npm - @archipelagolab/lobi - Versions diffs - 1.0.0 - Mend

@archipelagolab/lobi 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (315) hide show

package/CHANGELOG.md +164 -0
package/ENDOFFILE +0 -0
package/EOF +0 -0
package/LICENSE +21 -0
package/SPEC-SUPPORT.md +116 -0
package/YAMLEND +0 -0
package/api.ts +18 -0
package/archipelagolab-lobi-1.0.0.tgz +0 -0
package/auth-presence.ts +56 -0
package/channel-plugin-api.ts +3 -0
package/cli-metadata.ts +11 -0
package/contract-api.ts +17 -0
package/docs/CHECKLIST.md +83 -0
package/docs/FORK_SDK_GUIDE.md +279 -0
package/helper-api.ts +3 -0
package/index.test.ts +61 -0
package/index.ts +65 -0
package/openclaw.plugin.json +23 -0
package/package.json +52 -0
package/plugin-entry.handlers.runtime.ts +1 -0
package/runtime-api.ts +54 -0
package/runtime-heavy-api.ts +1 -0
package/scripts/migrate-to-lobi.sh +72 -0
package/secret-contract-api.ts +5 -0
package/setup-entry.ts +13 -0
package/src/account-selection.test.ts +124 -0
package/src/account-selection.ts +226 -0
package/src/actions.account-propagation.test.ts +251 -0
package/src/actions.test.ts +251 -0
package/src/actions.ts +336 -0
package/src/approval-auth.test.ts +23 -0
package/src/approval-auth.ts +25 -0
package/src/approval-handler.runtime.test.ts +46 -0
package/src/approval-handler.runtime.ts +400 -0
package/src/approval-ids.ts +6 -0
package/src/approval-native.test.ts +329 -0
package/src/approval-native.ts +336 -0
package/src/approval-reactions.test.ts +107 -0
package/src/approval-reactions.ts +158 -0
package/src/auth-precedence.ts +61 -0
package/src/channel-account-paths.ts +92 -0
package/src/channel.account-paths.test.ts +102 -0
package/src/channel.directory.test.ts +601 -0
package/src/channel.resolve.test.ts +38 -0
package/src/channel.runtime.ts +16 -0
package/src/channel.setup.test.ts +269 -0
package/src/channel.ts +570 -0
package/src/cli-metadata.ts +19 -0
package/src/cli.test.ts +1015 -0
package/src/cli.ts +1198 -0
package/src/config-adapter.ts +41 -0
package/src/config-schema.test.ts +90 -0
package/src/config-schema.ts +114 -0
package/src/directory-live.test.ts +200 -0
package/src/directory-live.ts +238 -0
package/src/doctor-contract.ts +287 -0
package/src/doctor.test.ts +440 -0
package/src/doctor.ts +262 -0
package/src/env-vars.ts +92 -0
package/src/exec-approval-resolver.test.ts +68 -0
package/src/exec-approval-resolver.ts +23 -0
package/src/exec-approvals.test.ts +483 -0
package/src/exec-approvals.ts +290 -0
package/src/group-mentions.ts +41 -0
package/src/legacy-crypto-inspector-availability.test.ts +81 -0
package/src/legacy-crypto-inspector-availability.ts +60 -0
package/src/legacy-crypto.test.ts +234 -0
package/src/legacy-crypto.ts +549 -0
package/src/legacy-state.test.ts +86 -0
package/src/legacy-state.ts +156 -0
package/src/matrix/account-config.ts +150 -0
package/src/matrix/accounts.readiness.test.ts +27 -0
package/src/matrix/accounts.test.ts +757 -0
package/src/matrix/accounts.ts +194 -0
package/src/matrix/actions/client.test.ts +215 -0
package/src/matrix/actions/client.ts +31 -0
package/src/matrix/actions/devices.test.ts +114 -0
package/src/matrix/actions/devices.ts +34 -0
package/src/matrix/actions/limits.test.ts +15 -0
package/src/matrix/actions/limits.ts +6 -0
package/src/matrix/actions/messages.test.ts +289 -0
package/src/matrix/actions/messages.ts +123 -0
package/src/matrix/actions/pins.test.ts +74 -0
package/src/matrix/actions/pins.ts +64 -0
package/src/matrix/actions/polls.test.ts +71 -0
package/src/matrix/actions/polls.ts +109 -0
package/src/matrix/actions/profile.test.ts +109 -0
package/src/matrix/actions/profile.ts +37 -0
package/src/matrix/actions/reactions.test.ts +135 -0
package/src/matrix/actions/reactions.ts +59 -0
package/src/matrix/actions/room.test.ts +79 -0
package/src/matrix/actions/room.ts +71 -0
package/src/matrix/actions/summary.test.ts +87 -0
package/src/matrix/actions/summary.ts +88 -0
package/src/matrix/actions/types.ts +82 -0
package/src/matrix/actions/verification.test.ts +105 -0
package/src/matrix/actions/verification.ts +237 -0
package/src/matrix/actions.ts +37 -0
package/src/matrix/active-client.ts +26 -0
package/src/matrix/async-lock.ts +18 -0
package/src/matrix/backup-health.ts +115 -0
package/src/matrix/client/config-runtime-api.ts +14 -0
package/src/matrix/client/config-secret-input.runtime.ts +1 -0
package/src/matrix/client/config.ts +982 -0
package/src/matrix/client/create-client.test.ts +115 -0
package/src/matrix/client/create-client.ts +101 -0
package/src/matrix/client/env-auth.ts +6 -0
package/src/matrix/client/file-sync-store.test.ts +265 -0
package/src/matrix/client/file-sync-store.ts +289 -0
package/src/matrix/client/logging.ts +123 -0
package/src/matrix/client/migration-snapshot.runtime.ts +1 -0
package/src/matrix/client/private-network-host.ts +56 -0
package/src/matrix/client/runtime.ts +4 -0
package/src/matrix/client/shared.test.ts +344 -0
package/src/matrix/client/shared.ts +306 -0
package/src/matrix/client/storage.test.ts +634 -0
package/src/matrix/client/storage.ts +544 -0
package/src/matrix/client/types.ts +50 -0
package/src/matrix/client-bootstrap.test.ts +84 -0
package/src/matrix/client-bootstrap.ts +164 -0
package/src/matrix/client-resolver.test-helpers.ts +147 -0
package/src/matrix/client.test.ts +1521 -0
package/src/matrix/client.ts +23 -0
package/src/matrix/config-paths.ts +31 -0
package/src/matrix/config-update.test.ts +237 -0
package/src/matrix/config-update.ts +291 -0
package/src/matrix/credentials-read.ts +206 -0
package/src/matrix/credentials-write.runtime.ts +26 -0
package/src/matrix/credentials.test.ts +501 -0
package/src/matrix/credentials.ts +95 -0
package/src/matrix/deps.test.ts +74 -0
package/src/matrix/deps.ts +225 -0
package/src/matrix/device-health.test.ts +45 -0
package/src/matrix/device-health.ts +31 -0
package/src/matrix/direct-management.test.ts +350 -0
package/src/matrix/direct-management.ts +347 -0
package/src/matrix/direct-room.test.ts +61 -0
package/src/matrix/direct-room.ts +128 -0
package/src/matrix/draft-stream.test.ts +406 -0
package/src/matrix/draft-stream.ts +216 -0
package/src/matrix/encryption-guidance.ts +27 -0
package/src/matrix/errors.ts +21 -0
package/src/matrix/format.test.ts +340 -0
package/src/matrix/format.ts +428 -0
package/src/matrix/legacy-crypto-inspector.ts +95 -0
package/src/matrix/media-errors.ts +20 -0
package/src/matrix/media-text.ts +169 -0
package/src/matrix/monitor/access-state.test.ts +45 -0
package/src/matrix/monitor/access-state.ts +77 -0
package/src/matrix/monitor/ack-config.test.ts +57 -0
package/src/matrix/monitor/ack-config.ts +26 -0
package/src/matrix/monitor/allowlist.test.ts +45 -0
package/src/matrix/monitor/allowlist.ts +94 -0
package/src/matrix/monitor/auto-join.test.ts +203 -0
package/src/matrix/monitor/auto-join.ts +86 -0
package/src/matrix/monitor/config.test.ts +197 -0
package/src/matrix/monitor/config.ts +303 -0
package/src/matrix/monitor/context-summary.ts +43 -0
package/src/matrix/monitor/direct.test.ts +529 -0
package/src/matrix/monitor/direct.ts +270 -0
package/src/matrix/monitor/events.test.ts +1524 -0
package/src/matrix/monitor/events.ts +213 -0
package/src/matrix/monitor/handler.body-for-agent.test.ts +396 -0
package/src/matrix/monitor/handler.group-history.test.ts +648 -0
package/src/matrix/monitor/handler.media-failure.test.ts +267 -0
package/src/matrix/monitor/handler.test-helpers.ts +308 -0
package/src/matrix/monitor/handler.test.ts +2952 -0
package/src/matrix/monitor/handler.thread-root-media.test.ts +82 -0
package/src/matrix/monitor/handler.ts +1679 -0
package/src/matrix/monitor/inbound-dedupe.test.ts +146 -0
package/src/matrix/monitor/inbound-dedupe.ts +267 -0
package/src/matrix/monitor/index.test.ts +920 -0
package/src/matrix/monitor/index.ts +434 -0
package/src/matrix/monitor/legacy-crypto-restore.test.ts +206 -0
package/src/matrix/monitor/legacy-crypto-restore.ts +139 -0
package/src/matrix/monitor/location.ts +100 -0
package/src/matrix/monitor/media.test.ts +159 -0
package/src/matrix/monitor/media.ts +119 -0
package/src/matrix/monitor/mentions.test.ts +289 -0
package/src/matrix/monitor/mentions.ts +177 -0
package/src/matrix/monitor/reaction-events.test.ts +326 -0
package/src/matrix/monitor/reaction-events.ts +187 -0
package/src/matrix/monitor/recent-invite.test.ts +92 -0
package/src/matrix/monitor/recent-invite.ts +30 -0
package/src/matrix/monitor/replies.test.ts +265 -0
package/src/matrix/monitor/replies.ts +136 -0
package/src/matrix/monitor/reply-context.test.ts +276 -0
package/src/matrix/monitor/reply-context.ts +92 -0
package/src/matrix/monitor/room-history.test.ts +258 -0
package/src/matrix/monitor/room-history.ts +301 -0
package/src/matrix/monitor/room-info.test.ts +201 -0
package/src/matrix/monitor/room-info.ts +126 -0
package/src/matrix/monitor/rooms.test.ts +121 -0
package/src/matrix/monitor/rooms.ts +52 -0
package/src/matrix/monitor/route.test.ts +255 -0
package/src/matrix/monitor/route.ts +178 -0
package/src/matrix/monitor/runtime-api.ts +31 -0
package/src/matrix/monitor/startup-verification.test.ts +294 -0
package/src/matrix/monitor/startup-verification.ts +237 -0
package/src/matrix/monitor/startup.test.ts +257 -0
package/src/matrix/monitor/startup.ts +218 -0
package/src/matrix/monitor/status.ts +111 -0
package/src/matrix/monitor/sync-lifecycle.test.ts +224 -0
package/src/matrix/monitor/sync-lifecycle.ts +91 -0
package/src/matrix/monitor/task-runner.ts +38 -0
package/src/matrix/monitor/thread-context.test.ts +149 -0
package/src/matrix/monitor/thread-context.ts +108 -0
package/src/matrix/monitor/threads.test.ts +68 -0
package/src/matrix/monitor/threads.ts +85 -0
package/src/matrix/monitor/types.ts +30 -0
package/src/matrix/monitor/verification-events.ts +627 -0
package/src/matrix/monitor/verification-utils.test.ts +47 -0
package/src/matrix/monitor/verification-utils.ts +46 -0
package/src/matrix/outbound-media-runtime.ts +1 -0
package/src/matrix/poll-summary.ts +110 -0
package/src/matrix/poll-types.test.ts +205 -0
package/src/matrix/poll-types.ts +433 -0
package/src/matrix/probe.runtime.ts +4 -0
package/src/matrix/probe.test.ts +154 -0
package/src/matrix/probe.ts +96 -0
package/src/matrix/profile.test.ts +154 -0
package/src/matrix/profile.ts +184 -0
package/src/matrix/reaction-common.test.ts +96 -0
package/src/matrix/reaction-common.ts +147 -0
package/src/matrix/sdk/crypto-bootstrap.test.ts +505 -0
package/src/matrix/sdk/crypto-bootstrap.ts +341 -0
package/src/matrix/sdk/crypto-facade.test.ts +197 -0
package/src/matrix/sdk/crypto-facade.ts +207 -0
package/src/matrix/sdk/crypto-node.runtime.test.ts +27 -0
package/src/matrix/sdk/crypto-node.runtime.ts +9 -0
package/src/matrix/sdk/crypto-runtime.ts +11 -0
package/src/matrix/sdk/decrypt-bridge.ts +356 -0
package/src/matrix/sdk/event-helpers.test.ts +60 -0
package/src/matrix/sdk/event-helpers.ts +71 -0
package/src/matrix/sdk/http-client.test.ts +134 -0
package/src/matrix/sdk/http-client.ts +87 -0
package/src/matrix/sdk/idb-persistence-lock.ts +51 -0
package/src/matrix/sdk/idb-persistence.lock-order.test.ts +108 -0
package/src/matrix/sdk/idb-persistence.test-helpers.ts +88 -0
package/src/matrix/sdk/idb-persistence.test.ts +149 -0
package/src/matrix/sdk/idb-persistence.ts +283 -0
package/src/matrix/sdk/logger.test.ts +25 -0
package/src/matrix/sdk/logger.ts +108 -0
package/src/matrix/sdk/read-response-with-limit.ts +19 -0
package/src/matrix/sdk/recovery-key-store.test.ts +385 -0
package/src/matrix/sdk/recovery-key-store.ts +430 -0
package/src/matrix/sdk/transport.test.ts +161 -0
package/src/matrix/sdk/transport.ts +344 -0
package/src/matrix/sdk/types.ts +236 -0
package/src/matrix/sdk/verification-manager.test.ts +509 -0
package/src/matrix/sdk/verification-manager.ts +694 -0
package/src/matrix/sdk/verification-status.ts +23 -0
package/src/matrix/sdk.test.ts +2568 -0
package/src/matrix/sdk.ts +1789 -0
package/src/matrix/send/client.test.ts +174 -0
package/src/matrix/send/client.ts +90 -0
package/src/matrix/send/formatting.ts +189 -0
package/src/matrix/send/media.ts +244 -0
package/src/matrix/send/targets.test.ts +254 -0
package/src/matrix/send/targets.ts +104 -0
package/src/matrix/send/types.ts +134 -0
package/src/matrix/send.test.ts +958 -0
package/src/matrix/send.ts +609 -0
package/src/matrix/session-store-metadata.ts +108 -0
package/src/matrix/startup-abort.ts +44 -0
package/src/matrix/sync-state.ts +27 -0
package/src/matrix/target-ids.ts +102 -0
package/src/matrix/thread-bindings-shared.ts +201 -0
package/src/matrix/thread-bindings.test.ts +673 -0
package/src/matrix/thread-bindings.ts +577 -0
package/src/matrix-migration.runtime.ts +9 -0
package/src/migration-config.test.ts +228 -0
package/src/migration-config.ts +243 -0
package/src/migration-snapshot-backup.ts +117 -0
package/src/migration-snapshot.test.ts +184 -0
package/src/migration-snapshot.ts +55 -0
package/src/onboarding.resolve.test.ts +55 -0
package/src/onboarding.test-harness.ts +158 -0
package/src/onboarding.test.ts +665 -0
package/src/onboarding.ts +773 -0
package/src/outbound.test.ts +173 -0
package/src/outbound.ts +78 -0
package/src/plugin-entry.runtime.js +159 -0
package/src/plugin-entry.runtime.test.ts +108 -0
package/src/plugin-entry.runtime.ts +68 -0
package/src/profile-update.ts +68 -0
package/src/record-shared.ts +3 -0
package/src/resolve-targets.test.ts +178 -0
package/src/resolve-targets.ts +175 -0
package/src/resolver.ts +21 -0
package/src/runtime-api.ts +144 -0
package/src/runtime.ts +7 -0
package/src/secret-contract.ts +174 -0
package/src/session-route.test.ts +315 -0
package/src/session-route.ts +113 -0
package/src/setup-bootstrap.ts +94 -0
package/src/setup-config.ts +222 -0
package/src/setup-contract.ts +89 -0
package/src/setup-core.test.ts +326 -0
package/src/setup-core.ts +50 -0
package/src/setup-surface.ts +4 -0
package/src/startup-maintenance.test.ts +227 -0
package/src/startup-maintenance.ts +114 -0
package/src/storage-paths.ts +92 -0
package/src/test-helpers.ts +42 -0
package/src/test-mocks.ts +55 -0
package/src/test-runtime.ts +72 -0
package/src/test-support/monitor-route-test-support.ts +8 -0
package/src/tool-actions.runtime.ts +1 -0
package/src/tool-actions.test.ts +422 -0
package/src/tool-actions.ts +498 -0
package/src/types.ts +230 -0
package/test-api.ts +2 -0
package/thread-bindings-runtime.ts +4 -0
package/tsconfig.json +16 -0

package/src/matrix/sdk/crypto-bootstrap.ts ADDED Viewed

@@ -0,0 +1,341 @@
+import { CryptoEvent } from "@archipelagolab/lobi-js-sdk/lib/crypto-api/CryptoEvent.js";
+import type { MatrixDecryptBridge } from "./decrypt-bridge.js";
+import { LogService } from "./logger.js";
+import type { MatrixRecoveryKeyStore } from "./recovery-key-store.js";
+import { isRepairableSecretStorageAccessError } from "./recovery-key-store.js";
+import type {
+  MatrixAuthDict,
+  MatrixCryptoBootstrapApi,
+  MatrixRawEvent,
+  MatrixUiAuthCallback,
+} from "./types.js";
+import type {
+  MatrixVerificationManager,
+  MatrixVerificationRequestLike,
+} from "./verification-manager.js";
+import { isMatrixDeviceOwnerVerified } from "./verification-status.js";
+export type MatrixCryptoBootstrapperDeps<TRawEvent extends MatrixRawEvent> = {
+  getUserId: () => Promise<string>;
+  getPassword?: () => string | undefined;
+  getDeviceId: () => string | null | undefined;
+  verificationManager: MatrixVerificationManager;
+  recoveryKeyStore: MatrixRecoveryKeyStore;
+  decryptBridge: Pick<MatrixDecryptBridge<TRawEvent>, "bindCryptoRetrySignals">;
+};
+export type MatrixCryptoBootstrapOptions = {
+  forceResetCrossSigning?: boolean;
+  allowAutomaticCrossSigningReset?: boolean;
+  allowSecretStorageRecreateWithoutRecoveryKey?: boolean;
+  strict?: boolean;
+};
+export type MatrixCryptoBootstrapResult = {
+  crossSigningReady: boolean;
+  crossSigningPublished: boolean;
+  ownDeviceVerified: boolean | null;
+};
+export class MatrixCryptoBootstrapper<TRawEvent extends MatrixRawEvent> {
+  private verificationHandlerRegistered = false;
+  constructor(private readonly deps: MatrixCryptoBootstrapperDeps<TRawEvent>) {}
+  async bootstrap(
+    crypto: MatrixCryptoBootstrapApi,
+    options: MatrixCryptoBootstrapOptions = {},
+  ): Promise<MatrixCryptoBootstrapResult> {
+    const strict = options.strict === true;
+    // Register verification listeners before expensive bootstrap work so incoming requests
+    // are not missed during startup.
+    this.registerVerificationRequestHandler(crypto);
+    await this.bootstrapSecretStorage(crypto, {
+      strict,
+      allowSecretStorageRecreateWithoutRecoveryKey:
+        options.allowSecretStorageRecreateWithoutRecoveryKey === true,
+    });
+    const crossSigning = await this.bootstrapCrossSigning(crypto, {
+      forceResetCrossSigning: options.forceResetCrossSigning === true,
+      allowAutomaticCrossSigningReset: options.allowAutomaticCrossSigningReset !== false,
+      allowSecretStorageRecreateWithoutRecoveryKey:
+        options.allowSecretStorageRecreateWithoutRecoveryKey === true,
+      strict,
+    });
+    await this.bootstrapSecretStorage(crypto, {
+      strict,
+      allowSecretStorageRecreateWithoutRecoveryKey:
+        options.allowSecretStorageRecreateWithoutRecoveryKey === true,
+    });
+    const ownDeviceVerified = await this.ensureOwnDeviceTrust(crypto, strict);
+    return {
+      crossSigningReady: crossSigning.ready,
+      crossSigningPublished: crossSigning.published,
+      ownDeviceVerified,
+    };
+  }
+  private createSigningKeysUiAuthCallback(params: {
+    userId: string;
+    password?: string;
+  }): MatrixUiAuthCallback {
+    return async <T>(makeRequest: (authData: MatrixAuthDict | null) => Promise<T>): Promise<T> => {
+      try {
+        return await makeRequest(null);
+      } catch {
+        // Some homeservers require an explicit dummy UIA stage even when no user interaction is needed.
+        try {
+          return await makeRequest({ type: "m.login.dummy" });
+        } catch {
+          if (!params.password?.trim()) {
+            throw new Error(
+              "Matrix cross-signing key upload requires UIA; provide matrix.password for m.login.password fallback",
+            );
+          }
+          return await makeRequest({
+            type: "m.login.password",
+            identifier: { type: "m.id.user", user: params.userId },
+            password: params.password,
+          });
+        }
+      }
+    };
+  }
+  private async bootstrapCrossSigning(
+    crypto: MatrixCryptoBootstrapApi,
+    options: {
+      forceResetCrossSigning: boolean;
+      allowAutomaticCrossSigningReset: boolean;
+      allowSecretStorageRecreateWithoutRecoveryKey: boolean;
+      strict: boolean;
+    },
+  ): Promise<{ ready: boolean; published: boolean }> {
+    const userId = await this.deps.getUserId();
+    const authUploadDeviceSigningKeys = this.createSigningKeysUiAuthCallback({
+      userId,
+      password: this.deps.getPassword?.(),
+    });
+    const hasPublishedCrossSigningKeys = async (): Promise<boolean> => {
+      if (typeof crypto.userHasCrossSigningKeys !== "function") {
+        return true;
+      }
+      try {
+        return await crypto.userHasCrossSigningKeys(userId, true);
+      } catch {
+        return false;
+      }
+    };
+    const isCrossSigningReady = async (): Promise<boolean> => {
+      if (typeof crypto.isCrossSigningReady !== "function") {
+        return true;
+      }
+      try {
+        return await crypto.isCrossSigningReady();
+      } catch {
+        return false;
+      }
+    };
+    const finalize = async (): Promise<{ ready: boolean; published: boolean }> => {
+      const ready = await isCrossSigningReady();
+      const published = await hasPublishedCrossSigningKeys();
+      if (ready && published) {
+        LogService.info("MatrixClientLite", "Cross-signing bootstrap complete");
+        return { ready, published };
+      }
+      const message = "Cross-signing bootstrap finished but server keys are still not published";
+      LogService.warn("MatrixClientLite", message);
+      if (options.strict) {
+        throw new Error(message);
+      }
+      return { ready, published };
+    };
+    if (options.forceResetCrossSigning) {
+      try {
+        await crypto.bootstrapCrossSigning({
+          setupNewCrossSigning: true,
+          authUploadDeviceSigningKeys,
+        });
+      } catch (err) {
+        LogService.warn("MatrixClientLite", "Forced cross-signing reset failed:", err);
+        if (options.strict) {
+          throw err instanceof Error ? err : new Error(String(err));
+        }
+        return { ready: false, published: false };
+      }
+      return await finalize();
+    }
+    // First pass: preserve existing cross-signing identity and ensure public keys are uploaded.
+    try {
+      await crypto.bootstrapCrossSigning({
+        authUploadDeviceSigningKeys,
+      });
+    } catch (err) {
+      const shouldRepairSecretStorage =
+        options.allowSecretStorageRecreateWithoutRecoveryKey &&
+        isRepairableSecretStorageAccessError(err);
+      if (shouldRepairSecretStorage) {
+        LogService.warn(
+          "MatrixClientLite",
+          "Cross-signing bootstrap could not unlock secret storage; recreating secret storage during explicit bootstrap and retrying.",
+        );
+        await this.deps.recoveryKeyStore.bootstrapSecretStorageWithRecoveryKey(crypto, {
+          allowSecretStorageRecreateWithoutRecoveryKey: true,
+          forceNewSecretStorage: true,
+        });
+        await crypto.bootstrapCrossSigning({
+          authUploadDeviceSigningKeys,
+        });
+      } else if (!options.allowAutomaticCrossSigningReset) {
+        LogService.warn(
+          "MatrixClientLite",
+          "Initial cross-signing bootstrap failed and automatic reset is disabled:",
+          err,
+        );
+        return { ready: false, published: false };
+      } else {
+        LogService.warn(
+          "MatrixClientLite",
+          "Initial cross-signing bootstrap failed, trying reset:",
+          err,
+        );
+        try {
+          await crypto.bootstrapCrossSigning({
+            setupNewCrossSigning: true,
+            authUploadDeviceSigningKeys,
+          });
+        } catch (resetErr) {
+          LogService.warn("MatrixClientLite", "Failed to bootstrap cross-signing:", resetErr);
+          if (options.strict) {
+            throw resetErr instanceof Error ? resetErr : new Error(String(resetErr));
+          }
+          return { ready: false, published: false };
+        }
+      }
+    }
+    const firstPassReady = await isCrossSigningReady();
+    const firstPassPublished = await hasPublishedCrossSigningKeys();
+    if (firstPassReady && firstPassPublished) {
+      LogService.info("MatrixClientLite", "Cross-signing bootstrap complete");
+      return { ready: true, published: true };
+    }
+    if (!options.allowAutomaticCrossSigningReset) {
+      return { ready: firstPassReady, published: firstPassPublished };
+    }
+    // Fallback: recover from broken local/server state by creating a fresh identity.
+    try {
+      await crypto.bootstrapCrossSigning({
+        setupNewCrossSigning: true,
+        authUploadDeviceSigningKeys,
+      });
+    } catch (err) {
+      LogService.warn("MatrixClientLite", "Fallback cross-signing bootstrap failed:", err);
+      if (options.strict) {
+        throw err instanceof Error ? err : new Error(String(err));
+      }
+      return { ready: false, published: false };
+    }
+    return await finalize();
+  }
+  private async bootstrapSecretStorage(
+    crypto: MatrixCryptoBootstrapApi,
+    options: {
+      strict: boolean;
+      allowSecretStorageRecreateWithoutRecoveryKey: boolean;
+    },
+  ): Promise<void> {
+    try {
+      await this.deps.recoveryKeyStore.bootstrapSecretStorageWithRecoveryKey(crypto, {
+        allowSecretStorageRecreateWithoutRecoveryKey:
+          options.allowSecretStorageRecreateWithoutRecoveryKey,
+      });
+      LogService.info("MatrixClientLite", "Secret storage bootstrap complete");
+    } catch (err) {
+      LogService.warn("MatrixClientLite", "Failed to bootstrap secret storage:", err);
+      if (options.strict) {
+        throw err instanceof Error ? err : new Error(String(err));
+      }
+    }
+  }
+  private registerVerificationRequestHandler(crypto: MatrixCryptoBootstrapApi): void {
+    if (this.verificationHandlerRegistered) {
+      return;
+    }
+    this.verificationHandlerRegistered = true;
+    // Track incoming requests; verification lifecycle decisions live in the
+    // verification manager so acceptance/start/dedupe share one code path.
+    // Remote-user verifications are only auto-accepted. The human-operated
+    // client must explicitly choose "Verify by emoji" so we do not race a
+    // second SAS start from the bot side and end up with mismatched keys.
+    crypto.on(CryptoEvent.VerificationRequestReceived, async (request) => {
+      const verificationRequest = request as MatrixVerificationRequestLike;
+      try {
+        this.deps.verificationManager.trackVerificationRequest(verificationRequest);
+      } catch (err) {
+        LogService.warn(
+          "MatrixClientLite",
+          `Failed to track verification request from ${verificationRequest.otherUserId}:`,
+          err,
+        );
+      }
+    });
+    this.deps.decryptBridge.bindCryptoRetrySignals(crypto);
+    LogService.info("MatrixClientLite", "Verification request handler registered");
+  }
+  private async ensureOwnDeviceTrust(
+    crypto: MatrixCryptoBootstrapApi,
+    strict = false,
+  ): Promise<boolean | null> {
+    const deviceId = this.deps.getDeviceId()?.trim();
+    if (!deviceId) {
+      return null;
+    }
+    const userId = await this.deps.getUserId();
+    const deviceStatus =
+      typeof crypto.getDeviceVerificationStatus === "function"
+        ? await crypto.getDeviceVerificationStatus(userId, deviceId).catch(() => null)
+        : null;
+    const alreadyVerified = isMatrixDeviceOwnerVerified(deviceStatus);
+    if (alreadyVerified) {
+      return true;
+    }
+    if (typeof crypto.setDeviceVerified === "function") {
+      await crypto.setDeviceVerified(userId, deviceId, true);
+    }
+    if (typeof crypto.crossSignDevice === "function") {
+      const crossSigningReady =
+        typeof crypto.isCrossSigningReady === "function"
+          ? await crypto.isCrossSigningReady()
+          : true;
+      if (crossSigningReady) {
+        await crypto.crossSignDevice(deviceId);
+      }
+    }
+    const refreshedStatus =
+      typeof crypto.getDeviceVerificationStatus === "function"
+        ? await crypto.getDeviceVerificationStatus(userId, deviceId).catch(() => null)
+        : null;
+    const verified = isMatrixDeviceOwnerVerified(refreshedStatus);
+    if (!verified && strict) {
+      throw new Error(`Matrix own device ${deviceId} is not verified by its owner after bootstrap`);
+    }
+    return verified;
+  }
+}

package/src/matrix/sdk/crypto-facade.test.ts ADDED Viewed

@@ -0,0 +1,197 @@
+import { describe, expect, it, vi } from "vitest";
+import { createMatrixCryptoFacade } from "./crypto-facade.js";
+import type { MatrixRecoveryKeyStore } from "./recovery-key-store.js";
+import type { MatrixVerificationManager } from "./verification-manager.js";
+type MatrixCryptoFacadeDeps = Parameters<typeof createMatrixCryptoFacade>[0];
+function createVerificationManagerMock(
+  overrides: Partial<MatrixVerificationManager> = {},
+): MatrixVerificationManager {
+  return {
+    requestOwnUserVerification: vi.fn(async () => null),
+    listVerifications: vi.fn(async () => []),
+    ensureVerificationDmTracked: vi.fn(async () => null),
+    requestVerification: vi.fn(),
+    acceptVerification: vi.fn(),
+    cancelVerification: vi.fn(),
+    startVerification: vi.fn(),
+    generateVerificationQr: vi.fn(),
+    scanVerificationQr: vi.fn(),
+    confirmVerificationSas: vi.fn(),
+    mismatchVerificationSas: vi.fn(),
+    confirmVerificationReciprocateQr: vi.fn(),
+    getVerificationSas: vi.fn(),
+    ...overrides,
+  } as unknown as MatrixVerificationManager;
+}
+function createRecoveryKeyStoreMock(
+  summary: ReturnType<MatrixRecoveryKeyStore["getRecoveryKeySummary"]> = null,
+): MatrixRecoveryKeyStore {
+  return {
+    getRecoveryKeySummary: vi.fn(() => summary),
+  } as unknown as MatrixRecoveryKeyStore;
+}
+function createFacadeHarness(params?: {
+  client?: Partial<MatrixCryptoFacadeDeps["client"]>;
+  verificationManager?: Partial<MatrixVerificationManager>;
+  recoveryKeySummary?: ReturnType<MatrixRecoveryKeyStore["getRecoveryKeySummary"]>;
+  getRoomStateEvent?: MatrixCryptoFacadeDeps["getRoomStateEvent"];
+  downloadContent?: MatrixCryptoFacadeDeps["downloadContent"];
+}) {
+  const getRoomStateEvent: MatrixCryptoFacadeDeps["getRoomStateEvent"] =
+    params?.getRoomStateEvent ?? (async () => ({}));
+  const downloadContent: MatrixCryptoFacadeDeps["downloadContent"] =
+    params?.downloadContent ?? (async () => Buffer.alloc(0));
+  const facade = createMatrixCryptoFacade({
+    client: {
+      getRoom: params?.client?.getRoom ?? (() => null),
+      getCrypto: params?.client?.getCrypto ?? (() => undefined),
+    },
+    verificationManager: createVerificationManagerMock(params?.verificationManager),
+    recoveryKeyStore: createRecoveryKeyStoreMock(params?.recoveryKeySummary ?? null),
+    getRoomStateEvent,
+    downloadContent,
+  });
+  return { facade, getRoomStateEvent, downloadContent };
+}
+describe("createMatrixCryptoFacade", () => {
+  it("detects encrypted rooms from cached room state", async () => {
+    const { facade } = createFacadeHarness({
+      client: {
+        getRoom: () => ({
+          hasEncryptionStateEvent: () => true,
+        }),
+      },
+    });
+    await expect(facade.isRoomEncrypted("!room:example.org")).resolves.toBe(true);
+  });
+  it("falls back to server room state when room cache has no encryption event", async () => {
+    const getRoomStateEvent = vi.fn(async () => ({
+      algorithm: "m.megolm.v1.aes-sha2",
+    }));
+    const { facade } = createFacadeHarness({
+      client: {
+        getRoom: () => ({
+          hasEncryptionStateEvent: () => false,
+        }),
+      },
+      getRoomStateEvent,
+    });
+    await expect(facade.isRoomEncrypted("!room:example.org")).resolves.toBe(true);
+    expect(getRoomStateEvent).toHaveBeenCalledWith("!room:example.org", "m.room.encryption", "");
+  });
+  it("forwards verification requests and uses client crypto API", async () => {
+    const crypto = { requestOwnUserVerification: vi.fn(async () => null) };
+    const requestVerification = vi.fn(async () => ({
+      id: "verification-1",
+      otherUserId: "@alice:example.org",
+      isSelfVerification: false,
+      initiatedByMe: true,
+      phase: 2,
+      phaseName: "ready",
+      pending: true,
+      methods: ["m.sas.v1"],
+      canAccept: false,
+      hasSas: false,
+      hasReciprocateQr: false,
+      completed: false,
+      createdAt: new Date().toISOString(),
+      updatedAt: new Date().toISOString(),
+    }));
+    const { facade } = createFacadeHarness({
+      client: {
+        getRoom: () => null,
+        getCrypto: () => crypto,
+      },
+      verificationManager: {
+        requestVerification,
+      },
+      recoveryKeySummary: { keyId: "KEY" },
+    });
+    const result = await facade.requestVerification({
+      userId: "@alice:example.org",
+      deviceId: "DEVICE",
+    });
+    expect(requestVerification).toHaveBeenCalledWith(crypto, {
+      userId: "@alice:example.org",
+      deviceId: "DEVICE",
+    });
+    expect(result.id).toBe("verification-1");
+    await expect(facade.getRecoveryKey()).resolves.toMatchObject({ keyId: "KEY" });
+  });
+  it("rehydrates in-progress DM verification requests from the raw crypto layer", async () => {
+    const request = {
+      transactionId: "txn-dm-in-progress",
+      roomId: "!dm:example.org",
+      otherUserId: "@alice:example.org",
+      initiatedByMe: false,
+      isSelfVerification: false,
+      phase: 3,
+      pending: true,
+      accepting: false,
+      declining: false,
+      methods: ["m.sas.v1"],
+      accept: vi.fn(async () => {}),
+      cancel: vi.fn(async () => {}),
+      startVerification: vi.fn(),
+      scanQRCode: vi.fn(),
+      generateQRCode: vi.fn(),
+      on: vi.fn(),
+      verifier: undefined,
+    };
+    const trackVerificationRequest = vi.fn(() => ({
+      id: "verification-1",
+      transactionId: "txn-dm-in-progress",
+      roomId: "!dm:example.org",
+      otherUserId: "@alice:example.org",
+      isSelfVerification: false,
+      initiatedByMe: false,
+      phase: 3,
+      phaseName: "started",
+      pending: true,
+      methods: ["m.sas.v1"],
+      canAccept: false,
+      hasSas: false,
+      hasReciprocateQr: false,
+      completed: false,
+      createdAt: new Date().toISOString(),
+      updatedAt: new Date().toISOString(),
+    }));
+    const crypto = {
+      requestOwnUserVerification: vi.fn(async () => null),
+      findVerificationRequestDMInProgress: vi.fn(() => request),
+    };
+    const { facade } = createFacadeHarness({
+      client: {
+        getRoom: () => null,
+        getCrypto: () => crypto,
+      },
+      verificationManager: {
+        trackVerificationRequest,
+      },
+    });
+    const summary = await facade.ensureVerificationDmTracked({
+      roomId: "!dm:example.org",
+      userId: "@alice:example.org",
+    });
+    expect(crypto.findVerificationRequestDMInProgress).toHaveBeenCalledWith(
+      "!dm:example.org",
+      "@alice:example.org",
+    );
+    expect(trackVerificationRequest).toHaveBeenCalledWith(request);
+    expect(summary?.transactionId).toBe("txn-dm-in-progress");
+  });
+});