ling/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-06 10:47:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
5f50f3df0d6ae8a5584be8deef2d79f49abdcffd
hermes-agent/gateway/platforms/matrix.py

2677 lines
103 KiB
Python
Raw Normal View History

feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
"""Matrix gateway adapter.
Connects to any Matrix homeserver (self-hosted or matrix.org) via the
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
mautrix Python SDK. Supports optional end-to-end encryption (E2EE)
when installed with ``pip install "mautrix[encryption]"``.
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
Environment variables:
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
MATRIX_HOMESERVER Homeserver URL (e.g. https://matrix.example.org)
MATRIX_ACCESS_TOKEN Access token (preferred auth method)
MATRIX_USER_ID Full user ID (@bot:server) required for password login
MATRIX_PASSWORD Password (alternative to access token)
MATRIX_ENCRYPTION Set "true" to enable E2EE
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
MATRIX_DEVICE_ID Stable device ID for E2EE persistence across restarts
fix: MatrixAdapter respects proxy configuration
2026-04-27 16:57:08 +02:00
MATRIX_PROXY HTTP(S) or SOCKS proxy URL for Matrix traffic
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
MATRIX_ALLOWED_USERS Comma-separated Matrix user IDs (@user:server)
MATRIX_HOME_ROOM Room ID for cron/notification delivery
MATRIX_REACTIONS Set "false" to disable processing lifecycle reactions
(eyes/checkmark/cross). Default: true
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
MATRIX_REQUIRE_MENTION Require @mention in rooms (default: true)
MATRIX_FREE_RESPONSE_ROOMS Comma-separated room IDs exempt from mention requirement
MATRIX_AUTO_THREAD Auto-create threads for room messages (default: true)
feat(matrix): add dm_auto_thread config for DM auto-threading Adds MATRIX_DM_AUTO_THREAD env var (default: false) to control auto-threading in DM rooms independently from channel auto-threading. Closes #15398
2026-04-24 23:43:20 +01:00
MATRIX_DM_AUTO_THREAD Auto-create threads for DM messages (default: false)
fix: register MATRIX_RECOVERY_KEY env var + document migration path Follow-up for cherry-picked PR #8272: - Add MATRIX_RECOVERY_KEY to module docstring header in matrix.py - Register in OPTIONAL_ENV_VARS (config.py) with password=True, advanced=True - Add to _NON_SETUP_ENV_VARS set - Document cross-signing verification in matrix.md E2EE section - Update migration guide with recovery key step (step 3) - Add to environment-variables.md reference
2026-04-12 02:16:50 -07:00
MATRIX_RECOVERY_KEY Recovery key for cross-signing verification after device key rotation
feat(matrix): add MATRIX_DM_MENTION_THREADS env var When enabled, @mentioning the bot in a DM creates a thread (default: false). Supports both env var and YAML config (matrix.dm_mention_threads). 6 new tests, docs updated. From #6957
2026-04-10 15:45:56 -07:00
MATRIX_DM_MENTION_THREADS Create a thread when bot is @mentioned in a DM (default: false)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
"""
from __future__ import annotations
import asyncio
import logging
import mimetypes
import os
import re
import time
feat(matrix): reaction-based exec approval + mention_user_id Add Matrix reaction-based exec approval (✅/❎) and mention_user_id support for push notifications in muted rooms. - matrix.py: _MatrixApprovalPrompt, send_exec_approval, reaction approval handling, bot seed reaction redaction, mention pill in send - base.py: inject mention_user_id into send metadata - run.py: inject mention_user_id into status thread metadata - tests for approval prompt registration and reaction resolution
2026-04-25 02:44:14 +08:00
from dataclasses import dataclass
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
from html import escape as _html_escape
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
from pathlib import Path
chore: remove ~100 unused imports across 55 files (#3016) Automated cleanup via pyflakes + autoflake with manual review. Changes: - Removed unused stdlib imports (os, sys, json, pathlib.Path, etc.) - Removed unused typing imports (List, Dict, Any, Optional, Tuple, Set, etc.) - Removed unused internal imports (hermes_cli.auth, hermes_cli.config, etc.) - Fixed cli.py: removed 8 shadowed banner imports (imported from hermes_cli.banner then immediately redefined locally — only build_welcome_banner is actually used) - Added noqa comments to imports that appear unused but serve a purpose: - Re-exports (gateway/session.py SessionResetPolicy, tools/terminal_tool.py is_interrupted/_interrupt_event) - SDK presence checks in try/except (daytona, fal_client, discord) - Test mock targets (auxiliary_client.py Path, mcp_config.py get_hermes_home) Zero behavioral changes. Full test suite passes (6162/6162, 2 pre-existing streaming test failures unrelated to this change).
2026-03-25 15:02:03 -07:00
from typing import Any, Dict, Optional, Set
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
fix: guard mautrix imports for gateway-safe fallback + fix test isolation Follow-up fixes for the matrix-nio → mautrix migration: 1. Module-level mautrix.types import now wrapped in try/except with proper stub classes. Without this, importing gateway.platforms.matrix crashes the entire gateway when mautrix isn't installed — even for users who don't use Matrix. The stubs mirror mautrix's real attribute names so tests that exercise adapter methods (send, reactions, etc.) work without the real SDK. 2. Removed _ensure_mautrix_mock() from test_matrix_mention.py — it permanently installed MagicMock modules in sys.modules via setdefault(), polluting later tests in the suite. No longer needed since the module imports cleanly without mautrix. 3. Fixed thread persistence tests to use direct class reference in monkeypatch.setattr() instead of string-based paths, which broke when the module was reimported by other tests. 4. Moved the module-importability test to a subprocess to prevent it from polluting sys.modules (reimporting creates a second module object with different __dict__, breaking patch.object in subsequent tests).
2026-04-10 20:02:27 -07:00
try:
from mautrix.types import (
ContentURI,
EventID,
EventType,
PaginationDirection,
PresenceState,
RoomCreatePreset,
RoomID,
SyncToken,
TrustState,
UserID,
)
except ImportError:
# Stubs so the module is importable without mautrix installed.
# check_matrix_requirements() will return False and the adapter
# won't be instantiated in production, but tests may exercise
# adapter methods so stubs must have the right attributes.
ContentURI = EventID = RoomID = SyncToken = UserID = str # type: ignore[misc,assignment]
class _EventTypeStub: # type: ignore[no-redef]
ROOM_MESSAGE = "m.room.message"
REACTION = "m.reaction"
ROOM_ENCRYPTED = "m.room.encrypted"
ROOM_NAME = "m.room.name"
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
fix: guard mautrix imports for gateway-safe fallback + fix test isolation Follow-up fixes for the matrix-nio → mautrix migration: 1. Module-level mautrix.types import now wrapped in try/except with proper stub classes. Without this, importing gateway.platforms.matrix crashes the entire gateway when mautrix isn't installed — even for users who don't use Matrix. The stubs mirror mautrix's real attribute names so tests that exercise adapter methods (send, reactions, etc.) work without the real SDK. 2. Removed _ensure_mautrix_mock() from test_matrix_mention.py — it permanently installed MagicMock modules in sys.modules via setdefault(), polluting later tests in the suite. No longer needed since the module imports cleanly without mautrix. 3. Fixed thread persistence tests to use direct class reference in monkeypatch.setattr() instead of string-based paths, which broke when the module was reimported by other tests. 4. Moved the module-importability test to a subprocess to prevent it from polluting sys.modules (reimporting creates a second module object with different __dict__, breaking patch.object in subsequent tests).
2026-04-10 20:02:27 -07:00
EventType = _EventTypeStub # type: ignore[misc,assignment]
class _PaginationDirectionStub: # type: ignore[no-redef]
BACKWARD = "b"
FORWARD = "f"
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
fix: guard mautrix imports for gateway-safe fallback + fix test isolation Follow-up fixes for the matrix-nio → mautrix migration: 1. Module-level mautrix.types import now wrapped in try/except with proper stub classes. Without this, importing gateway.platforms.matrix crashes the entire gateway when mautrix isn't installed — even for users who don't use Matrix. The stubs mirror mautrix's real attribute names so tests that exercise adapter methods (send, reactions, etc.) work without the real SDK. 2. Removed _ensure_mautrix_mock() from test_matrix_mention.py — it permanently installed MagicMock modules in sys.modules via setdefault(), polluting later tests in the suite. No longer needed since the module imports cleanly without mautrix. 3. Fixed thread persistence tests to use direct class reference in monkeypatch.setattr() instead of string-based paths, which broke when the module was reimported by other tests. 4. Moved the module-importability test to a subprocess to prevent it from polluting sys.modules (reimporting creates a second module object with different __dict__, breaking patch.object in subsequent tests).
2026-04-10 20:02:27 -07:00
PaginationDirection = _PaginationDirectionStub # type: ignore[misc,assignment]
class _PresenceStateStub: # type: ignore[no-redef]
ONLINE = "online"
OFFLINE = "offline"
UNAVAILABLE = "unavailable"
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
fix: guard mautrix imports for gateway-safe fallback + fix test isolation Follow-up fixes for the matrix-nio → mautrix migration: 1. Module-level mautrix.types import now wrapped in try/except with proper stub classes. Without this, importing gateway.platforms.matrix crashes the entire gateway when mautrix isn't installed — even for users who don't use Matrix. The stubs mirror mautrix's real attribute names so tests that exercise adapter methods (send, reactions, etc.) work without the real SDK. 2. Removed _ensure_mautrix_mock() from test_matrix_mention.py — it permanently installed MagicMock modules in sys.modules via setdefault(), polluting later tests in the suite. No longer needed since the module imports cleanly without mautrix. 3. Fixed thread persistence tests to use direct class reference in monkeypatch.setattr() instead of string-based paths, which broke when the module was reimported by other tests. 4. Moved the module-importability test to a subprocess to prevent it from polluting sys.modules (reimporting creates a second module object with different __dict__, breaking patch.object in subsequent tests).
2026-04-10 20:02:27 -07:00
PresenceState = _PresenceStateStub # type: ignore[misc,assignment]
class _RoomCreatePresetStub: # type: ignore[no-redef]
PRIVATE = "private_chat"
PUBLIC = "public_chat"
TRUSTED_PRIVATE = "trusted_private_chat"
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
fix: guard mautrix imports for gateway-safe fallback + fix test isolation Follow-up fixes for the matrix-nio → mautrix migration: 1. Module-level mautrix.types import now wrapped in try/except with proper stub classes. Without this, importing gateway.platforms.matrix crashes the entire gateway when mautrix isn't installed — even for users who don't use Matrix. The stubs mirror mautrix's real attribute names so tests that exercise adapter methods (send, reactions, etc.) work without the real SDK. 2. Removed _ensure_mautrix_mock() from test_matrix_mention.py — it permanently installed MagicMock modules in sys.modules via setdefault(), polluting later tests in the suite. No longer needed since the module imports cleanly without mautrix. 3. Fixed thread persistence tests to use direct class reference in monkeypatch.setattr() instead of string-based paths, which broke when the module was reimported by other tests. 4. Moved the module-importability test to a subprocess to prevent it from polluting sys.modules (reimporting creates a second module object with different __dict__, breaking patch.object in subsequent tests).
2026-04-10 20:02:27 -07:00
RoomCreatePreset = _RoomCreatePresetStub # type: ignore[misc,assignment]
class _TrustStateStub: # type: ignore[no-redef]
UNVERIFIED = 0
VERIFIED = 1
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
fix: guard mautrix imports for gateway-safe fallback + fix test isolation Follow-up fixes for the matrix-nio → mautrix migration: 1. Module-level mautrix.types import now wrapped in try/except with proper stub classes. Without this, importing gateway.platforms.matrix crashes the entire gateway when mautrix isn't installed — even for users who don't use Matrix. The stubs mirror mautrix's real attribute names so tests that exercise adapter methods (send, reactions, etc.) work without the real SDK. 2. Removed _ensure_mautrix_mock() from test_matrix_mention.py — it permanently installed MagicMock modules in sys.modules via setdefault(), polluting later tests in the suite. No longer needed since the module imports cleanly without mautrix. 3. Fixed thread persistence tests to use direct class reference in monkeypatch.setattr() instead of string-based paths, which broke when the module was reimported by other tests. 4. Moved the module-importability test to a subprocess to prevent it from polluting sys.modules (reimporting creates a second module object with different __dict__, breaking patch.object in subsequent tests).
2026-04-10 20:02:27 -07:00
TrustState = _TrustStateStub # type: ignore[misc,assignment]
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
from gateway.config import Platform, PlatformConfig
from gateway.platforms.base import (
BasePlatformAdapter,
MessageEvent,
MessageType,
fix(gateway): avoid false failure reactions on restart cancellation
2026-04-08 16:07:07 -07:00
ProcessingOutcome,
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
SendResult,
fix: MatrixAdapter respects proxy configuration
2026-04-27 16:57:08 +02:00
resolve_proxy_url,
proxy_kwargs_for_aiohttp,
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
)
refactor: extract shared helpers to deduplicate repeated code patterns (#7917) * refactor: add shared helper modules for code deduplication New modules: - gateway/platforms/helpers.py: MessageDeduplicator, TextBatchAggregator, strip_markdown, ThreadParticipationTracker, redact_phone - hermes_cli/cli_output.py: print_info/success/warning/error, prompt helpers - tools/path_security.py: validate_within_dir, has_traversal_component - utils.py additions: safe_json_loads, read_json_file, read_jsonl, append_jsonl, env_str/lower/int/bool helpers - hermes_constants.py additions: get_config_path, get_skills_dir, get_logs_dir, get_env_path * refactor: migrate gateway adapters to shared helpers - MessageDeduplicator: discord, slack, dingtalk, wecom, weixin, mattermost - strip_markdown: bluebubbles, feishu, sms - redact_phone: sms, signal - ThreadParticipationTracker: discord, matrix - _acquire/_release_platform_lock: telegram, discord, slack, whatsapp, signal, weixin Net -316 lines across 19 files. * refactor: migrate CLI modules to shared helpers - tools_config.py: use cli_output print/prompt + curses_radiolist (-117 lines) - setup.py: use cli_output print helpers + curses_radiolist (-101 lines) - mcp_config.py: use cli_output prompt (-15 lines) - memory_setup.py: use curses_radiolist (-86 lines) Net -263 lines across 5 files. * refactor: migrate to shared utility helpers - safe_json_loads: agent/display.py (4 sites) - get_config_path: skill_utils.py, hermes_logging.py, hermes_time.py - get_skills_dir: skill_utils.py, prompt_builder.py - Token estimation dedup: skills_tool.py imports from model_metadata - Path security: skills_tool, cronjob_tools, skill_manager_tool, credential_files - Non-atomic YAML writes: doctor.py, config.py now use atomic_yaml_write - Platform dict: new platforms.py, skills_config + tools_config derive from it - Anthropic key: new get_anthropic_key() in auth.py, used by doctor/status/config/main * test: update tests for shared helper migrations - test_dingtalk: use _dedup.is_duplicate() instead of _is_duplicate() - test_mattermost: use _dedup instead of _seen_posts/_prune_seen - test_signal: import redact_phone from helpers instead of signal - test_discord_connect: _platform_lock_identity instead of _token_lock_identity - test_telegram_conflict: updated lock error message format - test_skill_manager_tool: 'escapes' instead of 'boundary' in error msgs
2026-04-11 13:59:52 -07:00
from gateway.platforms.helpers import ThreadParticipationTracker
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
logger = logging.getLogger(__name__)
feat(matrix): reaction-based exec approval + mention_user_id Add Matrix reaction-based exec approval (✅/❎) and mention_user_id support for push notifications in muted rooms. - matrix.py: _MatrixApprovalPrompt, send_exec_approval, reaction approval handling, bot seed reaction redaction, mention pill in send - base.py: inject mention_user_id into send metadata - run.py: inject mention_user_id into status thread metadata - tests for approval prompt registration and reaction resolution
2026-04-25 02:44:14 +08:00
@dataclass
class _MatrixApprovalPrompt:
"""Tracks a pending Matrix reaction-based exec approval prompt."""
def __init__(self, session_key: str, chat_id: str, message_id: str, resolved: bool = False):
self.session_key = session_key
self.chat_id = chat_id
self.message_id = message_id
self.resolved = resolved
self.bot_reaction_events: dict[str, str] = {} # emoji -> event_id
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Matrix message size limit (4000 chars practical, spec has no hard limit
# but clients render poorly above this).
MAX_MESSAGE_LENGTH = 4000
# Store directory for E2EE keys and sync state.
fix: replace hardcoded ~/.hermes paths with get_hermes_home() for profile support * feat: GPT tool-use steering + strip budget warnings from history Two changes to improve tool reliability, especially for OpenAI GPT models: 1. GPT tool-use enforcement prompt: Adds GPT_TOOL_USE_GUIDANCE to the system prompt when the model name contains 'gpt' and tools are loaded. This addresses a known behavioral pattern where GPT models describe intended actions ('I will run the tests') instead of actually making tool calls. Inspired by similar steering in OpenCode (beast.txt) and Cline (GPT-5.1 variant). 2. Budget warning history stripping: Budget pressure warnings injected by _get_budget_warning() into tool results are now stripped when conversation history is replayed via run_conversation(). Previously, these turn-scoped signals persisted across turns, causing models to avoid tool calls in all subsequent messages after any turn that hit the 70-90% iteration threshold. * fix: replace hardcoded ~/.hermes paths with get_hermes_home() for profile support Prep for the upcoming profiles feature — each profile is a separate HERMES_HOME directory, so all paths must respect the env var. Fixes: - gateway/platforms/matrix.py: Matrix E2EE store was hardcoded to ~/.hermes/matrix/store, ignoring HERMES_HOME. Now uses get_hermes_home() so each profile gets its own Matrix state. - gateway/platforms/telegram.py: Two locations reading config.yaml via Path.home()/.hermes instead of get_hermes_home(). DM topic thread_id persistence and hot-reload would read the wrong config in a profile. - tools/file_tools.py: Security path for hub index blocking was hardcoded to ~/.hermes, would miss the actual profile's hub cache. - hermes_cli/gateway.py: Service naming now uses the profile name (hermes-gateway-coder) instead of a cryptic hash suffix. Extracted _profile_suffix() helper shared by systemd and launchd. - hermes_cli/gateway.py: Launchd plist path and Label now scoped per profile (ai.hermes.gateway-coder.plist). Previously all profiles would collide on the same plist file on macOS. - hermes_cli/gateway.py: Launchd plist now includes HERMES_HOME in EnvironmentVariables — was missing entirely, making custom HERMES_HOME broken on macOS launchd (pre-existing bug). - All launchctl commands in gateway.py, main.py, status.py updated to use get_launchd_label() instead of hardcoded string. Test fixes: DM topic tests now set HERMES_HOME env var alongside Path.home() mock. Launchd test uses get_launchd_label() for expected commands.
2026-03-28 13:51:08 -07:00
# Uses get_hermes_home() so each profile gets its own Matrix store.
refactor: consolidate ~/.hermes directory layout with backward compat (#3610) New installs get a cleaner structure: cache/images/ (was image_cache/) cache/audio/ (was audio_cache/) cache/documents/ (was document_cache/) cache/screenshots/ (was browser_screenshots/) platforms/whatsapp/session/ (was whatsapp/session/) platforms/matrix/store/ (was matrix/store/) platforms/pairing/ (was pairing/) Existing installs are unaffected -- get_hermes_dir() checks for the old path first and uses it if present. No migration needed. Adds get_hermes_dir(new_subpath, old_name) helper to hermes_constants.py for reuse by any future subsystem.
2026-03-28 15:22:19 -07:00
from hermes_constants import get_hermes_dir as _get_hermes_dir
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
refactor: consolidate ~/.hermes directory layout with backward compat (#3610) New installs get a cleaner structure: cache/images/ (was image_cache/) cache/audio/ (was audio_cache/) cache/documents/ (was document_cache/) cache/screenshots/ (was browser_screenshots/) platforms/whatsapp/session/ (was whatsapp/session/) platforms/matrix/store/ (was matrix/store/) platforms/pairing/ (was pairing/) Existing installs are unaffected -- get_hermes_dir() checks for the old path first and uses it if present. No migration needed. Adds get_hermes_dir(new_subpath, old_name) helper to hermes_constants.py for reuse by any future subsystem.
2026-03-28 15:22:19 -07:00
_STORE_DIR = _get_hermes_dir("platforms/matrix/store", "matrix/store")
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
_CRYPTO_DB_PATH = _STORE_DIR / "crypto.db"
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Grace period: ignore messages older than this many seconds before startup.
_STARTUP_GRACE_SECONDS = 5
fix(matrix): add outbound mention payloads
2026-04-12 17:24:58 +02:00
_OUTBOUND_MENTION_RE = re.compile(
r"(?<![\w/])(@[0-9A-Za-z._=/-]+:[0-9A-Za-z.-]+(?::\d+)?)"
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
_E2EE_INSTALL_HINT = (
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
"Install with: pip install 'mautrix[encryption]' (requires libolm C library)"
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
)
fix(matrix): normalize image-only filenames
2026-04-23 00:42:09 +08:00
_MATRIX_IMAGE_FILENAME_EXTS = frozenset({
".jpg",
".jpeg",
".png",
".gif",
".webp",
".bmp",
".svg",
".heic",
".heif",
".avif",
})
def _looks_like_matrix_image_filename(text: str) -> bool:
"""Return True when Matrix image body text is probably just a transport filename.
Matrix ``m.image`` events commonly populate ``content.body`` with the uploaded
filename when the user did not add a caption. Treating that raw filename as
user-authored text confuses downstream vision enrichment.
"""
candidate = str(text or "").strip()
if not candidate or "\n" in candidate or candidate.endswith("/"):
return False
name = Path(candidate).name
if not name or name != candidate:
return False
suffix = Path(name).suffix.lower()
if not suffix:
return False
guessed_type, _ = mimetypes.guess_type(name)
if guessed_type and guessed_type.startswith("image/"):
return True
return suffix in _MATRIX_IMAGE_FILENAME_EXTS
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
fix: MatrixAdapter respects proxy configuration
2026-04-27 16:57:08 +02:00
def _create_matrix_session(proxy_url: str | None):
"""Create an ``aiohttp.ClientSession`` whose proxy applies to *all* requests.
mautrix's ``HTTPAPI._send()`` calls ``session.request()`` without forwarding
per-request ``proxy=`` kwargs. For HTTP(S) proxies we use aiohttp's native
``proxy=`` session parameter which sets a default for every request. For SOCKS
we use ``aiohttp_socks.ProxyConnector`` (connector-level).
When no proxy is configured we enable ``trust_env`` so standard env vars
(``HTTP_PROXY`` / ``HTTPS_PROXY``) are honoured automatically.
"""
import aiohttp
if not proxy_url:
return aiohttp.ClientSession(trust_env=True)
if proxy_url.split("://")[0].lower().startswith("socks"):
try:
from aiohttp_socks import ProxyConnector
return aiohttp.ClientSession(
connector=ProxyConnector.from_url(proxy_url, rdns=True),
)
except ImportError:
logger.warning(
"aiohttp_socks not installed — SOCKS proxy %s ignored. "
"Run: pip install aiohttp-socks",
proxy_url,
)
return aiohttp.ClientSession(trust_env=True)
return aiohttp.ClientSession(proxy=proxy_url)
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
def _check_e2ee_deps() -> bool:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
"""Return True if mautrix E2EE dependencies (python-olm) are available."""
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
from mautrix.crypto import OlmMachine # noqa: F401
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
return True
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
except (ImportError, AttributeError):
return False
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
def check_matrix_requirements() -> bool:
"""Return True if the Matrix adapter can be used."""
token = os.getenv("MATRIX_ACCESS_TOKEN", "")
password = os.getenv("MATRIX_PASSWORD", "")
homeserver = os.getenv("MATRIX_HOMESERVER", "")
if not token and not password:
logger.debug("Matrix: neither MATRIX_ACCESS_TOKEN nor MATRIX_PASSWORD set")
return False
if not homeserver:
logger.warning("Matrix: MATRIX_HOMESERVER not set")
return False
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
import mautrix # noqa: F401
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
except ImportError:
logger.warning(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
"Matrix: mautrix not installed. Run: pip install 'mautrix[encryption]'"
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
)
return False
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
# If encryption is requested, verify E2EE deps are available at startup
# rather than silently degrading to plaintext-only at connect time.
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
encryption_requested = os.getenv("MATRIX_ENCRYPTION", "").lower() in (
"true",
"1",
"yes",
)
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
if encryption_requested and not _check_e2ee_deps():
logger.error(
"Matrix: MATRIX_ENCRYPTION=true but E2EE dependencies are missing. %s. "
"Without this, encrypted rooms will not work. "
"Set MATRIX_ENCRYPTION=false to disable E2EE.",
_E2EE_INSTALL_HINT,
)
return False
return True
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
class _CryptoStateStore:
"""Adapter that satisfies the mautrix crypto StateStore interface.
OlmMachine requires a StateStore with ``is_encrypted``,
``get_encryption_info``, and ``find_shared_rooms``. The basic
``MemoryStateStore`` from ``mautrix.client`` doesn't implement these,
so we provide simple implementations that consult the client's room
state.
"""
def __init__(self, client_state_store: Any, joined_rooms: set):
self._ss = client_state_store
self._joined_rooms = joined_rooms
async def is_encrypted(self, room_id: str) -> bool:
return (await self.get_encryption_info(room_id)) is not None
async def get_encryption_info(self, room_id: str):
if hasattr(self._ss, "get_encryption_info"):
return await self._ss.get_encryption_info(room_id)
return None
async def find_shared_rooms(self, user_id: str) -> list:
# Return all joined rooms — simple but correct for a single-user bot.
return list(self._joined_rooms)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
class MatrixAdapter(BasePlatformAdapter):
"""Gateway adapter for Matrix (any homeserver)."""
fix(matrix): add text batching to merge split long messages Ports the adaptive batching pattern from the Telegram adapter. Matrix clients split messages around 4000 chars. Adaptive delay waits 2.0s when a chunk is near the limit, 0.6s otherwise. Only text messages are batched; commands dispatch immediately. Ref #6892
2026-04-09 22:37:08 -07:00
# Threshold for detecting Matrix client-side message splits.
# When a chunk is near the ~4000-char practical limit, a continuation
# is almost certain.
_SPLIT_THRESHOLD = 3900
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
def __init__(self, config: PlatformConfig):
super().__init__(config, Platform.MATRIX)
self._homeserver: str = (
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
config.extra.get("homeserver", "") or os.getenv("MATRIX_HOMESERVER", "")
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
).rstrip("/")
self._access_token: str = config.token or os.getenv("MATRIX_ACCESS_TOKEN", "")
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self._user_id: str = config.extra.get("user_id", "") or os.getenv(
"MATRIX_USER_ID", ""
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self._password: str = config.extra.get("password", "") or os.getenv(
"MATRIX_PASSWORD", ""
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
)
self._encryption: bool = config.extra.get(
"encryption",
os.getenv("MATRIX_ENCRYPTION", "").lower() in ("true", "1", "yes"),
)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self._device_id: str = config.extra.get("device_id", "") or os.getenv(
"MATRIX_DEVICE_ID", ""
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
self._client: Any = None # mautrix.client.Client
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
self._crypto_db: Any = None # mautrix.util.async_db.Database
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
self._sync_task: Optional[asyncio.Task] = None
self._closing = False
self._startup_ts: float = 0.0
# Cache: room_id → bool (is DM)
self._dm_rooms: Dict[str, bool] = {}
# Set of room IDs we've joined
self._joined_rooms: Set[str] = set()
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
# Event deduplication (bounded deque keeps newest entries)
from collections import deque
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
self._processed_events: deque = deque(maxlen=1000)
self._processed_events_set: set = set()
fix(matrix): E2EE decryption — request keys, auto-trust devices, retry buffered events (#4083) When the Matrix adapter receives encrypted events it can't decrypt (MegolmEvent), it now: 1. Requests the missing room key from other devices via client.request_room_key(event) instead of silently dropping the message 2. Buffers undecrypted events (bounded to 100, 5 min TTL) and retries decryption after each E2EE maintenance cycle when new keys arrive 3. Auto-trusts/verifies all devices after key queries so other clients share session keys with the bot proactively 4. Exports Megolm keys on disconnect and imports them on connect, so session keys survive gateway restarts This addresses the 'could not decrypt event' warnings that caused the bot to miss messages in encrypted rooms.
2026-03-30 17:16:09 -07:00
# Buffer for undecrypted events pending key receipt.
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Each entry: (room_id, event, timestamp)
fix(matrix): E2EE decryption — request keys, auto-trust devices, retry buffered events (#4083) When the Matrix adapter receives encrypted events it can't decrypt (MegolmEvent), it now: 1. Requests the missing room key from other devices via client.request_room_key(event) instead of silently dropping the message 2. Buffers undecrypted events (bounded to 100, 5 min TTL) and retries decryption after each E2EE maintenance cycle when new keys arrive 3. Auto-trusts/verifies all devices after key queries so other clients share session keys with the bot proactively 4. Exports Megolm keys on disconnect and imports them on connect, so session keys survive gateway restarts This addresses the 'could not decrypt event' warnings that caused the bot to miss messages in encrypted rooms.
2026-03-30 17:16:09 -07:00
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
# Thread participation tracking (for require_mention bypass)
refactor: extract shared helpers to deduplicate repeated code patterns (#7917) * refactor: add shared helper modules for code deduplication New modules: - gateway/platforms/helpers.py: MessageDeduplicator, TextBatchAggregator, strip_markdown, ThreadParticipationTracker, redact_phone - hermes_cli/cli_output.py: print_info/success/warning/error, prompt helpers - tools/path_security.py: validate_within_dir, has_traversal_component - utils.py additions: safe_json_loads, read_json_file, read_jsonl, append_jsonl, env_str/lower/int/bool helpers - hermes_constants.py additions: get_config_path, get_skills_dir, get_logs_dir, get_env_path * refactor: migrate gateway adapters to shared helpers - MessageDeduplicator: discord, slack, dingtalk, wecom, weixin, mattermost - strip_markdown: bluebubbles, feishu, sms - redact_phone: sms, signal - ThreadParticipationTracker: discord, matrix - _acquire/_release_platform_lock: telegram, discord, slack, whatsapp, signal, weixin Net -316 lines across 19 files. * refactor: migrate CLI modules to shared helpers - tools_config.py: use cli_output print/prompt + curses_radiolist (-117 lines) - setup.py: use cli_output print helpers + curses_radiolist (-101 lines) - mcp_config.py: use cli_output prompt (-15 lines) - memory_setup.py: use curses_radiolist (-86 lines) Net -263 lines across 5 files. * refactor: migrate to shared utility helpers - safe_json_loads: agent/display.py (4 sites) - get_config_path: skill_utils.py, hermes_logging.py, hermes_time.py - get_skills_dir: skill_utils.py, prompt_builder.py - Token estimation dedup: skills_tool.py imports from model_metadata - Path security: skills_tool, cronjob_tools, skill_manager_tool, credential_files - Non-atomic YAML writes: doctor.py, config.py now use atomic_yaml_write - Platform dict: new platforms.py, skills_config + tools_config derive from it - Anthropic key: new get_anthropic_key() in auth.py, used by doctor/status/config/main * test: update tests for shared helper migrations - test_dingtalk: use _dedup.is_duplicate() instead of _is_duplicate() - test_mattermost: use _dedup instead of _seen_posts/_prune_seen - test_signal: import redact_phone from helpers instead of signal - test_discord_connect: _platform_lock_identity instead of _token_lock_identity - test_telegram_conflict: updated lock error message format - test_skill_manager_tool: 'escapes' instead of 'boundary' in error msgs
2026-04-11 13:59:52 -07:00
self._threads = ThreadParticipationTracker("matrix")
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
# Mention/thread gating — parsed once from env vars.
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self._require_mention: bool = os.getenv(
"MATRIX_REQUIRE_MENTION", "true"
).lower() not in ("false", "0", "no")
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
free_rooms_raw = os.getenv("MATRIX_FREE_RESPONSE_ROOMS", "")
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self._free_rooms: Set[str] = {
r.strip() for r in free_rooms_raw.split(",") if r.strip()
}
self._auto_thread: bool = os.getenv("MATRIX_AUTO_THREAD", "true").lower() in (
"true",
"1",
"yes",
)
feat(matrix): add dm_auto_thread config for DM auto-threading Adds MATRIX_DM_AUTO_THREAD env var (default: false) to control auto-threading in DM rooms independently from channel auto-threading. Closes #15398
2026-04-24 23:43:20 +01:00
self._dm_auto_thread: bool = os.getenv(
"MATRIX_DM_AUTO_THREAD", "false"
).lower() in ("true", "1", "yes")
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self._dm_mention_threads: bool = os.getenv(
"MATRIX_DM_MENTION_THREADS", "false"
).lower() in ("true", "1", "yes")
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
# Reactions: configurable via MATRIX_REACTIONS (default: true).
self._reactions_enabled: bool = os.getenv(
"MATRIX_REACTIONS", "true"
).lower() not in ("false", "0", "no")
fix(matrix): remove eyes reaction on processing complete The on_processing_complete handler was never removing the eyes reaction because _send_reaction didn't return the reaction event_id. Fix: - _send_reaction returns Optional[str] event_id - on_processing_start stores it in _pending_reactions dict - on_processing_complete redacts the eyes reaction before adding completion emoji
2026-04-09 18:28:53 -05:00
self._pending_reactions: dict[tuple[str, str], str] = {}
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
fix: MatrixAdapter respects proxy configuration
2026-04-27 16:57:08 +02:00
# Proxy support — resolve once at init, reuse for all HTTP traffic.
self._proxy_url: str | None = resolve_proxy_url(platform_env_var="MATRIX_PROXY")
if self._proxy_url:
logger.info("Matrix: proxy configured — %s", self._proxy_url)
fix(matrix): add text batching to merge split long messages Ports the adaptive batching pattern from the Telegram adapter. Matrix clients split messages around 4000 chars. Adaptive delay waits 2.0s when a chunk is near the limit, 0.6s otherwise. Only text messages are batched; commands dispatch immediately. Ref #6892
2026-04-09 22:37:08 -07:00
# Text batching: merge rapid successive messages (Telegram-style).
# Matrix clients split long messages around 4000 chars.
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self._text_batch_delay_seconds = float(
os.getenv("HERMES_MATRIX_TEXT_BATCH_DELAY_SECONDS", "0.6")
)
self._text_batch_split_delay_seconds = float(
os.getenv("HERMES_MATRIX_TEXT_BATCH_SPLIT_DELAY_SECONDS", "2.0")
)
fix(matrix): add text batching to merge split long messages Ports the adaptive batching pattern from the Telegram adapter. Matrix clients split messages around 4000 chars. Adaptive delay waits 2.0s when a chunk is near the limit, 0.6s otherwise. Only text messages are batched; commands dispatch immediately. Ref #6892
2026-04-09 22:37:08 -07:00
self._pending_text_batches: Dict[str, MessageEvent] = {}
self._pending_text_batch_tasks: Dict[str, asyncio.Task] = {}
feat(matrix): reaction-based exec approval + mention_user_id Add Matrix reaction-based exec approval (✅/❎) and mention_user_id support for push notifications in muted rooms. - matrix.py: _MatrixApprovalPrompt, send_exec_approval, reaction approval handling, bot seed reaction redaction, mention pill in send - base.py: inject mention_user_id into send metadata - run.py: inject mention_user_id into status thread metadata - tests for approval prompt registration and reaction resolution
2026-04-25 02:44:14 +08:00
# Matrix reaction-based dangerous command approvals.
self._approval_reaction_map = {
"": "once",
"": "deny",
}
self._approval_prompts_by_event: Dict[str, _MatrixApprovalPrompt] = {}
self._approval_prompt_by_session: Dict[str, str] = {}
allowed_users_raw = os.getenv("MATRIX_ALLOWED_USERS", "")
self._allowed_user_ids: Set[str] = {
u.strip() for u in allowed_users_raw.split(",") if u.strip()
}
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
def _is_duplicate_event(self, event_id) -> bool:
"""Return True if this event was already processed. Tracks the ID otherwise."""
if not event_id:
return False
if event_id in self._processed_events_set:
return True
if len(self._processed_events) == self._processed_events.maxlen:
evicted = self._processed_events[0]
self._processed_events_set.discard(evicted)
self._processed_events.append(event_id)
self._processed_events_set.add(event_id)
return False
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
# ------------------------------------------------------------------
# E2EE helpers
# ------------------------------------------------------------------
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
@staticmethod
def _extract_server_ed25519(device_keys_obj: Any) -> Optional[str]:
"""Extract the ed25519 identity key from a DeviceKeys object."""
for kid, kval in (getattr(device_keys_obj, "keys", {}) or {}).items():
if str(kid).startswith("ed25519:"):
return str(kval)
return None
async def _reverify_keys_after_upload(
self, client: Any, local_ed25519: str
) -> bool:
"""Re-query the server after share_keys() and verify our ed25519 key matches."""
try:
resp = await client.query_keys({client.mxid: [client.device_id]})
dk = getattr(resp, "device_keys", {}) or {}
ud = dk.get(str(client.mxid)) or {}
dev = ud.get(str(client.device_id))
if dev:
server_ed = self._extract_server_ed25519(dev)
if server_ed != local_ed25519:
logger.error(
"Matrix: device %s has immutable identity keys that "
"don't match this installation. Generate a new access "
"token with a fresh device.",
client.device_id,
)
return False
except Exception as exc:
fix(matrix): preserve exception tracebacks on E2EE and auth failures Five ``except Exception as exc:`` blocks in the Matrix adapter logged only ``str(exc)`` without ``exc_info=True``: - _reverify_keys_after_upload → post-upload key verification failure - _upload_keys_if_needed → initial device-key query failure - _upload_keys_if_needed → re-upload device keys failure - _upload_keys_if_needed → initial device key upload failure - connect → whoami / access-token validation failure The E2EE key paths here are security-critical: a silent traceback- less failure during device-key verification or upload makes it hard for operators to tell whether their Matrix bot is failing because of a stale token, a federation timeout, or an olm state mismatch — all three fail with different tracebacks, which ``str(exc)`` alone flattens. The contributing guide asks for ``exc_info=True`` on error logs. Append it to each of the five call sites. Pure logging enrichment.
2026-04-18 15:03:02 +08:00
logger.error("Matrix: post-upload key verification failed: %s", exc, exc_info=True)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return False
return True
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
async def _verify_device_keys_on_server(self, client: Any, olm: Any) -> bool:
"""Verify our device keys are on the homeserver after loading crypto state.
Returns True if keys are valid or were successfully re-uploaded.
Returns False if verification fails (caller should refuse E2EE).
"""
try:
resp = await client.query_keys({client.mxid: [client.device_id]})
except Exception as exc:
logger.error(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
"Matrix: cannot verify device keys on server: %s — refusing E2EE",
exc,
fix(matrix): preserve exception tracebacks on E2EE and auth failures Five ``except Exception as exc:`` blocks in the Matrix adapter logged only ``str(exc)`` without ``exc_info=True``: - _reverify_keys_after_upload → post-upload key verification failure - _upload_keys_if_needed → initial device-key query failure - _upload_keys_if_needed → re-upload device keys failure - _upload_keys_if_needed → initial device key upload failure - connect → whoami / access-token validation failure The E2EE key paths here are security-critical: a silent traceback- less failure during device-key verification or upload makes it hard for operators to tell whether their Matrix bot is failing because of a stale token, a federation timeout, or an olm state mismatch — all three fail with different tracebacks, which ``str(exc)`` alone flattens. The contributing guide asks for ``exc_info=True`` on error logs. Append it to each of the five call sites. Pure logging enrichment.
2026-04-18 15:03:02 +08:00
exc_info=True,
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
)
return False
device_keys_map = getattr(resp, "device_keys", {}) or {}
our_user_devices = device_keys_map.get(str(client.mxid)) or {}
our_keys = our_user_devices.get(str(client.device_id))
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
local_ed25519 = olm.account.identity_keys.get("ed25519")
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
if not our_keys:
logger.warning("Matrix: device keys missing from server — re-uploading")
olm.account.shared = False
try:
await olm.share_keys()
except Exception as exc:
fix(matrix): preserve exception tracebacks on E2EE and auth failures Five ``except Exception as exc:`` blocks in the Matrix adapter logged only ``str(exc)`` without ``exc_info=True``: - _reverify_keys_after_upload → post-upload key verification failure - _upload_keys_if_needed → initial device-key query failure - _upload_keys_if_needed → re-upload device keys failure - _upload_keys_if_needed → initial device key upload failure - connect → whoami / access-token validation failure The E2EE key paths here are security-critical: a silent traceback- less failure during device-key verification or upload makes it hard for operators to tell whether their Matrix bot is failing because of a stale token, a federation timeout, or an olm state mismatch — all three fail with different tracebacks, which ``str(exc)`` alone flattens. The contributing guide asks for ``exc_info=True`` on error logs. Append it to each of the five call sites. Pure logging enrichment.
2026-04-18 15:03:02 +08:00
logger.error("Matrix: failed to re-upload device keys: %s", exc, exc_info=True)
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
return False
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return await self._reverify_keys_after_upload(client, local_ed25519)
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
server_ed25519 = self._extract_server_ed25519(our_keys)
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
if server_ed25519 != local_ed25519:
if olm.account.shared:
logger.error(
"Matrix: server has different identity keys for device %s"
"local crypto state is stale. Delete %s and restart.",
client.device_id,
_CRYPTO_DB_PATH,
)
return False
logger.warning(
"Matrix: server has stale keys for device %s — attempting re-upload",
client.device_id,
)
try:
await client.api.request(
client.api.Method.DELETE
if hasattr(client.api, "Method")
else "DELETE",
f"/_matrix/client/v3/devices/{client.device_id}",
)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
logger.info(
"Matrix: deleted stale device %s from server", client.device_id
)
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
except Exception:
pass
try:
await olm.share_keys()
except Exception as exc:
logger.error(
"Matrix: cannot upload device keys for %s: %s. "
"Try generating a new access token to get a fresh device.",
client.device_id,
exc,
fix(matrix): preserve exception tracebacks on E2EE and auth failures Five ``except Exception as exc:`` blocks in the Matrix adapter logged only ``str(exc)`` without ``exc_info=True``: - _reverify_keys_after_upload → post-upload key verification failure - _upload_keys_if_needed → initial device-key query failure - _upload_keys_if_needed → re-upload device keys failure - _upload_keys_if_needed → initial device key upload failure - connect → whoami / access-token validation failure The E2EE key paths here are security-critical: a silent traceback- less failure during device-key verification or upload makes it hard for operators to tell whether their Matrix bot is failing because of a stale token, a federation timeout, or an olm state mismatch — all three fail with different tracebacks, which ``str(exc)`` alone flattens. The contributing guide asks for ``exc_info=True`` on error logs. Append it to each of the five call sites. Pure logging enrichment.
2026-04-18 15:03:02 +08:00
exc_info=True,
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
)
return False
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return await self._reverify_keys_after_upload(client, local_ed25519)
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
return True
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# ------------------------------------------------------------------
# Required overrides
# ------------------------------------------------------------------
async def connect(self) -> bool:
"""Connect to the Matrix homeserver and start syncing."""
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
from mautrix.api import HTTPAPI
from mautrix.client import Client
from mautrix.client.state_store import MemoryStateStore, MemorySyncStore
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if not self._homeserver:
logger.error("Matrix: homeserver URL not configured")
return False
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Ensure store dir exists for E2EE key persistence.
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
_STORE_DIR.mkdir(parents=True, exist_ok=True)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Create the HTTP API layer.
fix: MatrixAdapter respects proxy configuration
2026-04-27 16:57:08 +02:00
client_session = _create_matrix_session(self._proxy_url)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
api = HTTPAPI(
base_url=self._homeserver,
token=self._access_token or "",
fix: MatrixAdapter respects proxy configuration
2026-04-27 16:57:08 +02:00
client_session=client_session,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Create the client.
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
state_store = MemoryStateStore()
sync_store = MemorySyncStore()
client = Client(
mxid=UserID(self._user_id) if self._user_id else UserID(""),
device_id=self._device_id or None,
api=api,
state_store=state_store,
sync_store=sync_store,
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
self._client = client
# Authenticate.
if self._access_token:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
api.token = self._access_token
# Validate the token and learn user_id / device_id.
try:
resp = await client.whoami()
fix(matrix): harden e2ee access-token handling (#3562) * fix(matrix): harden e2ee access-token handling * fix: patch nio mock in e2ee maintenance sync loop test The sync_loop now imports nio for SyncError checking (from PR #3280), so the test needs to inject a fake nio module via sys.modules. --------- Co-authored-by: Cortana <andrew+cortana@chalkley.org>
2026-03-28 12:13:35 -07:00
resolved_user_id = getattr(resp, "user_id", "") or self._user_id
resolved_device_id = getattr(resp, "device_id", "")
if resolved_user_id:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
self._user_id = str(resolved_user_id)
client.mxid = UserID(self._user_id)
fix(matrix): harden e2ee access-token handling (#3562) * fix(matrix): harden e2ee access-token handling * fix: patch nio mock in e2ee maintenance sync loop test The sync_loop now imports nio for SyncError checking (from PR #3280), so the test needs to inject a fake nio module via sys.modules. --------- Co-authored-by: Cortana <andrew+cortana@chalkley.org>
2026-03-28 12:13:35 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Prefer user-configured device_id for stable E2EE identity.
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
effective_device_id = self._device_id or resolved_device_id
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
if effective_device_id:
client.device_id = effective_device_id
fix(matrix): harden e2ee access-token handling (#3562) * fix(matrix): harden e2ee access-token handling * fix: patch nio mock in e2ee maintenance sync loop test The sync_loop now imports nio for SyncError checking (from PR #3280), so the test needs to inject a fake nio module via sys.modules. --------- Co-authored-by: Cortana <andrew+cortana@chalkley.org>
2026-03-28 12:13:35 -07:00
logger.info(
"Matrix: using access token for %s%s",
self._user_id or "(unknown user)",
fix(matrix): hard-fail E2EE when python-olm missing + stable MATRIX_DEVICE_ID Two issues caused Matrix E2EE to silently not work in encrypted rooms: 1. When matrix-nio is installed without the [e2e] extra (no python-olm / libolm), nio.crypto.ENCRYPTION_ENABLED is False and client.olm is never initialized. The adapter logged warnings but returned True from connect(), so the bot appeared online but could never decrypt messages. Now: check_matrix_requirements() and connect() both hard-fail with a clear error message when MATRIX_ENCRYPTION=true but E2EE deps are missing. 2. Without a stable device_id, the bot gets a new device identity on each restart. Other clients see it as "unknown device" and refuse to share Megolm session keys. Now: MATRIX_DEVICE_ID env var lets users pin a stable device identity that persists across restarts and is passed to nio.AsyncClient constructor + restore_login(). Changes: - gateway/platforms/matrix.py: add _check_e2ee_deps(), hard-fail in connect() and check_matrix_requirements(), MATRIX_DEVICE_ID support in constructor + restore_login - gateway/config.py: plumb MATRIX_DEVICE_ID into platform extras - hermes_cli/config.py: add MATRIX_DEVICE_ID to OPTIONAL_ENV_VARS Closes #3521
2026-04-06 17:07:10 +05:30
f" (device {effective_device_id})" if effective_device_id else "",
fix(matrix): harden e2ee access-token handling (#3562) * fix(matrix): harden e2ee access-token handling * fix: patch nio mock in e2ee maintenance sync loop test The sync_loop now imports nio for SyncError checking (from PR #3280), so the test needs to inject a fake nio module via sys.modules. --------- Co-authored-by: Cortana <andrew+cortana@chalkley.org>
2026-03-28 12:13:35 -07:00
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
except Exception as exc:
fix(matrix): harden e2ee access-token handling (#3562) * fix(matrix): harden e2ee access-token handling * fix: patch nio mock in e2ee maintenance sync loop test The sync_loop now imports nio for SyncError checking (from PR #3280), so the test needs to inject a fake nio module via sys.modules. --------- Co-authored-by: Cortana <andrew+cortana@chalkley.org>
2026-03-28 12:13:35 -07:00
logger.error(
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
"Matrix: whoami failed — check MATRIX_ACCESS_TOKEN and MATRIX_HOMESERVER: %s",
exc,
fix(matrix): preserve exception tracebacks on E2EE and auth failures Five ``except Exception as exc:`` blocks in the Matrix adapter logged only ``str(exc)`` without ``exc_info=True``: - _reverify_keys_after_upload → post-upload key verification failure - _upload_keys_if_needed → initial device-key query failure - _upload_keys_if_needed → re-upload device keys failure - _upload_keys_if_needed → initial device key upload failure - connect → whoami / access-token validation failure The E2EE key paths here are security-critical: a silent traceback- less failure during device-key verification or upload makes it hard for operators to tell whether their Matrix bot is failing because of a stale token, a federation timeout, or an olm state mismatch — all three fail with different tracebacks, which ``str(exc)`` alone flattens. The contributing guide asks for ``exc_info=True`` on error logs. Append it to each of the five call sites. Pure logging enrichment.
2026-04-18 15:03:02 +08:00
exc_info=True,
fix(matrix): harden e2ee access-token handling (#3562) * fix(matrix): harden e2ee access-token handling * fix: patch nio mock in e2ee maintenance sync loop test The sync_loop now imports nio for SyncError checking (from PR #3280), so the test needs to inject a fake nio module via sys.modules. --------- Co-authored-by: Cortana <andrew+cortana@chalkley.org>
2026-03-28 12:13:35 -07:00
)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
await api.session.close()
fix(matrix): harden e2ee access-token handling (#3562) * fix(matrix): harden e2ee access-token handling * fix: patch nio mock in e2ee maintenance sync loop test The sync_loop now imports nio for SyncError checking (from PR #3280), so the test needs to inject a fake nio module via sys.modules. --------- Co-authored-by: Cortana <andrew+cortana@chalkley.org>
2026-03-28 12:13:35 -07:00
return False
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
elif self._password and self._user_id:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
try:
resp = await client.login(
identifier=self._user_id,
password=self._password,
device_name="Hermes Agent",
device_id=self._device_id or None,
)
if resp and hasattr(resp, "device_id"):
client.device_id = resp.device_id
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
logger.info("Matrix: logged in as %s", self._user_id)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
except Exception as exc:
logger.error("Matrix: login failed — %s", exc)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
await api.session.close()
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
return False
else:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
logger.error(
"Matrix: need MATRIX_ACCESS_TOKEN or MATRIX_USER_ID + MATRIX_PASSWORD"
)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
await api.session.close()
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
return False
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Set up E2EE if requested.
if self._encryption:
if not _check_e2ee_deps():
logger.error(
"Matrix: MATRIX_ENCRYPTION=true but E2EE dependencies are missing. %s. "
"Refusing to connect — encrypted rooms would silently fail.",
_E2EE_INSTALL_HINT,
)
fix(matrix): close leaked sessions on connect failure + HMAC-sign pickle store - Add api.session.close() on E2EE dep check and E2EE setup failure paths (two missing cleanup points from the mautrix migration) - Replace raw pickle.load/dump with HMAC-SHA256 signed payloads to prevent arbitrary code execution from a tampered store file
2026-04-11 07:40:01 +05:30
await api.session.close()
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
return False
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
from mautrix.crypto import OlmMachine
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
from mautrix.crypto.store.asyncpg import PgCryptoStore
from mautrix.util.async_db import Database
_STORE_DIR.mkdir(parents=True, exist_ok=True)
# Remove legacy pickle file from pre-SQLite era.
legacy_pickle = _STORE_DIR / "crypto_store.pickle"
if legacy_pickle.exists():
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
logger.info(
"Matrix: removing legacy crypto_store.pickle (migrated to SQLite)"
)
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
legacy_pickle.unlink()
# Open SQLite-backed crypto store.
crypto_db = Database.create(
f"sqlite:///{_CRYPTO_DB_PATH}",
upgrade_table=PgCryptoStore.upgrade_table,
)
await crypto_db.start()
self._crypto_db = crypto_db
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
fix(matrix): pass required args to MemoryCryptoStore for mautrix ≥0.21 (#7848) * fix(matrix): pass required args to MemoryCryptoStore for mautrix ≥0.21 MemoryCryptoStore.__init__() now requires account_id and pickle_key positional arguments as of mautrix 0.21. The migration from matrix-nio (commit 1850747) didn't account for this, causing E2EE initialization to fail with: MemoryCryptoStore.__init__() missing 2 required positional arguments: 'account_id' and 'pickle_key' Pass self._user_id as account_id and derive pickle_key from the same user_id:device_id pair already used for the on-disk HMAC signature. Update the test stub to accept the new parameters. Fixes #7803 * fix: use consistent fallback for pickle_key derivation Address review: _pickle_key now uses _acct_id (which has the 'hermes' fallback) instead of raw self._user_id, so both values stay consistent when user_id is empty. --------- Co-authored-by: Hermes Agent <hermes@nousresearch.com>
2026-04-11 10:43:49 -07:00
_acct_id = self._user_id or "hermes"
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
_pickle_key = f"{_acct_id}:{self._device_id or 'default'}"
crypto_store = PgCryptoStore(
fix(matrix): pass required args to MemoryCryptoStore for mautrix ≥0.21 (#7848) * fix(matrix): pass required args to MemoryCryptoStore for mautrix ≥0.21 MemoryCryptoStore.__init__() now requires account_id and pickle_key positional arguments as of mautrix 0.21. The migration from matrix-nio (commit 1850747) didn't account for this, causing E2EE initialization to fail with: MemoryCryptoStore.__init__() missing 2 required positional arguments: 'account_id' and 'pickle_key' Pass self._user_id as account_id and derive pickle_key from the same user_id:device_id pair already used for the on-disk HMAC signature. Update the test stub to accept the new parameters. Fixes #7803 * fix: use consistent fallback for pickle_key derivation Address review: _pickle_key now uses _acct_id (which has the 'hermes' fallback) instead of raw self._user_id, so both values stay consistent when user_id is empty. --------- Co-authored-by: Hermes Agent <hermes@nousresearch.com>
2026-04-11 10:43:49 -07:00
account_id=_acct_id,
pickle_key=_pickle_key,
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
db=crypto_db,
fix(matrix): pass required args to MemoryCryptoStore for mautrix ≥0.21 (#7848) * fix(matrix): pass required args to MemoryCryptoStore for mautrix ≥0.21 MemoryCryptoStore.__init__() now requires account_id and pickle_key positional arguments as of mautrix 0.21. The migration from matrix-nio (commit 1850747) didn't account for this, causing E2EE initialization to fail with: MemoryCryptoStore.__init__() missing 2 required positional arguments: 'account_id' and 'pickle_key' Pass self._user_id as account_id and derive pickle_key from the same user_id:device_id pair already used for the on-disk HMAC signature. Update the test stub to accept the new parameters. Fixes #7803 * fix: use consistent fallback for pickle_key derivation Address review: _pickle_key now uses _acct_id (which has the 'hermes' fallback) instead of raw self._user_id, so both values stay consistent when user_id is empty. --------- Co-authored-by: Hermes Agent <hermes@nousresearch.com>
2026-04-11 10:43:49 -07:00
)
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
await crypto_store.open()
fix(matrix): persist E2EE crypto store and fix decrypted event dedup Address two bugs found by code review: 1. MemoryCryptoStore loses all E2EE keys on restart — now pickle the store to disk on disconnect and restore on connect, preserving Megolm sessions across restarts. 2. Encrypted events buffered for retry were silently dropped after decryption because _on_encrypted_event registered the event ID in the dedup set, then _on_room_message rejected it as a duplicate. Now clear the dedup entry before routing decrypted events.
2026-04-11 07:29:27 +05:30
fix(matrix): bind PgCryptoStore device_id so fresh E2EE installs work PgCryptoStore.__init__ defaults _device_id to "" and put_account writes that blank value into crypto_account. The UPSERT's ON CONFLICT DO UPDATE clause deliberately does not touch device_id, so once the row is written blank it stays blank forever — breaking every downstream device-scoped olm operation. Peers' to-device olm ciphertext can't match our identity key, no megolm sessions ever land, and the user sees "hermes is in the room but never responds to encrypted messages". Fix: call put_device_id(client.device_id) immediately after crypto_store.open() and before olm.load(). This sets the store's in-memory _device_id so the first put_account INSERT writes the correct value from the start. Observable symptoms without the fix, on a fresh crypto.db: - crypto_account.device_id = "" - crypto_tracked_user: 0 rows - crypto_device: 0 rows - crypto_olm_session: 0 rows - crypto_megolm_inbound_session: 0 rows - "No one-time keys nor device keys got when trying to share keys" warning on every startup - "olm event doesn't contain ciphertext for this device" DecryptionError on any inbound to-device event - Encrypted room messages arrive but never decrypt After the fix (wiped crypto.db + restart): - device_id populated with actual runtime device (e.g. CZIKTRFLOV) - all counts populate from sync as expected - encrypted DMs flow normally Who hits this: anyone with a fresh crypto.db — includes first-time matrix E2EE setup, nio→mautrix migrations (since matrix.py removes the legacy pickle on startup, creating a fresh SQLite store), and anyone who wipes crypto.db to start over. Existing installs that somehow already have a non-blank device_id would be unaffected, but no prior code path writes it correctly, so that set is likely empty.
2026-04-24 02:57:44 -04:00
# Bind the store to the runtime device_id before any
# put_account() runs. PgCryptoStore defaults _device_id
# to "" and its crypto_account UPSERT never updates the
# device_id column on conflict — so once put_account
# writes blank, it stays blank forever. That breaks
# every downstream device-scoped olm operation: peer
# to-device ciphertext can't find our identity key and
# no megolm sessions ever land. Setting _device_id here
# (in-memory; the on-disk row may not exist yet) makes
# the first put_account write the correct value.
fix(matrix): drop needless DeviceID import + mock put_device_id in tests Two adjustments to make CI pass: - In gateway/platforms/matrix.py: `DeviceID` is `NewType("DeviceID", str)`, so passing `client.device_id` directly (already a str) works identically at runtime. The explicit import was cosmetic and tripped CI environments where `mautrix.types` doesn't re-export DeviceID at the expected path ("cannot import name 'DeviceID' from 'mautrix.types' (unknown location)"). - In tests/gateway/test_matrix.py: add `put_device_id` to the hand-written `PgCryptoStore` fake so the three encryption-path tests (test_connect_with_access_token_and_encryption, test_connect_uses_configured_device_id_over_whoami, test_connect_registers_encrypted_event_handler_when_encryption_on) can exercise the new crypto-store binding without AttributeError.
2026-04-24 03:16:25 -04:00
# DeviceID is a NewType(str) so plain str works at runtime.
fix(matrix): bind PgCryptoStore device_id so fresh E2EE installs work PgCryptoStore.__init__ defaults _device_id to "" and put_account writes that blank value into crypto_account. The UPSERT's ON CONFLICT DO UPDATE clause deliberately does not touch device_id, so once the row is written blank it stays blank forever — breaking every downstream device-scoped olm operation. Peers' to-device olm ciphertext can't match our identity key, no megolm sessions ever land, and the user sees "hermes is in the room but never responds to encrypted messages". Fix: call put_device_id(client.device_id) immediately after crypto_store.open() and before olm.load(). This sets the store's in-memory _device_id so the first put_account INSERT writes the correct value from the start. Observable symptoms without the fix, on a fresh crypto.db: - crypto_account.device_id = "" - crypto_tracked_user: 0 rows - crypto_device: 0 rows - crypto_olm_session: 0 rows - crypto_megolm_inbound_session: 0 rows - "No one-time keys nor device keys got when trying to share keys" warning on every startup - "olm event doesn't contain ciphertext for this device" DecryptionError on any inbound to-device event - Encrypted room messages arrive but never decrypt After the fix (wiped crypto.db + restart): - device_id populated with actual runtime device (e.g. CZIKTRFLOV) - all counts populate from sync as expected - encrypted DMs flow normally Who hits this: anyone with a fresh crypto.db — includes first-time matrix E2EE setup, nio→mautrix migrations (since matrix.py removes the legacy pickle on startup, creating a fresh SQLite store), and anyone who wipes crypto.db to start over. Existing installs that somehow already have a non-blank device_id would be unaffected, but no prior code path writes it correctly, so that set is likely empty.
2026-04-24 02:57:44 -04:00
if client.device_id:
fix(matrix): drop needless DeviceID import + mock put_device_id in tests Two adjustments to make CI pass: - In gateway/platforms/matrix.py: `DeviceID` is `NewType("DeviceID", str)`, so passing `client.device_id` directly (already a str) works identically at runtime. The explicit import was cosmetic and tripped CI environments where `mautrix.types` doesn't re-export DeviceID at the expected path ("cannot import name 'DeviceID' from 'mautrix.types' (unknown location)"). - In tests/gateway/test_matrix.py: add `put_device_id` to the hand-written `PgCryptoStore` fake so the three encryption-path tests (test_connect_with_access_token_and_encryption, test_connect_uses_configured_device_id_over_whoami, test_connect_registers_encrypted_event_handler_when_encryption_on) can exercise the new crypto-store binding without AttributeError.
2026-04-24 03:16:25 -04:00
await crypto_store.put_device_id(client.device_id)
fix(matrix): bind PgCryptoStore device_id so fresh E2EE installs work PgCryptoStore.__init__ defaults _device_id to "" and put_account writes that blank value into crypto_account. The UPSERT's ON CONFLICT DO UPDATE clause deliberately does not touch device_id, so once the row is written blank it stays blank forever — breaking every downstream device-scoped olm operation. Peers' to-device olm ciphertext can't match our identity key, no megolm sessions ever land, and the user sees "hermes is in the room but never responds to encrypted messages". Fix: call put_device_id(client.device_id) immediately after crypto_store.open() and before olm.load(). This sets the store's in-memory _device_id so the first put_account INSERT writes the correct value from the start. Observable symptoms without the fix, on a fresh crypto.db: - crypto_account.device_id = "" - crypto_tracked_user: 0 rows - crypto_device: 0 rows - crypto_olm_session: 0 rows - crypto_megolm_inbound_session: 0 rows - "No one-time keys nor device keys got when trying to share keys" warning on every startup - "olm event doesn't contain ciphertext for this device" DecryptionError on any inbound to-device event - Encrypted room messages arrive but never decrypt After the fix (wiped crypto.db + restart): - device_id populated with actual runtime device (e.g. CZIKTRFLOV) - all counts populate from sync as expected - encrypted DMs flow normally Who hits this: anyone with a fresh crypto.db — includes first-time matrix E2EE setup, nio→mautrix migrations (since matrix.py removes the legacy pickle on startup, creating a fresh SQLite store), and anyone who wipes crypto.db to start over. Existing installs that somehow already have a non-blank device_id would be unaffected, but no prior code path writes it correctly, so that set is likely empty.
2026-04-24 02:57:44 -04:00
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
crypto_state = _CryptoStateStore(state_store, self._joined_rooms)
olm = OlmMachine(client, crypto_store, crypto_state)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
# Accept unverified devices so senders share Megolm
# session keys with us automatically.
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
olm.share_keys_min_trust = TrustState.UNVERIFIED
olm.send_keys_min_trust = TrustState.UNVERIFIED
await olm.load()
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
# Verify our device keys are still on the homeserver.
if not await self._verify_device_keys_on_server(client, olm):
await crypto_db.stop()
await api.session.close()
return False
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
# Proactively flush one-time keys to detect stale OTK
# conflicts early. When crypto state is wiped but the
# same device ID is reused, the server may still hold OTKs
# signed with the old ed25519 key. Identity key re-upload
# succeeds but OTK uploads fail ("already exists" with
# mismatched signature). Peers then cannot establish Olm
# sessions and all new messages are undecryptable.
try:
await olm.share_keys()
except Exception as exc:
exc_str = str(exc)
if "already exists" in exc_str:
logger.error(
"Matrix: device %s has stale one-time keys on the "
"server signed with a previous identity key. "
"Peers cannot establish new Olm sessions with "
"this device. Delete the device from the "
"homeserver and restart, or generate a new "
"access token to get a fresh device ID.",
client.device_id,
)
await crypto_db.stop()
await api.session.close()
return False
# Non-OTK errors are transient (network, etc.) — log
# but allow startup to continue.
logger.warning(
"Matrix: share_keys() warning during startup: %s",
exc,
)
fix(matrix): restore verify_with_recovery_key after device key rotation After the PgCryptoStore migration in v0.8.0, the verify_with_recovery_key call that previously ran after share_keys() was dropped. On any rotation that uploads fresh device keys (fresh crypto.db, server had stale keys from a prior install, etc.), the new device keys carry no valid self- signing signature because the bot has no access to the self-signing private key. Peers like Element then refuse to share Megolm sessions with the rotated device, so the bot silently stops decrypting incoming messages. This restores the recovery-key bootstrap: on startup, if MATRIX_RECOVERY_KEY is set, import the cross-signing private keys from SSSS and sign_own_device(), producing a valid signature server-side. Idempotent and gated on MATRIX_RECOVERY_KEY — no behavior change for users who don't configure a recovery key. Verified end-to-end by deleting crypto.db and restarting: the bot rotates device identity keys, re-uploads, self-signs via recovery key, and decrypts+replies to fresh messages from a paired Element client.
2026-04-12 08:53:16 +00:00
# Import cross-signing private keys from SSSS and self-sign
# the current device. Required after any device-key rotation
# (fresh crypto.db, share_keys re-upload) — otherwise the
# device's self-signing signature is stale and peers refuse
# to share Megolm sessions with the rotated device.
recovery_key = os.getenv("MATRIX_RECOVERY_KEY", "").strip()
if recovery_key:
try:
await olm.verify_with_recovery_key(recovery_key)
logger.info("Matrix: cross-signing verified via recovery key")
except Exception as exc:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
logger.warning(
"Matrix: recovery key verification failed: %s", exc
)
matrix: auto-bootstrap cross-signing on first startup Without this, every Matrix bot started under hermes-agent shows the "Encrypted by a device not verified by its owner" badge in Element indefinitely, because the cross-signing chain (master → SSK → device) was never published. Operators currently have to write their own bootstrap script and remember to run it once per bot — and it's easy to get wrong (the obvious base64.b64encode().decode() produces padded keyids that matrix-rust-sdk silently rejects in /keys/query, so even correctly-signed keys fail to load identity in Element). mautrix already has the right primitive: generate_recovery_key() does the full flow — generate seeds, upload privates to SSSS, publish publics to the homeserver, sign the current device with the new SSK, and return the human-readable recovery key. We invoke it once on startup if the bot has no existing cross-signing identity, and log the recovery key with a clear instruction to save it for future restarts via MATRIX_RECOVERY_KEY (which the existing recovery-key path already consumes). Skipped when MATRIX_RECOVERY_KEY is set (existing path takes over) or when the bot already has cross-signing keys on the homeserver (get_own_cross_signing_public_keys returns non-None). Bootstrap failure is non-fatal — logged with hint about UIA; the bot continues without cross-signing and Element will show the warning that prompted this PR. That matches the existing soft-fail pattern for verify_with_recovery_key. Tested against Continuwuity 0.5.7 (no UIA required). Synapse with UIA enabled will need a follow-up PR to thread MATRIX_PASSWORD through to /keys/device_signing/upload.
2026-04-23 22:52:46 -04:00
else:
# No recovery key — bootstrap cross-signing if the bot
# has none yet. Without this, Element shows "Encrypted
# by a device not verified by its owner" on every
# message from this bot, indefinitely. mautrix's
# generate_recovery_key does the full flow: generates
# MSK/SSK/USK, uploads private keys to SSSS, publishes
# public keys to the homeserver, and signs the current
# device with the new SSK. Some homeservers require UIA
# for /keys/device_signing/upload — those will need an
# alternate path; Continuwuity and Synapse-with-shared-
# secret accept the unauthenticated upload.
try:
own_xsign = await olm.get_own_cross_signing_public_keys()
except Exception as exc:
own_xsign = None
logger.warning(
"Matrix: cross-signing key lookup failed: %s", exc
)
if own_xsign is None:
try:
new_recovery_key = await olm.generate_recovery_key()
logger.warning(
"Matrix: bootstrapped cross-signing for %s. "
"SAVE THIS RECOVERY KEY — set "
"MATRIX_RECOVERY_KEY for future restarts so "
"the bot can re-sign its device after key "
"rotation: %s",
client.mxid,
new_recovery_key,
)
except Exception as exc:
logger.warning(
"Matrix: cross-signing bootstrap failed "
"(non-fatal — Element will show 'not "
"verified by its owner'): %s",
exc,
)
fix(matrix): restore verify_with_recovery_key after device key rotation After the PgCryptoStore migration in v0.8.0, the verify_with_recovery_key call that previously ran after share_keys() was dropped. On any rotation that uploads fresh device keys (fresh crypto.db, server had stale keys from a prior install, etc.), the new device keys carry no valid self- signing signature because the bot has no access to the self-signing private key. Peers like Element then refuse to share Megolm sessions with the rotated device, so the bot silently stops decrypting incoming messages. This restores the recovery-key bootstrap: on startup, if MATRIX_RECOVERY_KEY is set, import the cross-signing private keys from SSSS and sign_own_device(), producing a valid signature server-side. Idempotent and gated on MATRIX_RECOVERY_KEY — no behavior change for users who don't configure a recovery key. Verified end-to-end by deleting crypto.db and restarting: the bot rotates device identity keys, re-uploads, self-signs via recovery key, and decrypts+replies to fresh messages from a paired Element client.
2026-04-12 08:53:16 +00:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
client.crypto = olm
logger.info(
"Matrix: E2EE enabled (store: %s%s)",
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
str(_CRYPTO_DB_PATH),
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
f", device_id={client.device_id}" if client.device_id else "",
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
except Exception as exc:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
logger.error(
"Matrix: failed to create E2EE client: %s. %s",
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
exc,
_E2EE_INSTALL_HINT,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
)
fix(matrix): close leaked sessions on connect failure + HMAC-sign pickle store - Add api.session.close() on E2EE dep check and E2EE setup failure paths (two missing cleanup points from the mautrix migration) - Replace raw pickle.load/dump with HMAC-SHA256 signed payloads to prevent arbitrary code execution from a tampered store file
2026-04-11 07:40:01 +05:30
await api.session.close()
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
return False
fix(matrix): E2EE decryption — request keys, auto-trust devices, retry buffered events (#4083) When the Matrix adapter receives encrypted events it can't decrypt (MegolmEvent), it now: 1. Requests the missing room key from other devices via client.request_room_key(event) instead of silently dropping the message 2. Buffers undecrypted events (bounded to 100, 5 min TTL) and retries decryption after each E2EE maintenance cycle when new keys arrive 3. Auto-trusts/verifies all devices after key queries so other clients share session keys with the bot proactively 4. Exports Megolm keys on disconnect and imports them on connect, so session keys survive gateway restarts This addresses the 'could not decrypt event' warnings that caused the bot to miss messages in encrypted rooms.
2026-03-30 17:16:09 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Register event handlers.
from mautrix.client import InternalEventType as IntEvt
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
from mautrix.client.dispatcher import MembershipEventDispatcher
# Without this the INVITE handler below never fires.
client.add_dispatcher(MembershipEventDispatcher)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
client.add_event_handler(EventType.ROOM_MESSAGE, self._on_room_message)
client.add_event_handler(EventType.REACTION, self._on_reaction)
client.add_event_handler(IntEvt.INVITE, self._on_invite)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Initial sync to catch up, then start background sync.
self._startup_ts = time.time()
self._closing = False
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
try:
sync_data = await client.sync(timeout=10000, full_state=True)
if isinstance(sync_data, dict):
rooms_join = sync_data.get("rooms", {}).get("join", {})
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self._joined_rooms.clear()
self._joined_rooms.update(rooms_join.keys())
fix: resolve three high-impact community bugs (#5819, #6893, #3388) (#7881) Matrix gateway: fix sync loop never dispatching events (#5819) - _sync_loop() called client.sync() but never called handle_sync() to dispatch events to registered callbacks — _on_room_message was registered but never fired for new messages - Store next_batch token from initial sync and pass as since= to subsequent incremental syncs (was doing full initial sync every time) - 17 comments, confirmed by multiple users on matrix.org Feishu docs: add interactive card configuration for approvals (#6893) - Error 200340 is a Feishu Developer Console configuration issue, not a code bug — users need to enable Interactive Card capability and configure Card Request URL - Added required 3-step setup instructions to feishu.md - Added troubleshooting entry for error 200340 - 17 comments from Feishu users Copilot provider drift: detect GPT-5.x Responses API requirement (#3388) - GPT-5.x models are rejected on /v1/chat/completions by both OpenAI and OpenRouter (unsupported_api_for_model error) - Added _model_requires_responses_api() to detect models needing Responses API regardless of provider - Applied in __init__ (covers OpenRouter primary users) and in _try_activate_fallback() (covers Copilot->OpenRouter drift) - Fixed stale comment claiming gateway creates fresh agents per message (it caches them via _agent_cache since the caching was added) - 7 comments, reported on Copilot+Telegram gateway
2026-04-11 11:12:20 -07:00
# Store the next_batch token so incremental syncs start
# from where the initial sync left off.
nb = sync_data.get("next_batch")
if nb:
await client.sync_store.put_next_batch(nb)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
logger.info(
"Matrix: initial sync complete, joined %d rooms",
len(self._joined_rooms),
)
# Build DM room cache from m.direct account data.
await self._refresh_dm_cache()
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
# Dispatch events from the initial sync so the OlmMachine
# receives to-device key shares queued while we were offline.
try:
tasks = client.handle_sync(sync_data)
if tasks:
await asyncio.gather(*tasks)
except Exception as exc:
logger.warning("Matrix: initial sync event dispatch error: %s", exc)
fix(matrix): reconcile pending invites from sync state
2026-04-13 20:02:07 -04:00
await self._join_pending_invites(sync_data)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
else:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
logger.warning(
"Matrix: initial sync returned unexpected type %s",
type(sync_data).__name__,
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
except Exception as exc:
logger.warning("Matrix: initial sync error: %s", exc)
# Share keys after initial sync if E2EE is enabled.
if self._encryption and getattr(client, "crypto", None):
try:
await client.crypto.share_keys()
except Exception as exc:
logger.warning("Matrix: initial key share failed: %s", exc)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Start the sync loop.
self._sync_task = asyncio.create_task(self._sync_loop())
fix(gateway): Matrix and Mattermost never report as connected Neither adapter called _mark_connected() after successful connect(), so _running stayed False, runtime status never showed 'connected', and /status reported them as offline even while actively processing messages. Add _mark_connected() calls matching the pattern used by Telegram and DingTalk adapters.
2026-03-17 04:01:02 -07:00
self._mark_connected()
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
return True
async def disconnect(self) -> None:
"""Disconnect from Matrix."""
self._closing = True
if self._sync_task and not self._sync_task.done():
self._sync_task.cancel()
try:
await self._sync_task
except (asyncio.CancelledError, Exception):
pass
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
# Close the SQLite crypto store database.
if hasattr(self, "_crypto_db") and self._crypto_db:
fix(matrix): persist E2EE crypto store and fix decrypted event dedup Address two bugs found by code review: 1. MemoryCryptoStore loses all E2EE keys on restart — now pickle the store to disk on disconnect and restore on connect, preserving Megolm sessions across restarts. 2. Encrypted events buffered for retry were silently dropped after decryption because _on_encrypted_event registered the event ID in the dedup set, then _on_room_message rejected it as a duplicate. Now clear the dedup entry before routing decrypted events.
2026-04-11 07:29:27 +05:30
try:
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
await self._crypto_db.stop()
fix(matrix): persist E2EE crypto store and fix decrypted event dedup Address two bugs found by code review: 1. MemoryCryptoStore loses all E2EE keys on restart — now pickle the store to disk on disconnect and restore on connect, preserving Megolm sessions across restarts. 2. Encrypted events buffered for retry were silently dropped after decryption because _on_encrypted_event registered the event ID in the dedup set, then _on_room_message rejected it as a duplicate. Now clear the dedup entry before routing decrypted events.
2026-04-11 07:29:27 +05:30
except Exception as exc:
fix(matrix): replace pickle crypto store with SQLite, fix E2EE decryption (#7981) Fixes #7952 — Matrix E2EE completely broken after mautrix migration. - Replace MemoryCryptoStore + pickle/HMAC persistence with mautrix's PgCryptoStore backed by SQLite via aiosqlite. Crypto state now persists reliably across restarts without fragile serialization. - Add handle_sync() call on initial sync response so to-device events (queued Megolm key shares) are dispatched to OlmMachine instead of being silently dropped. - Add _verify_device_keys_on_server() after loading crypto state. Detects missing keys (re-uploads), stale keys from migration (attempts re-upload), and corrupted state (refuses E2EE). - Add _CryptoStateStore adapter wrapping MemoryStateStore to satisfy mautrix crypto's StateStore interface (is_encrypted, get_encryption_info, find_shared_rooms). - Remove redundant share_keys() call from sync loop — OlmMachine already handles this via DEVICE_OTK_COUNT event handler. - Fix datetime vs float TypeError in session.py suspend_recently_active() that crashed gateway startup. - Add aiosqlite and asyncpg to [matrix] extra in pyproject.toml. - Update test mocks for PgCryptoStore/Database and add query_keys mock for key verification. 174 tests pass. - Add E2EE upgrade/migration docs to Matrix user guide.
2026-04-11 18:54:46 -07:00
logger.debug("Matrix: could not close crypto DB on disconnect: %s", exc)
fix(matrix): persist E2EE crypto store and fix decrypted event dedup Address two bugs found by code review: 1. MemoryCryptoStore loses all E2EE keys on restart — now pickle the store to disk on disconnect and restore on connect, preserving Megolm sessions across restarts. 2. Encrypted events buffered for retry were silently dropped after decryption because _on_encrypted_event registered the event ID in the dedup set, then _on_room_message rejected it as a duplicate. Now clear the dedup entry before routing decrypted events.
2026-04-11 07:29:27 +05:30
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if self._client:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
try:
await self._client.api.session.close()
except Exception:
pass
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
self._client = None
logger.info("Matrix: disconnected")
async def send(
self,
chat_id: str,
content: str,
reply_to: Optional[str] = None,
metadata: Optional[Dict[str, Any]] = None,
) -> SendResult:
"""Send a message to a Matrix room."""
if not content:
return SendResult(success=True)
formatted = self.format_message(content)
chunks = self.truncate_message(formatted, MAX_MESSAGE_LENGTH)
last_event_id = None
feat(matrix): reaction-based exec approval + mention_user_id Add Matrix reaction-based exec approval (✅/❎) and mention_user_id support for push notifications in muted rooms. - matrix.py: _MatrixApprovalPrompt, send_exec_approval, reaction approval handling, bot seed reaction redaction, mention pill in send - base.py: inject mention_user_id into send metadata - run.py: inject mention_user_id into status thread metadata - tests for approval prompt registration and reaction resolution
2026-04-25 02:44:14 +08:00
for i, chunk in enumerate(chunks):
fix(matrix): add outbound mention payloads
2026-04-12 17:24:58 +02:00
msg_content = self._build_text_message_content(chunk)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Reply-to support.
if reply_to:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
msg_content["m.relates_to"] = {"m.in_reply_to": {"event_id": reply_to}}
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Thread support: if metadata has thread_id, send as threaded reply.
thread_id = (metadata or {}).get("thread_id")
if thread_id:
relates_to = msg_content.get("m.relates_to", {})
relates_to["rel_type"] = "m.thread"
relates_to["event_id"] = thread_id
relates_to["is_falling_back"] = True
if reply_to and "m.in_reply_to" not in relates_to:
relates_to["m.in_reply_to"] = {"event_id": reply_to}
msg_content["m.relates_to"] = relates_to
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
try:
event_id = await asyncio.wait_for(
self._client.send_message_event(
RoomID(chat_id),
EventType.ROOM_MESSAGE,
fix(matrix): harden e2ee access-token handling (#3562) * fix(matrix): harden e2ee access-token handling * fix: patch nio mock in e2ee maintenance sync loop test The sync_loop now imports nio for SyncError checking (from PR #3280), so the test needs to inject a fake nio module via sys.modules. --------- Co-authored-by: Cortana <andrew+cortana@chalkley.org>
2026-03-28 12:13:35 -07:00
msg_content,
),
timeout=45,
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
last_event_id = str(event_id)
fix(matrix): harden e2ee access-token handling (#3562) * fix(matrix): harden e2ee access-token handling * fix: patch nio mock in e2ee maintenance sync loop test The sync_loop now imports nio for SyncError checking (from PR #3280), so the test needs to inject a fake nio module via sys.modules. --------- Co-authored-by: Cortana <andrew+cortana@chalkley.org>
2026-03-28 12:13:35 -07:00
logger.info("Matrix: sent event %s to %s", last_event_id, chat_id)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
except Exception as exc:
# On E2EE errors, retry after sharing keys.
if self._encryption and getattr(self._client, "crypto", None):
try:
await self._client.crypto.share_keys()
event_id = await asyncio.wait_for(
self._client.send_message_event(
RoomID(chat_id),
EventType.ROOM_MESSAGE,
msg_content,
),
timeout=45,
)
last_event_id = str(event_id)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
logger.info(
"Matrix: sent event %s to %s (after key share)",
last_event_id,
chat_id,
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
continue
except Exception as retry_exc:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
logger.error(
"Matrix: failed to send to %s after retry: %s",
chat_id,
retry_exc,
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
return SendResult(success=False, error=str(retry_exc))
logger.error("Matrix: failed to send to %s: %s", chat_id, exc)
return SendResult(success=False, error=str(exc))
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
return SendResult(success=True, message_id=last_event_id)
async def get_chat_info(self, chat_id: str) -> Dict[str, Any]:
"""Return room name and type (dm/group)."""
name = chat_id
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
chat_type = "dm" if await self._is_dm_room(chat_id) else "group"
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if self._client:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
try:
name_evt = await self._client.get_state_event(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
RoomID(chat_id),
EventType.ROOM_NAME,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
)
if name_evt and hasattr(name_evt, "name") and name_evt.name:
name = name_evt.name
except Exception:
pass
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
return {"name": name, "type": chat_type}
# ------------------------------------------------------------------
# Optional overrides
# ------------------------------------------------------------------
async def send_typing(
self, chat_id: str, metadata: Optional[Dict[str, Any]] = None
) -> None:
"""Send a typing indicator."""
if self._client:
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
await self._client.set_typing(RoomID(chat_id), timeout=30000)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
except Exception:
pass
fix(gateway): fix matrix lingering typing indicator
2026-04-15 10:24:57 +00:00
async def stop_typing(self, chat_id: str) -> None:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
"""Clear the typing indicator."""
fix(gateway): fix matrix lingering typing indicator
2026-04-15 10:24:57 +00:00
if self._client:
try:
await self._client.set_typing(RoomID(chat_id), timeout=0)
except Exception:
pass
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
async def edit_message(
fix(gateway): accept finalize kwarg in all platform edit_message overrides stream_consumer._send_or_edit unconditionally passes finalize= to adapter.edit_message(), but only DingTalk's override accepted the kwarg. Streaming on Telegram/Discord/Slack/Matrix/Mattermost/Feishu/ WhatsApp raised TypeError the first time a segment break or final edit fired. The REQUIRES_EDIT_FINALIZE capability flag only gates the redundant final edit (and the identical-text short-circuit), not the kwarg itself — so adapters that opt out of finalize still receive the keyword argument and must accept it. Add *, finalize: bool = False to the 7 non-DingTalk signatures; the body ignores the arg since those platforms treat edits as stateless (consistent with the base class contract in base.py). Add a parametrized signature check over every concrete adapter class so a future override cannot silently drop the kwarg — existing tests use MagicMock which swallows any kwarg and cannot catch this. Fixes #12579
2026-04-19 23:33:43 +08:00
self, chat_id: str, message_id: str, content: str, *, finalize: bool = False
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
) -> SendResult:
"""Edit an existing message (via m.replace)."""
formatted = self.format_message(content)
fix(matrix): add outbound mention payloads
2026-04-12 17:24:58 +02:00
new_content = self._build_text_message_content(formatted)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
msg_content: Dict[str, Any] = {
"msgtype": "m.text",
"body": f"* {formatted}",
fix(matrix): add outbound mention payloads
2026-04-12 17:24:58 +02:00
"m.new_content": new_content,
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
}
fix(matrix): add outbound mention payloads
2026-04-12 17:24:58 +02:00
if "m.mentions" in new_content:
msg_content["m.mentions"] = new_content["m.mentions"]
if "formatted_body" in new_content:
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
msg_content["format"] = "org.matrix.custom.html"
fix(matrix): add outbound mention payloads
2026-04-12 17:24:58 +02:00
msg_content["formatted_body"] = f'* {new_content["formatted_body"]}'
msg_content["m.relates_to"] = {
"rel_type": "m.replace",
"event_id": message_id,
}
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
try:
event_id = await self._client.send_message_event(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
RoomID(chat_id),
EventType.ROOM_MESSAGE,
msg_content,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
)
return SendResult(success=True, message_id=str(event_id))
except Exception as exc:
return SendResult(success=False, error=str(exc))
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
async def send_image(
self,
chat_id: str,
image_url: str,
caption: Optional[str] = None,
reply_to: Optional[str] = None,
metadata: Optional[Dict[str, Any]] = None,
) -> SendResult:
"""Download an image URL and upload it to Matrix."""
fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944) Salvaged from PRs #5800 (memosr), #5806 (memosr), #5915 (Ruzzgar), #5928 (Awsh1). Changes: - Use hmac.compare_digest for API key comparison (timing attack prevention) - Apply provider env var blocklist to Docker containers (credential leakage) - Replace tar.extractall() with safe extraction in TerminalBench2 (CVE-2007-4559) - Add SSRF protection via is_safe_url to ALL platform adapters: base.py (cache_image_from_url, cache_audio_from_url), discord, slack, telegram, matrix, mattermost, feishu, wecom (Signal and WhatsApp protected via base.py helpers) - Update tests: mock is_safe_url in Mattermost download tests - Add security tests for tar extraction (traversal, symlinks, safe files)
2026-04-07 17:28:37 -07:00
from tools.url_safety import is_safe_url
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944) Salvaged from PRs #5800 (memosr), #5806 (memosr), #5915 (Ruzzgar), #5928 (Awsh1). Changes: - Use hmac.compare_digest for API key comparison (timing attack prevention) - Apply provider env var blocklist to Docker containers (credential leakage) - Replace tar.extractall() with safe extraction in TerminalBench2 (CVE-2007-4559) - Add SSRF protection via is_safe_url to ALL platform adapters: base.py (cache_image_from_url, cache_audio_from_url), discord, slack, telegram, matrix, mattermost, feishu, wecom (Signal and WhatsApp protected via base.py helpers) - Update tests: mock is_safe_url in Mattermost download tests - Add security tests for tar extraction (traversal, symlinks, safe files)
2026-04-07 17:28:37 -07:00
if not is_safe_url(image_url):
logger.warning("Matrix: blocked unsafe image URL (SSRF protection)")
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return await super().send_image(
chat_id, image_url, caption, reply_to, metadata=metadata
)
fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944) Salvaged from PRs #5800 (memosr), #5806 (memosr), #5915 (Ruzzgar), #5928 (Awsh1). Changes: - Use hmac.compare_digest for API key comparison (timing attack prevention) - Apply provider env var blocklist to Docker containers (credential leakage) - Replace tar.extractall() with safe extraction in TerminalBench2 (CVE-2007-4559) - Add SSRF protection via is_safe_url to ALL platform adapters: base.py (cache_image_from_url, cache_audio_from_url), discord, slack, telegram, matrix, mattermost, feishu, wecom (Signal and WhatsApp protected via base.py helpers) - Update tests: mock is_safe_url in Mattermost download tests - Add security tests for tar extraction (traversal, symlinks, safe files)
2026-04-07 17:28:37 -07:00
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
try:
# Try aiohttp first (always available), fall back to httpx
try:
import aiohttp as _aiohttp
fix: MatrixAdapter respects proxy configuration
2026-04-27 16:57:08 +02:00
_sess_kw, _req_kw = proxy_kwargs_for_aiohttp(self._proxy_url)
async with _aiohttp.ClientSession(**_sess_kw) as http:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
async with http.get(
fix: MatrixAdapter respects proxy configuration
2026-04-27 16:57:08 +02:00
image_url,
timeout=_aiohttp.ClientTimeout(total=30),
**_req_kw,
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
) as resp:
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
resp.raise_for_status()
data = await resp.read()
ct = resp.content_type or "image/png"
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
fname = (
image_url.rsplit("/", 1)[-1].split("?")[0] or "image.png"
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
except ImportError:
import httpx
fix: MatrixAdapter respects proxy configuration
2026-04-27 16:57:08 +02:00
_httpx_kw: dict = {}
if self._proxy_url:
_httpx_kw["proxy"] = self._proxy_url
async with httpx.AsyncClient(**_httpx_kw) as http:
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
resp = await http.get(image_url, follow_redirects=True, timeout=30)
resp.raise_for_status()
data = resp.content
ct = resp.headers.get("content-type", "image/png")
fname = image_url.rsplit("/", 1)[-1].split("?")[0] or "image.png"
except Exception as exc:
logger.warning("Matrix: failed to download image %s: %s", image_url, exc)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return await self.send(
chat_id, f"{caption or ''}\n{image_url}".strip(), reply_to
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return await self._upload_and_send(
chat_id, data, fname, ct, "m.image", caption, reply_to, metadata
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
async def send_image_file(
self,
chat_id: str,
image_path: str,
caption: Optional[str] = None,
reply_to: Optional[str] = None,
metadata: Optional[Dict[str, Any]] = None,
) -> SendResult:
"""Upload a local image file to Matrix."""
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return await self._send_local_file(
chat_id, image_path, "m.image", caption, reply_to, metadata=metadata
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
async def send_document(
self,
chat_id: str,
file_path: str,
caption: Optional[str] = None,
file_name: Optional[str] = None,
reply_to: Optional[str] = None,
metadata: Optional[Dict[str, Any]] = None,
) -> SendResult:
"""Upload a local file as a document."""
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return await self._send_local_file(
chat_id, file_path, "m.file", caption, reply_to, file_name, metadata
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
async def send_voice(
self,
chat_id: str,
audio_path: str,
caption: Optional[str] = None,
reply_to: Optional[str] = None,
metadata: Optional[Dict[str, Any]] = None,
) -> SendResult:
feat(matrix): support native voice messages via MSC3245 (#3877) * feat(matrix): support native voice messages * fix: skip matrix voice tests when matrix-nio not installed --------- Co-authored-by: Carlos Alberto Pereira Gomes <carlosapgomes@users.noreply.github.com>
2026-03-30 00:02:51 -07:00
"""Upload an audio file as a voice message (MSC3245 native voice)."""
return await self._send_local_file(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
chat_id,
audio_path,
"m.audio",
caption,
reply_to,
metadata=metadata,
is_voice=True,
feat(matrix): support native voice messages via MSC3245 (#3877) * feat(matrix): support native voice messages * fix: skip matrix voice tests when matrix-nio not installed --------- Co-authored-by: Carlos Alberto Pereira Gomes <carlosapgomes@users.noreply.github.com>
2026-03-30 00:02:51 -07:00
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
async def send_video(
self,
chat_id: str,
video_path: str,
caption: Optional[str] = None,
reply_to: Optional[str] = None,
metadata: Optional[Dict[str, Any]] = None,
) -> SendResult:
"""Upload a video file."""
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return await self._send_local_file(
chat_id, video_path, "m.video", caption, reply_to, metadata=metadata
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
feat(matrix): reaction-based exec approval + mention_user_id Add Matrix reaction-based exec approval (✅/❎) and mention_user_id support for push notifications in muted rooms. - matrix.py: _MatrixApprovalPrompt, send_exec_approval, reaction approval handling, bot seed reaction redaction, mention pill in send - base.py: inject mention_user_id into send metadata - run.py: inject mention_user_id into status thread metadata - tests for approval prompt registration and reaction resolution
2026-04-25 02:44:14 +08:00
async def send_exec_approval(
self,
chat_id: str,
command: str,
session_key: str,
description: str = "dangerous command",
metadata: Optional[dict] = None,
) -> SendResult:
"""Send a reaction-based exec approval prompt for Matrix."""
if not self._client:
return SendResult(success=False, error="Not connected")
cmd_preview = command[:2000] + "..." if len(command) > 2000 else command
text = (
"⚠️ **Dangerous command requires approval**\n"
f"```\n{cmd_preview}\n```\n"
f"Reason: {description}\n\n"
"Reply `/approve` to execute, `/approve session` to approve this pattern for the session, "
"`/approve always` to approve permanently, or `/deny` to cancel.\n\n"
"You can also click the reaction to approve:\n"
"✅ = /approve\n"
"❎ = /deny"
)
result = await self.send(chat_id, text, metadata=metadata)
if not result.success or not result.message_id:
return result
prompt = _MatrixApprovalPrompt(
session_key=session_key,
chat_id=chat_id,
message_id=result.message_id,
)
old_event = self._approval_prompt_by_session.get(session_key)
if old_event:
self._approval_prompts_by_event.pop(old_event, None)
self._approval_prompts_by_event[result.message_id] = prompt
self._approval_prompt_by_session[session_key] = result.message_id
for emoji in ("", ""):
try:
reaction_result = await self._send_reaction(chat_id, result.message_id, emoji)
# Save the bot's reaction event_id for later cleanup
if reaction_result:
prompt.bot_reaction_events[emoji] = str(reaction_result)
except Exception as exc:
logger.debug("Matrix: failed to add approval reaction %s: %s", emoji, exc)
return result
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
def format_message(self, content: str) -> str:
"""Pass-through — Matrix supports standard Markdown natively."""
# Strip image markdown; media is uploaded separately.
content = re.sub(r"!\[([^\]]*)\]\(([^)]+)\)", r"\2", content)
return content
# ------------------------------------------------------------------
# File helpers
# ------------------------------------------------------------------
async def _upload_and_send(
self,
room_id: str,
data: bytes,
filename: str,
content_type: str,
msgtype: str,
caption: Optional[str] = None,
reply_to: Optional[str] = None,
metadata: Optional[Dict[str, Any]] = None,
feat(matrix): support native voice messages via MSC3245 (#3877) * feat(matrix): support native voice messages * fix: skip matrix voice tests when matrix-nio not installed --------- Co-authored-by: Carlos Alberto Pereira Gomes <carlosapgomes@users.noreply.github.com>
2026-03-30 00:02:51 -07:00
is_voice: bool = False,
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
) -> SendResult:
"""Upload bytes to Matrix and send as a media message."""
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
upload_data = data
encrypted_file = None
if self._encryption and getattr(self._client, "crypto", None):
state_store = getattr(self._client, "state_store", None)
if state_store:
try:
room_encrypted = bool(await state_store.is_encrypted(RoomID(room_id)))
except Exception:
room_encrypted = False
if room_encrypted:
try:
from mautrix.crypto.attachments import encrypt_attachment
upload_data, encrypted_file = encrypt_attachment(data)
except Exception as exc:
logger.error("Matrix: attachment encryption failed: %s", exc)
return SendResult(success=False, error=str(exc))
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Upload to homeserver.
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
try:
mxc_url = await self._client.upload_media(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
upload_data,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
mime_type=content_type,
filename=filename,
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
size=len(upload_data),
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
)
except Exception as exc:
logger.error("Matrix: upload failed: %s", exc)
return SendResult(success=False, error=str(exc))
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Build media message content.
msg_content: Dict[str, Any] = {
"msgtype": msgtype,
"body": caption or filename,
"info": {
"mimetype": content_type,
"size": len(data),
},
}
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
if encrypted_file is not None:
file_payload = encrypted_file.serialize()
file_payload["url"] = str(mxc_url)
msg_content["file"] = file_payload
else:
msg_content["url"] = str(mxc_url)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
feat(matrix): support native voice messages via MSC3245 (#3877) * feat(matrix): support native voice messages * fix: skip matrix voice tests when matrix-nio not installed --------- Co-authored-by: Carlos Alberto Pereira Gomes <carlosapgomes@users.noreply.github.com>
2026-03-30 00:02:51 -07:00
# Add MSC3245 voice flag for native voice messages.
if is_voice:
msg_content["org.matrix.msc3245.voice"] = {}
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if reply_to:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
msg_content["m.relates_to"] = {"m.in_reply_to": {"event_id": reply_to}}
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
thread_id = (metadata or {}).get("thread_id")
if thread_id:
relates_to = msg_content.get("m.relates_to", {})
relates_to["rel_type"] = "m.thread"
relates_to["event_id"] = thread_id
relates_to["is_falling_back"] = True
msg_content["m.relates_to"] = relates_to
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
try:
event_id = await self._client.send_message_event(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
RoomID(room_id),
EventType.ROOM_MESSAGE,
msg_content,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
)
return SendResult(success=True, message_id=str(event_id))
except Exception as exc:
return SendResult(success=False, error=str(exc))
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
async def _send_local_file(
self,
room_id: str,
file_path: str,
msgtype: str,
caption: Optional[str] = None,
reply_to: Optional[str] = None,
file_name: Optional[str] = None,
metadata: Optional[Dict[str, Any]] = None,
feat(matrix): support native voice messages via MSC3245 (#3877) * feat(matrix): support native voice messages * fix: skip matrix voice tests when matrix-nio not installed --------- Co-authored-by: Carlos Alberto Pereira Gomes <carlosapgomes@users.noreply.github.com>
2026-03-30 00:02:51 -07:00
is_voice: bool = False,
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
) -> SendResult:
"""Read a local file and upload it."""
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
p = Path(file_path).expanduser()
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if not p.exists():
return await self.send(
room_id, f"{caption or ''}\n(file not found: {file_path})", reply_to
)
fname = file_name or p.name
ct = mimetypes.guess_type(fname)[0] or "application/octet-stream"
data = p.read_bytes()
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
return await self._upload_and_send(
room_id, data, fname, ct, msgtype, caption, reply_to, metadata, is_voice
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# ------------------------------------------------------------------
# Sync loop
# ------------------------------------------------------------------
async def _sync_loop(self) -> None:
"""Continuously sync with the homeserver."""
fix: resolve three high-impact community bugs (#5819, #6893, #3388) (#7881) Matrix gateway: fix sync loop never dispatching events (#5819) - _sync_loop() called client.sync() but never called handle_sync() to dispatch events to registered callbacks — _on_room_message was registered but never fired for new messages - Store next_batch token from initial sync and pass as since= to subsequent incremental syncs (was doing full initial sync every time) - 17 comments, confirmed by multiple users on matrix.org Feishu docs: add interactive card configuration for approvals (#6893) - Error 200340 is a Feishu Developer Console configuration issue, not a code bug — users need to enable Interactive Card capability and configure Card Request URL - Added required 3-step setup instructions to feishu.md - Added troubleshooting entry for error 200340 - 17 comments from Feishu users Copilot provider drift: detect GPT-5.x Responses API requirement (#3388) - GPT-5.x models are rejected on /v1/chat/completions by both OpenAI and OpenRouter (unsupported_api_for_model error) - Added _model_requires_responses_api() to detect models needing Responses API regardless of provider - Applied in __init__ (covers OpenRouter primary users) and in _try_activate_fallback() (covers Copilot->OpenRouter drift) - Fixed stale comment claiming gateway creates fresh agents per message (it caches them via _agent_cache since the caching was added) - 7 comments, reported on Copilot+Telegram gateway
2026-04-11 11:12:20 -07:00
client = self._client
# Resume from the token stored during the initial sync.
next_batch = await client.sync_store.get_next_batch()
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
while not self._closing:
try:
fix(matrix): add sync timeout, callback diagnostics, and mention-drop logging - Wrap _sync_loop sync() call with asyncio.wait_for(timeout=45s) to guard against TCP-level hangs that the Matrix long-poll timeout cannot catch - Add logger.debug at the top of _on_room_message so LOG_LEVEL=DEBUG confirms whether callbacks fire at all (diagnoses #5819, #7914, #12614) - Add logger.debug when MATRIX_REQUIRE_MENTION silently drops a message, pointing users to the env var to disable the filter Adapted for current mautrix-python adapter (PR was written against the legacy matrix-nio adapter). Closes #5819
2026-04-27 21:13:44 -07:00
# Wrap in asyncio.wait_for to guard against TCP-level hangs
# that the Matrix long-poll timeout cannot catch. Long-poll
# is 30s, so 45s gives 15s slack for network drain.
sync_data = await asyncio.wait_for(
client.sync(
since=next_batch,
timeout=30000,
),
timeout=45.0,
fix: resolve three high-impact community bugs (#5819, #6893, #3388) (#7881) Matrix gateway: fix sync loop never dispatching events (#5819) - _sync_loop() called client.sync() but never called handle_sync() to dispatch events to registered callbacks — _on_room_message was registered but never fired for new messages - Store next_batch token from initial sync and pass as since= to subsequent incremental syncs (was doing full initial sync every time) - 17 comments, confirmed by multiple users on matrix.org Feishu docs: add interactive card configuration for approvals (#6893) - Error 200340 is a Feishu Developer Console configuration issue, not a code bug — users need to enable Interactive Card capability and configure Card Request URL - Added required 3-step setup instructions to feishu.md - Added troubleshooting entry for error 200340 - 17 comments from Feishu users Copilot provider drift: detect GPT-5.x Responses API requirement (#3388) - GPT-5.x models are rejected on /v1/chat/completions by both OpenAI and OpenRouter (unsupported_api_for_model error) - Added _model_requires_responses_api() to detect models needing Responses API regardless of provider - Applied in __init__ (covers OpenRouter primary users) and in _try_activate_fallback() (covers Copilot->OpenRouter drift) - Fixed stale comment claiming gateway creates fresh agents per message (it caches them via _agent_cache since the caching was added) - 7 comments, reported on Copilot+Telegram gateway
2026-04-11 11:12:20 -07:00
)
fix: resolve CI test failures — add missing functions, fix stale tests (#9483) Production fixes: - Add clear_session_context() to hermes_logging.py (fixes 48 teardown errors) - Add clear_session() to tools/approval.py (fixes 9 setup errors) - Add SyncError M_UNKNOWN_TOKEN check to Matrix _sync_loop (bug fix) - Fall back to inline api_key in named custom providers when key_env is absent (runtime_provider.py) Test fixes: - test_memory_user_id: use builtin+external provider pair, fix honcho peer_name override test to match production behavior - test_display_config: remove TestHelpers for non-existent functions - test_auxiliary_client: fix OAuth tokens to match _is_oauth_token patterns, replace get_vision_auxiliary_client with resolve_vision_provider_client - test_cli_interrupt_subagent: add missing _execution_thread_id attr - test_compress_focus: add model/provider/api_key/base_url/api_mode to mock compressor - test_auth_provider_gate: add autouse fixture to clean Anthropic env vars that leak from CI secrets - test_opencode_go_in_model_list: accept both 'built-in' and 'hermes' source (models.dev API unavailable in CI) - test_email: verify email Platform enum membership instead of source inspection (build_channel_directory now uses dynamic enum loop) - test_feishu: add bot_added/bot_deleted handler mocks to _Builder - test_ws_auth_retry: add AsyncMock for sync_store.get_next_batch, add _pending_megolm and _joined_rooms to Matrix adapter mocks - test_restart_drain: monkeypatch-delete INVOCATION_ID (systemd sets this in CI, changing the restart call signature) - test_session_hygiene: add user_id to SessionSource - test_session_env: use relative baseline for contextvar clear check (pytest-xdist workers share context)
2026-04-14 01:43:45 -07:00
# nio returns SyncError objects (not exceptions) for auth
# failures like M_UNKNOWN_TOKEN. Detect and stop immediately.
_sync_msg = getattr(sync_data, "message", None)
if _sync_msg and isinstance(_sync_msg, str):
_lower = _sync_msg.lower()
if "m_unknown_token" in _lower or "unknown_token" in _lower:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
logger.error(
"Matrix: permanent auth error from sync: %s — stopping",
_sync_msg,
)
fix: resolve CI test failures — add missing functions, fix stale tests (#9483) Production fixes: - Add clear_session_context() to hermes_logging.py (fixes 48 teardown errors) - Add clear_session() to tools/approval.py (fixes 9 setup errors) - Add SyncError M_UNKNOWN_TOKEN check to Matrix _sync_loop (bug fix) - Fall back to inline api_key in named custom providers when key_env is absent (runtime_provider.py) Test fixes: - test_memory_user_id: use builtin+external provider pair, fix honcho peer_name override test to match production behavior - test_display_config: remove TestHelpers for non-existent functions - test_auxiliary_client: fix OAuth tokens to match _is_oauth_token patterns, replace get_vision_auxiliary_client with resolve_vision_provider_client - test_cli_interrupt_subagent: add missing _execution_thread_id attr - test_compress_focus: add model/provider/api_key/base_url/api_mode to mock compressor - test_auth_provider_gate: add autouse fixture to clean Anthropic env vars that leak from CI secrets - test_opencode_go_in_model_list: accept both 'built-in' and 'hermes' source (models.dev API unavailable in CI) - test_email: verify email Platform enum membership instead of source inspection (build_channel_directory now uses dynamic enum loop) - test_feishu: add bot_added/bot_deleted handler mocks to _Builder - test_ws_auth_retry: add AsyncMock for sync_store.get_next_batch, add _pending_megolm and _joined_rooms to Matrix adapter mocks - test_restart_drain: monkeypatch-delete INVOCATION_ID (systemd sets this in CI, changing the restart call signature) - test_session_hygiene: add user_id to SessionSource - test_session_env: use relative baseline for contextvar clear check (pytest-xdist workers share context)
2026-04-14 01:43:45 -07:00
return
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
if isinstance(sync_data, dict):
# Update joined rooms from sync response.
rooms_join = sync_data.get("rooms", {}).get("join", {})
if rooms_join:
self._joined_rooms.update(rooms_join.keys())
fix: resolve three high-impact community bugs (#5819, #6893, #3388) (#7881) Matrix gateway: fix sync loop never dispatching events (#5819) - _sync_loop() called client.sync() but never called handle_sync() to dispatch events to registered callbacks — _on_room_message was registered but never fired for new messages - Store next_batch token from initial sync and pass as since= to subsequent incremental syncs (was doing full initial sync every time) - 17 comments, confirmed by multiple users on matrix.org Feishu docs: add interactive card configuration for approvals (#6893) - Error 200340 is a Feishu Developer Console configuration issue, not a code bug — users need to enable Interactive Card capability and configure Card Request URL - Added required 3-step setup instructions to feishu.md - Added troubleshooting entry for error 200340 - 17 comments from Feishu users Copilot provider drift: detect GPT-5.x Responses API requirement (#3388) - GPT-5.x models are rejected on /v1/chat/completions by both OpenAI and OpenRouter (unsupported_api_for_model error) - Added _model_requires_responses_api() to detect models needing Responses API regardless of provider - Applied in __init__ (covers OpenRouter primary users) and in _try_activate_fallback() (covers Copilot->OpenRouter drift) - Fixed stale comment claiming gateway creates fresh agents per message (it caches them via _agent_cache since the caching was added) - 7 comments, reported on Copilot+Telegram gateway
2026-04-11 11:12:20 -07:00
# Advance the sync token so the next request is
# incremental instead of a full initial sync.
nb = sync_data.get("next_batch")
if nb:
next_batch = nb
await client.sync_store.put_next_batch(nb)
# Dispatch events to registered handlers so that
# _on_room_message / _on_reaction / _on_invite fire.
try:
tasks = client.handle_sync(sync_data)
if tasks:
await asyncio.gather(*tasks)
except Exception as exc:
logger.warning("Matrix: sync event dispatch error: %s", exc)
fix(matrix): reconcile pending invites from sync state
2026-04-13 20:02:07 -04:00
await self._join_pending_invites(sync_data)
fix: resolve three high-impact community bugs (#5819, #6893, #3388) (#7881) Matrix gateway: fix sync loop never dispatching events (#5819) - _sync_loop() called client.sync() but never called handle_sync() to dispatch events to registered callbacks — _on_room_message was registered but never fired for new messages - Store next_batch token from initial sync and pass as since= to subsequent incremental syncs (was doing full initial sync every time) - 17 comments, confirmed by multiple users on matrix.org Feishu docs: add interactive card configuration for approvals (#6893) - Error 200340 is a Feishu Developer Console configuration issue, not a code bug — users need to enable Interactive Card capability and configure Card Request URL - Added required 3-step setup instructions to feishu.md - Added troubleshooting entry for error 200340 - 17 comments from Feishu users Copilot provider drift: detect GPT-5.x Responses API requirement (#3388) - GPT-5.x models are rejected on /v1/chat/completions by both OpenAI and OpenRouter (unsupported_api_for_model error) - Added _model_requires_responses_api() to detect models needing Responses API regardless of provider - Applied in __init__ (covers OpenRouter primary users) and in _try_activate_fallback() (covers Copilot->OpenRouter drift) - Fixed stale comment claiming gateway creates fresh agents per message (it caches them via _agent_cache since the caching was added) - 7 comments, reported on Copilot+Telegram gateway
2026-04-11 11:12:20 -07:00
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
except asyncio.CancelledError:
return
except Exception as exc:
if self._closing:
return
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Detect permanent auth/permission failures.
fix(gateway): stop Matrix/Mattermost reconnect on permanent auth failures Cherry-picked from PR #3695 by binhnt92. Matrix _sync_loop() and Mattermost _ws_loop() were retrying all errors forever, including permanent auth failures (expired tokens, revoked access). Now detects M_UNKNOWN_TOKEN, M_FORBIDDEN, 401/403 and stops instead of spinning. Includes 216 lines of tests.
2026-04-05 10:44:39 -07:00
err_str = str(exc).lower()
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
if (
"401" in err_str
or "403" in err_str
or "unauthorized" in err_str
or "forbidden" in err_str
):
logger.error(
"Matrix: permanent auth error: %s — stopping sync", exc
)
fix(gateway): stop Matrix/Mattermost reconnect on permanent auth failures Cherry-picked from PR #3695 by binhnt92. Matrix _sync_loop() and Mattermost _ws_loop() were retrying all errors forever, including permanent auth failures (expired tokens, revoked access). Now detects M_UNKNOWN_TOKEN, M_FORBIDDEN, 401/403 and stops instead of spinning. Includes 216 lines of tests.
2026-04-05 10:44:39 -07:00
return
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
logger.warning("Matrix: sync error: %s — retrying in 5s", exc)
await asyncio.sleep(5)
# ------------------------------------------------------------------
# Event callbacks
# ------------------------------------------------------------------
fix(matrix): close 'hall of mirrors' pairing + echo loop (#15763) (#16374) Harden the Matrix adapter's sender-drop guards so bot-self events and appservice/bridge identities never reach the gateway's pairing flow or the agent loop. Two filters, applied as early as possible in _on_room_message (and _on_reaction for the self-filter): 1. _is_self_sender(sender) — case-insensitive + whitespace-trimmed equality with self._user_id. When self._user_id is still empty (whoami has not resolved, or login failed), returns True defensively: an unidentified bot dropping its own events is always preferable to falling into an echo loop. The previous byte-for-byte equality check let differently-cased copies of the bot's MXID slip through, and an unresolved self-ID silently disabled the guard. 2. _is_system_or_bridge_sender(sender) — drops appservice namespace puppets (conventional @_bridge_...:server form) and malformed senders with an empty localpart. These identities used to fall through to the gateway's unauthorized-user path, trigger a pairing code, and — once an operator approved the bridge — every outbound message the bridge relayed would loop back as an authorized user message. This was the root of the 'hall of mirrors' symptom. Fixes #15763 Test plan --------- scripts/run_tests.sh tests/gateway/test_matrix.py scripts/run_tests.sh tests/gateway/test_matrix_mention.py tests/gateway/test_matrix_voice.py All 182 tests pass. 14 new regression tests cover exact / case-insensitive / whitespace / unresolved-self-id matches, bridge prefix detection, empty sender, and the full _on_room_message drop path.
2026-04-26 21:50:28 -07:00
def _is_self_sender(self, sender: str) -> bool:
"""Return True if the sender refers to the bot's own account.
Matrix user IDs are byte-compared after trimming whitespace and
lowercasing some homeservers normalize the localpart case
differently at different API surfaces, and the reply-loop tail
of the "hall of mirrors" bug (#15763) has been observed with the
bot's own account bypassing a case-sensitive equality check.
When ``self._user_id`` is empty (whoami hasn't resolved yet, or
login failed), we cannot prove a sender is NOT us, so we return
True defensively an unidentified bot dropping its own events
is always preferable to falling into an echo loop.
"""
own = (self._user_id or "").strip().lower()
if not own:
return True
return sender.strip().lower() == own
@staticmethod
def _is_system_or_bridge_sender(sender: str) -> bool:
"""Return True if the sender looks like a system / bridge / appservice
identity rather than a real user.
Appservice namespaces on Matrix conventionally prefix bot / puppet
user IDs with an underscore (e.g. ``@_telegram_12345:server``,
``@_discord_999:server``, ``@_slack_...:server``). Server-notices
bots and bridge-controller bots on many homeservers use the same
pattern.
We treat these as system identities for pairing purposes: they
should never be offered a pairing code, because an operator
approving the code would hand the bridge itself permanent
authorization and every outbound message relayed by the bridge
would then loop back into the agent as an "authorized user
message", which is the root of issue #15763.
Matches:
``@_something:server`` appservice namespace convention
``@:server`` malformed / empty localpart
``:server`` malformed, no leading ``@``
"""
s = (sender or "").strip()
if not s:
return True
# Localpart is everything between leading '@' and ':'
if s.startswith("@"):
s = s[1:]
if ":" in s:
localpart, _, _ = s.partition(":")
else:
localpart = s
if not localpart:
return True
return localpart.startswith("_")
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
async def _on_room_message(self, event: Any) -> None:
"""Handle incoming room message events (text, media)."""
room_id = str(getattr(event, "room_id", ""))
sender = str(getattr(event, "sender", ""))
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
fix(matrix): add sync timeout, callback diagnostics, and mention-drop logging - Wrap _sync_loop sync() call with asyncio.wait_for(timeout=45s) to guard against TCP-level hangs that the Matrix long-poll timeout cannot catch - Add logger.debug at the top of _on_room_message so LOG_LEVEL=DEBUG confirms whether callbacks fire at all (diagnoses #5819, #7914, #12614) - Add logger.debug when MATRIX_REQUIRE_MENTION silently drops a message, pointing users to the env var to disable the filter Adapted for current mautrix-python adapter (PR was written against the legacy matrix-nio adapter). Closes #5819
2026-04-27 21:13:44 -07:00
# Diagnostic: confirm the callback is firing at all when DEBUG is on.
# Helps users troubleshoot silent inbound issues like #5819, #7914, #12614.
logger.debug(
"Matrix: callback fired — event %s from %s in %s",
getattr(event, "event_id", "?"),
sender,
room_id,
)
fix(matrix): close 'hall of mirrors' pairing + echo loop (#15763) (#16374) Harden the Matrix adapter's sender-drop guards so bot-self events and appservice/bridge identities never reach the gateway's pairing flow or the agent loop. Two filters, applied as early as possible in _on_room_message (and _on_reaction for the self-filter): 1. _is_self_sender(sender) — case-insensitive + whitespace-trimmed equality with self._user_id. When self._user_id is still empty (whoami has not resolved, or login failed), returns True defensively: an unidentified bot dropping its own events is always preferable to falling into an echo loop. The previous byte-for-byte equality check let differently-cased copies of the bot's MXID slip through, and an unresolved self-ID silently disabled the guard. 2. _is_system_or_bridge_sender(sender) — drops appservice namespace puppets (conventional @_bridge_...:server form) and malformed senders with an empty localpart. These identities used to fall through to the gateway's unauthorized-user path, trigger a pairing code, and — once an operator approved the bridge — every outbound message the bridge relayed would loop back as an authorized user message. This was the root of the 'hall of mirrors' symptom. Fixes #15763 Test plan --------- scripts/run_tests.sh tests/gateway/test_matrix.py scripts/run_tests.sh tests/gateway/test_matrix_mention.py tests/gateway/test_matrix_voice.py All 182 tests pass. 14 new regression tests cover exact / case-insensitive / whitespace / unresolved-self-id matches, bridge prefix detection, empty sender, and the full _on_room_message drop path.
2026-04-26 21:50:28 -07:00
# Ignore own messages (case-insensitive; also drops when our own
# user_id hasn't been resolved yet — see _is_self_sender docstring
# and issue #15763).
if self._is_self_sender(sender):
return
# Ignore appservice / bridge / system identities so they never
# trigger the pairing flow. Once a bridge user is paired, every
# outbound message it relays would loop back as an authorized
# user message (the "hall of mirrors" in #15763).
if self._is_system_or_bridge_sender(sender):
logger.debug(
"Matrix: ignoring system/bridge sender %s in %s",
sender,
room_id,
)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
return
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Deduplicate by event ID.
event_id = str(getattr(event, "event_id", ""))
if self._is_duplicate_event(event_id):
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
return
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Startup grace: ignore old messages from initial sync.
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
raw_ts = (
getattr(event, "timestamp", None)
or getattr(event, "server_timestamp", None)
or 0
)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
event_ts = raw_ts / 1000.0 if raw_ts else 0.0
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if event_ts and event_ts < self._startup_ts - _STARTUP_GRACE_SECONDS:
return
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Extract content from the event.
content = getattr(event, "content", None)
if content is None:
return
fix(matrix): E2EE decryption — request keys, auto-trust devices, retry buffered events (#4083) When the Matrix adapter receives encrypted events it can't decrypt (MegolmEvent), it now: 1. Requests the missing room key from other devices via client.request_room_key(event) instead of silently dropping the message 2. Buffers undecrypted events (bounded to 100, 5 min TTL) and retries decryption after each E2EE maintenance cycle when new keys arrive 3. Auto-trusts/verifies all devices after key queries so other clients share session keys with the bot proactively 4. Exports Megolm keys on disconnect and imports them on connect, so session keys survive gateway restarts This addresses the 'could not decrypt event' warnings that caused the bot to miss messages in encrypted rooms.
2026-03-30 17:16:09 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Get msgtype — either from content object or raw dict.
if hasattr(content, "msgtype"):
msgtype = str(content.msgtype)
elif isinstance(content, dict):
msgtype = content.get("msgtype", "")
else:
msgtype = ""
fix(matrix): E2EE decryption — request keys, auto-trust devices, retry buffered events (#4083) When the Matrix adapter receives encrypted events it can't decrypt (MegolmEvent), it now: 1. Requests the missing room key from other devices via client.request_room_key(event) instead of silently dropping the message 2. Buffers undecrypted events (bounded to 100, 5 min TTL) and retries decryption after each E2EE maintenance cycle when new keys arrive 3. Auto-trusts/verifies all devices after key queries so other clients share session keys with the bot proactively 4. Exports Megolm keys on disconnect and imports them on connect, so session keys survive gateway restarts This addresses the 'could not decrypt event' warnings that caused the bot to miss messages in encrypted rooms.
2026-03-30 17:16:09 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Determine source content dict for relation/thread extraction.
if isinstance(content, dict):
source_content = content
elif hasattr(content, "serialize"):
source_content = content.serialize()
else:
source_content = {}
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
relates_to = source_content.get("m.relates_to", {})
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Skip edits (m.replace relation).
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if relates_to.get("rel_type") == "m.replace":
return
fix(matrix): ignore m.notice messages to prevent bot-to-bot loops The old nio code only handled RoomMessageText (m.text). The mautrix rewrite dispatched both m.text and m.notice, which would cause infinite loops between bots since m.notice is the conventional msgtype for bot responses in the Matrix ecosystem.
2026-04-11 07:44:55 +05:30
# Ignore m.notice to prevent bot-to-bot loops (m.notice is the
# conventional msgtype for bot responses in the Matrix ecosystem).
if msgtype == "m.notice":
return
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Dispatch by msgtype.
media_msgtypes = ("m.image", "m.audio", "m.video", "m.file")
if msgtype in media_msgtypes:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
await self._handle_media_message(
room_id, sender, event_id, event_ts, source_content, relates_to, msgtype
)
fix(matrix): ignore m.notice messages to prevent bot-to-bot loops The old nio code only handled RoomMessageText (m.text). The mautrix rewrite dispatched both m.text and m.notice, which would cause infinite loops between bots since m.notice is the conventional msgtype for bot responses in the Matrix ecosystem.
2026-04-11 07:44:55 +05:30
elif msgtype == "m.text":
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
await self._handle_text_message(
room_id, sender, event_id, event_ts, source_content, relates_to
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
async def _resolve_message_context(
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
self,
room_id: str,
sender: str,
event_id: str,
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
body: str,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
source_content: dict,
relates_to: dict,
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
) -> Optional[tuple]:
"""Shared mention/thread/DM gating for text and media handlers.
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
Returns (body, is_dm, chat_type, thread_id, display_name, source)
or None if the message should be dropped (mention gating).
"""
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
is_dm = await self._is_dm_room(room_id)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
chat_type = "dm" if is_dm else "group"
thread_id = None
if relates_to.get("rel_type") == "m.thread":
thread_id = relates_to.get("event_id")
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
formatted_body = source_content.get("formatted_body")
fix(matrix): trust m.mentions.user_ids as authoritative mention signal Port from openclaw/openclaw#64796: Per MSC3952 / Matrix v1.7, the m.mentions.user_ids field is the authoritative mention signal. Clients that populate m.mentions but don't duplicate @bot in the body text were being silently dropped when MATRIX_REQUIRE_MENTION=true. Cherry-picked from PR #8673.
2026-04-12 18:04:51 -07:00
# m.mentions.user_ids (MSC3952 / Matrix v1.7) — authoritative mention signal.
mentions_block = source_content.get("m.mentions") or {}
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
mention_user_ids = (
mentions_block.get("user_ids") if isinstance(mentions_block, dict) else None
)
fix(matrix): trust m.mentions.user_ids as authoritative mention signal Port from openclaw/openclaw#64796: Per MSC3952 / Matrix v1.7, the m.mentions.user_ids field is the authoritative mention signal. Clients that populate m.mentions but don't duplicate @bot in the body text were being silently dropped when MATRIX_REQUIRE_MENTION=true. Cherry-picked from PR #8673.
2026-04-12 18:04:51 -07:00
is_mentioned = self._is_bot_mentioned(body, formatted_body, mention_user_ids)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
# Require-mention gating.
if not is_dm:
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
is_free_room = room_id in self._free_rooms
refactor: extract shared helpers to deduplicate repeated code patterns (#7917) * refactor: add shared helper modules for code deduplication New modules: - gateway/platforms/helpers.py: MessageDeduplicator, TextBatchAggregator, strip_markdown, ThreadParticipationTracker, redact_phone - hermes_cli/cli_output.py: print_info/success/warning/error, prompt helpers - tools/path_security.py: validate_within_dir, has_traversal_component - utils.py additions: safe_json_loads, read_json_file, read_jsonl, append_jsonl, env_str/lower/int/bool helpers - hermes_constants.py additions: get_config_path, get_skills_dir, get_logs_dir, get_env_path * refactor: migrate gateway adapters to shared helpers - MessageDeduplicator: discord, slack, dingtalk, wecom, weixin, mattermost - strip_markdown: bluebubbles, feishu, sms - redact_phone: sms, signal - ThreadParticipationTracker: discord, matrix - _acquire/_release_platform_lock: telegram, discord, slack, whatsapp, signal, weixin Net -316 lines across 19 files. * refactor: migrate CLI modules to shared helpers - tools_config.py: use cli_output print/prompt + curses_radiolist (-117 lines) - setup.py: use cli_output print helpers + curses_radiolist (-101 lines) - mcp_config.py: use cli_output prompt (-15 lines) - memory_setup.py: use curses_radiolist (-86 lines) Net -263 lines across 5 files. * refactor: migrate to shared utility helpers - safe_json_loads: agent/display.py (4 sites) - get_config_path: skill_utils.py, hermes_logging.py, hermes_time.py - get_skills_dir: skill_utils.py, prompt_builder.py - Token estimation dedup: skills_tool.py imports from model_metadata - Path security: skills_tool, cronjob_tools, skill_manager_tool, credential_files - Non-atomic YAML writes: doctor.py, config.py now use atomic_yaml_write - Platform dict: new platforms.py, skills_config + tools_config derive from it - Anthropic key: new get_anthropic_key() in auth.py, used by doctor/status/config/main * test: update tests for shared helper migrations - test_dingtalk: use _dedup.is_duplicate() instead of _is_duplicate() - test_mattermost: use _dedup instead of _seen_posts/_prune_seen - test_signal: import redact_phone from helpers instead of signal - test_discord_connect: _platform_lock_identity instead of _token_lock_identity - test_telegram_conflict: updated lock error message format - test_skill_manager_tool: 'escapes' instead of 'boundary' in error msgs
2026-04-11 13:59:52 -07:00
in_bot_thread = bool(thread_id and thread_id in self._threads)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
if self._require_mention and not is_free_room and not in_bot_thread:
if not is_mentioned:
fix(matrix): add sync timeout, callback diagnostics, and mention-drop logging - Wrap _sync_loop sync() call with asyncio.wait_for(timeout=45s) to guard against TCP-level hangs that the Matrix long-poll timeout cannot catch - Add logger.debug at the top of _on_room_message so LOG_LEVEL=DEBUG confirms whether callbacks fire at all (diagnoses #5819, #7914, #12614) - Add logger.debug when MATRIX_REQUIRE_MENTION silently drops a message, pointing users to the env var to disable the filter Adapted for current mautrix-python adapter (PR was written against the legacy matrix-nio adapter). Closes #5819
2026-04-27 21:13:44 -07:00
logger.debug(
"Matrix: ignoring message %s in %s — no @mention "
"(set MATRIX_REQUIRE_MENTION=false to disable)",
event_id,
room_id,
)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
return None
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# DM mention-thread.
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
if is_dm and not thread_id and self._dm_mention_threads and is_mentioned:
thread_id = event_id
refactor: extract shared helpers to deduplicate repeated code patterns (#7917) * refactor: add shared helper modules for code deduplication New modules: - gateway/platforms/helpers.py: MessageDeduplicator, TextBatchAggregator, strip_markdown, ThreadParticipationTracker, redact_phone - hermes_cli/cli_output.py: print_info/success/warning/error, prompt helpers - tools/path_security.py: validate_within_dir, has_traversal_component - utils.py additions: safe_json_loads, read_json_file, read_jsonl, append_jsonl, env_str/lower/int/bool helpers - hermes_constants.py additions: get_config_path, get_skills_dir, get_logs_dir, get_env_path * refactor: migrate gateway adapters to shared helpers - MessageDeduplicator: discord, slack, dingtalk, wecom, weixin, mattermost - strip_markdown: bluebubbles, feishu, sms - redact_phone: sms, signal - ThreadParticipationTracker: discord, matrix - _acquire/_release_platform_lock: telegram, discord, slack, whatsapp, signal, weixin Net -316 lines across 19 files. * refactor: migrate CLI modules to shared helpers - tools_config.py: use cli_output print/prompt + curses_radiolist (-117 lines) - setup.py: use cli_output print helpers + curses_radiolist (-101 lines) - mcp_config.py: use cli_output prompt (-15 lines) - memory_setup.py: use curses_radiolist (-86 lines) Net -263 lines across 5 files. * refactor: migrate to shared utility helpers - safe_json_loads: agent/display.py (4 sites) - get_config_path: skill_utils.py, hermes_logging.py, hermes_time.py - get_skills_dir: skill_utils.py, prompt_builder.py - Token estimation dedup: skills_tool.py imports from model_metadata - Path security: skills_tool, cronjob_tools, skill_manager_tool, credential_files - Non-atomic YAML writes: doctor.py, config.py now use atomic_yaml_write - Platform dict: new platforms.py, skills_config + tools_config derive from it - Anthropic key: new get_anthropic_key() in auth.py, used by doctor/status/config/main * test: update tests for shared helper migrations - test_dingtalk: use _dedup.is_duplicate() instead of _is_duplicate() - test_mattermost: use _dedup instead of _seen_posts/_prune_seen - test_signal: import redact_phone from helpers instead of signal - test_discord_connect: _platform_lock_identity instead of _token_lock_identity - test_telegram_conflict: updated lock error message format - test_skill_manager_tool: 'escapes' instead of 'boundary' in error msgs
2026-04-11 13:59:52 -07:00
self._threads.mark(thread_id)
feat(matrix): add MATRIX_DM_MENTION_THREADS env var When enabled, @mentioning the bot in a DM creates a thread (default: false). Supports both env var and YAML config (matrix.dm_mention_threads). 6 new tests, docs updated. From #6957
2026-04-10 15:45:56 -07:00
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
# Strip mention from body (only when mention-gating is active).
if is_mentioned and self._require_mention:
fix(gateway): match Discord mention-stripping behavior in Matrix adapter Move mention stripping outside the `if not is_dm` guard so mentions are stripped in DMs too. Remove the bare-mention early return so a message containing only a mention passes through as empty string, matching Discord's behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 13:41:50 -05:00
body = self._strip_mention(body)
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Auto-thread.
feat(matrix): add dm_auto_thread config for DM auto-threading Adds MATRIX_DM_AUTO_THREAD env var (default: false) to control auto-threading in DM rooms independently from channel auto-threading. Closes #15398
2026-04-24 23:43:20 +01:00
if not thread_id and ((not is_dm and self._auto_thread) or (is_dm and self._dm_auto_thread)):
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
thread_id = event_id
refactor: extract shared helpers to deduplicate repeated code patterns (#7917) * refactor: add shared helper modules for code deduplication New modules: - gateway/platforms/helpers.py: MessageDeduplicator, TextBatchAggregator, strip_markdown, ThreadParticipationTracker, redact_phone - hermes_cli/cli_output.py: print_info/success/warning/error, prompt helpers - tools/path_security.py: validate_within_dir, has_traversal_component - utils.py additions: safe_json_loads, read_json_file, read_jsonl, append_jsonl, env_str/lower/int/bool helpers - hermes_constants.py additions: get_config_path, get_skills_dir, get_logs_dir, get_env_path * refactor: migrate gateway adapters to shared helpers - MessageDeduplicator: discord, slack, dingtalk, wecom, weixin, mattermost - strip_markdown: bluebubbles, feishu, sms - redact_phone: sms, signal - ThreadParticipationTracker: discord, matrix - _acquire/_release_platform_lock: telegram, discord, slack, whatsapp, signal, weixin Net -316 lines across 19 files. * refactor: migrate CLI modules to shared helpers - tools_config.py: use cli_output print/prompt + curses_radiolist (-117 lines) - setup.py: use cli_output print helpers + curses_radiolist (-101 lines) - mcp_config.py: use cli_output prompt (-15 lines) - memory_setup.py: use curses_radiolist (-86 lines) Net -263 lines across 5 files. * refactor: migrate to shared utility helpers - safe_json_loads: agent/display.py (4 sites) - get_config_path: skill_utils.py, hermes_logging.py, hermes_time.py - get_skills_dir: skill_utils.py, prompt_builder.py - Token estimation dedup: skills_tool.py imports from model_metadata - Path security: skills_tool, cronjob_tools, skill_manager_tool, credential_files - Non-atomic YAML writes: doctor.py, config.py now use atomic_yaml_write - Platform dict: new platforms.py, skills_config + tools_config derive from it - Anthropic key: new get_anthropic_key() in auth.py, used by doctor/status/config/main * test: update tests for shared helper migrations - test_dingtalk: use _dedup.is_duplicate() instead of _is_duplicate() - test_mattermost: use _dedup instead of _seen_posts/_prune_seen - test_signal: import redact_phone from helpers instead of signal - test_discord_connect: _platform_lock_identity instead of _token_lock_identity - test_telegram_conflict: updated lock error message format - test_skill_manager_tool: 'escapes' instead of 'boundary' in error msgs
2026-04-11 13:59:52 -07:00
self._threads.mark(thread_id)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
display_name = await self._get_display_name(room_id, sender)
source = self.build_source(
chat_id=room_id,
chat_type=chat_type,
user_id=sender,
user_name=display_name,
thread_id=thread_id,
)
if thread_id:
refactor: extract shared helpers to deduplicate repeated code patterns (#7917) * refactor: add shared helper modules for code deduplication New modules: - gateway/platforms/helpers.py: MessageDeduplicator, TextBatchAggregator, strip_markdown, ThreadParticipationTracker, redact_phone - hermes_cli/cli_output.py: print_info/success/warning/error, prompt helpers - tools/path_security.py: validate_within_dir, has_traversal_component - utils.py additions: safe_json_loads, read_json_file, read_jsonl, append_jsonl, env_str/lower/int/bool helpers - hermes_constants.py additions: get_config_path, get_skills_dir, get_logs_dir, get_env_path * refactor: migrate gateway adapters to shared helpers - MessageDeduplicator: discord, slack, dingtalk, wecom, weixin, mattermost - strip_markdown: bluebubbles, feishu, sms - redact_phone: sms, signal - ThreadParticipationTracker: discord, matrix - _acquire/_release_platform_lock: telegram, discord, slack, whatsapp, signal, weixin Net -316 lines across 19 files. * refactor: migrate CLI modules to shared helpers - tools_config.py: use cli_output print/prompt + curses_radiolist (-117 lines) - setup.py: use cli_output print helpers + curses_radiolist (-101 lines) - mcp_config.py: use cli_output prompt (-15 lines) - memory_setup.py: use curses_radiolist (-86 lines) Net -263 lines across 5 files. * refactor: migrate to shared utility helpers - safe_json_loads: agent/display.py (4 sites) - get_config_path: skill_utils.py, hermes_logging.py, hermes_time.py - get_skills_dir: skill_utils.py, prompt_builder.py - Token estimation dedup: skills_tool.py imports from model_metadata - Path security: skills_tool, cronjob_tools, skill_manager_tool, credential_files - Non-atomic YAML writes: doctor.py, config.py now use atomic_yaml_write - Platform dict: new platforms.py, skills_config + tools_config derive from it - Anthropic key: new get_anthropic_key() in auth.py, used by doctor/status/config/main * test: update tests for shared helper migrations - test_dingtalk: use _dedup.is_duplicate() instead of _is_duplicate() - test_mattermost: use _dedup instead of _seen_posts/_prune_seen - test_signal: import redact_phone from helpers instead of signal - test_discord_connect: _platform_lock_identity instead of _token_lock_identity - test_telegram_conflict: updated lock error message format - test_skill_manager_tool: 'escapes' instead of 'boundary' in error msgs
2026-04-11 13:59:52 -07:00
self._threads.mark(thread_id)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
self._background_read_receipt(room_id, event_id)
return body, is_dm, chat_type, thread_id, display_name, source
async def _handle_text_message(
self,
room_id: str,
sender: str,
event_id: str,
event_ts: float,
source_content: dict,
relates_to: dict,
) -> None:
"""Process a text message event."""
body = source_content.get("body", "") or ""
if not body:
return
ctx = await self._resolve_message_context(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
room_id,
sender,
event_id,
body,
source_content,
relates_to,
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
)
if ctx is None:
return
body, is_dm, chat_type, thread_id, display_name, source = ctx
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Reply-to detection.
reply_to = None
in_reply_to = relates_to.get("m.in_reply_to", {})
if in_reply_to:
reply_to = in_reply_to.get("event_id")
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Strip reply fallback from body.
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if reply_to and body.startswith("> "):
lines = body.split("\n")
stripped = []
past_fallback = False
for line in lines:
if not past_fallback:
if line.startswith("> ") or line == ">":
continue
if line == "":
past_fallback = True
continue
past_fallback = True
stripped.append(line)
body = "\n".join(stripped) if stripped else body
msg_type = MessageType.TEXT
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821) Comprehensive cleanup across 80 files based on automated (ruff, pyflakes, vulture) and manual analysis of the entire codebase. Changes by category: Unused imports removed (~95 across 55 files): - Removed genuinely unused imports from all major subsystems - agent/, hermes_cli/, tools/, gateway/, plugins/, cron/ - Includes imports in try/except blocks that were truly unused (vs availability checks which were left alone) Unused variables removed (~25): - Removed dead variables: connected, inner, channels, last_exc, source, new_server_names, verify, pconfig, default_terminal, result, pending_handled, temperature, loop - Dropped unused argparse subparser assignments in hermes_cli/main.py (12 instances of add_parser() where result was never used) Dead code removed: - run_agent.py: Removed dead ternary (None if False else None) and surrounding unreachable branch in identity fallback - run_agent.py: Removed write-only attribute _last_reported_tool - hermes_cli/providers.py: Removed dead @property decorator on module-level function (decorator has no effect outside a class) - gateway/run.py: Removed unused MCP config load before reconnect - gateway/platforms/slack.py: Removed dead SessionSource construction Undefined name bugs fixed (would cause NameError at runtime): - batch_runner.py: Added missing logger = logging.getLogger(__name__) - tools/environments/daytona.py: Added missing Dict and Path imports Unnecessary global statements removed (14): - tools/terminal_tool.py: 5 functions declared global for dicts they only mutated via .pop()/[key]=value (no rebinding) - tools/browser_tool.py: cleanup thread loop only reads flag - tools/rl_training_tool.py: 4 functions only do dict mutations - tools/mcp_oauth.py: only reads the global - hermes_time.py: only reads cached values Inefficient patterns fixed: - startswith/endswith tuple form: 15 instances of x.startswith('a') or x.startswith('b') consolidated to x.startswith(('a', 'b')) - len(x)==0 / len(x)>0: 13 instances replaced with pythonic truthiness checks (not x / bool(x)) - in dict.keys(): 5 instances simplified to in dict - Redefined unused name: removed duplicate _strip_mdv2 import in send_message_tool.py Other fixes: - hermes_cli/doctor.py: Replaced undefined logger.debug() with pass - hermes_cli/config.py: Consolidated chained .endswith() calls Test results: 3934 passed, 17 failed (all pre-existing on main), 19 skipped. Zero regressions.
2026-04-07 10:25:31 -07:00
if body.startswith(("!", "/")):
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
msg_type = MessageType.COMMAND
msg_event = MessageEvent(
text=body,
message_type=msg_type,
source=source,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
raw_message=source_content,
message_id=event_id,
fix(matrix): use correct reply_to_message_id parameter name Fixes #1842 The MessageEvent dataclass expects 'reply_to_message_id' but the Matrix connector was passing 'reply_to'. This caused replies to fail with: MessageEvent.__init__() got an unexpected keyword argument 'reply_to' Changed the parameter name to match the dataclass definition.
2026-03-18 03:33:04 -04:00
reply_to_message_id=reply_to,
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
)
fix(gateway): bypass text batching when delay is 0 (#6996) The text batching feature routes TEXT messages through asyncio.create_task() + asyncio.sleep(delay). Even with delay=0, the task fires asynchronously and won't complete before synchronous test assertions. This broke 33 tests across Discord, Matrix, and WeCom adapters. When _text_batch_delay_seconds is 0 (the test fixture setting), dispatch directly to handle_message() instead of going through the async batching path. This preserves the pre-batching behavior for tests while keeping batching active in production (default delay 0.6s).
2026-04-09 23:59:20 -07:00
if msg_type == MessageType.TEXT and self._text_batch_delay_seconds > 0:
fix(matrix): add text batching to merge split long messages Ports the adaptive batching pattern from the Telegram adapter. Matrix clients split messages around 4000 chars. Adaptive delay waits 2.0s when a chunk is near the limit, 0.6s otherwise. Only text messages are batched; commands dispatch immediately. Ref #6892
2026-04-09 22:37:08 -07:00
self._enqueue_text_event(msg_event)
else:
await self.handle_message(msg_event)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
async def _handle_media_message(
self,
room_id: str,
sender: str,
event_id: str,
event_ts: float,
source_content: dict,
relates_to: dict,
msgtype: str,
) -> None:
"""Process a media message event (image, audio, video, file)."""
body = source_content.get("body", "") or ""
url = source_content.get("url", "")
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Convert mxc:// to HTTP URL for downstream processing.
http_url = ""
if url and url.startswith("mxc://"):
http_url = self._mxc_to_http(url)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Extract MIME type from content info.
content_info = source_content.get("info", {})
if not isinstance(content_info, dict):
content_info = {}
event_mimetype = content_info.get("mimetype", "")
# For encrypted media, the URL may be in file.url.
file_content = source_content.get("file", {})
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
if not url and isinstance(file_content, dict):
url = file_content.get("url", "") or ""
if url and url.startswith("mxc://"):
http_url = self._mxc_to_http(url)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
is_encrypted_media = bool(
file_content and isinstance(file_content, dict) and file_content.get("url")
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
fix(gateway): SMS persistent HTTP session + Matrix MIME media types 1. sms.py: Replace per-send aiohttp.ClientSession with a persistent session created in connect() and closed in disconnect(). Each outbound SMS no longer pays the TCP+TLS handshake cost. Falls back to a temporary session if the persistent one isn't available. 2. matrix.py: Use proper MIME types (image/png, audio/ogg, video/mp4) instead of bare category words (image, audio, video). The gateway's media processing checks startswith('image/') and startswith('audio/') so bare words caused Matrix images to skip vision enrichment and Matrix audio to skip transcription. Now extracts the actual MIME type from the nio event's content info when available.
2026-03-17 04:35:14 -07:00
media_type = "application/octet-stream"
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
msg_type = MessageType.DOCUMENT
feat(matrix): support native voice messages via MSC3245 (#3877) * feat(matrix): support native voice messages * fix: skip matrix voice tests when matrix-nio not installed --------- Co-authored-by: Carlos Alberto Pereira Gomes <carlosapgomes@users.noreply.github.com>
2026-03-30 00:02:51 -07:00
is_voice_message = False
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
if msgtype == "m.image":
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
msg_type = MessageType.PHOTO
fix(gateway): SMS persistent HTTP session + Matrix MIME media types 1. sms.py: Replace per-send aiohttp.ClientSession with a persistent session created in connect() and closed in disconnect(). Each outbound SMS no longer pays the TCP+TLS handshake cost. Falls back to a temporary session if the persistent one isn't available. 2. matrix.py: Use proper MIME types (image/png, audio/ogg, video/mp4) instead of bare category words (image, audio, video). The gateway's media processing checks startswith('image/') and startswith('audio/') so bare words caused Matrix images to skip vision enrichment and Matrix audio to skip transcription. Now extracts the actual MIME type from the nio event's content info when available.
2026-03-17 04:35:14 -07:00
media_type = event_mimetype or "image/png"
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
elif msgtype == "m.audio":
feat(matrix): support native voice messages via MSC3245 (#3877) * feat(matrix): support native voice messages * fix: skip matrix voice tests when matrix-nio not installed --------- Co-authored-by: Carlos Alberto Pereira Gomes <carlosapgomes@users.noreply.github.com>
2026-03-30 00:02:51 -07:00
if source_content.get("org.matrix.msc3245.voice") is not None:
is_voice_message = True
msg_type = MessageType.VOICE
else:
msg_type = MessageType.AUDIO
fix(gateway): SMS persistent HTTP session + Matrix MIME media types 1. sms.py: Replace per-send aiohttp.ClientSession with a persistent session created in connect() and closed in disconnect(). Each outbound SMS no longer pays the TCP+TLS handshake cost. Falls back to a temporary session if the persistent one isn't available. 2. matrix.py: Use proper MIME types (image/png, audio/ogg, video/mp4) instead of bare category words (image, audio, video). The gateway's media processing checks startswith('image/') and startswith('audio/') so bare words caused Matrix images to skip vision enrichment and Matrix audio to skip transcription. Now extracts the actual MIME type from the nio event's content info when available.
2026-03-17 04:35:14 -07:00
media_type = event_mimetype or "audio/ogg"
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
elif msgtype == "m.video":
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
msg_type = MessageType.VIDEO
fix(gateway): SMS persistent HTTP session + Matrix MIME media types 1. sms.py: Replace per-send aiohttp.ClientSession with a persistent session created in connect() and closed in disconnect(). Each outbound SMS no longer pays the TCP+TLS handshake cost. Falls back to a temporary session if the persistent one isn't available. 2. matrix.py: Use proper MIME types (image/png, audio/ogg, video/mp4) instead of bare category words (image, audio, video). The gateway's media processing checks startswith('image/') and startswith('audio/') so bare words caused Matrix images to skip vision enrichment and Matrix audio to skip transcription. Now extracts the actual MIME type from the nio event's content info when available.
2026-03-17 04:35:14 -07:00
media_type = event_mimetype or "video/mp4"
elif event_mimetype:
media_type = event_mimetype
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Cache media locally when downstream tools need a real file path.
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
cached_path = None
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
should_cache_locally = msg_type in (
MessageType.PHOTO, MessageType.AUDIO, MessageType.VIDEO, MessageType.DOCUMENT,
) or is_voice_message or is_encrypted_media
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
if should_cache_locally and url:
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
file_bytes = await self._client.download_media(ContentURI(url))
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
if file_bytes is not None:
if is_encrypted_media:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
from mautrix.crypto.attachments import decrypt_attachment
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
hashes_value = (
file_content.get("hashes")
if isinstance(file_content, dict)
else None
)
hash_value = (
hashes_value.get("sha256")
if isinstance(hashes_value, dict)
else None
)
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
key_value = (
file_content.get("key")
if isinstance(file_content, dict)
else None
)
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
if isinstance(key_value, dict):
key_value = key_value.get("k")
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
iv_value = (
file_content.get("iv")
if isinstance(file_content, dict)
else None
)
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
if key_value and hash_value and iv_value:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
file_bytes = decrypt_attachment(
file_bytes, key_value, hash_value, iv_value
)
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
else:
logger.warning(
"[Matrix] Encrypted media event missing decryption metadata for %s",
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
event_id,
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
)
file_bytes = None
if file_bytes is not None:
from gateway.platforms.base import (
cache_audio_from_bytes,
cache_document_from_bytes,
cache_image_from_bytes,
)
if msg_type == MessageType.PHOTO:
ext_map = {
"image/jpeg": ".jpg",
"image/png": ".png",
"image/gif": ".gif",
"image/webp": ".webp",
}
ext = ext_map.get(media_type, ".jpg")
cached_path = cache_image_from_bytes(file_bytes, ext=ext)
logger.info("[Matrix] Cached user image at %s", cached_path)
elif msg_type in (MessageType.AUDIO, MessageType.VOICE):
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
ext = (
Path(
body
or (
"voice.ogg" if is_voice_message else "audio.ogg"
)
).suffix
or ".ogg"
)
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
cached_path = cache_audio_from_bytes(file_bytes, ext=ext)
else:
filename = body or (
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
"video.mp4"
if msg_type == MessageType.VIDEO
else "document"
)
cached_path = cache_document_from_bytes(
file_bytes, filename
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
)
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
except Exception as e:
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
logger.warning("[Matrix] Failed to cache media: %s", e)
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
ctx = await self._resolve_message_context(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
room_id,
sender,
event_id,
body,
source_content,
relates_to,
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
)
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
if ctx is None:
return
body, is_dm, chat_type, thread_id, display_name, source = ctx
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
fix(matrix): normalize image-only filenames
2026-04-23 00:42:09 +08:00
if msgtype == "m.image" and _looks_like_matrix_image_filename(body):
body = ""
fix(matrix): handle encrypted media events and cache decrypted attachments Cherry-picked from PR #3140 by chalkers, resolved against current main. Registers RoomEncryptedImage/Audio/Video/File callbacks, decrypts attachments via nio.crypto, caches all media types (images, audio, documents), prevents ciphertext URL fallback for encrypted media. Unifies the separate voice-message download into the main cache block. Preserves main's MATRIX_REQUIRE_MENTION, auto-thread, and mention stripping features. Includes 355 lines of encrypted media tests.
2026-04-05 10:47:42 -07:00
allow_http_fallback = bool(http_url) and not is_encrypted_media
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
media_urls = (
[cached_path]
if cached_path
else ([http_url] if allow_http_fallback else None)
)
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
media_types = [media_type] if media_urls else None
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
msg_event = MessageEvent(
text=body,
message_type=msg_type,
source=source,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
raw_message=source_content,
message_id=event_id,
fix(matrix): duplicate messages, image caching for vision support (#2520) Three fixes for the Matrix adapter: 1. Remove RoomMessageMedia callback registration — RoomMessageImage inherits from it, causing images to be processed twice. 2. Add event ID deduplication to both text and media handlers. nio can fire the same event more than once; bounded deque+set tracks the last 1000 events. 3. Cache images locally via Matrix client download. MXC URLs require authentication, so the vision pipeline couldn't access them. Images are now downloaded via the authenticated client and saved to the local cache (same pattern as Telegram/Discord). Cherry-picked from PR #2353 by williamtwomey. Co-authored-by: williamtwomey <williamtwomey@users.noreply.github.com>
2026-03-22 09:27:25 -07:00
media_urls=media_urls,
media_types=media_types,
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
)
await self.handle_message(msg_event)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
async def _on_invite(self, event: Any) -> None:
"""Auto-join rooms when invited."""
room_id = str(getattr(event, "room_id", ""))
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
logger.info(
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
"Matrix: invited to %s — joining",
room_id,
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
)
fix(matrix): reconcile pending invites from sync state
2026-04-13 20:02:07 -04:00
await self._join_room_by_id(room_id)
async def _join_room_by_id(self, room_id: str) -> bool:
"""Join a room by ID and refresh local caches on success."""
if not room_id:
return False
if room_id in self._joined_rooms:
return True
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
await self._client.join_room(RoomID(room_id))
self._joined_rooms.add(room_id)
logger.info("Matrix: joined %s", room_id)
await self._refresh_dm_cache()
fix(matrix): reconcile pending invites from sync state
2026-04-13 20:02:07 -04:00
return True
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
except Exception as exc:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
logger.warning("Matrix: error joining %s: %s", room_id, exc)
fix(matrix): reconcile pending invites from sync state
2026-04-13 20:02:07 -04:00
return False
async def _join_pending_invites(self, sync_data: Dict[str, Any]) -> None:
"""Join rooms still present in rooms.invite after sync processing."""
rooms = sync_data.get("rooms", {}) if isinstance(sync_data, dict) else {}
invites = rooms.get("invite", {})
if not isinstance(invites, dict):
return
for room_id in invites:
if room_id in self._joined_rooms:
continue
logger.info("Matrix: reconciling pending invite for %s", room_id)
await self._join_room_by_id(str(room_id))
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
# ------------------------------------------------------------------
# Reactions (send, receive, processing lifecycle)
# ------------------------------------------------------------------
async def _send_reaction(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self,
room_id: str,
event_id: str,
emoji: str,
fix(matrix): remove eyes reaction on processing complete The on_processing_complete handler was never removing the eyes reaction because _send_reaction didn't return the reaction event_id. Fix: - _send_reaction returns Optional[str] event_id - on_processing_start stores it in _pending_reactions dict - on_processing_complete redacts the eyes reaction before adding completion emoji
2026-04-09 18:28:53 -05:00
) -> Optional[str]:
"""Send an emoji reaction to a message in a room.
Returns the reaction event_id on success, None on failure.
"""
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
if not self._client:
fix(matrix): remove eyes reaction on processing complete The on_processing_complete handler was never removing the eyes reaction because _send_reaction didn't return the reaction event_id. Fix: - _send_reaction returns Optional[str] event_id - on_processing_start stores it in _pending_reactions dict - on_processing_complete redacts the eyes reaction before adding completion emoji
2026-04-09 18:28:53 -05:00
return None
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
content = {
"m.relates_to": {
"rel_type": "m.annotation",
"event_id": event_id,
"key": emoji,
}
}
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
resp_event_id = await self._client.send_message_event(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
RoomID(room_id),
EventType.REACTION,
content,
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
logger.debug("Matrix: sent reaction %s to %s", emoji, event_id)
return str(resp_event_id)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
except Exception as exc:
logger.debug("Matrix: reaction send error: %s", exc)
fix(matrix): remove eyes reaction on processing complete The on_processing_complete handler was never removing the eyes reaction because _send_reaction didn't return the reaction event_id. Fix: - _send_reaction returns Optional[str] event_id - on_processing_start stores it in _pending_reactions dict - on_processing_complete redacts the eyes reaction before adding completion emoji
2026-04-09 18:28:53 -05:00
return None
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
async def _redact_reaction(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self,
room_id: str,
reaction_event_id: str,
reason: str = "",
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
) -> bool:
"""Remove a reaction by redacting its event."""
return await self.redact_message(room_id, reaction_event_id, reason)
async def on_processing_start(self, event: MessageEvent) -> None:
"""Add eyes reaction when the agent starts processing a message."""
if not self._reactions_enabled:
return
msg_id = event.message_id
room_id = event.source.chat_id
if msg_id and room_id:
fix(matrix): remove eyes reaction on processing complete The on_processing_complete handler was never removing the eyes reaction because _send_reaction didn't return the reaction event_id. Fix: - _send_reaction returns Optional[str] event_id - on_processing_start stores it in _pending_reactions dict - on_processing_complete redacts the eyes reaction before adding completion emoji
2026-04-09 18:28:53 -05:00
reaction_event_id = await self._send_reaction(room_id, msg_id, "\U0001f440")
if reaction_event_id:
self._pending_reactions[(room_id, msg_id)] = reaction_event_id
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
async def on_processing_complete(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self,
event: MessageEvent,
outcome: ProcessingOutcome,
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
) -> None:
"""Replace eyes with checkmark (success) or cross (failure)."""
if not self._reactions_enabled:
return
msg_id = event.message_id
room_id = event.source.chat_id
if not msg_id or not room_id:
return
fix(gateway): avoid false failure reactions on restart cancellation
2026-04-08 16:07:07 -07:00
if outcome == ProcessingOutcome.CANCELLED:
return
fix(matrix): remove eyes reaction on processing complete The on_processing_complete handler was never removing the eyes reaction because _send_reaction didn't return the reaction event_id. Fix: - _send_reaction returns Optional[str] event_id - on_processing_start stores it in _pending_reactions dict - on_processing_complete redacts the eyes reaction before adding completion emoji
2026-04-09 18:28:53 -05:00
reaction_key = (room_id, msg_id)
if reaction_key in self._pending_reactions:
eyes_event_id = self._pending_reactions.pop(reaction_key)
fix(matrix): log redact failures and add missing reaction test cases Add debug logging when eyes reaction redaction fails, and add tests for the success=False path and the no-pending-reaction edge case. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 23:34:09 -05:00
if not await self._redact_reaction(room_id, eyes_event_id):
logger.debug("Matrix: failed to redact eyes reaction %s", eyes_event_id)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
await self._send_reaction(
fix(gateway): avoid false failure reactions on restart cancellation
2026-04-08 16:07:07 -07:00
room_id,
msg_id,
"\u2705" if outcome == ProcessingOutcome.SUCCESS else "\u274c",
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
async def _on_reaction(self, event: Any) -> None:
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
"""Handle incoming reaction events."""
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
sender = str(getattr(event, "sender", ""))
fix(matrix): close 'hall of mirrors' pairing + echo loop (#15763) (#16374) Harden the Matrix adapter's sender-drop guards so bot-self events and appservice/bridge identities never reach the gateway's pairing flow or the agent loop. Two filters, applied as early as possible in _on_room_message (and _on_reaction for the self-filter): 1. _is_self_sender(sender) — case-insensitive + whitespace-trimmed equality with self._user_id. When self._user_id is still empty (whoami has not resolved, or login failed), returns True defensively: an unidentified bot dropping its own events is always preferable to falling into an echo loop. The previous byte-for-byte equality check let differently-cased copies of the bot's MXID slip through, and an unresolved self-ID silently disabled the guard. 2. _is_system_or_bridge_sender(sender) — drops appservice namespace puppets (conventional @_bridge_...:server form) and malformed senders with an empty localpart. These identities used to fall through to the gateway's unauthorized-user path, trigger a pairing code, and — once an operator approved the bridge — every outbound message the bridge relayed would loop back as an authorized user message. This was the root of the 'hall of mirrors' symptom. Fixes #15763 Test plan --------- scripts/run_tests.sh tests/gateway/test_matrix.py scripts/run_tests.sh tests/gateway/test_matrix_mention.py tests/gateway/test_matrix_voice.py All 182 tests pass. 14 new regression tests cover exact / case-insensitive / whitespace / unresolved-self-id matches, bridge prefix detection, empty sender, and the full _on_room_message drop path.
2026-04-26 21:50:28 -07:00
if self._is_self_sender(sender):
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
return
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
event_id = str(getattr(event, "event_id", ""))
if self._is_duplicate_event(event_id):
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
return
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
room_id = str(getattr(event, "room_id", ""))
content = getattr(event, "content", None)
if content:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
relates_to = (
content.get("m.relates_to", {})
if isinstance(content, dict)
else getattr(content, "relates_to", {})
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
reacts_to = ""
key = ""
if isinstance(relates_to, dict):
reacts_to = relates_to.get("event_id", "")
key = relates_to.get("key", "")
elif hasattr(relates_to, "event_id"):
reacts_to = str(getattr(relates_to, "event_id", ""))
key = str(getattr(relates_to, "key", ""))
logger.info(
"Matrix: reaction %s from %s on %s in %s",
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
key,
sender,
reacts_to,
room_id,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
)
feat(matrix): reaction-based exec approval + mention_user_id Add Matrix reaction-based exec approval (✅/❎) and mention_user_id support for push notifications in muted rooms. - matrix.py: _MatrixApprovalPrompt, send_exec_approval, reaction approval handling, bot seed reaction redaction, mention pill in send - base.py: inject mention_user_id into send metadata - run.py: inject mention_user_id into status thread metadata - tests for approval prompt registration and reaction resolution
2026-04-25 02:44:14 +08:00
# Check if this reaction resolves a pending approval prompt.
prompt = self._approval_prompts_by_event.get(reacts_to)
if prompt and not prompt.resolved:
if room_id != prompt.chat_id:
return
if self._allowed_user_ids and sender not in self._allowed_user_ids:
logger.info(
"Matrix: ignoring approval reaction from unauthorized user %s on %s",
sender, reacts_to,
)
return
choice = self._approval_reaction_map.get(key)
if not choice:
return
try:
from tools.approval import resolve_gateway_approval
count = resolve_gateway_approval(prompt.session_key, choice)
if count:
prompt.resolved = True
self._approval_prompts_by_event.pop(reacts_to, None)
self._approval_prompt_by_session.pop(prompt.session_key, None)
logger.info(
"Matrix reaction resolved %d approval(s) for session %s "
"(choice=%s, user=%s)",
count, prompt.session_key, choice, sender,
)
# Redact bot's seed reactions, leaving only the user's
await self._redact_bot_approval_reactions(room_id, prompt)
except Exception as exc:
logger.error("Failed to resolve gateway approval from Matrix reaction: %s", exc)
async def _redact_bot_approval_reactions(
self,
room_id: str,
prompt: "_MatrixApprovalPrompt",
) -> None:
"""Redact the bot's seed ✅/❎ reactions, leaving only the user's reaction."""
for emoji, evt_id in prompt.bot_reaction_events.items():
try:
await self.redact_message(room_id, evt_id, "approval resolved")
logger.debug("Matrix: redacted bot reaction %s (%s)", emoji, evt_id)
except Exception as exc:
logger.debug("Matrix: failed to redact bot reaction %s: %s", emoji, exc)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# ------------------------------------------------------------------
# Text message aggregation (handles Matrix client-side splits)
# ------------------------------------------------------------------
def _text_batch_key(self, event: MessageEvent) -> str:
"""Session-scoped key for text message batching."""
from gateway.session import build_session_key
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
return build_session_key(
event.source,
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
group_sessions_per_user=self.config.extra.get(
"group_sessions_per_user", True
),
thread_sessions_per_user=self.config.extra.get(
"thread_sessions_per_user", False
),
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
def _enqueue_text_event(self, event: MessageEvent) -> None:
"""Buffer a text event and reset the flush timer."""
key = self._text_batch_key(event)
existing = self._pending_text_batches.get(key)
chunk_len = len(event.text or "")
if existing is None:
event._last_chunk_len = chunk_len # type: ignore[attr-defined]
self._pending_text_batches[key] = event
else:
if event.text:
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
existing.text = (
f"{existing.text}\n{event.text}" if existing.text else event.text
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
existing._last_chunk_len = chunk_len # type: ignore[attr-defined]
if event.media_urls:
existing.media_urls.extend(event.media_urls)
existing.media_types.extend(event.media_types)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
prior_task = self._pending_text_batch_tasks.get(key)
if prior_task and not prior_task.done():
prior_task.cancel()
self._pending_text_batch_tasks[key] = asyncio.create_task(
self._flush_text_batch(key)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
async def _flush_text_batch(self, key: str) -> None:
"""Wait for the quiet period then dispatch the aggregated text."""
current_task = asyncio.current_task()
try:
pending = self._pending_text_batches.get(key)
last_len = getattr(pending, "_last_chunk_len", 0) if pending else 0
if last_len >= self._SPLIT_THRESHOLD:
delay = self._text_batch_split_delay_seconds
else:
delay = self._text_batch_delay_seconds
await asyncio.sleep(delay)
event = self._pending_text_batches.pop(key, None)
if not event:
return
logger.info(
"[Matrix] Flushing text batch %s (%d chars)",
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
key,
len(event.text or ""),
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
)
await self.handle_message(event)
finally:
if self._pending_text_batch_tasks.get(key) is current_task:
self._pending_text_batch_tasks.pop(key, None)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
# ------------------------------------------------------------------
# Read receipts
# ------------------------------------------------------------------
def _background_read_receipt(self, room_id: str, event_id: str) -> None:
"""Fire-and-forget read receipt with error logging."""
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
async def _send() -> None:
try:
await self.send_read_receipt(room_id, event_id)
except Exception as exc: # pragma: no cover — defensive
logger.debug("Matrix: background read receipt failed: %s", exc)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
asyncio.ensure_future(_send())
async def send_read_receipt(self, room_id: str, event_id: str) -> bool:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
"""Send a read receipt (m.read) for an event."""
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
if not self._client:
return False
try:
fix(gateway): fix matrix read receipts
2026-04-15 13:03:31 +00:00
room = RoomID(room_id)
event = EventID(event_id)
if hasattr(self._client, "set_fully_read_marker"):
await self._client.set_fully_read_marker(room, event, event)
elif hasattr(self._client, "send_receipt"):
await self._client.send_receipt(room, event)
elif hasattr(self._client, "set_read_markers"):
await self._client.set_read_markers(
room,
fully_read_event=event,
read_receipt=event,
)
else:
logger.debug("Matrix: client has no read receipt method")
return False
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
logger.debug("Matrix: sent read receipt for %s in %s", event_id, room_id)
return True
except Exception as exc:
logger.debug("Matrix: read receipt failed: %s", exc)
return False
# ------------------------------------------------------------------
# Message redaction
# ------------------------------------------------------------------
async def redact_message(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self,
room_id: str,
event_id: str,
reason: str = "",
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
) -> bool:
"""Redact (delete) a message or event from a room."""
if not self._client:
return False
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
await self._client.redact(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
RoomID(room_id),
EventID(event_id),
reason=reason or None,
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
logger.info("Matrix: redacted %s in %s", event_id, room_id)
return True
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
except Exception as exc:
logger.warning("Matrix: redact error: %s", exc)
return False
# ------------------------------------------------------------------
# Room creation & management
# ------------------------------------------------------------------
async def create_room(
self,
name: str = "",
topic: str = "",
invite: Optional[list] = None,
is_direct: bool = False,
preset: str = "private_chat",
) -> Optional[str]:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
"""Create a new Matrix room."""
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
if not self._client:
return None
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
preset_enum = {
"private_chat": RoomCreatePreset.PRIVATE,
"public_chat": RoomCreatePreset.PUBLIC,
"trusted_private_chat": RoomCreatePreset.TRUSTED_PRIVATE,
}.get(preset, RoomCreatePreset.PRIVATE)
invitees = [UserID(u) for u in (invite or [])]
room_id = await self._client.create_room(
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
name=name or None,
topic=topic or None,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
invitees=invitees,
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
is_direct=is_direct,
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
preset=preset_enum,
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
room_id_str = str(room_id)
self._joined_rooms.add(room_id_str)
logger.info("Matrix: created room %s (%s)", room_id_str, name or "unnamed")
return room_id_str
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
except Exception as exc:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
logger.warning("Matrix: create_room error: %s", exc)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
return None
async def invite_user(self, room_id: str, user_id: str) -> bool:
"""Invite a user to a room."""
if not self._client:
return False
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
await self._client.invite_user(RoomID(room_id), UserID(user_id))
logger.info("Matrix: invited %s to %s", user_id, room_id)
return True
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
except Exception as exc:
logger.warning("Matrix: invite error: %s", exc)
return False
# ------------------------------------------------------------------
# Presence
# ------------------------------------------------------------------
_VALID_PRESENCE_STATES = frozenset(("online", "offline", "unavailable"))
async def set_presence(self, state: str = "online", status_msg: str = "") -> bool:
"""Set the bot's presence status."""
if not self._client:
return False
if state not in self._VALID_PRESENCE_STATES:
logger.warning("Matrix: invalid presence state %r", state)
return False
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
presence_map = {
"online": PresenceState.ONLINE,
"offline": PresenceState.OFFLINE,
"unavailable": PresenceState.UNAVAILABLE,
}
await self._client.set_presence(
presence=presence_map[state],
status=status_msg or None,
)
logger.debug("Matrix: presence set to %s", state)
return True
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
except Exception as exc:
logger.debug("Matrix: set_presence failed: %s", exc)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
return False
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
# ------------------------------------------------------------------
# Emote & notice message types
# ------------------------------------------------------------------
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
async def _send_simple_message(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self,
chat_id: str,
text: str,
msgtype: str,
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
) -> SendResult:
refactor(matrix): simplify adapter after code review - Extract _resolve_message_context() to deduplicate ~40 lines of mention/thread/DM gating logic between text and media handlers - Move mautrix.types imports to module level (16 scattered local imports consolidated) - Parse mention/thread env vars once in __init__ instead of per-message - Cache _is_bot_mentioned() result instead of calling 3x per event - Consolidate send_emote/send_notice into shared _send_simple_message() - Use _is_dm_room() in get_chat_info() instead of inline duplication - Add _CRYPTO_PICKLE_PATH constant (was duplicated in 2 locations) - Fix fragile event_ts extraction (double getattr, None safety) - Clean up leaked aiohttp session on auth failure paths - Remove redundant trailing _track_thread() calls
2026-04-11 07:38:50 +05:30
"""Send a simple message (emote, notice) with optional HTML formatting."""
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
if not self._client or not text:
return SendResult(success=False, error="No client or empty text")
fix(matrix): add outbound mention payloads
2026-04-12 17:24:58 +02:00
msg_content = self._build_text_message_content(text, msgtype=msgtype)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
try:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
event_id = await self._client.send_message_event(
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
RoomID(chat_id),
EventType.ROOM_MESSAGE,
msg_content,
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
return SendResult(success=True, message_id=str(event_id))
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
except Exception as exc:
return SendResult(success=False, error=str(exc))
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# ------------------------------------------------------------------
# Helpers
# ------------------------------------------------------------------
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
async def _is_dm_room(self, room_id: str) -> bool:
"""Check if a room is a DM."""
if self._dm_rooms.get(room_id, False):
return True
# Fallback: check member count via state store.
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
state_store = (
getattr(self._client, "state_store", None) if self._client else None
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
if state_store:
try:
members = await state_store.get_members(room_id)
if members and len(members) == 2:
return True
except Exception:
pass
return False
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
async def _refresh_dm_cache(self) -> None:
"""Refresh the DM room cache from m.direct account data."""
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if not self._client:
return
dm_data: Optional[Dict] = None
try:
resp = await self._client.get_account_data("m.direct")
if hasattr(resp, "content"):
dm_data = resp.content
elif isinstance(resp, dict):
dm_data = resp
except Exception as exc:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
logger.debug("Matrix: get_account_data('m.direct') failed: %s", exc)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if dm_data is None:
return
dm_room_ids: Set[str] = set()
for user_id, rooms in dm_data.items():
if isinstance(rooms, list):
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
dm_room_ids.update(str(r) for r in rooms)
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
self._dm_rooms = {rid: (rid in dm_room_ids) for rid in self._joined_rooms}
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
# ------------------------------------------------------------------
# Mention detection helpers
# ------------------------------------------------------------------
fix(matrix): add outbound mention payloads
2026-04-12 17:24:58 +02:00
def _build_text_message_content(self, text: str, msgtype: str = "m.text") -> Dict[str, Any]:
"""Build Matrix text content with HTML and outbound mention metadata."""
msg_content: Dict[str, Any] = {"msgtype": msgtype, "body": text}
mention_user_ids = self._extract_outbound_mentions(text)
if mention_user_ids:
msg_content["m.mentions"] = {"user_ids": mention_user_ids}
html_source = self._inject_outbound_mention_links(text)
html = self._markdown_to_html(html_source)
if html and html != text:
msg_content["format"] = "org.matrix.custom.html"
msg_content["formatted_body"] = html
return msg_content
def _extract_outbound_mentions(self, text: str) -> list[str]:
"""Return unique Matrix user IDs mentioned in outbound text."""
protected, _ = self._protect_outbound_mention_regions(text)
seen: Set[str] = set()
mentions: list[str] = []
for match in _OUTBOUND_MENTION_RE.finditer(protected):
user_id = match.group(1)
if user_id not in seen:
seen.add(user_id)
mentions.append(user_id)
return mentions
def _inject_outbound_mention_links(self, text: str) -> str:
"""Wrap outbound Matrix mentions in markdown links outside code spans."""
if not text:
return text
protected, placeholders = self._protect_outbound_mention_regions(text)
linked = _OUTBOUND_MENTION_RE.sub(
lambda match: f"[{match.group(1)}](https://matrix.to/#/{match.group(1)})",
protected,
)
for idx, original in enumerate(placeholders):
linked = linked.replace(f"\x00MENTION_PROTECTED{idx}\x00", original)
return linked
def _protect_outbound_mention_regions(self, text: str) -> tuple[str, list[str]]:
"""Protect markdown regions where outbound mentions should stay literal."""
placeholders: list[str] = []
def _protect(fragment: str) -> str:
idx = len(placeholders)
placeholders.append(fragment)
return f"\x00MENTION_PROTECTED{idx}\x00"
protected = re.sub(
r"```[\s\S]*?```",
lambda match: _protect(match.group(0)),
text or "",
)
protected = re.sub(
r"`[^`\n]+`",
lambda match: _protect(match.group(0)),
protected,
)
protected = re.sub(
r"\[[^\]]+\]\([^)]+\)",
lambda match: _protect(match.group(0)),
protected,
)
return protected, placeholders
fix(matrix): trust m.mentions.user_ids as authoritative mention signal Port from openclaw/openclaw#64796: Per MSC3952 / Matrix v1.7, the m.mentions.user_ids field is the authoritative mention signal. Clients that populate m.mentions but don't duplicate @bot in the body text were being silently dropped when MATRIX_REQUIRE_MENTION=true. Cherry-picked from PR #8673.
2026-04-12 18:04:51 -07:00
def _is_bot_mentioned(
self,
body: str,
formatted_body: Optional[str] = None,
mention_user_ids: Optional[list] = None,
) -> bool:
"""Return True if the bot is mentioned in the message.
Per MSC3952, ``m.mentions.user_ids`` is the authoritative mention
signal in the Matrix spec. When the sender's client populates that
field with the bot's user-id, we trust it — even when the visible
body text does not contain an explicit ``@bot`` string (some clients
only render mention "pills" in ``formatted_body`` or use display
names).
"""
# m.mentions.user_ids — authoritative per MSC3952 / Matrix v1.7.
if mention_user_ids and self._user_id and self._user_id in mention_user_ids:
return True
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
if not body and not formatted_body:
return False
if self._user_id and self._user_id in body:
return True
if self._user_id and ":" in self._user_id:
localpart = self._user_id.split(":")[0].lstrip("@")
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
if localpart and re.search(
r"\b" + re.escape(localpart) + r"\b", body, re.IGNORECASE
):
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
return True
if formatted_body and self._user_id:
if f"matrix.to/#/{self._user_id}" in formatted_body:
return True
return False
def _strip_mention(self, body: str) -> str:
fix(matrix): strip only explicit @mentions in _strip_mention
2026-04-16 09:47:21 -06:00
"""Remove explicit bot mentions from message body.
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
fix(matrix): strip only explicit @mentions in _strip_mention
2026-04-16 09:47:21 -06:00
Important: only strip explicit mention tokens (``@user:server`` or
``@localpart``). Do NOT strip bare words matching the bot localpart,
otherwise normal phrases like "Hermes Agent" become "Agent".
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
"""
fix(matrix): strip only explicit @mentions in _strip_mention
2026-04-16 09:47:21 -06:00
if not body:
return ""
# Strip explicit full MXID mentions.
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
if self._user_id:
body = body.replace(self._user_id, "")
fix(matrix): strip only explicit @mentions in _strip_mention
2026-04-16 09:47:21 -06:00
# Strip explicit @localpart mentions only (not bare localpart words).
if self._user_id and ":" in self._user_id:
localpart = self._user_id.split(":")[0].lstrip("@")
if localpart:
body = re.sub(
r'(?<![\w])@' + re.escape(localpart) + r'\b',
'',
body,
flags=re.IGNORECASE,
)
# Normalize spacing after mention removal.
body = re.sub(r'[ \t]{2,}', ' ', body)
body = re.sub(r'\s+([,.;:!?])', r'\1', body)
feat(gateway): add MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support Bring Matrix feature parity with Discord by adding mention gating and auto-threading. Both default to true, matching Discord behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 12:43:20 -05:00
return body.strip()
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
async def _get_display_name(self, room_id: str, user_id: str) -> str:
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
"""Get a user's display name in a room, falling back to user_id."""
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
state_store = (
getattr(self._client, "state_store", None) if self._client else None
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
if state_store:
try:
member = await state_store.get_member(room_id, user_id)
if member and getattr(member, "displayname", None):
return member.displayname
except Exception:
pass
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
# Strip the @...:server format to just the localpart.
if user_id.startswith("@") and ":" in user_id:
return user_id[1:].split(":")[0]
return user_id
def _mxc_to_http(self, mxc_url: str) -> str:
"""Convert mxc://server/media_id to an HTTP download URL."""
if not mxc_url.startswith("mxc://"):
return mxc_url
parts = mxc_url[6:] # strip mxc://
return f"{self._homeserver}/_matrix/client/v1/media/download/{parts}"
def _markdown_to_html(self, text: str) -> str:
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
"""Convert Markdown to Matrix-compatible HTML (org.matrix.custom.html).
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
Uses the ``markdown`` library when available (installed with the
``matrix`` extra). Falls back to a comprehensive regex converter
that handles fenced code blocks, inline code, headers, bold,
italic, strikethrough, links, blockquotes, lists, and horizontal
rules everything the Matrix HTML spec allows.
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
"""
try:
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
import markdown as _md
md = _md.Markdown(
extensions=["fenced_code", "tables", "nl2br", "sane_lists"],
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
if "html_block" in md.preprocessors:
md.preprocessors.deregister("html_block")
html = md.convert(text)
md.reset()
feat: add Mattermost and Matrix gateway adapters Add support for Mattermost (self-hosted Slack alternative) and Matrix (federated messaging protocol) as messaging platforms. Mattermost adapter: - REST API v4 client for posts, files, channels, typing indicators - WebSocket listener for real-time 'posted' events with reconnect backoff - Thread support via root_id - File upload/download with auth-aware caching - Dedup cache (5min TTL, 2000 entries) - Full self-hosted instance support Matrix adapter: - matrix-nio AsyncClient with sync loop - Dual auth: access token or user_id + password - Optional E2EE via matrix-nio[e2e] (libolm) - Thread support via m.thread (MSC3440) - Reply support via m.in_reply_to with fallback stripping - Media upload/download via mxc:// URLs (authenticated v1.11+ endpoint) - Auto-join on room invite - DM detection via m.direct account data with sync fallback - Markdown to HTML conversion Fixes applied over original PR #1225 by @cyb0rgk1tty: - Mattermost: add timeout to file downloads, wrap API helpers in try/except for network errors, download incoming files immediately with auth headers instead of passing auth-required URLs - Matrix: use authenticated media endpoint (/_matrix/client/v1/media/), robust m.direct cache with sync fallback, prefer aiohttp over httpx Install Matrix support: pip install 'hermes-agent[matrix]' Mattermost needs no extra deps (uses aiohttp). Salvaged from PR #1225 by @cyb0rgk1tty with fixes.
2026-03-17 02:59:36 -07:00
if html.count("<p>") == 1:
html = html.replace("<p>", "").replace("</p>", "")
return html
except ImportError:
pass
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
return self._markdown_to_html_fallback(text)
# ------------------------------------------------------------------
# Regex-based Markdown -> HTML (no extra dependencies)
# ------------------------------------------------------------------
@staticmethod
def _sanitize_link_url(url: str) -> str:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
"""Sanitize a URL for use in an href attribute."""
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
stripped = url.strip()
scheme = stripped.split(":", 1)[0].lower().strip() if ":" in stripped else ""
if scheme in ("javascript", "data", "vbscript"):
return ""
return stripped.replace('"', "&quot;")
@staticmethod
def _markdown_to_html_fallback(text: str) -> str:
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
"""Comprehensive regex Markdown-to-HTML for Matrix."""
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
placeholders: list = []
def _protect_html(html_fragment: str) -> str:
idx = len(placeholders)
placeholders.append(html_fragment)
return f"\x00PROTECTED{idx}\x00"
# Fenced code blocks: ```lang\n...\n```
result = re.sub(
r"```(\w*)\n(.*?)```",
lambda m: _protect_html(
f'<pre><code class="language-{_html_escape(m.group(1))}">'
f"{_html_escape(m.group(2))}</code></pre>"
if m.group(1)
else f"<pre><code>{_html_escape(m.group(2))}</code></pre>"
),
text,
flags=re.DOTALL,
)
# Inline code: `code`
result = re.sub(
r"`([^`\n]+)`",
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
lambda m: _protect_html(f"<code>{_html_escape(m.group(1))}</code>"),
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
result,
)
# Extract and protect markdown links before escaping.
result = re.sub(
r"\[([^\]]+)\]\(([^)]+)\)",
lambda m: _protect_html(
'<a href="{}">{}</a>'.format(
MatrixAdapter._sanitize_link_url(m.group(2)),
_html_escape(m.group(1)),
)
),
result,
)
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# HTML-escape remaining text.
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
parts = re.split(r"(\x00PROTECTED\d+\x00)", result)
for idx, part in enumerate(parts):
if not part.startswith("\x00PROTECTED"):
parts[idx] = _html_escape(part)
result = "".join(parts)
# Block-level transforms (line-oriented).
lines = result.split("\n")
out_lines: list = []
i = 0
while i < len(lines):
line = lines[i]
# Horizontal rule
if re.match(r"^[\s]*([-*_])\s*\1\s*\1[\s\-*_]*$", line):
out_lines.append("<hr>")
i += 1
continue
# Headers
hdr = re.match(r"^(#{1,6})\s+(.+)$", line)
if hdr:
level = len(hdr.group(1))
out_lines.append(f"<h{level}>{hdr.group(2).strip()}</h{level}>")
i += 1
continue
refactor(matrix): rewrite adapter from matrix-nio to mautrix-python Translate all nio SDK calls to mautrix equivalents while preserving the adapter structure, business logic, and all features (E2EE, reactions, threading, mention gating, text batching, media caching, voice MSC3245). Key changes: - nio.AsyncClient -> mautrix.client.Client + HTTPAPI + MemoryStateStore - Manual E2EE key management -> OlmMachine with auto key lifecycle - isinstance(resp, nio.XxxResponse) -> mautrix returns values directly - add_event_callback per type -> single ROOM_MESSAGE handler with msgtype dispatch - Room state (member_count, display_name) via async state store lookups - Upload/download return ContentURI/bytes directly (no wrapper objects)
2026-04-11 06:51:43 +05:30
# Blockquote
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
if (
line.startswith("&gt; ")
or line == "&gt;"
or line.startswith("> ")
or line == ">"
):
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
bq_lines = []
while i < len(lines) and (
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
lines[i].startswith("&gt; ")
or lines[i] == "&gt;"
or lines[i].startswith("> ")
or lines[i] == ">"
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
):
ln = lines[i]
if ln.startswith("&gt; "):
bq_lines.append(ln[5:])
elif ln.startswith("> "):
bq_lines.append(ln[2:])
else:
bq_lines.append("")
i += 1
out_lines.append(f"<blockquote>{'<br>'.join(bq_lines)}</blockquote>")
continue
# Unordered list
ul_match = re.match(r"^[\s]*[-*+]\s+(.+)$", line)
if ul_match:
items = []
while i < len(lines) and re.match(r"^[\s]*[-*+]\s+(.+)$", lines[i]):
items.append(re.match(r"^[\s]*[-*+]\s+(.+)$", lines[i]).group(1))
i += 1
li = "".join(f"<li>{item}</li>" for item in items)
out_lines.append(f"<ul>{li}</ul>")
continue
# Ordered list
ol_match = re.match(r"^[\s]*\d+[.)]\s+(.+)$", line)
if ol_match:
items = []
while i < len(lines) and re.match(r"^[\s]*\d+[.)]\s+(.+)$", lines[i]):
items.append(re.match(r"^[\s]*\d+[.)]\s+(.+)$", lines[i]).group(1))
i += 1
li = "".join(f"<li>{item}</li>" for item in items)
out_lines.append(f"<ol>{li}</ol>")
continue
out_lines.append(line)
i += 1
result = "\n".join(out_lines)
# Inline transforms.
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
result = re.sub(
r"\*\*(.+?)\*\*", r"<strong>\1</strong>", result, flags=re.DOTALL
)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
result = re.sub(r"__(.+?)__", r"<strong>\1</strong>", result, flags=re.DOTALL)
result = re.sub(r"\*(.+?)\*", r"<em>\1</em>", result, flags=re.DOTALL)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
result = re.sub(
r"(?<!\w)_(.+?)_(?!\w)", r"<em>\1</em>", result, flags=re.DOTALL
)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
result = re.sub(r"~~(.+?)~~", r"<del>\1</del>", result, flags=re.DOTALL)
result = re.sub(r"\n", "<br>\n", result)
fix(matrix): E2EE and migration bugfixes (#10860) * - make buffered streaming - fix path naming to expand `~` for agent. - fix stripping of matrix ID to not remove other mentions / localports. * fix(matrix): register MembershipEventDispatcher for invite auto-join The mautrix migration (#7518) broke auto-join because InternalEventType.INVITE events are only dispatched when MembershipEventDispatcher is registered on the client. Without it, _on_invite is dead code and the bot silently ignores all room invites. Closes #10094 Closes #10725 Refs: PR #10135 (digging-airfare-4u), PR #10732 (fxfitz) * fix(matrix): preserve _joined_rooms reference for CryptoStateStore connect() reassigned self._joined_rooms = set(...) after initial sync, orphaning the reference captured by _CryptoStateStore at init time. find_shared_rooms() returned [] forever, breaking Megolm session rotation on membership changes. Mutate in place with clear() + update() so the CryptoStateStore reference stays valid. Refs #8174, PR #8215 * fix(matrix): remove dual ROOM_ENCRYPTED handler to fix dedup race mautrix auto-registers DecryptionDispatcher when client.crypto is set. The adapter also registered _on_encrypted_event for the same event type. _on_encrypted_event had zero awaits and won the race to mark event IDs in the dedup set, causing _on_room_message to drop successfully decrypted events from DecryptionDispatcher. The retry loop masked this by re-decrypting every message ~4 seconds later. Remove _on_encrypted_event entirely. DecryptionDispatcher handles decryption; genuinely undecryptable events are logged by mautrix and retried on next key exchange. Refs #8174, PR #8215 * fix(matrix): re-verify device keys after share_keys() upload Matrix homeservers treat ed25519 identity keys as immutable per device. share_keys() can return 200 but silently ignore new keys if the device already exists with different identity keys. The bot would proceed with shared=True while peers encrypt to the old (unreachable) keys. Now re-queries the server after share_keys() and fails closed if keys don't match, with an actionable error message. Refs #8174, PR #8215 * fix(matrix): encrypt outbound attachments in E2EE rooms _upload_and_send() uploaded raw bytes and used the 'url' key for all rooms. In E2EE rooms, media must be encrypted client-side with encrypt_attachment(), the ciphertext uploaded, and the 'file' key (with key/iv/hashes) used instead of 'url'. Now detects encrypted rooms via state_store.is_encrypted() and branches to the encrypted upload path. Refs: PR #9822 (charles-brooks) * fix(matrix): add stop_typing to clear typing indicator after response The adapter set a 30-second typing timeout but never cleared it. The base class stop_typing() is a no-op, so the typing indicator lingered for up to 30 seconds after each response. Closes #6016 Refs: PR #6020 (r266-tech) * fix(matrix): cache all media types locally, not just photos/voice should_cache_locally only covered PHOTO, VOICE, and encrypted media. Unencrypted audio/video/documents in plaintext rooms were passed as MXC URLs that require authentication the agent doesn't have, resulting in 401 errors. Refs #3487, #3806 * fix(matrix): detect stale OTK conflict on startup and fail closed When crypto state is wiped but the same device ID is reused, the homeserver may still hold one-time keys signed with the previous identity key. Identity key re-upload succeeds but OTK uploads fail with "already exists" and a signature mismatch. Peers cannot establish new Olm sessions, so all new messages are undecryptable. Now proactively flushes OTKs via share_keys() during connect() and catches the "already exists" error with an actionable log message telling the operator to purge the device from the homeserver or generate a fresh device ID. Also documents the crypto store recovery procedure in the Matrix setup guide. Refs #8174 * docs(matrix): improve crypto recovery docs per review - Put easy path (fresh access token) first, manual purge second - URL-encode user ID in Synapse admin API example - Note that device deletion may invalidate the access token - Add "stop Synapse first" caveat for direct SQLite approach - Mention the fail-closed startup detection behavior - Add back-reference from upgrade section to OTK warning * refactor(matrix): cleanup from code review - Extract _extract_server_ed25519() and _reverify_keys_after_upload() to deduplicate the re-verification block (was copy-pasted in two places, three copies of ed25519 key extraction total) - Remove dead code: _pending_megolm, _retry_pending_decryptions, _MAX_PENDING_EVENTS, _PENDING_EVENT_TTL — all orphaned after removing _on_encrypted_event - Remove tautological TestMediaCacheGate (tested its own predicate, not production code) - Remove dead TestMatrixMegolmEventHandling and TestMatrixRetryPendingDecryptions (tested removed methods) - Merge duplicate TestMatrixStopTyping into TestMatrixTypingIndicator - Trim comment to just the "why"
2026-04-16 15:33:02 -07:00
result = re.sub(
r"<br>\n(</?(?:pre|blockquote|h[1-6]|ul|ol|li|hr))", r"\n\1", result
)
feat(matrix): Tier 1 enhancement — reactions, read receipts, rich formatting, room management Cherry-picked from PR #4338 by nepenth, resolved against current main. Adds: - Processing lifecycle reactions (eyes/checkmark/cross) via MATRIX_REACTIONS env - Reaction send/receive with ReactionEvent + UnknownEvent fallback for older nio - Fire-and-forget read receipts on text and media messages - Message redaction, room history fetch, room creation, user invite - Presence status control (online/offline/unavailable) - Emote (/me) and notice message types with HTML rendering - XSS-hardened markdown-to-HTML converter (strips raw HTML preprocessor, sanitizes link URLs against javascript:/data:/vbscript: schemes) - Comprehensive regex fallback with full block/inline markdown support - Markdown>=3.6 added to [matrix] extras in pyproject.toml - 46 new tests covering all features and security hardening
2026-04-05 11:19:27 -07:00
result = re.sub(r"(</(?:pre|blockquote|h[1-6]|ul|ol|li)>)<br>", r"\1", result)
# Restore protected regions.
for idx, original in enumerate(placeholders):
result = result.replace(f"\x00PROTECTED{idx}\x00", original)
return result
Reference in New Issue Copy Permalink