kind: string, distinct_gates: number, window: number, suggestion: string }>}
+ */
+export function detectCrossSkillCorrelation(receipts, opts = {}) {
+  try {
+    const window = typeof opts.window === 'number' && opts.window > 0 ? opts.window : 10;
+    const minDistinctGates = typeof opts.minDistinctGates === 'number' ? opts.minDistinctGates : 3;
+
+    if (!Array.isArray(receipts) || receipts.length === 0) return [];
+
+    const windowReceipts = receipts.slice(0, window);
+    const prefixes = new Set();
+
+    for (const receipt of windowReceipts) {
+      if (!receipt || typeof receipt !== 'object') continue;
+      if (!FAIL_VERDICTS.has(receipt.verdict)) continue;
+      if (typeof receipt.gate_id !== 'string' || receipt.gate_id.length === 0) continue;
+
+      // Take the prefix before the first `-` or `:`
+      const prefix = receipt.gate_id.split(/[-:]/)[0];
+      if (prefix) prefixes.add(prefix);
+    }
+
+    if (prefixes.size < minDistinctGates) return [];
+
+    return [{
+      kind: 'cross-skill-correlation',
+      distinct_gates: prefixes.size,
+      window,
+      suggestion: `${prefixes.size} different gates flagged in the last ${window} receipts — review project state, not individual artifacts`,
+    }];
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * detectRegression(receipts, opts)
+ *
+ * For each unique (gate_id, artifact_type) key in receipts: if the most recent
+ * `failWindow` receipts were all FAIL/FLAG but the `passWindow` receipts before
+ * that were all PASS, emits a regression pattern.
+ *
+ * artifact_type is the TYPE field (e.g. 'chapter'), never the ID.
+ *
+ * @param {object[]} receipts
+ * @param {{ passWindow?: number, failWindow?: number }} [opts]
+ * @returns {Array<{ kind: string, gate_id: string, artifact_type: string, suggestion: string }>}
+ */
+export function detectRegression(receipts, opts = {}) {
+  try {
+    const passWindow = typeof opts.passWindow === 'number' && opts.passWindow > 0 ? opts.passWindow : 5;
+    const failWindow = typeof opts.failWindow === 'number' && opts.failWindow > 0 ? opts.failWindow : 2;
+
+    if (!Array.isArray(receipts) || receipts.length === 0) return [];
+
+    // Build per-(gate_id, artifact_type) ordered lists (receipts[0] = most recent).
+    // receipts are assumed newest-first (as returned by readRecentReceipts).
+    const streams = new Map(); // key -> [receipt, ...]
+
+    for (const receipt of receipts) {
+      if (!receipt || typeof receipt !== 'object') continue;
+      if (typeof receipt.gate_id !== 'string' || receipt.gate_id.length === 0) continue;
+      if (!Array.isArray(receipt.affected_artifacts)) continue;
+
+      const seenTypes = new Set();
+      for (const artifact of receipt.affected_artifacts) {
+        if (!artifact || typeof artifact !== 'object') continue;
+        if (typeof artifact.type !== 'string' || artifact.type.length === 0) continue;
+
+        const t = artifact.type;
+        if (seenTypes.has(t)) continue;
+        seenTypes.add(t);
+
+        const key = `${receipt.gate_id}\x00${t}`;
+        if (!streams.has(key)) streams.set(key, []);
+        streams.get(key).push(receipt);
+      }
+    }
+
+    const patterns = [];
+
+    for (const [key, stream] of streams.entries()) {
+      if (stream.length < failWindow + passWindow) continue;
+
+      const recentSlice = stream.slice(0, failWindow);
+      const priorSlice = stream.slice(failWindow, failWindow + passWindow);
+
+      const allRecentFail = recentSlice.every((r) => FAIL_VERDICTS.has(r.verdict));
+      const allPriorPass = priorSlice.every((r) => r.verdict === 'PASS');
+
+      if (!allRecentFail || !allPriorPass) continue;
+
+      const [gate_id, artifact_type] = key.split('\x00');
+      patterns.push({
+        kind: 'regression',
+        gate_id,
+        artifact_type,
+        suggestion: `gate ${gate_id} on ${artifact_type} was passing last ${passWindow} runs; failing now — likely regression`,
+      });
+    }
+
+    return patterns;
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * detectPatterns(receipts, opts)
+ *
+ * Dispatcher: runs all four detectors and returns the union in deterministic
+ * order: repeated-fail-on-same-artifact, rising-fail-rate, cross-skill-correlation,
+ * regression.
+ *
+ * @param {object[]} receipts
+ * @param {{ threshold?: number, window?: number }} [opts]
+ * @returns {object[]}
+ */
+export function detectPatterns(receipts, opts = {}) {
+  if (!Array.isArray(receipts)) return [];
+  return [
+    ...detectRepeatedFail(receipts, opts),
+    ...detectRisingFailRate(receipts, opts),
+    ...detectCrossSkillCorrelation(receipts, opts),
+    ...detectRegression(receipts, opts),
+  ];
+}
+
 /**
  * getFeedbackSuggestions(projectRoot, opts)
  *
@@ -178,10 +360,12 @@ export async function getFeedbackSuggestions(projectRoot, opts = {}) {
     const receipts = await readRecentReceipts(projectRoot, limit);
     const patterns = detectPatterns(receipts, { threshold, window });
 
-    return patterns.map(
-      (p) =>
-        `Pattern detected: ${p.count}/${window} recent gates flagged on ${p.artifact_type} -- consider reviewing ${p.artifact_type} scope`,
-    );
+    return patterns.map((p) => {
+      if (p.kind === 'repeated-fail-on-same-artifact') {
+        return `Pattern detected: ${p.count}/${window} recent gates flagged on ${p.artifact_type} -- consider reviewing ${p.artifact_type} scope`;
+      }
+      return `Pattern detected: ${p.suggestion}`;
+    });
   } catch {
     return [];
   }

package/src/runtime-mediator.js

@@ -17,10 +17,18 @@
  * pass -- that would defeat the sandbox.
  */
 
-import { readFile, mkdir, appendFile } from 'node:fs/promises';
+import { readFile, mkdir, appendFile, rename, stat } from 'node:fs/promises';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
 
+// B18 — divergence helper imported lazily inside maybeWarnDivergence to keep
+// the module side-effect-light. detectCrossIdeDivergence has its own internal
+// stale-file cleanup + last-seen writer; we just consume the verdict.
+
+// Log rotation: when permission-events.jsonl exceeds this many lines, rename
+// to .0 (overwriting any prior .0) and start fresh. Total on disk = 2 * cap.
+const ROTATION_LINE_CAP = 10_000;
+
 // Sentinel returned from getActiveExtension when the file exists but is
 // invalid. Callers compare with === to distinguish from null (no file).
 const MALFORMED = Object.freeze({ __malformed: true });
@@ -123,14 +131,39 @@ export function checkPermission(action, target, activeExt) {
   };
 }
 
+/**
+ * Rotate permission-events.jsonl if it exceeds ROTATION_LINE_CAP lines.
+ * Renames current file to .0 (overwriting any prior .0) then the caller
+ * appends to the fresh empty file. Best effort -- never throws.
+ */
+async function maybeRotateEventLog(logPath) {
+  try {
+    let st;
+    try { st = await stat(logPath); } catch { return; } // ENOENT = no rotation needed
+    if (st.size === 0) return;
+    // Count newlines in a single Buffer read. This is the amortised cost.
+    const buf = await readFile(logPath);
+    let count = 0;
+    for (let i = 0; i < buf.length; i++) {
+      if (buf[i] === 0x0a) count++; // '\n'
+    }
+    if (count < ROTATION_LINE_CAP) return;
+    await rename(logPath, logPath + '.0');
+  } catch {
+    // Rotation failure is non-fatal.
+  }
+}
+
 /**
  * Append one JSON line to ~/.ijfw/state/permission-events.jsonl. Best effort:
  * never throws. The forensic trail is a nice-to-have, not a critical path.
+ * Rotation check runs on each append (cost amortised).
  */
 export async function logPermissionEvent(event, opts = {}) {
   try {
     const home = opts.homeDir || process.env.HOME || homedir();
     await mkdir(stateDir(home), { recursive: true });
+    await maybeRotateEventLog(eventLogPath(home));
     const line = JSON.stringify(event) + '\n';
     await appendFile(eventLogPath(home), line, 'utf8');
   } catch {
@@ -138,6 +171,33 @@ export async function logPermissionEvent(event, opts = {}) {
   }
 }
 
+/**
+ * B18 — surface a cross-IDE divergence warning on stderr (does NOT block).
+ * Called by permission-check call sites once per dispatch. Returns the
+ * divergence verdict so callers can attach `divergent_ide: true` to event
+ * log entries.
+ *
+ * Best-effort: any error returns `{ divergent: false }` and never throws.
+ *
+ * @param {{ homeDir?: string }} [opts]
+ * @returns {Promise<{ divergent: boolean, last_writer?: string|null, current_ide?: string, age_seconds?: number|null }>}
+ */
+export async function maybeWarnDivergence(opts = {}) {
+  try {
+    const { detectCrossIdeDivergence } = await import('./active-extension-writer.js');
+    const verdict = await detectCrossIdeDivergence({ homeDir: opts.homeDir });
+    if (verdict && verdict.divergent) {
+      const age = typeof verdict.age_seconds === 'number' ? `${verdict.age_seconds}s ago` : 'unknown time ago';
+      process.stderr.write(
+        `[ijfw] active extension last activated by '${verdict.last_writer}' ${age}; this IDE is '${verdict.current_ide}'\n`,
+      );
+    }
+    return verdict || { divergent: false };
+  } catch {
+    return { divergent: false };
+  }
+}
+
 /**
  * Map an MCP tool name (+ args) to the (action, target) tuple used for
  * permission checks. Returns null for unrecognised tool names; callers

package/src/server.js

@@ -55,6 +55,168 @@ import {
   logPermissionEvent,
   toolNameToActionTarget,
 } from './runtime-mediator.js';
+// B16/SEC-M-03 — quota tracker. The combined permission+quota gate lives
+// here in server.js (NOT runtime-mediator.js, which is primitives-only).
+import { checkAndIncrement as quotaCheckAndIncrement } from './extension-quota-tracker.js';
+import { findInstalledManifest } from './active-extension-writer.js';
+
+/**
+ * Combined permission + quota gate (SEC-M-03).
+ *
+ * Single enforcement site for the MCP tool dispatch. Replaces the inline
+ * `checkPermission` block. Exported so `test-server-quota-integration.js` can
+ * exercise the gate directly without spinning a full MCP server.
+ *
+ * Back-compat: when `activeExt === null` (no active extension), returns
+ * `{ allowed: true }` immediately — preserves bundled-IJFW behavior.
+ *
+ * Per-tool quota dimension mapping:
+ *   - ijfw_memory_store → bytes_written (sum of stored payload string lengths)
+ *   - ijfw_run with tool:write|edit|bash → files_written + bytes_written
+ *   - wall_clock_ms: checked-not-incremented on every tool call
+ *
+ * @returns {Promise<{ allowed: boolean, response?: object, dimension?: string, current?: number, limit?: number, reason?: string }>}
+ */
+export async function gatePermissionAndQuota({ toolName, args, activeExt, home, manifestQuotas }) {
+  if (activeExt === null || activeExt === undefined) {
+    return { allowed: true };
+  }
+  const mapping = toolNameToActionTarget(toolName, args || {});
+  if (!mapping) {
+    return { allowed: true };
+  }
+  const permCheck = checkPermission(mapping.action, mapping.target, activeExt);
+  if (!permCheck.allowed) {
+    // Log permission deny — preserves the v1.4.1 audit-trail behavior.
+    await logPermissionEvent({
+      tool: toolName,
+      extension: activeExt && activeExt.name ? activeExt.name : null,
+      action: mapping.action,
+      target: mapping.target,
+      allowed: false,
+      reason: permCheck.reason,
+      ts: new Date().toISOString(),
+    }).catch(() => {});
+    return {
+      allowed: false,
+      reason: permCheck.reason,
+      response: {
+        content: [{ type: 'text', text: `extension permission denied: ${permCheck.reason}` }],
+        isError: true,
+      },
+    };
+  }
+
+  // Quota enforcement only kicks in when the active extension declared quotas.
+  // Manifest quotas are passed in by the caller (resolved from the installed
+  // extension manifest). When manifestQuotas is missing/empty, this short-
+  // circuits — back-compat path.
+  const quotas = manifestQuotas && typeof manifestQuotas === 'object' ? manifestQuotas : {};
+  const limits = {
+    files_written: typeof quotas.max_files_written === 'number' ? quotas.max_files_written : null,
+    bytes_written: typeof quotas.max_bytes_written === 'number' ? quotas.max_bytes_written : null,
+    wall_clock_ms: typeof quotas.max_wall_clock_ms === 'number' ? quotas.max_wall_clock_ms : null,
+  };
+
+  // wall_clock_ms — always checked (no-op if limit is null).
+  if (limits.wall_clock_ms !== null) {
+    const wc = await quotaCheckAndIncrement(activeExt.name, 'wall_clock_ms', 0, limits.wall_clock_ms, { homeDir: home });
+    if (!wc.allowed) {
+      const reason = `quota:wall_clock_ms ${wc.current}/${wc.limit}`;
+      await logPermissionEvent({
+        tool: toolName, extension: activeExt.name, action: mapping.action, target: mapping.target,
+        allowed: false, reason, ts: new Date().toISOString(),
+      }).catch(() => {});
+      return {
+        allowed: false, dimension: 'wall_clock_ms', current: wc.current, limit: wc.limit, reason,
+        response: {
+          content: [{ type: 'text', text: `extension "${activeExt.name}" exceeded quota wall_clock_ms (${wc.current}/${wc.limit})` }],
+          isError: true,
+        },
+      };
+    }
+  }
+
+  // Per-tool counter mapping.
+  let inc = null;
+  if (toolName === 'ijfw_memory_store') {
+    let payloadBytes = 0;
+    try {
+      if (args && typeof args.content === 'string') payloadBytes += args.content.length;
+      if (args && typeof args.context === 'string') payloadBytes += args.context.length;
+    } catch { /* defensive */ }
+    inc = { dim: 'bytes_written', count: payloadBytes, limit: limits.bytes_written, path: null };
+  } else if (toolName === 'ijfw_run') {
+    // Only run-with-write-tools consume files/bytes quota. We sniff the
+    // command for a `tool:write|edit|bash|notebookedit` leading token and
+    // an inline path arg (best-effort; absolute path is used for dedupe).
+    const cmd = args && typeof args.command === 'string' ? args.command : '';
+    const m = cmd.match(/^\s*tool:(write|edit|bash|notebookedit)\b/i);
+    if (m) {
+      // Pull first absolute-looking path arg, if any.
+      const pm = cmd.match(/\b(\/[^\s'"]+|[A-Za-z]:\\[^\s'"]+)/);
+      const absPath = pm ? pm[1] : null;
+      const sizeArg = args && typeof args.input === 'string' ? args.input.length : 0;
+      inc = { dim: 'files_written', count: 1, limit: limits.files_written, path: absPath, bytesCount: sizeArg, bytesLimit: limits.bytes_written };
+    }
+  }
+
+  if (inc !== null) {
+    if (inc.limit !== null) {
+      const r = await quotaCheckAndIncrement(activeExt.name, inc.dim, inc.count, inc.limit, { homeDir: home, path: inc.path });
+      if (!r.allowed) {
+        const reason = `quota:${inc.dim} ${r.current + inc.count}/${r.limit}`;
+        await logPermissionEvent({
+          tool: toolName, extension: activeExt.name, action: mapping.action, target: mapping.target,
+          allowed: false, reason, ts: new Date().toISOString(),
+        }).catch(() => {});
+        return {
+          allowed: false, dimension: inc.dim, current: r.current, limit: r.limit, reason,
+          response: {
+            content: [{ type: 'text', text: `extension "${activeExt.name}" exceeded quota ${inc.dim} (${r.current + inc.count}/${r.limit})` }],
+            isError: true,
+          },
+        };
+      }
+    }
+    // Bytes side-counter (paired with files_written for ijfw_run write tools).
+    if (inc.bytesLimit !== null && typeof inc.bytesCount === 'number' && inc.bytesCount > 0) {
+      const r2 = await quotaCheckAndIncrement(activeExt.name, 'bytes_written', inc.bytesCount, inc.bytesLimit, { homeDir: home });
+      if (!r2.allowed) {
+        const reason = `quota:bytes_written ${r2.current + inc.bytesCount}/${r2.limit}`;
+        await logPermissionEvent({
+          tool: toolName, extension: activeExt.name, action: mapping.action, target: mapping.target,
+          allowed: false, reason, ts: new Date().toISOString(),
+        }).catch(() => {});
+        return {
+          allowed: false, dimension: 'bytes_written', current: r2.current, limit: r2.limit, reason,
+          response: {
+            content: [{ type: 'text', text: `extension "${activeExt.name}" exceeded quota bytes_written (${r2.current + inc.bytesCount}/${r2.limit})` }],
+            isError: true,
+          },
+        };
+      }
+    }
+  }
+
+  return { allowed: true };
+}
+
+/**
+ * Resolve `manifest.quotas` for the currently active extension by reading the
+ * installed manifest. Best-effort: returns {} if the installed manifest can't
+ * be found.
+ */
+async function resolveActiveManifestQuotas(activeExt, projectRoot, home) {
+  if (!activeExt || !activeExt.name) return {};
+  try {
+    const r = await findInstalledManifest(activeExt.name, projectRoot, { homeDir: home });
+    if (r && r.ok && r.manifest && r.manifest.quotas && typeof r.manifest.quotas === 'object') {
+      return r.manifest.quotas;
+    }
+  } catch { /* best-effort */ }
+  return {};
+}
 const SANDBOX_DIR = join(process.env.HOME || homedir(), '.ijfw', 'session-sandbox');
 
 // --- Constants ---
@@ -1285,24 +1447,22 @@ function handleMessage(msg) {
           activeExt = { __malformed: true };
         }
         if (activeExt !== null) {
-          const mapping = toolNameToActionTarget(name, args || {});
-          if (mapping) {
-            const check = checkPermission(mapping.action, mapping.target, activeExt);
-            if (!check.allowed) {
-              await logPermissionEvent({
-                tool: name,
-                extension: activeExt && activeExt.name ? activeExt.name : null,
-                action: mapping.action,
-                target: mapping.target,
-                allowed: false,
-                reason: check.reason,
-                ts: new Date().toISOString(),
-              }).catch(() => {});
-              return createResponse(id, {
-                content: [{ type: 'text', text: `extension permission denied: ${check.reason}` }],
-                isError: true,
-              });
-            }
+          // B16/SEC-M-03: combined permission + quota gate via exported helper.
+          const home = process.env.HOME || process.env.USERPROFILE || homedir();
+          const manifestQuotas = await resolveActiveManifestQuotas(
+            activeExt,
+            (args && typeof args.projectRoot === 'string') ? args.projectRoot : undefined,
+            home,
+          );
+          const gate = await gatePermissionAndQuota({
+            toolName: name,
+            args: args || {},
+            activeExt,
+            home,
+            manifestQuotas,
+          });
+          if (!gate.allowed && gate.response) {
+            return createResponse(id, gate.response);
           }
         }
         switch (name) {
@@ -1503,4 +1663,6 @@ process.on('unhandledRejection', (err) => {
 });
 
 // Export for tests (Node ESM allows this -- only consumed when imported, not on stdio run)
+// gatePermissionAndQuota is exported inline at its declaration above (B16/SEC-M-03)
+// so test-server-quota-integration.js can drive it without spinning a server.
 export { sanitizeContent, atomicWrite, readMarkdownFile, PROJECT_HASH };