Compare commits

..

2 Commits

Author SHA1 Message Date
Hermes Agent
de7253dcdf fix: use consistent fallback for pickle_key derivation
Address review: _pickle_key now uses _acct_id (which has the 'hermes'
fallback) instead of raw self._user_id, so both values stay consistent
when user_id is empty.
2026-04-11 17:26:17 +00:00
Hermes Agent
050f496816 fix(matrix): pass required args to MemoryCryptoStore for mautrix ≥0.21
MemoryCryptoStore.__init__() now requires account_id and pickle_key
positional arguments as of mautrix 0.21. The migration from matrix-nio
(commit 1850747) didn't account for this, causing E2EE initialization
to fail with:

  MemoryCryptoStore.__init__() missing 2 required positional arguments:
  'account_id' and 'pickle_key'

Pass self._user_id as account_id and derive pickle_key from the same
user_id:device_id pair already used for the on-disk HMAC signature.

Update the test stub to accept the new parameters.

Fixes #7803
2026-04-11 17:03:38 +00:00
3 changed files with 13 additions and 39 deletions

View File

@@ -352,7 +352,16 @@ class MatrixAdapter(BasePlatformAdapter):
from mautrix.crypto import OlmMachine
from mautrix.crypto.store import MemoryCryptoStore
crypto_store = MemoryCryptoStore()
# account_id and pickle_key are required by mautrix ≥0.21.
# Use the Matrix user ID as account_id for stable identity.
# pickle_key secures in-memory serialisation; derive from
# the same user_id:device_id pair used for the on-disk HMAC.
_acct_id = self._user_id or "hermes"
_pickle_key = f"{_acct_id}:{self._device_id}"
crypto_store = MemoryCryptoStore(
account_id=_acct_id,
pickle_key=_pickle_key,
)
# Restore persisted crypto state from a previous run.
# Uses HMAC to verify integrity before unpickling.

View File

@@ -1161,16 +1161,6 @@ class Migrator:
raw_key = provider_cfg.get("apiKey")
api_key = resolve_secret_input(raw_key, openclaw_env)
if not api_key:
# Warn if a SecretRef with file/exec source was silently unresolvable
if isinstance(raw_key, dict) and raw_key.get("source") in ("file", "exec"):
self.record(
"provider-keys",
self.source_root / "openclaw.json",
None,
"skipped",
f"Provider '{provider_name}' uses a {raw_key['source']}-backed SecretRef "
f"that cannot be auto-migrated. Add this key to ~/.hermes/.env manually.",
)
continue
base_url = provider_cfg.get("baseUrl", "")
@@ -2505,33 +2495,6 @@ class Migrator:
elif has_cron_store_archive:
notes.append("- Run `hermes cron` to recreate scheduled tasks (see archived cron-store)")
# Check if skills were imported
has_skills = any(i.kind == "skills" and i.status == "migrated" for i in self.items)
if has_skills:
notes.extend([
"",
"## Imported Skills",
"",
"Imported skills require a new session to take effect. After migration,",
"restart your agent or start a new chat session, then run `/skills`",
"to verify they loaded correctly.",
"",
])
# Check if WhatsApp was detected
has_whatsapp = any(i.kind == "whatsapp-settings" and i.status == "migrated" for i in self.items)
if has_whatsapp:
notes.extend([
"",
"## WhatsApp Requires Re-Pairing",
"",
"WhatsApp uses QR-code pairing, not token-based auth. Your allowlist",
"was migrated, but you must re-pair the device by running:",
"",
" hermes whatsapp",
"",
])
notes.extend([
"- Run `hermes gateway install` if you need the gateway service",
"- Review `~/.hermes/config.yaml` for any adjustments",

View File

@@ -157,7 +157,9 @@ def _make_fake_mautrix():
mautrix_crypto_store = types.ModuleType("mautrix.crypto.store")
class MemoryCryptoStore:
pass
def __init__(self, account_id="", pickle_key=""):
self.account_id = account_id
self.pickle_key = pickle_key
mautrix_crypto_store.MemoryCryptoStore = MemoryCryptoStore