WIP: feat: Update policy server implementation to be closer to stable MSC4284 #1487

Draft

nex wants to merge 3 commits from nex/feat/policy-servers-2-electric-boogaloo into main

pull from: nex/feat/policy-servers-2-electric-boogaloo

merge into: continuwuation:main

continuwuation:main

continuwuation:renovate/recaptcha-verify-0.x

continuwuation:renovate/rand_core-0.x

continuwuation:renovate/rust-patch-updates

continuwuation:nex/fix/informative-startup-errs

continuwuation:aranje/illegal-car-mods

continuwuation:ginger/password-reset

continuwuation:ginger/no-left-room-initial-sync

continuwuation:jade/docker-entrypoint

continuwuation:jade/dehydrated-devices

continuwuation:ginger/complement-fixes

continuwuation:nex/fix/stale-destination-cache

continuwuation:nex/experiment/sync-mutex

continuwuation:tcpipuk/docker-docs

continuwuation:jade/snafu

continuwuation:renovate/serde_html_form-0.x

continuwuation:jade/rand-update

continuwuation:renovate/reqwest-0.x

continuwuation:nex/stateres-refactor

continuwuation:ginger/779-in-troubleshooting

continuwuation:jade/liveit-guide

continuwuation:jade/http3

continuwuation:nex/feat/admin-hide-empty-rooms

continuwuation:ginger/oobe

continuwuation:nex/fix/debian-thingy

continuwuation:jade/ldap-admin-check

continuwuation:nex/fix/remote-restricted-joins

continuwuation:nex/feat/msc4406-sender-ignored

continuwuation:jade/deadlock-detection

continuwuation:nex/feat/room-shutdown

continuwuation:jade/get-started

continuwuation:jade/docs-guide

continuwuation:ginger/fix-local-invites

continuwuation:nex/fix/tpi

continuwuation:nex/feat/room-deletion

continuwuation:nex/feat/msc4322-media-redaction

continuwuation:ginger/stitched-order

continuwuation:jade/build-info

continuwuation:ginger/deps/update-rspress

continuwuation:jade/admin-announce-improvements

continuwuation:ginger/xtask-improvements

continuwuation:jade/improve-admin-config-display

continuwuation:nex/fix/better-stateres-error-logs

continuwuation:jade/sender-timeouts

continuwuation:nex/feat/custom-v12-room-ids

continuwuation:ginger/update-metadata

continuwuation:nex/feat/admin-force-logout

continuwuation:tom/max-perf-docs

continuwuation:nex/fix/invalid-appservice-reg

continuwuation:nex/feat/antispam

continuwuation:nex/feat/account-locking

continuwuation:jade/logging-cleanup

continuwuation:jade/remove-legacy-appservice-auth

continuwuation:nex/fix/key-query

continuwuation:jade/update-prek

continuwuation:nex/fix/room-summaries

continuwuation:ginger/restrict-admin-commands

continuwuation:ginger/enable-console-by-default

continuwuation:jade/tag-fixes

continuwuation:jade/otlp

continuwuation:nex/meta/pull-req-template

continuwuation:nex/fix/fed-invite-compliance

continuwuation:nex/feat/build-commit

continuwuation:nex/feat/join-logging

continuwuation:jade/mailmap-updates

continuwuation:jade/hack-ci-tmp

continuwuation:jade/v12-stable

continuwuation:jade/relations

continuwuation:ginger/database-refactor

continuwuation:jade/fix-ldap-uiaa

continuwuation:nex/fix/validation

continuwuation:ginger/nuke-invalid-msc4133-fields-in-migration

continuwuation:ginger/downgrade-artifact-actions

continuwuation:oddlid/reload-fix

continuwuation:jade/fix-assert

continuwuation:ginger/sync-v3-cleanup

continuwuation:ginger/remove-absolute-action-urls

continuwuation:jade/website

continuwuation:nex/fix/backoff

continuwuation:ginger/fix-mdbook-for-0.5

continuwuation:ginger/no-docker-on-prs

continuwuation:backport/v0.5.0-rc.8-1

continuwuation:nex/fed-improvements

continuwuation:jade/rust-1.90

continuwuation:jade/mirror-dockerhub

continuwuation:jade/clippy-fixes

continuwuation:jade/fix-support

continuwuation:jade/clean-images

continuwuation:jade/wal-compression-type

continuwuation:jade/flake-clone

continuwuation:ginger/upload-rpms-on-schedule

continuwuation:nex/fix/incoming-fetch

continuwuation:nex/fix/upgrade

continuwuation:tom/ci-fedora-rpm

continuwuation:jade/ci-release-fix

continuwuation:jade/rocksdb-10-5

continuwuation:ginger/fix-msc4133-migration

continuwuation:ginger/migrate-busted-tz

continuwuation:hydra/public

continuwuation:nex/feat/manual-extremities

continuwuation:nex/feat/async-media

continuwuation:nex/feat/fast-joins-hack-do-not-use-DO-NOT-USE

continuwuation:nex/feat/better-logging

continuwuation:trigger-ci-so-latest-isnt-on-illegal-car-mods

continuwuation:nex/feat/pins-backfill

continuwuation:jade/tuwunel-2025-06-old

continuwuation:jade/ai-slop-db-docs

continuwuation:nex/fix-create-auth

continuwuation:jade/version-stats

continuwuation:jade/read-receipts

continuwuation:jade/rust-toolchain-no-targets

continuwuation:jade/logging-features

continuwuation:jade/syncv5-typing

continuwuation:jade/msc2815

continuwuation:jade/purge-sync-tokens

continuwuation:morguldir/see-eye

continuwuation:jade/css-small-screen

continuwuation:nex/wip-751

continuwuation:tuwunel-rebase

continuwuation:test

continuwuation:oddlid/rename-admin-room-bot

continuwuation:strawberry/nix-ci-stuff

continuwuation:strawberry/valgrind

continuwuation:phonemain

continuwuation:strawberry/morgs-snake-sync-jason-main

continuwuation:newer-media-endpoints

continuwuation:folly-coroutines-async-io

continuwuation:federation-retry-timer-port

continuwuation:bad-attempt-at-extracting-homeserver-signing-key

continuwuation:room-deletion-attempt-do-not-use

Conversation 0 Commits 3 Files changed 8 +245 -174

nex commented 2026-03-04 05:39:46 +00:00

Owner

Copy link

This pull request updates the MSC4284 policy server implementation to better match the now stabilised MSC.

Related Synapse pull request: https://github.com/element-hq/synapse/pull/19503

• Update m.room.policy schema
• Update event type to support both stable and unstable types
• Drop legacy check endpoint
• Verify policy server signatures when checking
• Fall back to fetching a fresh signature if one is not attached to an event

Will also add:

• Support for advertising /.well-known/matrix/policy_server
• Support for the stable and unstable endpoints, hopefully with some built-in checks (for example to enforce DAG "correctness") and/or the option to pass through to another service

Pull request checklist:

• This pull request targets the main branch, and the branch is named something other than
  main.
• I have written an appropriate pull request title and my description is clear.
• I understand I am responsible for the contents of this pull request.
• I have followed the contributing guidelines:
  • My contribution follows the code style, if applicable.
  • I ran pre-commit checks before opening/drafting this pull request.
  • I have tested my contribution (or proof-read it for documentation-only changes)
    myself, if applicable. This includes ensuring code compiles.
  • My commit messages follow the commit message format and are descriptive.
  • I have written a news fragment for this PR, if applicable.

This pull request updates the [MSC4284](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) policy server implementation to better match the now stabilised MSC. Related Synapse pull request: https://github.com/element-hq/synapse/pull/19503 - [x] Update `m.room.policy` schema - [ ] Update event type to support both stable and unstable types - [x] Drop legacy check endpoint - [x] Verify policy server signatures when checking - [x] Fall back to fetching a fresh signature if one is not attached to an event Will also add: - [ ] Support for advertising `/.well-known/matrix/policy_server` - [ ] Support for the stable and unstable endpoints, hopefully with some built-in checks (for example to enforce DAG "correctness") and/or the option to pass through to another service **Pull request checklist:** <!-- You need to complete these before your PR can be considered. If you aren't sure about some, feel free to ask for clarification in #dev:continuwuity.org. --> - [x] This pull request targets the `main` branch, and the branch is named something other than `main`. - [x] I have written an appropriate pull request title and my description is clear. - [x] I understand I am responsible for the contents of this pull request. - I have followed the [contributing guidelines][c1]: - [x] My contribution follows the [code style][c2], if applicable. - [x] I ran [pre-commit checks][c1pc] before opening/drafting this pull request. - [ ] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes) myself, if applicable. This includes ensuring code compiles. - [x] My commit messages follow the [commit message format][c1cm] and are descriptive. - [x] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->. <!-- Notes on these requirements: - While not required, we encourage you to sign your commits with GPG or SSH to attest the authenticity of your changes. - While we allow LLM-assisted contributions, we do not appreciate contributions that are low quality, which is typical of machine-generated contributions that have not had a lot of love and care from a human. Please do not open a PR if all you have done is asked ChatGPT to tidy up the codebase with a +-100,000 diff. - In the case of code style violations, reviewers may leave review comments/change requests indicating what the ideal change would look like. For example, a reviewer may suggest you lower a log level, or use `match` instead of `if/else` etc. - In the case of code style violations, pre-commit check failures, minor things like typos/spelling errors, and in some cases commit format violations, reviewers may modify your branch directly, typically by making changes and adding a commit. Particularly in the latter case, a reviewer may rebase your commits to squash "spammy" ones (like "fix", "fix", "actually fix"), and reword commit messages that don't satisfy the format. - Pull requests MUST pass the `Checks` CI workflows to be capable of being merged. This can only be bypassed in exceptional circumstances. If your CI flakes, let us know in matrix:r/dev:continuwuity.org. - Pull requests have to be based on the latest `main` commit before being merged. If the main branch changes while you're making your changes, you should make sure you rebase on main before opening a PR. Your branch will be rebased on main before it is merged if it has fallen behind. - We typically only do fast-forward merges, so your entire commit log will be included. Once in main, it's difficult to get out cleanly, so put on your best dress, smile for the cameras! --> [c1]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md [c2]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/docs/development/code_style.mdx [c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks [c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally [c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages [n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments

nex added the

Enhancement

Matrix/Federation

Matrix/MSC

Matrix/T&S

labels 2026-03-04 05:39:46 +00:00

nex self-assigned this 2026-03-04 05:39:46 +00:00

nex added 2 commits 2026-03-04 05:39:46 +00:00

chore: Bump ruwuma to update PS definitions b133955582

feat: Update policy server implementation to be closer to stable MSC4284 ... 6f103939df

Untested

nex added a new dependency 2026-03-04 05:40:42 +00:00

continuwuation/ruwuma#49 - Update room policy server definitions

nex added 1 commit 2026-03-04 05:42:22 +00:00

chore: Add news fragment 6c96945b0a

nex changed title from feat: Update policy server implementation to be closer to stable MSC4284 to WIP: feat: Update policy server implementation to be closer to stable MSC4284 2026-03-04 05:43:47 +00:00

nex added the due date 2026-06-01 2026-03-04 05:47:21 +00:00

Some checks failed

Hide all checks

Documentation / Build and Deploy Documentation (pull_request) Successful in 4m5s

Details

Update flake hashes / update-flake-hashes (pull_request) Successful in 45s

Details

Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 7m25s

Required

Details

Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 1h0m0s

Required

Details

This pull request is marked as a work in progress.

This branch is out-of-date with the base branch

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin nex/feat/policy-servers-2-electric-boogaloo:nex/feat/policy-servers-2-electric-boogaloo

git switch nex/feat/policy-servers-2-electric-boogaloo

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

Blocked

This pull request or issue is currently blocked from being merged/closed

  

Bug

Something isn't working as intended

  

Cherry-picking

Commits picked from other conduit projects

  

Database

This requires or includes changes to the database

  

Dependencies

Something dependency related

  

Dependencies/Renovate

Automatic dependency upgrades by Renovate

  

Difficulty

Easy

Low difficulty to implement - touches few parts of the codebase, low complexity

  

Difficulty

Hard

High difficulty to implement - touches many parts of the codebase, high complexity

  

Difficulty

Medium

Medium difficulty to implement - touches more parts of the codebase, higher complexity

  

Documentation

Improvements or additions to documentation

  

Enhancement

New feature or request

  

Good first issue

Good for newcomers

  

Help wanted

Additional eyes and keyboards are required for this one

  

Inherited

Issues that have been inhereted from the project pre-fork

  

Matrix/Administration

Features pertaining to homeserver administration

  

Matrix/Appservices

Features pertaining to the appservice API

  

Matrix/Auth

Features pertaining to authentication

  

Matrix/Client

Features pertaining to client-to-server interactions

  

Matrix/Core

Issues relating to core matrix functionality, such as state resolution and PDU formats

  

Matrix/E2EE

  

Matrix/Federation

Features pertaining to server-to-server interactions

  

Matrix/Hydra

Issues related to room version 12 and related changes (temporary label)

  

Matrix/MSC

Features pertaining to unstable matrix features

  

Matrix/Media

Features pertaining to media interactions

  

Matrix/T&S

Changes or issues related to trust & safety tooling

  

Meta

Related to housekeeping, maintenance, or other repo-meta.

  

Meta/CI

Issues related to CI changes

  

Meta/Packaging

Packaging

  

Priority

Blocking

This issue is blocking the next release

  

Priority

High

This issue is very important

  

Priority

Low

This issue is of a rather low priority

  

Security

This item is related to general security

  

Status

Confirmed

This issue has enough information and is confirmed

  

Status

Duplicate

This issue or pull request already exists

  

Status

Invalid

This issue doesn't seem right

  

Status

Needs Investigation

This issue needs further investigation

  

Support

Questions or support requests

  

To-Merge

  

Wont fix

This will not be worked on

  

old/ci/cd

Ci/CD

Archived

  

old/rust

Pull requests that update Rust code

Archived

No labels

Blocked

Bug

Cherry-picking

Database

Dependencies

Dependencies/Renovate

Difficulty

Easy

Difficulty

Hard

Difficulty

Medium

Documentation

Enhancement

Good first issue

Help wanted

Inherited

Matrix/Administration

Matrix/Appservices

Matrix/Auth

Matrix/Client

Matrix/Core

Matrix/E2EE

Matrix/Federation

Matrix/Hydra

Matrix/MSC

Matrix/Media

Matrix/T&S

Meta

Meta/CI

Meta/Packaging

Priority

Blocking

Priority

High

Priority

Low

Security

Status

Confirmed

Status

Duplicate

Status

Invalid

Status

Needs Investigation

Support

To-Merge

Wont fix

old/ci/cd

old/rust

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

nex

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

2026-06-01

Depends on

#49 Update room policy server definitions

continuwuation/ruwuma

Reference

continuwuation/continuwuity!1487

No description provided.