npm - @openclaw/matrix - Versions diffs - 2026.5.28 → 2026.5.31-beta.1 - Mend

@openclaw/matrix 2026.5.28 → 2026.5.31-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

package/dist/{thread-bindings-DAg6grT8.js → thread-bindings-DehFUArg.js} RENAMED Viewed

@@ -1,13 +1,39 @@
+import { t as getMatrixRuntime } from "./runtime-6S3DNFNv.js";
 import { a as listBindingsForAccount, c as resolveBindingKey, f as setMatrixThreadBindingManagerEntry, h as toSessionBindingRecord, l as resolveEffectiveBindingExpiry, m as toMatrixBindingTargetKind, o as removeBindingRecord, r as getMatrixThreadBindingManagerEntry, t as deleteMatrixThreadBindingManagerEntry, u as setBindingRecord } from "./thread-bindings-shared-CKnY4LSd.js";
-import { i as resolveMatrixStateFilePath, t as claimCurrentTokenStorageState } from "./storage-onzulLbU.js";
-import { a as sendMessageMatrix } from "./send-peVVVL75.js";
+import { a as resolveMatrixStateFilePath, t as claimCurrentTokenStorageState } from "./storage-Ds-2Iur5.js";
+import { a as sendMessageMatrix } from "./send-DHj1E9ji.js";
 import { normalizeOptionalString } from "openclaw/plugin-sdk/string-coerce-runtime";
-import { registerSessionBindingAdapter, resolveThreadBindingFarewellText, unregisterSessionBindingAdapter } from "openclaw/plugin-sdk/thread-bindings-session-runtime";
+import os from "node:os";
 import path from "node:path";
-import { readJsonFileWithFallback, writeJsonFileAtomically } from "openclaw/plugin-sdk/json-store";
+import { createHash } from "node:crypto";
+import { registerSessionBindingAdapter, resolveThreadBindingFarewellText, unregisterSessionBindingAdapter } from "openclaw/plugin-sdk/thread-bindings-session-runtime";
+import { readJsonFileWithFallback } from "openclaw/plugin-sdk/json-store";
+import fs from "node:fs/promises";
 import { resolveAgentIdFromSessionKey } from "openclaw/plugin-sdk/session-key-runtime";
+//#region extensions/matrix/src/matrix/sqlite-state.ts
+function resolveStateDirOverride(options) {
+	if (!options) return;
+	if (options.stateDir) return options.stateDir;
+	if (options.stateRootDir) return options.stateRootDir;
+	return getMatrixRuntime().state.resolveStateDir(options.env ?? process.env, os.homedir);
+}
+function resolveMatrixSqliteStateKey(options) {
+	return resolveStateDirOverride(options) ?? "";
+}
+function resolveMatrixSqliteStateEnv(options) {
+	const stateDir = resolveStateDirOverride(options);
+	if (!stateDir) return options?.env;
+	return {
+		...options?.env ?? process.env,
+		OPENCLAW_STATE_DIR: stateDir
+	};
+}
+//#endregion
 //#region extensions/matrix/src/matrix/thread-bindings.ts
 const STORE_VERSION = 1;
+const THREAD_BINDINGS_NAMESPACE = "thread-bindings";
+const THREAD_BINDINGS_MIGRATIONS_NAMESPACE = "thread-bindings-migrations";
+const THREAD_BINDINGS_MAX_ENTRIES = 1e4;
 const THREAD_BINDINGS_SWEEP_INTERVAL_MS = 6e4;
 const TOUCH_PERSIST_DELAY_MS = 3e4;
 function resolveBindingsPath(params) {
@@ -19,43 +45,81 @@ function resolveBindingsPath(params) {
 		filename: "thread-bindings.json"
 	});
 }
-async function loadBindingsFromDisk(filePath, accountId) {
+function createThreadBindingStore(params) {
+	return getMatrixRuntime().state.openKeyedStore({
+		namespace: THREAD_BINDINGS_NAMESPACE,
+		maxEntries: THREAD_BINDINGS_MAX_ENTRIES,
+		env: resolveMatrixSqliteStateEnv(params)
+	});
+}
+function createThreadBindingMigrationStore(params) {
+	return getMatrixRuntime().state.openKeyedStore({
+		namespace: THREAD_BINDINGS_MIGRATIONS_NAMESPACE,
+		maxEntries: 1e3,
+		env: resolveMatrixSqliteStateEnv(params)
+	});
+}
+function buildThreadBindingStoreKey(record) {
+	const digest = createHash("sha256").update(record.accountId).update("\0").update(record.parentConversationId ?? "").update("\0").update(record.conversationId).digest("hex");
+	return `${record.accountId}:${digest}`;
+}
+function buildLegacyThreadBindingsImportKey(params) {
+	const digest = createHash("sha256").update(params.accountId).update("\0").update(params.legacyFilePath).digest("hex");
+	return `${params.accountId}:${digest}`;
+}
+function normalizeBindingRecord(entry, accountId) {
+	if (!entry || typeof entry !== "object" || Array.isArray(entry)) return null;
+	const record = entry;
+	if (record.accountId && record.accountId !== accountId) return null;
+	const conversationId = normalizeOptionalString(record.conversationId);
+	const parentConversationId = normalizeOptionalString(record.parentConversationId);
+	const targetSessionKey = normalizeOptionalString(record.targetSessionKey) ?? "";
+	if (!conversationId || !targetSessionKey) return null;
+	const boundAt = typeof record.boundAt === "number" && Number.isFinite(record.boundAt) ? Math.floor(record.boundAt) : Date.now();
+	const lastActivityAt = typeof record.lastActivityAt === "number" && Number.isFinite(record.lastActivityAt) ? Math.floor(record.lastActivityAt) : boundAt;
+	return {
+		accountId,
+		conversationId,
+		...parentConversationId ? { parentConversationId } : {},
+		targetKind: record.targetKind === "subagent" ? "subagent" : "acp",
+		targetSessionKey,
+		agentId: normalizeOptionalString(record.agentId) || void 0,
+		label: normalizeOptionalString(record.label) || void 0,
+		boundBy: normalizeOptionalString(record.boundBy) || void 0,
+		boundAt,
+		lastActivityAt: Math.max(lastActivityAt, boundAt),
+		idleTimeoutMs: typeof record.idleTimeoutMs === "number" && Number.isFinite(record.idleTimeoutMs) ? Math.max(0, Math.floor(record.idleTimeoutMs)) : void 0,
+		maxAgeMs: typeof record.maxAgeMs === "number" && Number.isFinite(record.maxAgeMs) ? Math.max(0, Math.floor(record.maxAgeMs)) : void 0
+	};
+}
+async function loadBindingsFromLegacyDisk(filePath, accountId) {
 	const { value } = await readJsonFileWithFallback(filePath, null);
 	if (value?.version !== STORE_VERSION || !Array.isArray(value.bindings)) return [];
 	const loaded = [];
 	for (const entry of value.bindings) {
-		const conversationId = normalizeOptionalString(entry?.conversationId);
-		const parentConversationId = normalizeOptionalString(entry?.parentConversationId);
-		const targetSessionKey = normalizeOptionalString(entry?.targetSessionKey) ?? "";
-		if (!conversationId || !targetSessionKey) continue;
-		const boundAt = typeof entry?.boundAt === "number" && Number.isFinite(entry.boundAt) ? Math.floor(entry.boundAt) : Date.now();
-		const lastActivityAt = typeof entry?.lastActivityAt === "number" && Number.isFinite(entry.lastActivityAt) ? Math.floor(entry.lastActivityAt) : boundAt;
-		loaded.push({
-			accountId,
-			conversationId,
-			...parentConversationId ? { parentConversationId } : {},
-			targetKind: entry?.targetKind === "subagent" ? "subagent" : "acp",
-			targetSessionKey,
-			agentId: normalizeOptionalString(entry?.agentId) || void 0,
-			label: normalizeOptionalString(entry?.label) || void 0,
-			boundBy: normalizeOptionalString(entry?.boundBy) || void 0,
-			boundAt,
-			lastActivityAt: Math.max(lastActivityAt, boundAt),
-			idleTimeoutMs: typeof entry?.idleTimeoutMs === "number" && Number.isFinite(entry.idleTimeoutMs) ? Math.max(0, Math.floor(entry.idleTimeoutMs)) : void 0,
-			maxAgeMs: typeof entry?.maxAgeMs === "number" && Number.isFinite(entry.maxAgeMs) ? Math.max(0, Math.floor(entry.maxAgeMs)) : void 0
-		});
+		const record = normalizeBindingRecord(entry, accountId);
+		if (record) loaded.push(record);
 	}
 	return loaded;
 }
-function toStoredBindingsState(bindings) {
-	return {
-		version: STORE_VERSION,
-		bindings: [...bindings].toSorted((a, b) => a.boundAt - b.boundAt)
-	};
+async function loadBindingsFromPluginState(params) {
+	const store = createThreadBindingStore(params);
+	const loaded = [];
+	for (const entry of await store.entries()) {
+		const record = normalizeBindingRecord(entry.value, params.accountId);
+		if (record) loaded.push(record);
+	}
+	return loaded;
+}
+function toPluginJsonValue(value) {
+	const serialized = JSON.stringify(value);
+	return JSON.parse(serialized);
 }
-async function persistBindingsSnapshot(filePath, bindings) {
-	await writeJsonFileAtomically(filePath, toStoredBindingsState(bindings));
-	claimCurrentTokenStorageState({ rootDir: path.dirname(filePath) });
+async function persistBindingsSnapshot(params) {
+	const store = createThreadBindingStore(params);
+	const liveKeys = new Set(params.bindings.map((record) => buildThreadBindingStoreKey(record)));
+	for (const entry of await store.entries()) if (normalizeBindingRecord(entry.value, params.accountId) && !liveKeys.has(entry.key)) await store.delete(entry.key);
+	for (const record of params.bindings) await store.register(buildThreadBindingStoreKey(record), toPluginJsonValue(record));
 }
 function buildMatrixBindingIntroText(params) {
 	const introText = normalizeOptionalString(params.metadata?.introText);
@@ -94,24 +158,56 @@ async function sendFarewellMessage(params) {
 }
 async function createMatrixThreadBindingManager(params) {
 	if (params.auth.accountId !== params.accountId) throw new Error(`Matrix thread binding account mismatch: requested ${params.accountId}, auth resolved ${params.auth.accountId}`);
-	const filePath = resolveBindingsPath({
+	const legacyFilePath = resolveBindingsPath({
 		auth: params.auth,
 		accountId: params.accountId,
 		env: params.env,
 		stateDir: params.stateDir
 	});
+	const sqliteStateDir = path.dirname(legacyFilePath);
+	const storageKey = resolveMatrixSqliteStateKey({
+		env: params.env,
+		stateDir: sqliteStateDir
+	});
 	const existingEntry = getMatrixThreadBindingManagerEntry(params.accountId);
 	if (existingEntry) {
-		if (existingEntry.filePath === filePath) return existingEntry.manager;
+		if (existingEntry.storageKey === storageKey) return existingEntry.manager;
 		existingEntry.manager.stop();
 	}
-	const loaded = await loadBindingsFromDisk(filePath, params.accountId);
+	const pluginLoaded = await loadBindingsFromPluginState({
+		accountId: params.accountId,
+		env: params.env,
+		stateDir: sqliteStateDir
+	});
+	const migrationStore = createThreadBindingMigrationStore({
+		env: params.env,
+		stateDir: sqliteStateDir
+	});
+	const legacyImportKey = buildLegacyThreadBindingsImportKey({
+		accountId: params.accountId,
+		legacyFilePath
+	});
+	const pluginLoadedKeys = new Set(pluginLoaded.map((record) => buildThreadBindingStoreKey(record)));
+	let legacyHadRows = false;
+	let legacyLoaded = [];
+	if (!await migrationStore.lookup(legacyImportKey)) {
+		const legacyCandidates = await loadBindingsFromLegacyDisk(legacyFilePath, params.accountId);
+		legacyHadRows = legacyCandidates.length > 0;
+		legacyLoaded = legacyCandidates.filter((record) => !pluginLoadedKeys.has(buildThreadBindingStoreKey(record)));
+	}
+	const loaded = [...pluginLoaded, ...legacyLoaded];
 	for (const record of loaded) setBindingRecord(record);
 	let persistQueue = Promise.resolve();
 	const enqueuePersist = (bindings) => {
 		const snapshot = bindings ?? listBindingsForAccount(params.accountId);
 		const next = persistQueue.catch(() => {}).then(async () => {
-			await persistBindingsSnapshot(filePath, snapshot);
+			await persistBindingsSnapshot({
+				accountId: params.accountId,
+				bindings: snapshot,
+				env: params.env,
+				stateDir: sqliteStateDir
+			});
+			claimCurrentTokenStorageState({ rootDir: sqliteStateDir });
 		});
 		persistQueue = next;
 		return next;
@@ -126,6 +222,13 @@ async function createMatrixThreadBindingManager(params) {
 		idleTimeoutMs: params.idleTimeoutMs,
 		maxAgeMs: params.maxAgeMs
 	};
+	if (legacyHadRows) {
+		if (legacyLoaded.length > 0) await persist();
+		await migrationStore.register(legacyImportKey, { importedAt: Date.now() });
+		await fs.rm(legacyFilePath, { force: true }).catch((err) => {
+			params.logVerboseMessage?.(`matrix: failed removing migrated legacy thread bindings account=${params.accountId}: ${String(err)}`);
+		});
+	}
 	let persistTimer = null;
 	const schedulePersist = (delayMs) => {
 		if (persistTimer) return;
@@ -343,10 +446,10 @@ async function createMatrixThreadBindingManager(params) {
 		sweepTimer.unref?.();
 	}
 	setMatrixThreadBindingManagerEntry(params.accountId, {
-		filePath,
+		storageKey,
 		manager
 	});
 	return manager;
 }
 //#endregion
-export { createMatrixThreadBindingManager as t };
+export { resolveMatrixSqliteStateEnv as n, createMatrixThreadBindingManager as t };

package/dist/{tool-actions.runtime-DwbLBrRr.js → tool-actions.runtime-CU79qJ3e.js} RENAMED Viewed

@@ -1,12 +1,12 @@
 import { c as resolveMatrixAccountConfig } from "./config-paths-ZBCMwSos.js";
-import "./setup-core-DOhHYRrZ.js";
-import { E as parsePollStart, T as isPollStartType, b as buildPollResponseContent, i as reactMatrixMessage, u as resolveMatrixRoomId } from "./send-peVVVL75.js";
+import "./setup-core-DRg3cgB8.js";
+import { E as parsePollStart, T as isPollStartType, b as buildPollResponseContent, i as reactMatrixMessage, u as resolveMatrixRoomId } from "./send-DHj1E9ji.js";
 import { i as buildMatrixReactionRelationsPath, o as selectOwnMatrixReactionEventIds, s as summarizeMatrixReactionEvents } from "./reaction-common-DkrQdBSZ.js";
-import { n as withResolvedActionClient, r as withResolvedRoomAction } from "./client-BIBY50VG.js";
-import { a as fetchEventSummary, c as resolveMatrixActionLimit, i as sendMatrixMessage, n as editMatrixMessage, o as readPinnedEvents, r as readMatrixMessages, s as EventType, t as deleteMatrixMessage } from "./messages-CMx2qIs1.js";
-import { a as jsonResult, c as readStringArrayParam, l as readStringParam, o as readPositiveIntegerParam, r as createActionGate, s as readReactionParams } from "./runtime-api-CsF7Kokd.js";
-import { t as applyMatrixProfileUpdate } from "./profile-update-Cl7wAFCq.js";
-import { _ as scanMatrixVerificationQr, a as confirmMatrixVerificationSas, b as verifyMatrixRecoveryKey, c as getMatrixRoomKeyBackupStatus, d as listMatrixVerifications, f as mismatchMatrixVerificationSas, h as restoreMatrixRoomKeyBackup, i as confirmMatrixVerificationReciprocateQr, l as getMatrixVerificationSas, n as bootstrapMatrixVerification, o as generateMatrixVerificationQr, p as requestMatrixVerification, r as cancelMatrixVerification, s as getMatrixEncryptionStatus, t as acceptMatrixVerification, u as getMatrixVerificationStatus, v as startMatrixVerification } from "./verification-BM7g0BeT.js";
+import { n as withResolvedActionClient, r as withResolvedRoomAction } from "./client-D-t6CdHz.js";
+import { a as fetchEventSummary, c as resolveMatrixActionLimit, i as sendMatrixMessage, n as editMatrixMessage, o as readPinnedEvents, r as readMatrixMessages, s as EventType, t as deleteMatrixMessage } from "./messages-D0sumPNx.js";
+import { a as jsonResult, c as readStringArrayParam, l as readStringParam, o as readPositiveIntegerParam, r as createActionGate, s as readReactionParams } from "./runtime-api-CsBoesCU.js";
+import { t as applyMatrixProfileUpdate } from "./profile-update-Defy1W90.js";
+import { _ as scanMatrixVerificationQr, a as confirmMatrixVerificationSas, b as verifyMatrixRecoveryKey, c as getMatrixRoomKeyBackupStatus, d as listMatrixVerifications, f as mismatchMatrixVerificationSas, h as restoreMatrixRoomKeyBackup, i as confirmMatrixVerificationReciprocateQr, l as getMatrixVerificationSas, n as bootstrapMatrixVerification, o as generateMatrixVerificationQr, p as requestMatrixVerification, r as cancelMatrixVerification, s as getMatrixEncryptionStatus, t as acceptMatrixVerification, u as getMatrixVerificationStatus, v as startMatrixVerification } from "./verification-BJfjKMr8.js";
 import { normalizeOptionalLowercaseString, uniqueStrings, uniqueValues } from "openclaw/plugin-sdk/string-coerce-runtime";
 //#region extensions/matrix/src/matrix/actions/polls.ts
 function normalizeOptionIndexes(indexes) {

package/dist/{verification-BM7g0BeT.js → verification-BJfjKMr8.js} RENAMED Viewed

@@ -1,6 +1,6 @@
 import { t as __exportAll } from "./rolldown-runtime-8H4AJuhK.js";
-import { i as withStartedActionClient, n as withResolvedActionClient } from "./client-BIBY50VG.js";
-import { n as formatMatrixEncryptionUnavailableError } from "./encryption-guidance-CU-OAPMg.js";
+import { i as withStartedActionClient, n as withResolvedActionClient } from "./client-D-t6CdHz.js";
+import { n as formatMatrixEncryptionUnavailableError } from "./encryption-guidance-aEUzD940.js";
 import { normalizeOptionalString } from "openclaw/plugin-sdk/string-coerce-runtime";
 import { requireRuntimeConfig } from "openclaw/plugin-sdk/plugin-config-runtime";
 import { setTimeout } from "node:timers/promises";

package/node_modules/@babel/runtime/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@babel/runtime",
-  "version": "7.29.2",
+  "version": "7.29.7",
   "description": "babel's modular runtime helpers",
   "license": "MIT",
   "publishConfig": {

package/node_modules/@matrix-org/matrix-sdk-crypto-nodejs/.node-version CHANGED Viewed

	@@ -1 +1 @@
1	- 22
1	+ 24

package/node_modules/@matrix-org/matrix-sdk-crypto-nodejs/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,37 @@
 # Matrix-Rust-SDK Node.js Bindings
-## UNRELEASED
+## v0.6.0 - 2026-05-18
+-   Update matrix-rust-sdk to 0.17.0
+    -   Check the user ID in the `sender_device_keys` property of Olm-encrypted
+        to-device events to prevent sender spoofing by homeserver owners.
+        [#6553](https://github.com/matrix-org/matrix-rust-sdk/pull/6553)
+    -   **BREAKING:** The `only_allow_trusted_devices` and
+        `error_on_verified_user_problem` fields of the `EncryptionSettings` have
+        been replaced with the `CollectStrategy` enum.
+    -   **BREAKING:** The `ShieldStateCode::SentInClear` enum variant has been
+        removed.
+    -   **BREAKING:** A new `ShieldStateCode::MismatchedSender` enum variant has been
+        added.
+-   Add support for Node.JS 26, and drop support for Node.JS 25. [#76](https://github.com/matrix-org/matrix-rust-sdk-crypto-nodejs/pull/76)
+-   Support Node-API Version 8. [#77](https://github.com/matrix-org/matrix-rust-sdk-crypto-nodejs/pull/77)
+## v0.5.1 - 2026-04-22
+-   Try to fix release script. [#72](https://github.com/matrix-org/matrix-rust-sdk-crypto-nodejs/pull/72)
+## v0.5.0 - 2026-04-20
+-   Support Node.JS 25, drop support for 22. [#68](https://github.com/matrix-org/matrix-rust-sdk-crypto-nodejs/pull/68)
+-   `OlmMachine.bootstrap_cross_signing` now returns the requests required to
+    upload the cross-signing keys to the server. [#67](https://github.com/matrix-org/matrix-rust-sdk-crypto-nodejs/pull/67)
+-   Add new functions `OlmMachine.export_secrets_for_secret_storage` and
+    `OlmMachine.import_secrets_from_secret_storage`, along with associated
+    types, for reading and writing to Secret Storage. [#67](https://github.com/matrix-org/matrix-rust-sdk-crypto-nodejs/pull/67)
+-   Add a new function `OlmMachine.get_device` to get information about a
+    device. [#67](https://github.com/matrix-org/matrix-rust-sdk-crypto-nodejs/pull/67)
 ## v0.4.0 - 2026-01-08

package/node_modules/@matrix-org/matrix-sdk-crypto-nodejs/README.md CHANGED Viewed

@@ -99,10 +99,10 @@ The binding is compatible with, and tested against, the Node.js
 versions that are in “current” or “active” states,
 according to [the Node.js Releases
 Page](https://nodejs.org/en/about/releases/), _and_ which are
-compatible with [NAPI v6 (Node.js
-API)](https://nodejs.org/api/n-api.html#node-api-version-matrix). It
+compatible with [Node-API (formerly N-API)
+v8)](https://nodejs.org/api/n-api.html#node-api-version-matrix). It
 means that this binding will work with the following versions:
-22.0.0 and 24.0.0.
+v24 and v26.
 Once the Rust compiler, Node.js and npm are installed, you can run the
 following commands:

package/node_modules/@matrix-org/matrix-sdk-crypto-nodejs/index.d.ts CHANGED Viewed

@@ -13,6 +13,76 @@ export const enum EncryptionAlgorithm {
   /** Megolm version 1 using AES-256 and SHA-256. */
   MegolmV1AesSha2 = 1
 }
+/**
+ * Strategy to collect the devices that should receive room keys for the
+ * current discussion.
+ */
+export const enum CollectStrategy {
+  /**
+   * Share with all (unblacklisted) devices.
+   *
+   * Not recommended, per the guidance of [MSC4153].
+   *
+   * (Used by Element X and Element Web in the legacy, non-"exclude insecure
+   * devices" mode.)
+   *
+   * [MSC4153]: https://github.com/matrix-org/matrix-doc/pull/4153
+   */
+  AllDevices = 0,
+  /**
+   * Share with all devices, except errors for *verified* users cause sharing
+   * to fail with an error.
+   *
+   * In this strategy, if a verified user has an unsigned device,
+   * key sharing will fail with a
+   * [`SessionRecipientCollectionError::VerifiedUserHasUnsignedDevice`].
+   * If a verified user has replaced their identity, key
+   * sharing will fail with a
+   * [`SessionRecipientCollectionError::VerifiedUserChangedIdentity`].
+   *
+   * Otherwise, keys are shared with unsigned devices as normal.
+   *
+   * Once the problematic devices are blacklisted or whitelisted the
+   * caller can retry to share a second time.
+   *
+   * Not recommended, per the guidance of [MSC4153].
+   *
+   * [MSC4153]: https://github.com/matrix-org/matrix-doc/pull/4153
+   */
+  ErrorOnVerifiedUserProblem = 1,
+  /**
+   * Share based on identity. Only distribute to devices signed by their
+   * owner. If a user has no published identity he will not receive
+   * any room keys.
+   *
+   * This is the recommended strategy: it is compliant with the guidance of
+   * [MSC4153].
+   *
+   * (Used by Element Web and Element X in the "exclude insecure devices"
+   * mode.)
+   *
+   * [MSC4153]: https://github.com/matrix-org/matrix-doc/pull/4153
+   */
+  IdentityBasedStrategy = 2,
+  /**
+   * Only share keys with devices that we "trust". A device is trusted if any
+   * of the following is true:
+   *     - It was manually marked as trusted.
+   *     - It was marked as verified via interactive verification.
+   *     - It is signed by its owner identity, and this identity has been
+   *       trusted via interactive verification.
+   *     - It is the current own device of the user.
+   *
+   * This strategy is compliant with [MSC4153], but is probably too strict
+   * for normal use.
+   *
+   * (Used by Element Web when "only send messages to verified users" is
+   * enabled.)
+   *
+   * [MSC4153]: https://github.com/matrix-org/matrix-doc/pull/4153
+   */
+  OnlyTrustedDevices = 3
+}
 /**
  * Take a look at [`matrix_sdk_common::deserialized_responses::ShieldState`]
  * for more info.
@@ -36,8 +106,11 @@ export const enum ShieldStateCode {
   UnsignedDevice = 2,
   /** The sender hasn't been verified by the Client's user. */
   UnverifiedIdentity = 3,
-  /** An unencrypted event in an encrypted room. */
-  SentInClear = 4,
+  /**
+   * The `sender` field on the event does not match the owner of the device
+   * that established the Megolm session.
+   */
+  MismatchedSender = 4,
   /** The sender was previously verified but changed their identity. */
   VerificationViolation = 5,
   None = 6
@@ -221,6 +294,21 @@ export declare class BackupKeys {
   /** The version that we are using for backups. */
   backupVersion?: string
 }
+/** A device represents a E2EE capable client of an user. */
+export declare class Device {
+  /**
+   * Is this device considered to be verified.
+   *
+   * This method returns true if either the `is_locally_trusted`
+   * method returns `true` or if the `is_cross_signing_trusted`
+   * method returns `true`.
+   */
+  isVerified(): boolean
+  /** Is this device considered to be verified using cross signing. */
+  isCrossSigningTrusted(): boolean
+  /** Is this device cross-signed by its owner? */
+  isCrossSignedByOwner(): boolean
+}
 /**
  * Settings for an encrypted room.
  *
@@ -243,16 +331,10 @@ export declare class EncryptionSettings {
    */
   historyVisibility: HistoryVisibility
   /**
-   * Should untrusted devices receive the room key, or should they be
-   * excluded from the conversation.
+   * The strategy used to distribute the room keys to participant.
+   * Default will send to all devices.
    */
-  onlyAllowTrustedDevices: boolean
-  /**
-   * Should keys be shared with a verified user with an unverified device
-   * or when a verified user has replaced their identity. Otherwise
-   * keys are shared with unsigned devices as normal.
-   */
-  errorOnVerifiedUserProblem: boolean
+  sharingStrategy: CollectStrategy
   /** Create a new `EncryptionSettings` with default values. */
   constructor()
 }
@@ -401,10 +483,15 @@ export declare class OlmMachine {
   /** Get the public parts of our Olm identity keys. */
   get identityKeys(): IdentityKeys
   /**
-   * Handle a to-device and one-time key counts from a sync response.
+   * Handle to-device events and one-time key counts from a sync response.
+   *
+   * This will decrypt and handle to-device events, returning a two-element
+   * array where:
    *
-   * This will decrypt and handle to-device events returning the
-   * decrypted versions of them, as a JSON-encoded string.
+   * * The first element is an array containing the decrypted to-device
+   *   events as JSON-encoded strings.
+   * * The second element is an array containing information about room keys
+   *   received as part of those decrypted to-device events.
    *
    * To decrypt an event from the room timeline, please use
    * `decrypt_room_event`.
@@ -416,6 +503,8 @@ export declare class OlmMachine {
    *   response.
    * * `one_time_keys_count`, the current one-time keys counts that the sync
    *   response returned.
+   * * `unused_fallback_keys`, the list of unused fallback keys the
+   *   homeserver knows about.
    */
   receiveSyncChanges(toDeviceEvents: string, changedDevices: DeviceLists, oneTimeKeyCounts: Record<string, number>, unusedFallbackKeys: Array<string>): Promise<string>
   /**
@@ -527,6 +616,9 @@ export declare class OlmMachine {
    * Create a new cross signing identity and get the upload request
    * to push the new public keys to the server.
    *
+   * Returns the requests that need to be sent to the server to upload the
+   * required keys and signatures.
+   *
    * Warning: This will delete any existing cross signing keys that
    * might exist on the server and thus will reset the trust
    * between all the devices.
@@ -543,7 +635,7 @@ export declare class OlmMachine {
    *   the same request multiple times, setting this argument to false
    *   enables you to reuse the same request.
    */
-  bootstrapCrossSigning(reset: boolean): Promise<void>
+  bootstrapCrossSigning(reset: boolean): Promise<CrossSigningBootstrapRequests>
   /**
    * Sign the given message using our device key and if available
    * cross-signing master key.
@@ -627,6 +719,25 @@ export declare class OlmMachine {
    * `OlmMachine` after this `close` method has been called.
    */
   close(): void
+  /**
+   * Export the client's secrets to store in Secret Storage, encrypted using
+   * the given secret storage key.
+   *
+   * Returns the items to store in account data.
+   *
+   * Currently only exports the cross-signing keys.
+   */
+  exportSecretsForSecretStorage(secretStorageKey: SecretStorageKey): Promise<SecretStorageItems>
+  /**
+   * Import secrets from Secret Storage, and sign the device's key with the
+   * user's self-signing key.
+   *
+   * Returns a signature upload request to upload the signature to the
+   * server.
+   */
+  importSecretsFromSecretStorage(secretStorageKey: SecretStorageKey, items: SecretStorageItems): Promise<SignatureUploadRequest>
+  /** Get information about a device. */
+  getDevice(userId: UserId, deviceId: DeviceId, timeout?: number | undefined | null): Promise<Device | null>
 }
 /**
  * Struct representing the state of our private cross signing keys,
@@ -803,6 +914,25 @@ export declare class KeysBackupRequest {
   /** Get its request type. */
   get type(): RequestType
 }
+/** The requests needed to upload the cross-signing data to the server */
+export declare class CrossSigningBootstrapRequests {
+  /**
+   * The request to upload the device's keys.
+   *
+   * Could be `None` if the device keys have already been uploaded.
+   */
+  readonly uploadKeysReq?: KeysUploadRequest
+  /**
+   * The request to upload the cross-signing keys, as a JSON-encoded string.
+   *
+   * This request does not have a request ID, and `mark_request_as_sent` does
+   * not need to be called for this request, so only the request body is
+   * provided.
+   */
+  readonly uploadSigningKeysReq: string
+  /** The request to upload the cross-signing signatures. */
+  readonly uploadSignaturesReq: SignatureUploadRequest
+}
 /** A decrypted room event. */
 export declare class DecryptedRoomEvent {
   /** The JSON-encoded decrypted event. */
@@ -841,6 +971,56 @@ export declare class DecryptedRoomEvent {
    */
   shieldState(strict: boolean): ShieldState | null
 }
+/** A key for encrypting/decrypting data in secret storage */
+export declare class SecretStorageKey {
+  /** Create a new random [`SecretStorageKey`]. */
+  static createRandomKey(): SecretStorageKey
+  /** Create a new passphrase-based [`SecretStorageKey`]. */
+  static createFromPassphrase(passphrase: string): SecretStorageKey
+  /**
+   * Restore a [`SecretStorageKey`] from the given input and the description
+   * of the key.
+   *
+   * The [`SecretStorageKeyEventContent`] will contain the description of the
+   * [`SecretStorageKey`]. The constructor will check if the provided input
+   * string matches to the description.
+   *
+   * The input can be a passphrase or a Base58 export of the
+   * [`SecretStorageKey`].
+   */
+  static fromAccountData(input: string, eventType: string, content: string): SecretStorageKey
+  /** Export the [`SecretStorageKey`] as a base58-encoded string. */
+  toBase58(): string
+  /**
+   * Encrypt a secret string as a Secret Storage secret.
+   *
+   * Returns the JSON-encoded contents to store in Account Data.
+   */
+  encrypt(plaintext: string, secretName: string): string
+  /**
+   * Decrypt the given Secret Storage item, given as the JSON-encoded
+   * contents.
+   */
+  decrypt(accountDataContentJson: string, secretName: string): string
+  /**
+   * The info about the [`SecretStorageKey`], as an item for storing in
+   * account data.
+   *
+   * Returns a JSON-encoded object.
+   */
+  accountDataContent(): string
+  /** The unique ID of this [`SecretStorageKey`]. */
+  keyId(): string
+  /** The event type of this [`SecretStorageKey`] for storing in account data. */
+  eventType(): string
+}
+/** The account data items containing the secrets, encoded as JSON */
+export declare class SecretStorageItems {
+  masterKey: string
+  userSigningKey: string
+  selfSigningKey: string
+  constructor(items: Record<string, string>)
+}
 /** Information on E2E device updates. */
 export declare class DeviceLists {
   /** Create an empty `DeviceLists`. */

package/node_modules/@matrix-org/matrix-sdk-crypto-nodejs/index.js CHANGED Viewed

@@ -310,7 +310,7 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
-const { Attachment, EncryptedAttachment, BackupDecryptionKey, MegolmV1BackupKey, RoomKeyCounts, BackupKeys, EncryptionAlgorithm, EncryptionSettings, ShieldColor, ShieldStateCode, ShieldState, HistoryVisibility, UserId, DeviceId, DeviceKeyId, DeviceKeyAlgorithm, DeviceKeyAlgorithmName, RoomId, ServerName, StoreType, OlmMachine, CrossSigningStatus, KeysUploadRequest, KeysQueryRequest, KeysClaimRequest, ToDeviceRequest, SignatureUploadRequest, RoomMessageRequest, KeysBackupRequest, RequestType, DecryptedRoomEvent, DeviceLists, Signatures, Signature, MaybeSignature, SignatureVerification, SignatureState, Ed25519PublicKey, Ed25519Signature, Curve25519PublicKey, IdentityKeys, Versions, getVersions } = nativeBinding
+const { Attachment, EncryptedAttachment, BackupDecryptionKey, MegolmV1BackupKey, RoomKeyCounts, BackupKeys, Device, EncryptionAlgorithm, EncryptionSettings, CollectStrategy, ShieldColor, ShieldStateCode, ShieldState, HistoryVisibility, UserId, DeviceId, DeviceKeyId, DeviceKeyAlgorithm, DeviceKeyAlgorithmName, RoomId, ServerName, StoreType, OlmMachine, CrossSigningStatus, KeysUploadRequest, KeysQueryRequest, KeysClaimRequest, ToDeviceRequest, SignatureUploadRequest, RoomMessageRequest, KeysBackupRequest, RequestType, CrossSigningBootstrapRequests, DecryptedRoomEvent, SecretStorageKey, SecretStorageItems, DeviceLists, Signatures, Signature, MaybeSignature, SignatureVerification, SignatureState, Ed25519PublicKey, Ed25519Signature, Curve25519PublicKey, IdentityKeys, Versions, getVersions } = nativeBinding
 module.exports.Attachment = Attachment
 module.exports.EncryptedAttachment = EncryptedAttachment
@@ -318,8 +318,10 @@ module.exports.BackupDecryptionKey = BackupDecryptionKey
 module.exports.MegolmV1BackupKey = MegolmV1BackupKey
 module.exports.RoomKeyCounts = RoomKeyCounts
 module.exports.BackupKeys = BackupKeys
+module.exports.Device = Device
 module.exports.EncryptionAlgorithm = EncryptionAlgorithm
 module.exports.EncryptionSettings = EncryptionSettings
+module.exports.CollectStrategy = CollectStrategy
 module.exports.ShieldColor = ShieldColor
 module.exports.ShieldStateCode = ShieldStateCode
 module.exports.ShieldState = ShieldState
@@ -342,7 +344,10 @@ module.exports.SignatureUploadRequest = SignatureUploadRequest
 module.exports.RoomMessageRequest = RoomMessageRequest
 module.exports.KeysBackupRequest = KeysBackupRequest
 module.exports.RequestType = RequestType
+module.exports.CrossSigningBootstrapRequests = CrossSigningBootstrapRequests
 module.exports.DecryptedRoomEvent = DecryptedRoomEvent
+module.exports.SecretStorageKey = SecretStorageKey
+module.exports.SecretStorageItems = SecretStorageItems
 module.exports.DeviceLists = DeviceLists
 module.exports.Signatures = Signatures
 module.exports.Signature = Signature