Prototype Matrix E2EE gates#177
Closed
bglusman wants to merge 0 commit into
Closed
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds an experimental, compile-time-gated Matrix E2EE “safety gate + SDK feasibility probe” to prevent encrypted-room configs from silently running the plaintext Matrix HTTP adapter, while documenting current limitations and next steps.
Changes:
- Adds
matrix_e2eeconfig mode(s) plus prototype store-path fields, and validates them (including failing closed forrequire/experimental-sdk). - Introduces a
channel-matrix-e2eefeature that pulls inmatrix-sdkv0.17 and a small builder probe module. - Updates Matrix channel docs and adds an ADR capturing the current investigation status and follow-up plan.
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/channels/matrix.md | Documents the new matrix_e2ee policy gate and prototype config fields. |
| docs/adr/0003-matrix-e2ee-prototype.md | Adds ADR notes describing feasibility, decision, and follow-up work for SDK-based E2EE. |
| crates/calciforge/src/config/validator.rs | Adds Matrix channel validation, including matrix_e2ee mode-specific checks and tests. |
| crates/calciforge/src/config.rs | Adds MatrixE2eeMode plus new Matrix E2EE-related config fields and parsing tests. |
| crates/calciforge/src/channels/mod.rs | Gated export of the experimental matrix_e2ee module. |
| crates/calciforge/src/channels/matrix.rs | Adds startup gating logic that fails closed for E2EE-required modes. |
| crates/calciforge/src/channels/matrix_e2ee.rs | Adds an SDK client builder probe and a basic test (feature-gated). |
| crates/calciforge/Cargo.toml | Adds channel-matrix-e2ee feature and updates optional matrix-sdk to 0.17 with E2EE+SQLite features. |
| Cargo.lock | Lockfile updates for the matrix-sdk 0.17 dependency graph and related transitive upgrades. |
| } | ||
| if channel.enabled && channel.allowed_users.is_empty() { | ||
| result.add_error( | ||
| "Matrix channel requires at least one allowed_user when enabled" |
| "Matrix channel sets matrix_e2ee_store_path, but matrix_e2ee is not experimental-sdk; the store path will be ignored" | ||
| .to_string(), | ||
| ); | ||
| } |
Comment on lines
+401
to
+403
| /// `warn` to keep today's behavior, `require` to fail closed when the | ||
| /// configured room is not encrypted, or `experimental-sdk` only on builds | ||
| /// compiled with `channel-matrix-e2ee`. |
Comment on lines
657
to
658
| let is_encrypted = | ||
| check_room_encryption(&homeserver, &room_id_str, &http, &auth_header).await; |
| use matrix_sdk::Client; | ||
|
|
||
| // Kept compile-gated until the Matrix channel loop is SDK-backed. | ||
| #[allow(dead_code)] |
|
|
||
| # ADR 0003: Matrix E2EE Prototype | ||
|
|
||
| Status: Experimental branch note |
bglusman
force-pushed
the
exp/matrix-e2ee-prototype-codex
branch
from
c63a013 to
fa430a1
Compare
Comment on lines
+13
to
+18
| > **End-to-end encryption requires the SDK runtime.** The default `warn`/`off` | ||
| > modes use the raw HTTP adapter, which receives plaintext `m.text` events and | ||
| > sends plaintext replies plus native media events for artifacts. Rooms where | ||
| > E2EE is required must use `matrix_e2ee = "require"` or | ||
| > `"experimental-sdk"` in a build compiled with `--features channel-matrix-e2ee` | ||
| > and a persistent SDK crypto store. |
Comment on lines
+280
to
+286
| "Matrix channel sets matrix_e2ee_store_path, but matrix_e2ee is not experimental-sdk; the store path will be ignored" | ||
| .to_string(), | ||
| ); | ||
| } | ||
| if channel.matrix_e2ee_store_passphrase_file.is_some() { | ||
| result.add_warning( | ||
| "Matrix channel sets matrix_e2ee_store_passphrase_file, but matrix_e2ee is not experimental-sdk; the passphrase file will be ignored" |
bglusman
force-pushed
the
exp/matrix-e2ee-prototype-codex
branch
from
8d7a443 to
80e3f7b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Experimental Matrix E2EE investigation branch. This does not claim encrypted Matrix chat works yet.
0.17and gates it behindchannel-matrix-e2ee.matrix_e2eechannel policy config plus store-path fields for the SDK prototype.matrix_e2ee = "require"/"experimental-sdk"instead of silently using the raw HTTP plaintext runtime.Verification
cargo test -p calciforge matrix -- --nocapturecargo test -p calciforge --features channel-matrix-e2ee matrix_e2ee -- --nocapturecargo clippy -p calciforge --features channel-matrix-e2ee --all-targets -- -D warningsruby scripts/check-docs-site.rbNotes
This is intentionally draft-only. The next real implementation slice is replacing the raw Matrix
/syncloop withmatrix-sdkwhile preserving Calciforge identity/routing/commands/artifacts.