Skip to content

fix(matrix-bridge): sweep all 8 deferred audit findings#20

Merged
replicas-connector[bot] merged 1 commit into
mainfrom
fix/matrix-deferred-sweep
May 30, 2026
Merged

fix(matrix-bridge): sweep all 8 deferred audit findings#20
replicas-connector[bot] merged 1 commit into
mainfrom
fix/matrix-deferred-sweep

Conversation

@replicas-connector

Copy link
Copy Markdown
Contributor

Summary

Closes out every deferred-with-rationale item from the three audit rounds tonight (commit 2313473, PR #18, PR #19). All 8 now have a real code fix.

Round 1 (correctness/lifecycle) — 4 items

#1. pending-decrypt:* prune cron — listener alarm now runs a 30-min periodic prune that drops queue entries older than 7 days and deletes empty queues. Bounds long-term DO storage growth from sessions whose forwarders went offline before responding.

#2. seen:* KV race redesign — dispatch dedupe was using KV's eventual read-modify-write, letting two concurrent reads both see "absent" and both proceed. New /dedup-claim endpoint on MatrixListener wraps the check + write in blockConcurrencyWhile for genuine put-if-absent semantics. Periodic prune handles cleanup (1h TTL); KV fallback preserved if the listener DO is unreachable.

#3. /admin/listener/reload-keys endpoint — clears the in-memory cachedKeys + cachedCurve25519 so the operator can rotate Megolm session keys (MATRIX_MEGOLM_KEYS_JSON) without a full redeploy.

#4. parsePlan hijack tightening — only accept Plan(d/t) headers BEFORE any tool calls and before any prior plan has been parsed. Prevents a confused/adversarial agent from overwriting in-progress view by emitting Plan (5/5) mid-turn to fake completion.

Round 2 (security/spec/integration) — 4 items

#5. m.forwarded_room_key validation — vault now tags captured Megolm keys as forwarded vs live; listener checks key-request:* prefix to confirm we previously asked for the (room, session). If not, calls new vault /keystore-delete to evict the unsolicited key. Closes the "any Olm-paired sender can plant Megolm keys for any room" hole.

#6. usage:org KV race — routed through OlmVault singleton DO via new /usage-bump (atomic write) and /usage-read (read) endpoints. Concurrent Done frames across rooms can no longer drop entries via read-modify-write race.

#7. Olm session cap bump — was .slice(-8), now .slice(-32). Verified multi-device senders rotate fast enough that 8 was occasionally dropping legitimate live sessions. Evictions are now logged so the operator can spot pathological churn.

#8. /admin/recover-room missing-senderKey warning — surface bridges that strip the outer sender_key field (m.room_key_request routing degrades to * when missing, may not land on the originating device).

Validation

  • npm run typecheck
  • npm test ✅ 102/102 tests pass
  • Deployed (94631766-f1ea-4535-af48-1ac6a72b1ab2)

Rolling tally tonight: 19 findings · 19 shipped · 0 deferred.

Test plan

  • Typecheck clean
  • All tests pass
  • Deploy succeeds
  • After merge: confirm /admin/listener/reload-keys clears in-memory caches
  • After merge: confirm normal dispatch path still works (DO RPC adds ~10ms)
  • Watch tail for [olm-vault] evicted unsolicited forwarded key — any hits warrant investigation of the forwarding device

Created by Jaden (jadengarza@pm.me) with Replicas
Workspace  ·  Slack Thread

@capy-ai

capy-ai Bot commented May 30, 2026

Copy link
Copy Markdown
Contributor

Capy auto-review is paused for this organization because the monthly auto-review limit has been reached. Increase the limit or turn it off in billing settings to resume automatic reviews.

Closes out the deferred-with-rationale items from rounds 1–3 (commits
2313473, PR #18, PR #19). Every item now has a real code fix.

**Round 1 (correctness/lifecycle) — 4 items**

#1. pending-decrypt:* prune cron — listener alarm now runs a 30-min
periodic prune that drops queue entries older than 7 days and deletes
empty queues. Bounds long-term DO storage growth from sessions whose
forwarders went offline before responding.

#2. seen:* KV race redesign — dispatch dedupe was using KV's eventual
read-modify-write, letting two concurrent reads both see "absent" and
both proceed. New /dedup-claim endpoint on MatrixListener wraps the
check + write in blockConcurrencyWhile for genuine put-if-absent
semantics. Periodic prune handles cleanup (1h TTL); KV fallback
preserved for the case where the listener DO is unreachable.

#3. /admin/listener/reload-keys endpoint — clears the in-memory
cachedKeys + cachedCurve25519 so the operator can rotate Megolm
session keys (MATRIX_MEGOLM_KEYS_JSON) without a full redeploy.

#4. parsePlan hijack tightening — only accept Plan(d/t) headers
BEFORE any tool calls and before any prior plan has been parsed.
Prevents a confused/adversarial agent from overwriting in-progress
view by emitting `Plan (5/5)` mid-turn to fake completion.

**Round 2 (security/spec/integration) — 4 items**

#5. m.forwarded_room_key validation — vault now tags captured Megolm
keys as `forwarded` vs `live`; listener checks `key-request:*`
prefix to confirm we previously asked for the (room, session). If
not, calls new vault `/keystore-delete` to evict the unsolicited
key. Closes the "any Olm-paired sender can plant Megolm keys for any
room" hole.

#6. usage:org KV race — routed through OlmVault singleton DO via
new /usage-bump (write, atomic) and /usage-read (read) endpoints.
Concurrent Done frames across rooms can no longer drop entries via
read-modify-write race.

#7. Olm session cap bump — was .slice(-8), now .slice(-32). Verified
multi-device senders rotate fast enough that 8 was occasionally
dropping legitimate live sessions. Evictions are now logged so the
operator can spot pathological churn.

#8. /admin/recover-room missing-senderKey warning — surface bridges
that strip the outer sender_key field (m.room_key_request routing
degrades to `*` when missing, may not land on the originating device).

Typecheck clean. 102/102 tests pass.

Rolling tally tonight: 19 findings · 19 shipped · 0 deferred.

Co-Authored-By: itsablabla <itsablabla@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@replicas-connector replicas-connector Bot force-pushed the fix/matrix-deferred-sweep branch from 42ee90b to c763afd Compare May 30, 2026 16:41
@replicas-connector replicas-connector Bot merged commit a1d23a0 into main May 30, 2026
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants