No description
  • Python 99.6%
  • Shell 0.4%
Find a file
Jeremiah K d42cf9e752
Some checks failed
Docker Integration / docker-integration (push) Failing after 2m22s
Tests and Coverage / test (3.11) (push) Failing after 7s
Tests and Coverage / test (3.12) (push) Failing after 7s
Tests and Coverage / test (3.13) (push) Failing after 7s
Tests and Coverage / test (3.14) (push) Failing after 7s
Repair Matrix E2EE sync key management (#48)
* feat: add Matrix E2EE key management to sync loop, E2EE diagnostics, operator runbook, and Docker encrypted room smoke tests

Root cause: manual sync loop omitted keys_upload/query/claim/send_to_device
operations that nio sync_forever performs. Without device key upload, key
query, one-time key claim, and to-device message handling, Megolm room keys
were never received and all encrypted events arrived undecryptable.

- Add keys_upload/query/claim/send_to_device after each sync iteration
- Add full_state=True on initial sync so nio learns encrypted room state
- Add active key request on live undecryptable MegolmEvent (async)
- Harden E2EE diagnostics: 7 new fields (olm_loaded, store_loaded,
  device_keys_uploaded, key_query_needed, device_id_in_use,
  store_path_exists, initial_sync_completed)
- Fix crypto_store_loaded: was always True, now checks actual Olm/store
- Gate client attribute checks behind _crypto_enabled for plaintext mode
- Verify client.olm/store after restore_login, disable crypto if None
- Update adapter.py diagnostics wiring for all new fields
- Expand matrix-alpha-operation.md with encrypted room troubleshooting
  runbook (7-step procedure) and E2EE key chain debugging
- Add diagnostics fields to contract 29
- Add Docker Synapse E2EE smoke test harness with encrypted room fixture,
  device_id capture, and 3 gated tests (encrypted room creation,
  message decryption, diagnostics verification)

* fix: move initial_sync_done after successful response, correct E2EE helper docstring

Oracle review nits:
- _initial_sync_done now set only after successful sync response with
  next_batch, so a failed first sync retries with full_state=True.
- send_encrypted_message_as_test_user docstring corrected: clarifies
  it sends plaintext (does NOT exercise Megolm decryption).

* chore: fix duplicate section 13 numbering in matrix-alpha-operation.md

Renumber 'E2EE Text Alpha' from ## 13 to ## 15 (and subsections
13.x to 15.x) so top-level sections are monotonic after ## 14.

* feat(matrix): implement E2EE key management in sync loop and add integration tests

Integrate end-to-end encryption (E2EE) lifecycle management into the
Matrix sync loop and expand the test suite to support genuine
client-side Megolm encryption validation.

Key changes:
- Implement automated key management (upload, query, claim, and
  device message processing) within the `MatrixSession` sync loop.
- Ensure initial sync uses `full_state=True` to correctly discover
  encrypted room states.
- Add `E2EETestEnvironment` to `conftest.py` to manage a secondary
  `nio.AsyncClient` for simulating real encrypted message traffic.
- Introduce `send_client_side_encrypted_message` helper for
  integration testing.
- Add smoke tests in `test_synapse_e2ee_smoke.py` to verify the
  full decryption pipeline against a Docker Synapse instance.
- Add unit tests for `MatrixSession` to verify `full_state` retry
  semantics and sync loop robustness.
- Update diagnostics contracts and operational runbooks to reflect
  new E2EE state fields and troubleshooting steps.

* refactor(matrix): refine E2EE integration and test stability

Improve the robustness of the E2EE lifecycle within the Matrix adapter
and enhance the reliability of integration tests.

Key changes:
- Refine `MatrixSession` key request error handling with debug logging.
- Enhance `E2EETestEnvironment` to include key claiming and to-device
  message processing to better simulate real client behavior.
- Replace fixed sleeps in `test_synapse_e2ee_smoke.py` with diagnostic-
  driven polling for improved test speed and reliability.
- Update documentation and installation instructions to use the
  `[matrix-e2e]` extra.
- Adjust resource containment tests to allow legitimate E2EE diagnostic
  fields.
- Fix minor docstring inaccuracies and section references in runbooks.

* test(integration): update synapse e2ee test room visibility

Change the test room preset from `private_chat` to `public_chat` in the
`synapse_e2ee_env` fixture to ensure consistent behavior during
integration testing.

* docs: update matrix E2EE validation evidence and harden session security

Update documentation to reflect successful Docker Synapse E2EE integration
tests and implement security/stability improvements in the Matrix adapter.

- docs: record 3/3 pass for Docker Synapse E2EE harness in STATUS.md,
  maturity contracts, and operational runbooks.
- src: implement fail-closed logic in MatrixSession when `e2ee_required`
  is set but crypto subsystems fail to load.
- src: prevent leaking raw Megolm session IDs in logs by using SHA-256
  truncated tags.
- test: add unit tests for E2EE fail-closed behavior and optional
  fallback logic.
- test: improve exception safety and teardown robustness in
  `test_synapse_e2ee_smoke.py`.

* fix(matrix): disambiguate E2EE initialization failures

Improve error granularity during session startup by distinguishing between
Olm subsystem failures and crypto store loading issues. Also updates
logging to use session tags and refines test/documentation coverage.

- src: implement specific error messages for Olm vs store failures
- src: replace raw Megolm session IDs with session tags in debug logs
- test: update E2EE fail-closed test assertions to match new error strings
- docs: update live test harness notes with recent Synapse E2EE results
2026-05-25 20:54:01 -05:00
.github/workflows Clarify live evidence boundaries and test gating (#47) 2026-05-25 17:48:38 -05:00
.trunk test(matrix): expand test coverage for adapter, storage, and evidence (#17) 2026-05-21 09:25:11 -05:00
docs Repair Matrix E2EE sync key management (#48) 2026-05-25 20:54:01 -05:00
examples Clean prerelease internals and harden Matrix/Meshtastic delivery behavior (#40) 2026-05-24 14:11:29 -05:00
scripts docs: update architecture documentation and contract specifications 2026-05-18 09:59:50 -05:00
src/medre Repair Matrix E2EE sync key management (#48) 2026-05-25 20:54:01 -05:00
tests Repair Matrix E2EE sync key management (#48) 2026-05-25 20:54:01 -05:00
.bandit.yaml chore(security): consolidate bandit configuration 2026-05-18 10:35:18 -05:00
.coderabbit.yml test(matrix): expand test coverage for adapter, storage, and evidence (#17) 2026-05-21 09:25:11 -05:00
.coveragerc Move CapacityController and sanitization helpers to core modules (#14) 2026-05-20 07:21:17 -05:00
.gitignore Add native reply and reaction support for Meshtastic and Matrix (#10) 2026-05-19 13:32:01 -05:00
codecov.yml Clean prerelease internals and harden Matrix/Meshtastic delivery behavior (#40) 2026-05-24 14:11:29 -05:00
docker-compose.integration.yaml chore(deps): update matrixdotorg/synapse docker tag to v1.153.0 (#13) 2026-05-20 04:26:22 +00:00
LICENSE chore(governance): finalize license transition to GPL-3.0-or-later and close beta scope 2026-05-12 15:26:39 -05:00
pyproject.toml Clarify live evidence boundaries and test gating (#47) 2026-05-25 17:48:38 -05:00
README.md Clean prerelease internals and harden Matrix/Meshtastic delivery behavior (#40) 2026-05-24 14:11:29 -05:00
renovate.json build(ci): enhance testing infrastructure and dependency management 2026-05-17 14:35:47 -05:00

MEDRE — Modular Event-driven Routing Engine

Pre-release. No stable public API. Not production-ready. Everything is subject to change without notice.

Routes events between transport adapters (Matrix, Meshtastic, MeshCore, LXMF) through a codec → renderer → session pipeline with an optional config-file-first runtime.