@openclaw/matrix 2026.3.13 → 2026.5.10-beta.1

package/src/matrix/client/config.ts

@@ -1,245 +0,0 @@
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/account-id";
-import { fetchWithSsrFGuard } from "openclaw/plugin-sdk/matrix";
-import { getMatrixRuntime } from "../../runtime.js";
-import {
-  normalizeResolvedSecretInputString,
-  normalizeSecretInputString,
-} from "../../secret-input.js";
-import type { CoreConfig } from "../../types.js";
-import { loadMatrixSdk } from "../sdk-runtime.js";
-import { ensureMatrixSdkLoggingConfigured } from "./logging.js";
-import type { MatrixAuth, MatrixResolvedConfig } from "./types.js";
-
-function clean(value: unknown, path: string): string {
-  return normalizeResolvedSecretInputString({ value, path }) ?? "";
-}
-
-/** Shallow-merge known nested config sub-objects so partial overrides inherit base values. */
-function deepMergeConfig<T extends Record<string, unknown>>(base: T, override: Partial<T>): T {
-  const merged = { ...base, ...override } as Record<string, unknown>;
-  // Merge known nested objects (dm, actions) so partial overrides keep base fields
-  for (const key of ["dm", "actions"] as const) {
-    const b = base[key];
-    const o = override[key];
-    if (typeof b === "object" && b !== null && typeof o === "object" && o !== null) {
-      merged[key] = { ...(b as Record<string, unknown>), ...(o as Record<string, unknown>) };
-    }
-  }
-  return merged as T;
-}
-
-/**
- * Resolve Matrix config for a specific account, with fallback to top-level config.
- * This supports both multi-account (channels.matrix.accounts.*) and
- * single-account (channels.matrix.*) configurations.
- */
-export function resolveMatrixConfigForAccount(
-  cfg: CoreConfig = getMatrixRuntime().config.loadConfig() as CoreConfig,
-  accountId?: string | null,
-  env: NodeJS.ProcessEnv = process.env,
-): MatrixResolvedConfig {
-  const normalizedAccountId = normalizeAccountId(accountId);
-  const matrixBase = cfg.channels?.matrix ?? {};
-  const accounts = cfg.channels?.matrix?.accounts;
-
-  // Try to get account-specific config first (direct lookup, then case-insensitive fallback)
-  let accountConfig = accounts?.[normalizedAccountId];
-  if (!accountConfig && accounts) {
-    for (const key of Object.keys(accounts)) {
-      if (normalizeAccountId(key) === normalizedAccountId) {
-        accountConfig = accounts[key];
-        break;
-      }
-    }
-  }
-
-  // Deep merge: account-specific values override top-level values, preserving
-  // nested object inheritance (dm, actions, groups) so partial overrides work.
-  const matrix = accountConfig ? deepMergeConfig(matrixBase, accountConfig) : matrixBase;
-
-  const homeserver =
-    clean(matrix.homeserver, "channels.matrix.homeserver") ||
-    clean(env.MATRIX_HOMESERVER, "MATRIX_HOMESERVER");
-  const userId =
-    clean(matrix.userId, "channels.matrix.userId") || clean(env.MATRIX_USER_ID, "MATRIX_USER_ID");
-  const accessToken =
-    clean(matrix.accessToken, "channels.matrix.accessToken") ||
-    clean(env.MATRIX_ACCESS_TOKEN, "MATRIX_ACCESS_TOKEN") ||
-    undefined;
-  const password =
-    clean(matrix.password, "channels.matrix.password") ||
-    clean(env.MATRIX_PASSWORD, "MATRIX_PASSWORD") ||
-    undefined;
-  const deviceName =
-    clean(matrix.deviceName, "channels.matrix.deviceName") ||
-    clean(env.MATRIX_DEVICE_NAME, "MATRIX_DEVICE_NAME") ||
-    undefined;
-  const initialSyncLimit =
-    typeof matrix.initialSyncLimit === "number"
-      ? Math.max(0, Math.floor(matrix.initialSyncLimit))
-      : undefined;
-  const encryption = matrix.encryption ?? false;
-  return {
-    homeserver,
-    userId,
-    accessToken,
-    password,
-    deviceName,
-    initialSyncLimit,
-    encryption,
-  };
-}
-
-/**
- * Single-account function for backward compatibility - resolves default account config.
- */
-export function resolveMatrixConfig(
-  cfg: CoreConfig = getMatrixRuntime().config.loadConfig() as CoreConfig,
-  env: NodeJS.ProcessEnv = process.env,
-): MatrixResolvedConfig {
-  return resolveMatrixConfigForAccount(cfg, DEFAULT_ACCOUNT_ID, env);
-}
-
-export async function resolveMatrixAuth(params?: {
-  cfg?: CoreConfig;
-  env?: NodeJS.ProcessEnv;
-  accountId?: string | null;
-}): Promise<MatrixAuth> {
-  const cfg = params?.cfg ?? (getMatrixRuntime().config.loadConfig() as CoreConfig);
-  const env = params?.env ?? process.env;
-  const resolved = resolveMatrixConfigForAccount(cfg, params?.accountId, env);
-  if (!resolved.homeserver) {
-    throw new Error("Matrix homeserver is required (matrix.homeserver)");
-  }
-
-  const {
-    loadMatrixCredentials,
-    saveMatrixCredentials,
-    credentialsMatchConfig,
-    touchMatrixCredentials,
-  } = await import("../credentials.js");
-
-  const accountId = params?.accountId;
-  const cached = loadMatrixCredentials(env, accountId);
-  const cachedCredentials =
-    cached &&
-    credentialsMatchConfig(cached, {
-      homeserver: resolved.homeserver,
-      userId: resolved.userId || "",
-    })
-      ? cached
-      : null;
-
-  // If we have an access token, we can fetch userId via whoami if not provided
-  if (resolved.accessToken) {
-    let userId = resolved.userId;
-    if (!userId) {
-      // Fetch userId from access token via whoami
-      ensureMatrixSdkLoggingConfigured();
-      const { MatrixClient } = loadMatrixSdk();
-      const tempClient = new MatrixClient(resolved.homeserver, resolved.accessToken);
-      const whoami = await tempClient.getUserId();
-      userId = whoami;
-      // Save the credentials with the fetched userId
-      saveMatrixCredentials(
-        {
-          homeserver: resolved.homeserver,
-          userId,
-          accessToken: resolved.accessToken,
-        },
-        env,
-        accountId,
-      );
-    } else if (cachedCredentials && cachedCredentials.accessToken === resolved.accessToken) {
-      touchMatrixCredentials(env, accountId);
-    }
-    return {
-      homeserver: resolved.homeserver,
-      userId,
-      accessToken: resolved.accessToken,
-      deviceName: resolved.deviceName,
-      initialSyncLimit: resolved.initialSyncLimit,
-      encryption: resolved.encryption,
-    };
-  }
-
-  if (cachedCredentials) {
-    touchMatrixCredentials(env, accountId);
-    return {
-      homeserver: cachedCredentials.homeserver,
-      userId: cachedCredentials.userId,
-      accessToken: cachedCredentials.accessToken,
-      deviceName: resolved.deviceName,
-      initialSyncLimit: resolved.initialSyncLimit,
-      encryption: resolved.encryption,
-    };
-  }
-
-  if (!resolved.userId) {
-    throw new Error("Matrix userId is required when no access token is configured (matrix.userId)");
-  }
-
-  if (!resolved.password) {
-    throw new Error(
-      "Matrix password is required when no access token is configured (matrix.password)",
-    );
-  }
-
-  // Login with password using HTTP API.
-  const { response: loginResponse, release: releaseLoginResponse } = await fetchWithSsrFGuard({
-    url: `${resolved.homeserver}/_matrix/client/v3/login`,
-    init: {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        type: "m.login.password",
-        identifier: { type: "m.id.user", user: resolved.userId },
-        password: resolved.password,
-        initial_device_display_name: resolved.deviceName ?? "OpenClaw Gateway",
-      }),
-    },
-    auditContext: "matrix.login",
-  });
-  const login = await (async () => {
-    try {
-      if (!loginResponse.ok) {
-        const errorText = await loginResponse.text();
-        throw new Error(`Matrix login failed: ${errorText}`);
-      }
-      return (await loginResponse.json()) as {
-        access_token?: string;
-        user_id?: string;
-        device_id?: string;
-      };
-    } finally {
-      await releaseLoginResponse();
-    }
-  })();
-
-  const accessToken = login.access_token?.trim();
-  if (!accessToken) {
-    throw new Error("Matrix login did not return an access token");
-  }
-
-  const auth: MatrixAuth = {
-    homeserver: resolved.homeserver,
-    userId: login.user_id ?? resolved.userId,
-    accessToken,
-    deviceName: resolved.deviceName,
-    initialSyncLimit: resolved.initialSyncLimit,
-    encryption: resolved.encryption,
-  };
-
-  saveMatrixCredentials(
-    {
-      homeserver: auth.homeserver,
-      userId: auth.userId,
-      accessToken: auth.accessToken,
-      deviceId: login.device_id,
-    },
-    env,
-    accountId,
-  );
-
-  return auth;
-}

package/src/matrix/client/create-client.ts

@@ -1,125 +0,0 @@
-import fs from "node:fs";
-import type {
-  IStorageProvider,
-  ICryptoStorageProvider,
-  MatrixClient,
-} from "@vector-im/matrix-bot-sdk";
-import { loadMatrixSdk } from "../sdk-runtime.js";
-import { ensureMatrixSdkLoggingConfigured } from "./logging.js";
-import {
-  maybeMigrateLegacyStorage,
-  resolveMatrixStoragePaths,
-  writeStorageMeta,
-} from "./storage.js";
-
-function sanitizeUserIdList(input: unknown, label: string): string[] {
-  const LogService = loadMatrixSdk().LogService;
-  if (input == null) {
-    return [];
-  }
-  if (!Array.isArray(input)) {
-    LogService.warn(
-      "MatrixClientLite",
-      `Expected ${label} list to be an array, got ${typeof input}`,
-    );
-    return [];
-  }
-  const filtered = input.filter(
-    (entry): entry is string => typeof entry === "string" && entry.trim().length > 0,
-  );
-  if (filtered.length !== input.length) {
-    LogService.warn(
-      "MatrixClientLite",
-      `Dropping ${input.length - filtered.length} invalid ${label} entries from sync payload`,
-    );
-  }
-  return filtered;
-}
-
-export async function createMatrixClient(params: {
-  homeserver: string;
-  userId: string;
-  accessToken: string;
-  encryption?: boolean;
-  localTimeoutMs?: number;
-  accountId?: string | null;
-}): Promise<MatrixClient> {
-  const { MatrixClient, SimpleFsStorageProvider, RustSdkCryptoStorageProvider, LogService } =
-    loadMatrixSdk();
-  ensureMatrixSdkLoggingConfigured();
-  const env = process.env;
-
-  // Create storage provider
-  const storagePaths = resolveMatrixStoragePaths({
-    homeserver: params.homeserver,
-    userId: params.userId,
-    accessToken: params.accessToken,
-    accountId: params.accountId,
-    env,
-  });
-  maybeMigrateLegacyStorage({ storagePaths, env });
-  fs.mkdirSync(storagePaths.rootDir, { recursive: true });
-  const storage: IStorageProvider = new SimpleFsStorageProvider(storagePaths.storagePath);
-
-  // Create crypto storage if encryption is enabled
-  let cryptoStorage: ICryptoStorageProvider | undefined;
-  if (params.encryption) {
-    fs.mkdirSync(storagePaths.cryptoPath, { recursive: true });
-
-    try {
-      const { StoreType } = await import("@matrix-org/matrix-sdk-crypto-nodejs");
-      cryptoStorage = new RustSdkCryptoStorageProvider(storagePaths.cryptoPath, StoreType.Sqlite);
-    } catch (err) {
-      LogService.warn(
-        "MatrixClientLite",
-        "Failed to initialize crypto storage, E2EE disabled:",
-        err,
-      );
-    }
-  }
-
-  writeStorageMeta({
-    storagePaths,
-    homeserver: params.homeserver,
-    userId: params.userId,
-    accountId: params.accountId,
-  });
-
-  const client = new MatrixClient(params.homeserver, params.accessToken, storage, cryptoStorage);
-
-  if (client.crypto) {
-    const originalUpdateSyncData = client.crypto.updateSyncData.bind(client.crypto);
-    client.crypto.updateSyncData = async (
-      toDeviceMessages,
-      otkCounts,
-      unusedFallbackKeyAlgs,
-      changedDeviceLists,
-      leftDeviceLists,
-    ) => {
-      const safeChanged = sanitizeUserIdList(changedDeviceLists, "changed device list");
-      const safeLeft = sanitizeUserIdList(leftDeviceLists, "left device list");
-      try {
-        return await originalUpdateSyncData(
-          toDeviceMessages,
-          otkCounts,
-          unusedFallbackKeyAlgs,
-          safeChanged,
-          safeLeft,
-        );
-      } catch (err) {
-        const message = typeof err === "string" ? err : err instanceof Error ? err.message : "";
-        if (message.includes("Expect value to be String")) {
-          LogService.warn(
-            "MatrixClientLite",
-            "Ignoring malformed device list entries during crypto sync",
-            message,
-          );
-          return;
-        }
-        throw err;
-      }
-    };
-  }
-
-  return client;
-}

package/src/matrix/client/logging.ts

@@ -1,46 +0,0 @@
-import { loadMatrixSdk } from "../sdk-runtime.js";
-
-let matrixSdkLoggingConfigured = false;
-let matrixSdkBaseLogger:
-  | {
-      trace: (module: string, ...messageOrObject: unknown[]) => void;
-      debug: (module: string, ...messageOrObject: unknown[]) => void;
-      info: (module: string, ...messageOrObject: unknown[]) => void;
-      warn: (module: string, ...messageOrObject: unknown[]) => void;
-      error: (module: string, ...messageOrObject: unknown[]) => void;
-    }
-  | undefined;
-
-function shouldSuppressMatrixHttpNotFound(module: string, messageOrObject: unknown[]): boolean {
-  if (module !== "MatrixHttpClient") {
-    return false;
-  }
-  return messageOrObject.some((entry) => {
-    if (!entry || typeof entry !== "object") {
-      return false;
-    }
-    return (entry as { errcode?: string }).errcode === "M_NOT_FOUND";
-  });
-}
-
-export function ensureMatrixSdkLoggingConfigured(): void {
-  if (matrixSdkLoggingConfigured) {
-    return;
-  }
-  const { ConsoleLogger, LogService } = loadMatrixSdk();
-  matrixSdkBaseLogger = new ConsoleLogger();
-  matrixSdkLoggingConfigured = true;
-
-  LogService.setLogger({
-    trace: (module, ...messageOrObject) => matrixSdkBaseLogger?.trace(module, ...messageOrObject),
-    debug: (module, ...messageOrObject) => matrixSdkBaseLogger?.debug(module, ...messageOrObject),
-    info: (module, ...messageOrObject) => matrixSdkBaseLogger?.info(module, ...messageOrObject),
-    warn: (module, ...messageOrObject) => matrixSdkBaseLogger?.warn(module, ...messageOrObject),
-    error: (module, ...messageOrObject) => {
-      if (shouldSuppressMatrixHttpNotFound(module, messageOrObject)) {
-        return;
-      }
-      matrixSdkBaseLogger?.error(module, ...messageOrObject);
-    },
-  });
-}

package/src/matrix/client/runtime.ts

@@ -1,4 +0,0 @@
-export function isBunRuntime(): boolean {
-  const versions = process.versions as { bun?: string };
-  return typeof versions.bun === "string";
-}

package/src/matrix/client/shared.test.ts

@@ -1,85 +0,0 @@
-import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
-import { afterEach, describe, expect, it, vi } from "vitest";
-import { resolveSharedMatrixClient, stopSharedClient } from "./shared.js";
-import type { MatrixAuth } from "./types.js";
-
-const createMatrixClientMock = vi.hoisted(() => vi.fn());
-
-vi.mock("./create-client.js", () => ({
-  createMatrixClient: (...args: unknown[]) => createMatrixClientMock(...args),
-}));
-
-function makeAuth(suffix: string): MatrixAuth {
-  return {
-    homeserver: "https://matrix.example.org",
-    userId: `@bot-${suffix}:example.org`,
-    accessToken: `token-${suffix}`,
-    encryption: false,
-  };
-}
-
-function createMockClient(startImpl: () => Promise<void>): MatrixClient {
-  return {
-    start: vi.fn(startImpl),
-    stop: vi.fn(),
-    getJoinedRooms: vi.fn().mockResolvedValue([]),
-    crypto: undefined,
-  } as unknown as MatrixClient;
-}
-
-describe("resolveSharedMatrixClient startup behavior", () => {
-  afterEach(() => {
-    stopSharedClient();
-    createMatrixClientMock.mockReset();
-    vi.useRealTimers();
-  });
-
-  it("propagates the original start error during initialization", async () => {
-    vi.useFakeTimers();
-    const startError = new Error("bad token");
-    const client = createMockClient(
-      () =>
-        new Promise<void>((_resolve, reject) => {
-          setTimeout(() => reject(startError), 1);
-        }),
-    );
-    createMatrixClientMock.mockResolvedValue(client);
-
-    const startPromise = resolveSharedMatrixClient({
-      auth: makeAuth("start-error"),
-    });
-    const startExpectation = expect(startPromise).rejects.toBe(startError);
-
-    await vi.advanceTimersByTimeAsync(2001);
-    await startExpectation;
-  });
-
-  it("retries start after a late start-loop failure", async () => {
-    vi.useFakeTimers();
-    let rejectFirstStart: ((err: unknown) => void) | undefined;
-    const firstStart = new Promise<void>((_resolve, reject) => {
-      rejectFirstStart = reject;
-    });
-    const secondStart = new Promise<void>(() => {});
-    const startMock = vi.fn().mockReturnValueOnce(firstStart).mockReturnValueOnce(secondStart);
-    const client = createMockClient(startMock);
-    createMatrixClientMock.mockResolvedValue(client);
-
-    const firstResolve = resolveSharedMatrixClient({
-      auth: makeAuth("late-failure"),
-    });
-    await vi.advanceTimersByTimeAsync(2000);
-    await expect(firstResolve).resolves.toBe(client);
-    expect(startMock).toHaveBeenCalledTimes(1);
-
-    rejectFirstStart?.(new Error("late failure"));
-    await Promise.resolve();
-
-    const secondResolve = resolveSharedMatrixClient({
-      auth: makeAuth("late-failure"),
-    });
-    await vi.advanceTimersByTimeAsync(2000);
-    await expect(secondResolve).resolves.toBe(client);
-    expect(startMock).toHaveBeenCalledTimes(2);
-  });
-});