@ijfw/memory-server 1.4.1 → 1.4.4

package/src/dashboard-client.html

@@ -593,6 +593,31 @@ tr:hover td{background:var(--surface)}
         </div>
       </div>
 
+      <!-- Sub-section: Charts (B19) -->
+      <div class="card">
+        <div class="ctitle">Audit Charts</div>
+        <div id="ext-charts-content">
+          <div style="display:grid;grid-template-columns:1fr 1fr;gap:12px;font-size:12px">
+            <div>
+              <div style="color:var(--fg-dim);margin-bottom:4px">Events / hour (24h)</div>
+              <canvas id="ext-chart-hourly" width="320" height="80" style="width:100%;height:80px;display:block"></canvas>
+            </div>
+            <div>
+              <div style="color:var(--fg-dim);margin-bottom:4px">Deny rate by extension</div>
+              <canvas id="ext-chart-byext" width="320" height="80" style="width:100%;height:80px;display:block"></canvas>
+            </div>
+            <div>
+              <div style="color:var(--fg-dim);margin-bottom:4px">Top denied tools</div>
+              <canvas id="ext-chart-bytool" width="320" height="120" style="width:100%;height:120px;display:block"></canvas>
+            </div>
+            <div>
+              <div style="color:var(--fg-dim);margin-bottom:4px">Quota usage</div>
+              <div id="ext-chart-quotas" style="display:flex;flex-direction:column;gap:6px"></div>
+            </div>
+          </div>
+        </div>
+      </div>
+
       <!-- Sub-section: Permission events -->
       <div class="card">
         <div class="ctitle" style="justify-content:space-between">
@@ -1377,7 +1402,18 @@ async function loadExtensionActive() {
       permsEl.setAttribute('style', 'font-size:12px;color:var(--fg-dim)');
       var reads = (a.permissions.reads || []).join(', ') || 'none';
       var writes = (a.permissions.writes || []).join(', ') || 'none';
-      permsEl.innerHTML = '<b style="color:var(--fg)">reads:</b> ' + reads + ' &nbsp; <b style="color:var(--fg)">writes:</b> ' + writes;
+      var bReads = document.createElement('b');
+      bReads.setAttribute('style', 'color:var(--fg)');
+      bReads.textContent = 'reads:';
+      var textReads = document.createTextNode(' ' + reads + '\u00A0\u00A0');
+      var bWrites = document.createElement('b');
+      bWrites.setAttribute('style', 'color:var(--fg)');
+      bWrites.textContent = 'writes:';
+      var textWrites = document.createTextNode(' ' + writes);
+      permsEl.appendChild(bReads);
+      permsEl.appendChild(textReads);
+      permsEl.appendChild(bWrites);
+      permsEl.appendChild(textWrites);
       wrap.appendChild(permsEl);
     }
     el.appendChild(wrap);
@@ -1526,7 +1562,183 @@ document.addEventListener('DOMContentLoaded', function() {
   loadExtensions();
   loadExtensionActive();
   loadExtensionEvents();
+  loadExtensionCharts();
 });
+
+// ====== AUDIT CHARTS (B19) ======
+// Inlined to keep dashboard a single self-contained HTML file.
+
+function _ijfwChartTheme(el) {
+  var fg = '#9ad2ff', bg = 'rgba(154,210,255,0.18)', warn = '#ff9b3a', txt = '#cfd6dd';
+  try {
+    var cs = getComputedStyle(el);
+    fg   = (cs.getPropertyValue('--ijfw-chart-fg')      || '').trim() || fg;
+    bg   = (cs.getPropertyValue('--ijfw-chart-bg')      || '').trim() || bg;
+    warn = (cs.getPropertyValue('--ijfw-chart-warning') || '').trim() || warn;
+    txt  = (cs.getPropertyValue('--ijfw-chart-text')    || '').trim() || txt;
+  } catch (e) {}
+  return { fg: fg, bg: bg, warn: warn, text: txt };
+}
+
+function _ijfwLineChart(canvas, points) {
+  if (!canvas || !canvas.getContext) return;
+  var ctx = canvas.getContext('2d');
+  var W = canvas.width, H = canvas.height;
+  var theme = _ijfwChartTheme(canvas);
+  ctx.clearRect(0, 0, W, H);
+  if (!points || !points.length) return;
+  var xs = points.map(function(p){ return p.x; });
+  var ys = points.map(function(p){ return Math.max(0, p.y); });
+  var xMin = Math.min.apply(null, xs), xMax = Math.max.apply(null, xs);
+  if (xMax === xMin) xMax = xMin + 1;
+  var yMax = Math.max(1, Math.max.apply(null, ys));
+  var pad = 4, innerW = W - pad*2, innerH = H - pad*2;
+  function px(x){ return pad + ((x - xMin)/(xMax - xMin)) * innerW; }
+  function py(y){ return pad + (1 - (y / yMax)) * innerH; }
+  ctx.beginPath(); ctx.moveTo(px(points[0].x), H - pad);
+  for (var i = 0; i < points.length; i++) ctx.lineTo(px(points[i].x), py(points[i].y));
+  ctx.lineTo(px(points[points.length-1].x), H - pad);
+  ctx.closePath(); ctx.fillStyle = theme.bg; ctx.fill();
+  ctx.beginPath(); ctx.moveTo(px(points[0].x), py(points[0].y));
+  for (var j = 1; j < points.length; j++) ctx.lineTo(px(points[j].x), py(points[j].y));
+  ctx.strokeStyle = theme.fg; ctx.lineWidth = 1.5; ctx.stroke();
+}
+
+function _ijfwBarChart(canvas, bars, horizontal) {
+  if (!canvas || !canvas.getContext) return;
+  var ctx = canvas.getContext('2d');
+  var W = canvas.width, H = canvas.height;
+  var theme = _ijfwChartTheme(canvas);
+  ctx.clearRect(0, 0, W, H);
+  if (!bars || !bars.length) return;
+  var values = bars.map(function(b){ return Math.max(0, b.value || 0); });
+  var maxVal = Math.max(1, Math.max.apply(null, values));
+  var pad = 4;
+  var labelGutter = horizontal ? 80 : 14;
+  var innerW = W - pad*2 - (horizontal ? labelGutter : 0);
+  var innerH = H - pad*2 - (horizontal ? 0 : labelGutter);
+  var slot = (horizontal ? innerH : innerW) / bars.length;
+  var barW = Math.max(1, slot * 0.7);
+  for (var i = 0; i < bars.length; i++) {
+    var v = values[i];
+    var color = bars[i].color || theme.fg;
+    if (horizontal) {
+      var y = pad + i*slot + (slot-barW)/2;
+      var len = (v/maxVal) * innerW;
+      ctx.fillStyle = theme.bg; ctx.fillRect(pad + labelGutter, y, innerW, barW);
+      ctx.fillStyle = color;    ctx.fillRect(pad + labelGutter, y, len,    barW);
+      ctx.fillStyle = theme.text; ctx.fillText(String(bars[i].label || ''), pad, y + barW*0.75);
+    } else {
+      var x = pad + i*slot + (slot-barW)/2;
+      var len2 = (v/maxVal) * innerH;
+      ctx.fillStyle = theme.bg; ctx.fillRect(x, pad, barW, innerH);
+      ctx.fillStyle = color;    ctx.fillRect(x, pad + (innerH - len2), barW, len2);
+      ctx.fillStyle = theme.text; ctx.fillText(String(bars[i].label || '').slice(0, 8), x, H - pad);
+    }
+  }
+}
+
+function _ijfwProgressBar(parent, data) {
+  if (!parent) return;
+  var theme = _ijfwChartTheme(parent);
+  var cur = Math.max(0, data.current || 0);
+  var lim = (data.limit === null || data.limit === undefined) ? null : data.limit;
+  var label = data.label || '';
+  var warn = Boolean(data.warning);
+  var row = document.createElement('div');
+  row.className = 'ijfw-progress' + (warn ? ' ijfw-progress--warn' : '');
+  row.setAttribute('style', 'display:flex;align-items:center;gap:6px;font-size:11px');
+  var lbl = document.createElement('span'); lbl.textContent = label; lbl.setAttribute('style','min-width:88px;color:var(--fg-dim)');
+  row.appendChild(lbl);
+  if (lim === null) {
+    var val = document.createElement('span'); val.textContent = cur + ' / unlimited';
+    val.setAttribute('style','color:var(--fg-dim)');
+    row.appendChild(val);
+  } else {
+    var rail = document.createElement('span');
+    rail.setAttribute('style', 'background:' + theme.bg + ';display:inline-block;height:6px;width:120px;border-radius:3px;overflow:hidden;vertical-align:middle');
+    var fill = document.createElement('span');
+    var pct = lim > 0 ? Math.min(100, (cur/lim)*100) : 0;
+    fill.setAttribute('style', 'display:block;height:100%;width:' + pct.toFixed(1) + '%;background:' + (warn ? theme.warn : theme.fg));
+    rail.appendChild(fill);
+    row.appendChild(rail);
+    var val2 = document.createElement('span'); val2.textContent = cur + ' / ' + lim;
+    row.appendChild(val2);
+  }
+  parent.appendChild(row);
+}
+
+function loadExtensionCharts() {
+  // Hourly line chart.
+  fetch('/api/extensions/aggregates?window=24h&kind=hourly')
+    .then(function(r){ return r.json(); })
+    .then(function(o){
+      var canvas = document.getElementById('ext-chart-hourly');
+      if (!canvas) return;
+      var buckets = (o && o.buckets) || [];
+      var points = buckets.map(function(b, i){ return { x: i, y: b.count }; });
+      _ijfwLineChart(canvas, points);
+    }).catch(function(){});
+
+  // Deny rate per extension (horizontal bar).
+  fetch('/api/extensions/aggregates?window=24h&kind=by_ext')
+    .then(function(r){ return r.json(); })
+    .then(function(o){
+      var canvas = document.getElementById('ext-chart-byext');
+      if (!canvas) return;
+      var rows = (o && o.rows) || [];
+      var bars = rows.slice(0, 8).map(function(r){
+        var total = (r.allowed||0) + (r.denied||0);
+        return { label: r.ext, value: total > 0 ? (r.denied/total) * 100 : 0 };
+      });
+      _ijfwBarChart(canvas, bars, true);
+    }).catch(function(){});
+
+  // Top denied tools.
+  fetch('/api/extensions/aggregates?window=24h&kind=by_tool')
+    .then(function(r){ return r.json(); })
+    .then(function(o){
+      var canvas = document.getElementById('ext-chart-bytool');
+      if (!canvas) return;
+      var rows = (o && o.rows) || [];
+      var bars = rows.map(function(r){ return { label: r.tool, value: r.count }; });
+      _ijfwBarChart(canvas, bars, true);
+    }).catch(function(){});
+
+  // Quotas: per-extension progress bars + bash-bypass warning chip.
+  fetch('/api/extensions/aggregates?window=24h&kind=quotas')
+    .then(function(r){ return r.json(); })
+    .then(function(o){
+      var parent = document.getElementById('ext-chart-quotas');
+      if (!parent) return;
+      while (parent.firstChild) parent.removeChild(parent.firstChild);
+      var rows = (o && o.rows) || [];
+      if (rows.length === 0) {
+        var empty = document.createElement('div');
+        empty.setAttribute('style','color:var(--fg-dim);font-size:12px');
+        empty.textContent = 'No active extension.';
+        parent.appendChild(empty);
+        return;
+      }
+      rows.forEach(function(row){
+        var header = document.createElement('div');
+        header.setAttribute('style','font-weight:600;font-size:12px;margin-top:4px');
+        header.textContent = row.ext_name + ' (' + (row.scope || 'user') + ')';
+        parent.appendChild(header);
+        if (row.warn_bash_bypass) {
+          var chip = document.createElement('div');
+          chip.className = 'ijfw-warn-chip';
+          chip.setAttribute('style','background:rgba(255,155,58,0.12);color:var(--ijfw-chart-warning,#ff9b3a);font-size:11px;padding:4px 8px;border-radius:4px;margin:4px 0');
+          chip.textContent = '⚠ This extension has tool:bash and a strict files_written quota. Bash content bypasses per-file accounting.';
+          parent.appendChild(chip);
+        }
+        var dims = row.dimensions || {};
+        _ijfwProgressBar(parent, { current: (dims.files_written||{}).current||0, limit: (dims.files_written||{}).limit, label: 'files_written', warning: row.warn_bash_bypass });
+        _ijfwProgressBar(parent, { current: (dims.bytes_written||{}).current||0, limit: (dims.bytes_written||{}).limit, label: 'bytes_written', warning: row.warn_bash_bypass });
+        _ijfwProgressBar(parent, { current: (dims.wall_clock_ms||{}).current||0, limit: (dims.wall_clock_ms||{}).limit, label: 'wall_clock_ms' });
+      });
+    }).catch(function(){});
+}
 </script>
 </body>
 </html>

package/src/dashboard-server.js

@@ -22,6 +22,8 @@ import { searchMemory } from './memory/search.js';
 import { buildRecallCounts, mergeRecallCounts, topRecalled } from './memory/recall-counter.js';
 import { PLACEHOLDER_HTML } from './design-companion.js';
 import { listExtensions } from './extension-installer.js';
+import { aggregateEvents, computeWarnBashBypass, readActiveManifest } from './dashboard-aggregator.js';
+import { getQuotaUsage } from './extension-quota-tracker.js';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 // REPO_ROOT: IJFW_PROJECT_ROOT override > user's interactive shell cwd (PWD) > process.cwd() fallback.
@@ -432,6 +434,85 @@ export async function startServer(options = {}) {
       }));
     }],
 
+    // v1.4.4 N8 — Planning doc viewer. Same path-traversal guard as /api/memory/file,
+    // but allowed roots are .planning/, .ijfw/memory/, and .ijfw/wave-*/ all under REPO_ROOT.
+    ['/api/planning', (req, res, url) => {
+      const rawPath = url.searchParams.get('path') || '';
+      if (!rawPath) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'path query param required' }));
+        return;
+      }
+      if (isAbsolute(rawPath) || rawPath.split(/[\\/]/).some((seg) => seg === '..')) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'path traversal not allowed' }));
+        return;
+      }
+      const reqPath = resolve(REPO_ROOT, rawPath);
+      function canonOrNull(p) {
+        try { return realpathSync(p); } catch { return null; }
+      }
+      function isUnder(allowedRoot, canonChild) {
+        const canonRoot = canonOrNull(allowedRoot);
+        if (!canonRoot || !canonChild) return false;
+        const rel = relative(canonRoot, canonChild);
+        return rel !== '' && !rel.startsWith('..') && !isAbsolute(rel);
+      }
+      function isUnderWaveRoot(canonChild) {
+        // r13-M-05: restrict to STATE.md / SUMMARY.md filenames within
+        // .ijfw/wave-*/ subdirs. Previously allowed ANY file in a wave dir;
+        // wave directories may contain .tmp, lock files, or partial blackboard
+        // data that shouldn't be browser-readable.
+        const ijfwDir = canonOrNull(join(REPO_ROOT, '.ijfw'));
+        if (!ijfwDir || !canonChild) return false;
+        const rel = relative(ijfwDir, canonChild);
+        if (rel === '' || rel.startsWith('..') || isAbsolute(rel)) return false;
+        const first = rel.split(/[\\/]/)[0];
+        if (!first.startsWith('wave-') || first.length === 'wave-'.length) return false;
+        return rel.endsWith('STATE.md') || rel.endsWith('SUMMARY.md');
+      }
+      const canonPath = canonOrNull(reqPath);
+      if (!canonPath) {
+        res.writeHead(404, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'file not found' }));
+        return;
+      }
+      const allowed = (
+        isUnder(join(REPO_ROOT, '.planning'), canonPath) ||
+        isUnder(join(REPO_ROOT, '.ijfw', 'memory'), canonPath) ||
+        isUnderWaveRoot(canonPath)
+      );
+      if (!allowed) {
+        res.writeHead(403, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'outside allowed planning roots' }));
+        return;
+      }
+      try {
+        const body = readFileSync(canonPath, 'utf8');
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ body: body.slice(0, 200000), path: rawPath }));
+      } catch (err) {
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: err.message, endpoint: '/api/planning' }));
+      }
+    }],
+
+    // v1.4.4 N8 — Planning-docs viewer (HTML SPA).
+    ['/planning', async (req, res) => {
+      try {
+        const html = await readFile(join(__dirname, 'dashboard-client-planning.html'), 'utf8');
+        res.writeHead(200, {
+          'Content-Type': 'text/html; charset=utf-8',
+          'Cache-Control': 'no-store',
+          'Content-Security-Policy': "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'",
+        });
+        res.end(html);
+      } catch (err) {
+        res.writeHead(500, { 'Content-Type': 'text/plain' });
+        res.end('Planning viewer not found: ' + err.message);
+      }
+    }],
+
     ['/api/memory/file', (req, res, url) => {
       const rawPath = url.searchParams.get('path') || '';
       if (!rawPath) {
@@ -931,6 +1012,111 @@ export async function startServer(options = {}) {
       res.end(JSON.stringify(events));
     }],
 
+    // ---------- extensions: aggregates (B19) ----------
+    // Server-side aggregation of permission-events.jsonl for the per-tool
+    // audit charts. Filters are strictly allowlisted.
+    //   ?window=24h|30m|7d   (regex: \d+[hmd])
+    //   ?kind=hourly|by_ext|by_tool|quotas
+    ['/api/extensions/aggregates', async (req, res, url) => {
+      const ALLOWED_KINDS = new Set(['hourly', 'by_ext', 'by_tool', 'quotas']);
+      const WINDOW_RE = /^\d+(h|m|d)$/;
+      const ALLOWED_KEYS = new Set(['window', 'kind']);
+      try {
+        for (const key of url.searchParams.keys()) {
+          if (!ALLOWED_KEYS.has(key)) {
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: `unknown filter parameter: ${key}` }));
+            return;
+          }
+        }
+        const kind = url.searchParams.get('kind') || 'hourly';
+        if (!ALLOWED_KINDS.has(kind)) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: `invalid kind: ${kind}` }));
+          return;
+        }
+        const rawWindow = url.searchParams.get('window') || '24h';
+        if (!WINDOW_RE.test(rawWindow)) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: `invalid window: ${rawWindow}` }));
+          return;
+        }
+        // Parse window into ms.
+        const num = parseInt(rawWindow.slice(0, -1), 10);
+        const unit = rawWindow.slice(-1);
+        const mult = unit === 'h' ? 3600_000 : unit === 'm' ? 60_000 : 86_400_000;
+        const windowMs = num * mult;
+
+        const home = homedir();
+        const eventsPath = join(home, '.ijfw', 'state', 'permission-events.jsonl');
+
+        if (kind === 'quotas') {
+          // Walk the active extension state and compute per-extension usage.
+          let active = null;
+          try {
+            const activePath = join(home, '.ijfw', 'state', 'active-extension.json');
+            if (existsSync(activePath)) {
+              active = JSON.parse(readFileSync(activePath, 'utf8'));
+            }
+          } catch { active = null; }
+          const rows = [];
+          if (active && typeof active === 'object') {
+            // active may be a single record or a map keyed by name.
+            const entries = Array.isArray(active.extensions)
+              ? active.extensions
+              : (active.name ? [active] : []);
+            for (const ent of entries) {
+              if (!ent || !ent.name) continue;
+              const scope = ent.scope || 'user';
+              const manifest = readActiveManifest({ scope, name: ent.name, home, projectRoot: REPO_ROOT });
+              const quotas = (manifest && manifest.quotas) || {};
+              const usage = await getQuotaUsage(ent.name, { homeDir: home, limits: quotas });
+              rows.push({
+                ...usage,
+                scope,
+                warn_bash_bypass: computeWarnBashBypass(manifest),
+              });
+            }
+          }
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ rows }));
+          return;
+        }
+
+        const agg = await aggregateEvents(eventsPath, { windowMs });
+
+        if (kind === 'hourly') {
+          const buckets = Object.entries(agg.hourly)
+            .map(([hour, count]) => ({ hour, count }))
+            .sort((a, b) => a.hour.localeCompare(b.hour));
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ buckets }));
+          return;
+        }
+
+        if (kind === 'by_ext') {
+          const rows = Object.entries(agg.by_extension)
+            .map(([ext, v]) => ({ ext, allowed: v.allowed, denied: v.denied }))
+            .sort((a, b) => b.denied - a.denied);
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ rows }));
+          return;
+        }
+
+        // kind === 'by_tool'
+        const rows = Object.entries(agg.by_tool_denied)
+          .map(([tool, count]) => ({ tool, count }))
+          .sort((a, b) => b.count - a.count)
+          .slice(0, 10);
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ rows }));
+      } catch (err) {
+        process.stderr.write(`[ijfw-mcp] /api/extensions/aggregates: ${err && err.message ? err.message : err}\n`);
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ buckets: [], rows: [], error: 'aggregation failed' }));
+      }
+    }],
+
     // ---------- extensions health (W3/t15) ----------
     // Reads .ijfw/state/extension-registry.json (project) plus org/user via
     // listExtensions(). Missing or malformed registry yields {extensions: []}

package/src/dispatch/active-cli.js

@@ -0,0 +1,141 @@
+/**
+ * dispatch/active-cli.js — IJFW v1.4.3 W9-B (B18)
+ *
+ * Frozen CLI module contract:
+ *   export const handlers       — { '<subcommand>': async (args, ctx) => { ok, output?, error? } }
+ *   export const subcommandHelp — { '<subcommand>': 'one-line description' }
+ *
+ * Subcommands:
+ *   active --check          — report current active extension + last-writer IDE + divergence
+ *   activate <name> [--ide <id>] [--strict-ide]
+ *                           — activate <name> stamping the host IDE id; refuse
+ *                             activation when --strict-ide is set AND a different
+ *                             IDE is the current writer of stale state.
+ *
+ * Phase D wires these into `dispatch/extension.js`'s main switch by iterating
+ * Object.entries(handlers). Until then, this module is callable in isolation.
+ */
+
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+
+import {
+  findInstalledManifest,
+  writeActiveExtension,
+  detectCrossIdeDivergence,
+} from '../active-extension-writer.js';
+import { detectIde } from '../ide-detect.js';
+
+function homeFromCtx(ctx) {
+  if (ctx && typeof ctx.homedir === 'string') return ctx.homedir;
+  if (ctx && typeof ctx.homeDir === 'string') return ctx.homeDir;
+  return undefined;
+}
+
+function projectRootFromCtx(ctx) {
+  if (ctx && typeof ctx.projectRoot === 'string') return ctx.projectRoot;
+  return process.cwd();
+}
+
+function parseArgs(args) {
+  // Accept either a token array (preferred per registry-cli contract) or a
+  // raw string (fallback for direct callers).
+  let tokens;
+  if (Array.isArray(args)) {
+    tokens = args.slice();
+  } else if (typeof args === 'string') {
+    tokens = args.split(/\s+/).filter(Boolean);
+  } else {
+    tokens = [];
+  }
+  const flags = { check: false, strictIde: false, ide: null };
+  const positional = [];
+  for (let i = 0; i < tokens.length; i++) {
+    const t = tokens[i];
+    if (t === '--check') { flags.check = true; continue; }
+    if (t === '--strict-ide') { flags.strictIde = true; continue; }
+    if (t === '--ide' && tokens[i + 1]) {
+      flags.ide = tokens[i + 1];
+      i++;
+      continue;
+    }
+    positional.push(t);
+  }
+  return { positional, flags };
+}
+
+async function activeHandler(args, ctx) {
+  const { flags } = parseArgs(args);
+  const home = homeFromCtx(ctx) || process.env.HOME || homedir();
+  if (!flags.check) {
+    return { ok: false, error: "active: --check required (usage: active --check)" };
+  }
+  // Read current active.json (best-effort).
+  const activePath = join(home, '.ijfw', 'state', 'active-extension.json');
+  let active = null;
+  try {
+    const raw = await readFile(activePath, 'utf8');
+    active = JSON.parse(raw);
+  } catch {
+    // null
+  }
+  const verdict = await detectCrossIdeDivergence({ homeDir: home });
+  const out = {
+    active: active ? {
+      name: active.name ?? null,
+      scope: active.scope ?? null,
+      activated_at: active.activated_at ?? null,
+      activated_by_ide: active.activated_by_ide ?? null,
+      activated_by_pid: active.activated_by_pid ?? null,
+    } : null,
+    current_ide: verdict.current_ide,
+    divergent: !!verdict.divergent,
+    last_writer: verdict.last_writer ?? null,
+    age_seconds: verdict.age_seconds ?? null,
+  };
+  return { ok: true, output: JSON.stringify(out, null, 2) };
+}
+
+async function activateHandler(args, ctx) {
+  const { positional, flags } = parseArgs(args);
+  const name = positional[0];
+  if (!name || typeof name !== 'string') {
+    return { ok: false, error: 'activate: extension name required (usage: activate <name> [--ide <id>] [--strict-ide])' };
+  }
+  const home = homeFromCtx(ctx) || process.env.HOME || homedir();
+  const projectRoot = projectRootFromCtx(ctx);
+
+  const ideId = flags.ide && /^[a-z0-9-]+$/.test(flags.ide) ? flags.ide : detectIde();
+
+  // Strict-IDE gate: if active.json was last touched by a different IDE AND
+  // divergence semantic flags it, refuse before writing.
+  if (flags.strictIde) {
+    const verdict = await detectCrossIdeDivergence({ homeDir: home, currentIde: ideId });
+    if (verdict && verdict.divergent) {
+      return {
+        ok: false,
+        error: `[ijfw] activate refused: --strict-ide and active extension last activated by '${verdict.last_writer}'`,
+      };
+    }
+  }
+
+  const lookup = await findInstalledManifest(name, projectRoot, { homeDir: home });
+  if (!lookup.ok) return { ok: false, error: lookup.error };
+  const result = await writeActiveExtension(lookup.manifest, lookup.scope, { homeDir: home, ideId });
+  if (!result.ok) return { ok: false, error: result.error };
+  return {
+    ok: true,
+    output: JSON.stringify({ name, scope: lookup.scope, activated_by_ide: ideId, path: result.path }, null, 2),
+  };
+}
+
+export const handlers = Object.freeze({
+  'active': activeHandler,
+  'activate': activateHandler,
+});
+
+export const subcommandHelp = Object.freeze({
+  'active': 'active --check — report current active extension + cross-IDE divergence status',
+  'activate': 'activate <name> [--ide <id>] [--strict-ide] — activate extension and stamp host IDE',
+});

package/src/dispatch/extension.js

@@ -606,8 +606,48 @@ async function cmdDeactivate() {
   }
 }
 
+// v1.4.3 Phase D — CLI module registry. Each module exports the frozen
+// { handlers, subcommandHelp } shape; we union their handlers into a single
+// lookup and consult it BEFORE the legacy switch, so new --ide / --backend /
+// quota / federation subcommands take precedence.
+let _v143Handlers = null;
+async function loadV143Handlers() {
+  if (_v143Handlers !== null) return _v143Handlers;
+  const [registry, signer, quota, active, wave] = await Promise.all([
+    import('./registry-cli.js'),
+    import('./signer-cli.js'),
+    import('./quota-cli.js'),
+    import('./active-cli.js'),
+    import('./wave-cli.js'),  // v1.4.4 N9 — wave-status / wave-list
+  ]);
+  _v143Handlers = Object.assign(
+    Object.create(null),
+    registry.handlers || {},
+    signer.handlers || {},
+    quota.handlers || {},
+    active.handlers || {},
+    wave.handlers || {},
+  );
+  return _v143Handlers;
+}
+
 export async function extensionDispatch({ command, args = '', projectRoot }) {
   const ctx = { command, args: String(args || ''), projectRoot: String(projectRoot || process.cwd()) };
+
+  // v1.4.3 Phase D — CLI modules take precedence over legacy switch.
+  const handlers = await loadV143Handlers();
+  if (typeof handlers[command] === 'function') {
+    try {
+      const r = await handlers[command](ctx.args, ctx);
+      if (r && r.ok === false) {
+        return { ok: false, command, error: r.error || 'unknown error' };
+      }
+      return { ok: true, command, result: r };
+    } catch (err) {
+      return { ok: false, command, error: err && err.message ? err.message : String(err) };
+    }
+  }
+
   switch (command) {
     case 'add': return cmdAdd(ctx);
     case 'list': return cmdList(ctx);

package/src/dispatch/quota-cli.js

@@ -0,0 +1,42 @@
+/**
+ * dispatch/quota-cli.js — IJFW v1.4.3 W9-A3 (B16)
+ *
+ * Frozen CLI module contract:
+ *   export const handlers       — { '<subcommand>': async (args, ctx) => { ok, output?, error? } }
+ *   export const subcommandHelp — { '<subcommand>': 'one-line description' }
+ *
+ * Phase D wires these into `dispatch/extension.js`'s main switch by iterating
+ * Object.entries(handlers). Until then, this module is callable in isolation.
+ */
+
+import { getQuotaUsage, resetExtensionQuotas } from '../extension-quota-tracker.js';
+
+function homeFromCtx(ctx) {
+  if (ctx && typeof ctx.homedir === 'string') return ctx.homedir;
+  if (ctx && typeof ctx.homeDir === 'string') return ctx.homeDir;
+  return undefined; // tracker will fall back to env HOME / homedir()
+}
+
+export const handlers = Object.freeze({
+  'quota-status': async (args, ctx) => {
+    const name = Array.isArray(args) ? args[0] : undefined;
+    if (!name || typeof name !== 'string') {
+      return { ok: false, error: 'quota-status: extension name required' };
+    }
+    const usage = await getQuotaUsage(name, { homeDir: homeFromCtx(ctx) });
+    return { ok: true, output: JSON.stringify(usage, null, 2) };
+  },
+  'quota-reset': async (args, ctx) => {
+    const name = Array.isArray(args) ? args[0] : undefined;
+    if (!name || typeof name !== 'string') {
+      return { ok: false, error: 'quota-reset: extension name required' };
+    }
+    await resetExtensionQuotas(name, { homeDir: homeFromCtx(ctx) });
+    return { ok: true, output: 'reset' };
+  },
+});
+
+export const subcommandHelp = Object.freeze({
+  'quota-status': 'quota-status [<ext-name>] — print current usage vs limits',
+  'quota-reset': 'quota-reset <ext-name> — admin: manually reset counters',
+});