npm - @kodelyth/matrix - Versions diffs - 2026.5.42 → 2026.6.1 - Mend

@kodelyth/matrix 2026.5.42 → 2026.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

package/klaw.plugin.json +891 -3
package/package.json +16 -4
package/CHANGELOG.md +0 -321
package/SPEC-SUPPORT.md +0 -116
package/api.ts +0 -38
package/auth-presence.ts +0 -56
package/channel-plugin-api.ts +0 -3
package/cli-metadata.ts +0 -11
package/contract-api.ts +0 -17
package/doctor-contract-api.ts +0 -1
package/helper-api.ts +0 -3
package/index.ts +0 -55
package/plugin-entry.handlers.runtime.ts +0 -1
package/runtime-api.ts +0 -72
package/runtime-heavy-api.ts +0 -1
package/runtime-setter-api.ts +0 -3
package/secret-contract-api.ts +0 -5
package/setup-entry.ts +0 -17
package/setup-plugin-api.ts +0 -3
package/src/account-selection.ts +0 -223
package/src/actions.ts +0 -346
package/src/approval-auth.ts +0 -25
package/src/approval-handler.runtime.ts +0 -592
package/src/approval-ids.ts +0 -6
package/src/approval-native.ts +0 -345
package/src/approval-reaction-auth.ts +0 -45
package/src/approval-reactions.ts +0 -313
package/src/auth-precedence.ts +0 -61
package/src/channel-account-paths.ts +0 -97
package/src/channel.runtime.ts +0 -17
package/src/channel.setup.ts +0 -48
package/src/channel.ts +0 -667
package/src/cli-metadata.ts +0 -19
package/src/cli.ts +0 -2298
package/src/config-adapter.ts +0 -41
package/src/config-schema.ts +0 -159
package/src/config-ui-hints.ts +0 -56
package/src/directory-live.ts +0 -238
package/src/doctor-contract.ts +0 -287
package/src/doctor.ts +0 -262
package/src/env-vars.ts +0 -92
package/src/exec-approval-resolver.ts +0 -23
package/src/exec-approvals.ts +0 -287
package/src/group-mentions.ts +0 -41
package/src/legacy-crypto-inspector-availability.ts +0 -60
package/src/legacy-crypto.ts +0 -531
package/src/legacy-state.ts +0 -156
package/src/matrix/account-config.ts +0 -175
package/src/matrix/accounts.ts +0 -194
package/src/matrix/actions/client.ts +0 -31
package/src/matrix/actions/devices.ts +0 -34
package/src/matrix/actions/limits.ts +0 -6
package/src/matrix/actions/messages.ts +0 -129
package/src/matrix/actions/pins.ts +0 -63
package/src/matrix/actions/polls.ts +0 -109
package/src/matrix/actions/profile.ts +0 -37
package/src/matrix/actions/reactions.ts +0 -59
package/src/matrix/actions/room.ts +0 -71
package/src/matrix/actions/summary.ts +0 -88
package/src/matrix/actions/types.ts +0 -63
package/src/matrix/actions/verification.ts +0 -589
package/src/matrix/actions.ts +0 -37
package/src/matrix/active-client.ts +0 -26
package/src/matrix/async-lock.ts +0 -18
package/src/matrix/backup-health.ts +0 -124
package/src/matrix/client/config-runtime-api.ts +0 -9
package/src/matrix/client/config-secret-input.runtime.ts +0 -1
package/src/matrix/client/config.ts +0 -853
package/src/matrix/client/create-client.ts +0 -105
package/src/matrix/client/env-auth.ts +0 -95
package/src/matrix/client/file-sync-store.ts +0 -289
package/src/matrix/client/logging.ts +0 -140
package/src/matrix/client/migration-snapshot.runtime.ts +0 -1
package/src/matrix/client/private-network-host.ts +0 -1
package/src/matrix/client/runtime.ts +0 -4
package/src/matrix/client/shared.ts +0 -316
package/src/matrix/client/storage.ts +0 -543
package/src/matrix/client/types.ts +0 -50
package/src/matrix/client/url-validation.ts +0 -73
package/src/matrix/client-bootstrap.ts +0 -173
package/src/matrix/client.ts +0 -23
package/src/matrix/config-paths.ts +0 -31
package/src/matrix/config-update.ts +0 -292
package/src/matrix/credentials-read.ts +0 -208
package/src/matrix/credentials-write.runtime.ts +0 -35
package/src/matrix/credentials.ts +0 -95
package/src/matrix/deps.ts +0 -309
package/src/matrix/device-health.ts +0 -29
package/src/matrix/direct-management.ts +0 -349
package/src/matrix/direct-room.ts +0 -128
package/src/matrix/draft-stream.ts +0 -225
package/src/matrix/encryption-guidance.ts +0 -24
package/src/matrix/errors.ts +0 -21
package/src/matrix/format.ts +0 -426
package/src/matrix/legacy-crypto-inspector.ts +0 -95
package/src/matrix/media-errors.ts +0 -20
package/src/matrix/media-text.ts +0 -162
package/src/matrix/monitor/access-state.ts +0 -145
package/src/matrix/monitor/ack-config.ts +0 -27
package/src/matrix/monitor/allowlist.ts +0 -89
package/src/matrix/monitor/auto-join.ts +0 -86
package/src/matrix/monitor/config.ts +0 -569
package/src/matrix/monitor/context-summary.ts +0 -43
package/src/matrix/monitor/direct.ts +0 -296
package/src/matrix/monitor/events.ts +0 -397
package/src/matrix/monitor/handler.ts +0 -2266
package/src/matrix/monitor/inbound-dedupe.ts +0 -267
package/src/matrix/monitor/index.ts +0 -540
package/src/matrix/monitor/legacy-crypto-restore.ts +0 -139
package/src/matrix/monitor/location.ts +0 -108
package/src/matrix/monitor/media.ts +0 -119
package/src/matrix/monitor/mentions.ts +0 -256
package/src/matrix/monitor/reaction-events.ts +0 -197
package/src/matrix/monitor/recent-invite.ts +0 -30
package/src/matrix/monitor/replies.ts +0 -136
package/src/matrix/monitor/reply-context.ts +0 -92
package/src/matrix/monitor/room-history.ts +0 -301
package/src/matrix/monitor/room-info.ts +0 -126
package/src/matrix/monitor/rooms.ts +0 -52
package/src/matrix/monitor/route.ts +0 -179
package/src/matrix/monitor/runtime-api.ts +0 -28
package/src/matrix/monitor/startup-verification.ts +0 -237
package/src/matrix/monitor/startup.ts +0 -218
package/src/matrix/monitor/status.ts +0 -120
package/src/matrix/monitor/sync-lifecycle.ts +0 -91
package/src/matrix/monitor/task-runner.ts +0 -38
package/src/matrix/monitor/test-events.ts +0 -21
package/src/matrix/monitor/thread-context.ts +0 -108
package/src/matrix/monitor/threads.ts +0 -85
package/src/matrix/monitor/types.ts +0 -30
package/src/matrix/monitor/verification-events.ts +0 -643
package/src/matrix/monitor/verification-utils.ts +0 -46
package/src/matrix/outbound-media-runtime.ts +0 -1
package/src/matrix/poll-summary.ts +0 -110
package/src/matrix/poll-types.ts +0 -429
package/src/matrix/probe.runtime.ts +0 -4
package/src/matrix/probe.ts +0 -97
package/src/matrix/profile.ts +0 -184
package/src/matrix/reaction-common.ts +0 -147
package/src/matrix/sdk/crypto-bootstrap.ts +0 -438
package/src/matrix/sdk/crypto-facade.ts +0 -242
package/src/matrix/sdk/crypto-node.runtime.ts +0 -17
package/src/matrix/sdk/crypto-runtime.ts +0 -14
package/src/matrix/sdk/decrypt-bridge.ts +0 -410
package/src/matrix/sdk/event-helpers.ts +0 -83
package/src/matrix/sdk/http-client.ts +0 -87
package/src/matrix/sdk/idb-persistence-lock.ts +0 -51
package/src/matrix/sdk/idb-persistence.ts +0 -288
package/src/matrix/sdk/logger.ts +0 -108
package/src/matrix/sdk/read-response-with-limit.ts +0 -19
package/src/matrix/sdk/recovery-key-store.ts +0 -453
package/src/matrix/sdk/timeout-abort-signal.ts +0 -1
package/src/matrix/sdk/transport-runtime-api.ts +0 -18
package/src/matrix/sdk/transport.ts +0 -352
package/src/matrix/sdk/types.ts +0 -245
package/src/matrix/sdk/verification-manager.ts +0 -795
package/src/matrix/sdk/verification-status.ts +0 -23
package/src/matrix/sdk.ts +0 -2152
package/src/matrix/send/client.ts +0 -93
package/src/matrix/send/formatting.ts +0 -189
package/src/matrix/send/media.ts +0 -244
package/src/matrix/send/targets.ts +0 -104
package/src/matrix/send/types.ts +0 -131
package/src/matrix/send.ts +0 -660
package/src/matrix/session-store-metadata.ts +0 -108
package/src/matrix/startup-abort.ts +0 -44
package/src/matrix/subagent-hooks.ts +0 -308
package/src/matrix/sync-state.ts +0 -27
package/src/matrix/target-ids.ts +0 -79
package/src/matrix/thread-bindings-shared.ts +0 -206
package/src/matrix/thread-bindings.ts +0 -580
package/src/matrix-migration.runtime.ts +0 -9
package/src/migration-config.ts +0 -243
package/src/migration-snapshot-backup.ts +0 -116
package/src/migration-snapshot.ts +0 -53
package/src/onboarding.ts +0 -775
package/src/outbound.ts +0 -248
package/src/plugin-entry.runtime.js +0 -115
package/src/plugin-entry.runtime.ts +0 -70
package/src/profile-update.ts +0 -71
package/src/record-shared.ts +0 -3
package/src/resolve-targets.ts +0 -175
package/src/resolver.runtime.ts +0 -5
package/src/resolver.ts +0 -21
package/src/runtime-api.ts +0 -106
package/src/runtime.ts +0 -13
package/src/secret-contract.ts +0 -174
package/src/session-route.ts +0 -126
package/src/setup-bootstrap.ts +0 -102
package/src/setup-config.ts +0 -222
package/src/setup-contract.ts +0 -90
package/src/setup-core.ts +0 -146
package/src/setup-dm-policy.ts +0 -15
package/src/setup-surface.ts +0 -4
package/src/startup-maintenance.ts +0 -114
package/src/storage-paths.ts +0 -92
package/src/thread-binding-api.ts +0 -23
package/src/tool-actions.runtime.ts +0 -1
package/src/tool-actions.ts +0 -498
package/src/types.ts +0 -257
package/subagent-hooks-api.ts +0 -31
package/test-api.ts +0 -21
package/thread-binding-api.ts +0 -4
package/thread-bindings-runtime.ts +0 -4
package/tsconfig.json +0 -16

package/src/matrix/sdk/verification-manager.ts DELETED Viewed

@@ -1,795 +0,0 @@
-import {
-  VerificationPhase,
-  VerificationRequestEvent,
-  VerifierEvent,
-} from "matrix-js-sdk/lib/crypto-api/verification.js";
-import { VerificationMethod } from "matrix-js-sdk/lib/types.js";
-import { formatMatrixErrorMessage } from "../errors.js";
-export type MatrixVerificationMethod = "sas" | "show-qr" | "scan-qr";
-type MatrixVerificationPhase = VerificationPhase | -1;
-const MATRIX_VERIFICATION_PHASES = new Set<MatrixVerificationPhase>([
-  -1,
-  VerificationPhase.Unsent,
-  VerificationPhase.Requested,
-  VerificationPhase.Ready,
-  VerificationPhase.Started,
-  VerificationPhase.Cancelled,
-  VerificationPhase.Done,
-]);
-function isMatrixVerificationPhase(value: unknown): value is MatrixVerificationPhase {
-  return (
-    typeof value === "number" && MATRIX_VERIFICATION_PHASES.has(value as MatrixVerificationPhase)
-  );
-}
-export type MatrixVerificationSummary = {
-  id: string;
-  transactionId?: string;
-  roomId?: string;
-  otherUserId: string;
-  otherDeviceId?: string;
-  isSelfVerification: boolean;
-  initiatedByMe: boolean;
-  phase: number;
-  phaseName: string;
-  pending: boolean;
-  methods: string[];
-  chosenMethod?: string | null;
-  canAccept: boolean;
-  hasSas: boolean;
-  sas?: {
-    decimal?: [number, number, number];
-    emoji?: Array<[string, string]>;
-  };
-  hasReciprocateQr: boolean;
-  completed: boolean;
-  error?: string;
-  createdAt: string;
-  updatedAt: string;
-};
-type MatrixVerificationSummaryListener = (summary: MatrixVerificationSummary) => void;
-type MatrixVerificationOwnerTrustCallback = (deviceId: string) => Promise<void>;
-export type MatrixShowSasCallbacks = {
-  sas: {
-    decimal?: [number, number, number];
-    emoji?: Array<[string, string]>;
-  };
-  confirm: () => Promise<void>;
-  mismatch: () => void;
-  cancel: () => void;
-};
-export type MatrixShowQrCodeCallbacks = {
-  confirm: () => void;
-  cancel: () => void;
-};
-export type MatrixVerifierLike = {
-  verify: () => Promise<void>;
-  cancel: (e: Error) => void;
-  getShowSasCallbacks: () => MatrixShowSasCallbacks | null;
-  getReciprocateQrCodeCallbacks: () => MatrixShowQrCodeCallbacks | null;
-  on: (eventName: string, listener: (...args: unknown[]) => void) => void;
-};
-export type MatrixVerificationRequestLike = {
-  transactionId?: string;
-  roomId?: string;
-  initiatedByMe: boolean;
-  otherUserId: string;
-  otherDeviceId?: string;
-  isSelfVerification: boolean;
-  phase: number;
-  pending: boolean;
-  accepting: boolean;
-  declining: boolean;
-  methods: string[];
-  chosenMethod?: string | null;
-  cancellationCode?: string | null;
-  accept: () => Promise<void>;
-  cancel: (params?: { reason?: string; code?: string }) => Promise<void>;
-  startVerification: (method: string) => Promise<MatrixVerifierLike>;
-  scanQRCode: (qrCodeData: Uint8ClampedArray) => Promise<MatrixVerifierLike>;
-  generateQRCode: () => Promise<Uint8ClampedArray | undefined>;
-  verifier?: MatrixVerifierLike;
-  on: (eventName: string, listener: (...args: unknown[]) => void) => void;
-};
-export type MatrixVerificationCryptoApi = {
-  requestOwnUserVerification: () => Promise<MatrixVerificationRequestLike | null>;
-  getVerificationRequestsToDeviceInProgress?: (userId: string) => MatrixVerificationRequestLike[];
-  findVerificationRequestDMInProgress?: (
-    roomId: string,
-    userId: string,
-  ) => MatrixVerificationRequestLike | undefined;
-  requestDeviceVerification?: (
-    userId: string,
-    deviceId: string,
-  ) => Promise<MatrixVerificationRequestLike>;
-  requestVerificationDM?: (
-    userId: string,
-    roomId: string,
-  ) => Promise<MatrixVerificationRequestLike>;
-};
-type MatrixVerificationSession = {
-  id: string;
-  request: MatrixVerificationRequestLike;
-  createdAtMs: number;
-  updatedAtMs: number;
-  error?: string;
-  activeVerifier?: MatrixVerifierLike;
-  verifyPromise?: Promise<void>;
-  verifyStarted: boolean;
-  startRequested: boolean;
-  acceptRequested: boolean;
-  sasAutoConfirmStarted: boolean;
-  sasAutoConfirmTimer?: ReturnType<typeof setTimeout>;
-  sasCallbacks?: MatrixShowSasCallbacks;
-  reciprocateQrCallbacks?: MatrixShowQrCodeCallbacks;
-};
-type MatrixVerificationRequestIdentity = {
-  transactionId: string;
-  roomId: string;
-  otherUserId: string;
-  otherDeviceId: string;
-  isSelfVerification: boolean;
-  initiatedByMe: boolean;
-};
-const MAX_TRACKED_VERIFICATION_SESSIONS = 256;
-const TERMINAL_SESSION_RETENTION_MS = 24 * 60 * 60 * 1000;
-const SAS_AUTO_CONFIRM_DELAY_MS = 30_000;
-export class MatrixVerificationManager {
-  private readonly verificationSessions = new Map<string, MatrixVerificationSession>();
-  private verificationSessionCounter = 0;
-  private readonly trackedVerificationRequests = new WeakSet<object>();
-  private readonly trackedVerificationVerifiers = new WeakSet<object>();
-  private readonly summaryListeners = new Set<MatrixVerificationSummaryListener>();
-  constructor(
-    private readonly opts: {
-      trustOwnDeviceAfterSas?: MatrixVerificationOwnerTrustCallback;
-    } = {},
-  ) {}
-  private readRequestValue<T>(
-    _request: MatrixVerificationRequestLike,
-    reader: () => T,
-    fallback: T,
-  ): T {
-    try {
-      return reader();
-    } catch {
-      return fallback;
-    }
-  }
-  private readVerificationPhase(
-    request: MatrixVerificationRequestLike,
-    fallback: MatrixVerificationPhase,
-  ): MatrixVerificationPhase {
-    const phase = this.readRequestValue<unknown>(request, () => request.phase, fallback);
-    return isMatrixVerificationPhase(phase) ? phase : fallback;
-  }
-  private readVerificationRequestIdentity(
-    request: MatrixVerificationRequestLike,
-  ): MatrixVerificationRequestIdentity {
-    return {
-      transactionId: this.readRequestValue(request, () => request.transactionId?.trim() ?? "", ""),
-      roomId: this.readRequestValue(request, () => request.roomId ?? "", ""),
-      otherUserId: this.readRequestValue(request, () => request.otherUserId, ""),
-      otherDeviceId: this.readRequestValue(request, () => request.otherDeviceId ?? "", ""),
-      isSelfVerification: this.readRequestValue(request, () => request.isSelfVerification, false),
-      initiatedByMe: this.readRequestValue(request, () => request.initiatedByMe, false),
-    };
-  }
-  private isSameLogicalVerificationRequest(
-    left: MatrixVerificationRequestLike,
-    right: MatrixVerificationRequestLike,
-  ): boolean {
-    const leftIdentity = this.readVerificationRequestIdentity(left);
-    const rightIdentity = this.readVerificationRequestIdentity(right);
-    return (
-      leftIdentity.transactionId !== "" &&
-      leftIdentity.transactionId === rightIdentity.transactionId &&
-      leftIdentity.roomId === rightIdentity.roomId &&
-      leftIdentity.otherUserId === rightIdentity.otherUserId &&
-      this.isSameOptionalIdentityValue(leftIdentity.otherDeviceId, rightIdentity.otherDeviceId) &&
-      leftIdentity.isSelfVerification === rightIdentity.isSelfVerification &&
-      leftIdentity.initiatedByMe === rightIdentity.initiatedByMe
-    );
-  }
-  private isSameOptionalIdentityValue(left: string, right: string): boolean {
-    return left === "" || right === "" || left === right;
-  }
-  private pruneVerificationSessions(nowMs: number): void {
-    for (const [id, session] of this.verificationSessions) {
-      const phase = this.readVerificationPhase(session.request, -1);
-      const isTerminal = phase === VerificationPhase.Done || phase === VerificationPhase.Cancelled;
-      if (isTerminal && nowMs - session.updatedAtMs > TERMINAL_SESSION_RETENTION_MS) {
-        this.verificationSessions.delete(id);
-      }
-    }
-    if (this.verificationSessions.size <= MAX_TRACKED_VERIFICATION_SESSIONS) {
-      return;
-    }
-    const sortedByAge = Array.from(this.verificationSessions.entries()).toSorted(
-      (a, b) => a[1].updatedAtMs - b[1].updatedAtMs,
-    );
-    const overflow = this.verificationSessions.size - MAX_TRACKED_VERIFICATION_SESSIONS;
-    for (let i = 0; i < overflow; i += 1) {
-      const entry = sortedByAge[i];
-      if (entry) {
-        this.verificationSessions.delete(entry[0]);
-      }
-    }
-  }
-  private getVerificationPhaseName(phase: MatrixVerificationPhase): string {
-    switch (phase) {
-      case VerificationPhase.Unsent:
-        return "unsent";
-      case VerificationPhase.Requested:
-        return "requested";
-      case VerificationPhase.Ready:
-        return "ready";
-      case VerificationPhase.Started:
-        return "started";
-      case VerificationPhase.Cancelled:
-        return "cancelled";
-      case VerificationPhase.Done:
-        return "done";
-      default:
-        return `unknown(${phase})`;
-    }
-  }
-  private emitVerificationSummary(session: MatrixVerificationSession): void {
-    const summary = this.buildVerificationSummary(session);
-    for (const listener of this.summaryListeners) {
-      listener(summary);
-    }
-  }
-  private touchVerificationSession(session: MatrixVerificationSession): void {
-    session.updatedAtMs = Date.now();
-    this.emitVerificationSummary(session);
-  }
-  private clearSasAutoConfirmTimer(session: MatrixVerificationSession): void {
-    if (!session.sasAutoConfirmTimer) {
-      return;
-    }
-    clearTimeout(session.sasAutoConfirmTimer);
-    session.sasAutoConfirmTimer = undefined;
-  }
-  private buildVerificationSummary(session: MatrixVerificationSession): MatrixVerificationSummary {
-    const request = session.request;
-    const phase = this.readVerificationPhase(request, VerificationPhase.Requested);
-    const accepting = this.readRequestValue(request, () => request.accepting, false);
-    const declining = this.readRequestValue(request, () => request.declining, false);
-    const pending = this.readRequestValue(request, () => request.pending, false);
-    const methodsRaw = this.readRequestValue<unknown>(request, () => request.methods, []);
-    const methods = Array.isArray(methodsRaw)
-      ? methodsRaw.filter((entry): entry is string => typeof entry === "string")
-      : [];
-    const sasCallbacks = session.sasCallbacks ?? session.activeVerifier?.getShowSasCallbacks();
-    if (sasCallbacks) {
-      session.sasCallbacks = sasCallbacks;
-    }
-    const canAccept = phase < VerificationPhase.Ready && !accepting && !declining;
-    return {
-      id: session.id,
-      transactionId: this.readRequestValue(request, () => request.transactionId, undefined),
-      roomId: this.readRequestValue(request, () => request.roomId, undefined),
-      otherUserId: this.readRequestValue(request, () => request.otherUserId, "unknown"),
-      otherDeviceId: this.readRequestValue(request, () => request.otherDeviceId, undefined),
-      isSelfVerification: this.readRequestValue(request, () => request.isSelfVerification, false),
-      initiatedByMe: this.readRequestValue(request, () => request.initiatedByMe, false),
-      phase,
-      phaseName: this.getVerificationPhaseName(phase),
-      pending,
-      methods,
-      chosenMethod: this.readRequestValue(request, () => request.chosenMethod ?? null, null),
-      canAccept,
-      hasSas: Boolean(sasCallbacks),
-      sas: sasCallbacks
-        ? {
-            decimal: sasCallbacks.sas.decimal,
-            emoji: sasCallbacks.sas.emoji,
-          }
-        : undefined,
-      hasReciprocateQr: Boolean(session.reciprocateQrCallbacks),
-      completed: phase === VerificationPhase.Done,
-      error: session.error,
-      createdAt: new Date(session.createdAtMs).toISOString(),
-      updatedAt: new Date(session.updatedAtMs).toISOString(),
-    };
-  }
-  private findVerificationSession(id: string): MatrixVerificationSession {
-    const direct = this.verificationSessions.get(id);
-    if (direct) {
-      return direct;
-    }
-    const transactionMatches = Array.from(this.verificationSessions.values()).filter((session) => {
-      const txId = this.readRequestValue(
-        session.request,
-        () => session.request.transactionId?.trim(),
-        "",
-      );
-      return txId === id;
-    });
-    if (transactionMatches.length === 1) {
-      return transactionMatches[0];
-    }
-    if (transactionMatches.length > 1) {
-      throw new Error(
-        `Matrix verification request id is ambiguous for transaction ${id}; use the verification id instead`,
-      );
-    }
-    throw new Error(`Matrix verification request not found: ${id}`);
-  }
-  private ensureVerificationRequestTracked(session: MatrixVerificationSession): void {
-    const requestObj = session.request as unknown as object;
-    if (this.trackedVerificationRequests.has(requestObj)) {
-      return;
-    }
-    this.trackedVerificationRequests.add(requestObj);
-    session.request.on(VerificationRequestEvent.Change, () => {
-      this.touchVerificationSession(session);
-      this.maybeAutoAcceptInboundRequest(session);
-      const verifier = this.readRequestValue(session.request, () => session.request.verifier, null);
-      if (verifier) {
-        this.attachVerifierToVerificationSession(session, verifier);
-      }
-      this.maybeAutoStartInboundSas(session);
-    });
-  }
-  private maybeAutoAcceptInboundRequest(session: MatrixVerificationSession): void {
-    if (session.acceptRequested) {
-      return;
-    }
-    const request = session.request;
-    const isSelfVerification = this.readRequestValue(
-      request,
-      () => request.isSelfVerification,
-      false,
-    );
-    const initiatedByMe = this.readRequestValue(request, () => request.initiatedByMe, false);
-    const phase = this.readVerificationPhase(request, VerificationPhase.Requested);
-    const accepting = this.readRequestValue(request, () => request.accepting, false);
-    const declining = this.readRequestValue(request, () => request.declining, false);
-    if (isSelfVerification || initiatedByMe) {
-      return;
-    }
-    if (phase !== VerificationPhase.Requested || accepting || declining) {
-      return;
-    }
-    session.acceptRequested = true;
-    void request
-      .accept()
-      .then(() => {
-        this.touchVerificationSession(session);
-      })
-      .catch((err) => {
-        session.acceptRequested = false;
-        session.error = formatMatrixErrorMessage(err);
-        this.touchVerificationSession(session);
-      });
-  }
-  private maybeAutoStartInboundSas(session: MatrixVerificationSession): void {
-    if (session.activeVerifier || session.verifyStarted || session.startRequested) {
-      return;
-    }
-    if (this.readRequestValue(session.request, () => session.request.initiatedByMe, true)) {
-      return;
-    }
-    if (!this.readRequestValue(session.request, () => session.request.isSelfVerification, false)) {
-      return;
-    }
-    const phase = this.readVerificationPhase(session.request, VerificationPhase.Requested);
-    if (phase < VerificationPhase.Ready || phase >= VerificationPhase.Cancelled) {
-      return;
-    }
-    const methodsRaw = this.readRequestValue<unknown>(
-      session.request,
-      () => session.request.methods,
-      [],
-    );
-    const methods = Array.isArray(methodsRaw)
-      ? methodsRaw.filter((entry): entry is string => typeof entry === "string")
-      : [];
-    const chosenMethod = this.readRequestValue(
-      session.request,
-      () => session.request.chosenMethod,
-      null,
-    );
-    const supportsSas =
-      methods.includes(VerificationMethod.Sas) || chosenMethod === VerificationMethod.Sas;
-    if (!supportsSas) {
-      return;
-    }
-    session.startRequested = true;
-    void session.request
-      .startVerification(VerificationMethod.Sas)
-      .then((verifier) => {
-        this.attachVerifierToVerificationSession(session, verifier);
-        this.touchVerificationSession(session);
-      })
-      .catch(() => {
-        session.startRequested = false;
-      });
-  }
-  private attachVerifierToVerificationSession(
-    session: MatrixVerificationSession,
-    verifier: MatrixVerifierLike,
-  ): void {
-    session.activeVerifier = verifier;
-    this.touchVerificationSession(session);
-    const maybeSas = verifier.getShowSasCallbacks();
-    if (maybeSas) {
-      session.sasCallbacks = maybeSas;
-      this.maybeAutoConfirmSas(session);
-    }
-    const maybeReciprocateQr = verifier.getReciprocateQrCodeCallbacks();
-    if (maybeReciprocateQr) {
-      session.reciprocateQrCallbacks = maybeReciprocateQr;
-    }
-    const verifierObj = verifier as unknown as object;
-    if (this.trackedVerificationVerifiers.has(verifierObj)) {
-      this.ensureVerificationStarted(session);
-      return;
-    }
-    this.trackedVerificationVerifiers.add(verifierObj);
-    verifier.on(VerifierEvent.ShowSas, (sas) => {
-      session.sasCallbacks = sas as MatrixShowSasCallbacks;
-      this.touchVerificationSession(session);
-      this.maybeAutoConfirmSas(session);
-    });
-    verifier.on(VerifierEvent.ShowReciprocateQr, (qr) => {
-      session.reciprocateQrCallbacks = qr as MatrixShowQrCodeCallbacks;
-      this.touchVerificationSession(session);
-    });
-    verifier.on(VerifierEvent.Cancel, (err) => {
-      this.clearSasAutoConfirmTimer(session);
-      session.error = formatMatrixErrorMessage(err);
-      this.touchVerificationSession(session);
-    });
-    this.ensureVerificationStarted(session);
-  }
-  private maybeAutoConfirmSas(session: MatrixVerificationSession): void {
-    if (session.sasAutoConfirmStarted || session.sasAutoConfirmTimer) {
-      return;
-    }
-    if (this.readRequestValue(session.request, () => session.request.initiatedByMe, true)) {
-      return;
-    }
-    const callbacks = session.sasCallbacks ?? session.activeVerifier?.getShowSasCallbacks();
-    if (!callbacks) {
-      return;
-    }
-    session.sasCallbacks = callbacks;
-    // Give the remote client a moment to surface the compare-emoji UI before
-    // we send our MAC and finish our side of the SAS flow.
-    session.sasAutoConfirmTimer = setTimeout(() => {
-      session.sasAutoConfirmTimer = undefined;
-      const phase = this.readVerificationPhase(session.request, VerificationPhase.Requested);
-      if (phase >= VerificationPhase.Cancelled) {
-        return;
-      }
-      session.sasAutoConfirmStarted = true;
-      // For self-verifications, trustOwnDeviceAfterConfirmedSas is gated on
-      // isSelfVerification, so non-self requests remain unaffected. Without
-      // this, the bot's own device never gets cross-signed when SAS lands
-      // via the auto-confirm timer (initiated remotely).
-      void this.confirmSasForSession(session, callbacks, { trustOwnDevice: true })
-        .then(() => {
-          this.touchVerificationSession(session);
-        })
-        .catch((err) => {
-          session.error = formatMatrixErrorMessage(err);
-          this.touchVerificationSession(session);
-        });
-    }, SAS_AUTO_CONFIRM_DELAY_MS);
-  }
-  private async confirmSasForSession(
-    session: MatrixVerificationSession,
-    callbacks: MatrixShowSasCallbacks,
-    opts: { trustOwnDevice: boolean } = { trustOwnDevice: true },
-  ): Promise<void> {
-    await callbacks.confirm();
-    if (opts.trustOwnDevice) {
-      await this.trustOwnDeviceAfterConfirmedSas(session);
-    }
-  }
-  private ensureVerificationStarted(session: MatrixVerificationSession): void {
-    if (!session.activeVerifier || session.verifyStarted) {
-      return;
-    }
-    session.verifyStarted = true;
-    const verifier = session.activeVerifier;
-    session.verifyPromise = verifier
-      .verify()
-      .then(() => {
-        this.touchVerificationSession(session);
-      })
-      .catch((err) => {
-        session.error = formatMatrixErrorMessage(err);
-        this.touchVerificationSession(session);
-      });
-  }
-  private async trustOwnDeviceAfterConfirmedSas(session: MatrixVerificationSession): Promise<void> {
-    if (!this.readRequestValue(session.request, () => session.request.isSelfVerification, false)) {
-      return;
-    }
-    const deviceId = this.readRequestValue(
-      session.request,
-      () => session.request.otherDeviceId?.trim(),
-      "",
-    );
-    if (!deviceId || !this.opts.trustOwnDeviceAfterSas) {
-      return;
-    }
-    await this.opts.trustOwnDeviceAfterSas(deviceId);
-  }
-  onSummaryChanged(listener: MatrixVerificationSummaryListener): () => void {
-    this.summaryListeners.add(listener);
-    return () => {
-      this.summaryListeners.delete(listener);
-    };
-  }
-  trackVerificationRequest(request: MatrixVerificationRequestLike): MatrixVerificationSummary {
-    this.pruneVerificationSessions(Date.now());
-    const requestObj = request as unknown as object;
-    for (const existing of this.verificationSessions.values()) {
-      if ((existing.request as unknown as object) === requestObj) {
-        this.touchVerificationSession(existing);
-        return this.buildVerificationSummary(existing);
-      }
-    }
-    const txId = this.readVerificationRequestIdentity(request).transactionId;
-    if (txId) {
-      for (const existing of this.verificationSessions.values()) {
-        if (this.isSameLogicalVerificationRequest(existing.request, request)) {
-          existing.request = request;
-          this.ensureVerificationRequestTracked(existing);
-          const verifier = this.readRequestValue(request, () => request.verifier, null);
-          if (verifier) {
-            this.attachVerifierToVerificationSession(existing, verifier);
-          }
-          this.touchVerificationSession(existing);
-          return this.buildVerificationSummary(existing);
-        }
-      }
-    }
-    const now = Date.now();
-    const id = `verification-${++this.verificationSessionCounter}`;
-    const session: MatrixVerificationSession = {
-      id,
-      request,
-      createdAtMs: now,
-      updatedAtMs: now,
-      verifyStarted: false,
-      startRequested: false,
-      acceptRequested: false,
-      sasAutoConfirmStarted: false,
-    };
-    this.verificationSessions.set(session.id, session);
-    this.ensureVerificationRequestTracked(session);
-    this.maybeAutoAcceptInboundRequest(session);
-    const verifier = this.readRequestValue(request, () => request.verifier, null);
-    if (verifier) {
-      this.attachVerifierToVerificationSession(session, verifier);
-    }
-    this.maybeAutoStartInboundSas(session);
-    this.emitVerificationSummary(session);
-    return this.buildVerificationSummary(session);
-  }
-  async requestOwnUserVerification(
-    crypto: MatrixVerificationCryptoApi | undefined,
-  ): Promise<MatrixVerificationSummary | null> {
-    if (!crypto) {
-      return null;
-    }
-    const request = await crypto.requestOwnUserVerification();
-    if (!request) {
-      return null;
-    }
-    return this.trackVerificationRequest(request);
-  }
-  listVerifications(): MatrixVerificationSummary[] {
-    this.pruneVerificationSessions(Date.now());
-    const summaries = Array.from(this.verificationSessions.values()).map((session) =>
-      this.buildVerificationSummary(session),
-    );
-    return summaries.toSorted((a, b) => b.updatedAt.localeCompare(a.updatedAt));
-  }
-  async requestVerification(
-    crypto: MatrixVerificationCryptoApi | undefined,
-    params: {
-      ownUser?: boolean;
-      userId?: string;
-      deviceId?: string;
-      roomId?: string;
-    },
-  ): Promise<MatrixVerificationSummary> {
-    if (!crypto) {
-      throw new Error("Matrix crypto is not available");
-    }
-    let request: MatrixVerificationRequestLike | null = null;
-    if (params.ownUser) {
-      request = await crypto.requestOwnUserVerification();
-    } else if (params.userId && params.deviceId && crypto.requestDeviceVerification) {
-      request = await crypto.requestDeviceVerification(params.userId, params.deviceId);
-    } else if (params.userId && params.roomId && crypto.requestVerificationDM) {
-      request = await crypto.requestVerificationDM(params.userId, params.roomId);
-    } else {
-      throw new Error(
-        "Matrix verification request requires one of: ownUser, userId+deviceId, or userId+roomId",
-      );
-    }
-    if (!request) {
-      throw new Error("Matrix verification request could not be created");
-    }
-    return this.trackVerificationRequest(request);
-  }
-  async acceptVerification(id: string): Promise<MatrixVerificationSummary> {
-    const session = this.findVerificationSession(id);
-    await session.request.accept();
-    this.touchVerificationSession(session);
-    return this.buildVerificationSummary(session);
-  }
-  async cancelVerification(
-    id: string,
-    params?: { reason?: string; code?: string },
-  ): Promise<MatrixVerificationSummary> {
-    const session = this.findVerificationSession(id);
-    await session.request.cancel(params);
-    this.touchVerificationSession(session);
-    return this.buildVerificationSummary(session);
-  }
-  async startVerification(
-    id: string,
-    method: MatrixVerificationMethod = "sas",
-  ): Promise<MatrixVerificationSummary> {
-    const session = this.findVerificationSession(id);
-    if (method !== "sas") {
-      throw new Error("Matrix startVerification currently supports only SAS directly");
-    }
-    const verifier = await session.request.startVerification(VerificationMethod.Sas);
-    this.attachVerifierToVerificationSession(session, verifier);
-    this.ensureVerificationStarted(session);
-    return this.buildVerificationSummary(session);
-  }
-  async generateVerificationQr(id: string): Promise<{ qrDataBase64: string }> {
-    const session = this.findVerificationSession(id);
-    const qr = await session.request.generateQRCode();
-    if (!qr) {
-      throw new Error("Matrix verification QR data is not available yet");
-    }
-    return { qrDataBase64: Buffer.from(qr).toString("base64") };
-  }
-  async scanVerificationQr(id: string, qrDataBase64: string): Promise<MatrixVerificationSummary> {
-    const session = this.findVerificationSession(id);
-    const trimmed = qrDataBase64.trim();
-    if (!trimmed) {
-      throw new Error("Matrix verification QR payload is required");
-    }
-    const qrBytes = Buffer.from(trimmed, "base64");
-    if (qrBytes.length === 0) {
-      throw new Error("Matrix verification QR payload is invalid base64");
-    }
-    const verifier = await session.request.scanQRCode(new Uint8ClampedArray(qrBytes));
-    this.attachVerifierToVerificationSession(session, verifier);
-    this.ensureVerificationStarted(session);
-    return this.buildVerificationSummary(session);
-  }
-  async confirmVerificationSas(id: string): Promise<MatrixVerificationSummary> {
-    const session = this.findVerificationSession(id);
-    const callbacks = session.sasCallbacks ?? session.activeVerifier?.getShowSasCallbacks();
-    if (!callbacks) {
-      throw new Error("Matrix SAS confirmation is not available for this verification request");
-    }
-    this.clearSasAutoConfirmTimer(session);
-    session.sasCallbacks = callbacks;
-    session.sasAutoConfirmStarted = true;
-    await this.confirmSasForSession(session, callbacks);
-    // Wait for the rust-crypto verifier to fully resolve (done-exchange + any
-    // pending cross-signing uploads triggered by trustOwnDeviceAfterSas) so
-    // the operator's client sees a settled state on the next /keys/query.
-    // verifyPromise is set inside ensureVerificationStarted and already
-    // funnels its own rejection into session.error, so awaiting it here
-    // cannot double-throw.
-    if (session.verifyPromise) {
-      await session.verifyPromise;
-    }
-    this.touchVerificationSession(session);
-    return this.buildVerificationSummary(session);
-  }
-  mismatchVerificationSas(id: string): MatrixVerificationSummary {
-    const session = this.findVerificationSession(id);
-    const callbacks = session.sasCallbacks ?? session.activeVerifier?.getShowSasCallbacks();
-    if (!callbacks) {
-      throw new Error("Matrix SAS mismatch is not available for this verification request");
-    }
-    this.clearSasAutoConfirmTimer(session);
-    session.sasCallbacks = callbacks;
-    callbacks.mismatch();
-    this.touchVerificationSession(session);
-    return this.buildVerificationSummary(session);
-  }
-  confirmVerificationReciprocateQr(id: string): MatrixVerificationSummary {
-    const session = this.findVerificationSession(id);
-    const callbacks =
-      session.reciprocateQrCallbacks ?? session.activeVerifier?.getReciprocateQrCodeCallbacks();
-    if (!callbacks) {
-      throw new Error(
-        "Matrix reciprocate-QR confirmation is not available for this verification request",
-      );
-    }
-    session.reciprocateQrCallbacks = callbacks;
-    callbacks.confirm();
-    this.touchVerificationSession(session);
-    return this.buildVerificationSummary(session);
-  }
-  getVerificationSas(id: string): {
-    decimal?: [number, number, number];
-    emoji?: Array<[string, string]>;
-  } {
-    const session = this.findVerificationSession(id);
-    const callbacks = session.sasCallbacks ?? session.activeVerifier?.getShowSasCallbacks();
-    if (!callbacks) {
-      throw new Error("Matrix SAS data is not available for this verification request");
-    }
-    session.sasCallbacks = callbacks;
-    return {
-      decimal: callbacks.sas.decimal,
-      emoji: callbacks.sas.emoji,
-    };
-  }
-}