feat: Update policy server implementation to be closer to stable MSC4284 #1487

Open

nex wants to merge 13 commits from nex/feat/policy-servers-2-electric-boogaloo into main

pull from: nex/feat/policy-servers-2-electric-boogaloo

merge into: continuwuation:main

continuwuation:main

continuwuation:renovate/https-github.com-actions-setup-node-digest

continuwuation:renovate/rust-zerover-patch-updates

continuwuation:renovate/https-github.com-taiki-e-install-action-digest

continuwuation:renovate/reqwest-0.x

continuwuation:aranje/illegal-car-mods

continuwuation:ginger/ruma-upstreaming

continuwuation:renovate/serde_html_form-0.x

continuwuation:renovate/rand_core-0.x

continuwuation:jade/changelog-labels

continuwuation:nex/fix/v12-publishing

continuwuation:jade/build-info

continuwuation:jade/purge-sync-tokens

continuwuation:ginger/terms-and-conditions

continuwuation:ginger/remove-sliding-sync-proxy

continuwuation:nex/fix/pusher-association

continuwuation:ginger/email-support

continuwuation:jade/community-guidelines

continuwuation:nex/fix/federation-format

continuwuation:jade/git-deps-updates

continuwuation:jade/changelog-check

continuwuation:jade/rust-1-92

continuwuation:ginger/password-reset

continuwuation:nex/experiment/push-gateway-logs

continuwuation:ginger/msc3575-obliteration

continuwuation:nex/feat/block-busted-rooms

continuwuation:nex/fix/informative-startup-errs

continuwuation:ginger/no-left-room-initial-sync

continuwuation:jade/docker-entrypoint

continuwuation:jade/dehydrated-devices

continuwuation:ginger/complement-fixes

continuwuation:nex/fix/stale-destination-cache

continuwuation:nex/experiment/sync-mutex

continuwuation:tcpipuk/docker-docs

continuwuation:jade/snafu

continuwuation:jade/rand-update

continuwuation:nex/stateres-refactor

continuwuation:ginger/779-in-troubleshooting

continuwuation:jade/liveit-guide

continuwuation:jade/http3

continuwuation:nex/feat/admin-hide-empty-rooms

continuwuation:ginger/oobe

continuwuation:nex/fix/debian-thingy

continuwuation:jade/ldap-admin-check

continuwuation:nex/fix/remote-restricted-joins

continuwuation:nex/feat/msc4406-sender-ignored

continuwuation:jade/deadlock-detection

continuwuation:nex/feat/room-shutdown

continuwuation:jade/get-started

continuwuation:jade/docs-guide

continuwuation:ginger/fix-local-invites

continuwuation:nex/fix/tpi

continuwuation:nex/feat/room-deletion

continuwuation:nex/feat/msc4322-media-redaction

continuwuation:ginger/stitched-order

continuwuation:ginger/deps/update-rspress

continuwuation:jade/admin-announce-improvements

continuwuation:ginger/xtask-improvements

continuwuation:jade/improve-admin-config-display

continuwuation:nex/fix/better-stateres-error-logs

continuwuation:jade/sender-timeouts

continuwuation:nex/feat/custom-v12-room-ids

continuwuation:ginger/update-metadata

continuwuation:nex/feat/admin-force-logout

continuwuation:tom/max-perf-docs

continuwuation:nex/fix/invalid-appservice-reg

continuwuation:nex/feat/antispam

continuwuation:nex/feat/account-locking

continuwuation:jade/logging-cleanup

continuwuation:jade/remove-legacy-appservice-auth

continuwuation:nex/fix/key-query

continuwuation:jade/update-prek

continuwuation:nex/fix/room-summaries

continuwuation:ginger/restrict-admin-commands

continuwuation:ginger/enable-console-by-default

continuwuation:jade/tag-fixes

continuwuation:jade/otlp

continuwuation:nex/meta/pull-req-template

continuwuation:nex/fix/fed-invite-compliance

continuwuation:nex/feat/build-commit

continuwuation:nex/feat/join-logging

continuwuation:jade/mailmap-updates

continuwuation:jade/hack-ci-tmp

continuwuation:jade/v12-stable

continuwuation:jade/relations

continuwuation:ginger/database-refactor

continuwuation:jade/fix-ldap-uiaa

continuwuation:nex/fix/validation

continuwuation:ginger/nuke-invalid-msc4133-fields-in-migration

continuwuation:ginger/downgrade-artifact-actions

continuwuation:oddlid/reload-fix

continuwuation:jade/fix-assert

continuwuation:ginger/sync-v3-cleanup

continuwuation:ginger/remove-absolute-action-urls

continuwuation:jade/website

continuwuation:nex/fix/backoff

continuwuation:ginger/fix-mdbook-for-0.5

continuwuation:ginger/no-docker-on-prs

continuwuation:backport/v0.5.0-rc.8-1

continuwuation:nex/fed-improvements

continuwuation:jade/rust-1.90

continuwuation:jade/mirror-dockerhub

continuwuation:jade/clippy-fixes

continuwuation:jade/fix-support

continuwuation:jade/clean-images

continuwuation:jade/wal-compression-type

continuwuation:jade/flake-clone

continuwuation:ginger/upload-rpms-on-schedule

continuwuation:nex/fix/incoming-fetch

continuwuation:nex/fix/upgrade

continuwuation:tom/ci-fedora-rpm

continuwuation:jade/ci-release-fix

continuwuation:jade/rocksdb-10-5

continuwuation:ginger/fix-msc4133-migration

continuwuation:ginger/migrate-busted-tz

continuwuation:hydra/public

continuwuation:nex/feat/manual-extremities

continuwuation:nex/feat/async-media

continuwuation:nex/feat/fast-joins-hack-do-not-use-DO-NOT-USE

continuwuation:nex/feat/better-logging

continuwuation:trigger-ci-so-latest-isnt-on-illegal-car-mods

continuwuation:nex/feat/pins-backfill

continuwuation:jade/tuwunel-2025-06-old

continuwuation:jade/ai-slop-db-docs

continuwuation:nex/fix-create-auth

continuwuation:jade/version-stats

continuwuation:jade/read-receipts

continuwuation:jade/rust-toolchain-no-targets

continuwuation:jade/logging-features

continuwuation:jade/syncv5-typing

continuwuation:jade/msc2815

continuwuation:morguldir/see-eye

continuwuation:jade/css-small-screen

continuwuation:nex/wip-751

continuwuation:tuwunel-rebase

continuwuation:test

continuwuation:oddlid/rename-admin-room-bot

continuwuation:strawberry/nix-ci-stuff

continuwuation:strawberry/valgrind

continuwuation:phonemain

continuwuation:strawberry/morgs-snake-sync-jason-main

continuwuation:newer-media-endpoints

continuwuation:folly-coroutines-async-io

continuwuation:federation-retry-timer-port

continuwuation:bad-attempt-at-extracting-homeserver-signing-key

continuwuation:room-deletion-attempt-do-not-use

Conversation 4 Commits 13 Files changed 10 +350 -248

nex commented 2026-03-04 05:39:46 +00:00

Owner

Copy link

This pull request updates the MSC4284 policy server implementation to better match the now stabilised MSC.

Related Synapse pull request: https://github.com/element-hq/synapse/pull/19503

• Update m.room.policy schema
• Update event type to support both stable and unstable types
• Drop legacy check endpoint
• Verify policy server signatures when checking
• Fall back to fetching a fresh signature if one is not attached to an event

Will also add:

• Support for advertising /.well-known/matrix/policy_server
• Support for the stable and unstable endpoints, hopefully with some built-in checks (for example to enforce DAG "correctness") and/or the option to pass through to another service

Pull request checklist:

• This pull request targets the main branch, and the branch is named something other than
  main.
• I have written an appropriate pull request title and my description is clear.
• I understand I am responsible for the contents of this pull request.
• I have followed the contributing guidelines:
  • My contribution follows the code style, if applicable.
  • I ran pre-commit checks before opening/drafting this pull request.
  • I have tested my contribution (or proof-read it for documentation-only changes)
    myself, if applicable. This includes ensuring code compiles.
  • My commit messages follow the commit message format and are descriptive.
  • I have written a news fragment for this PR, if applicable.

This pull request updates the [MSC4284](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) policy server implementation to better match the now stabilised MSC. Related Synapse pull request: https://github.com/element-hq/synapse/pull/19503 - [x] Update `m.room.policy` schema - [x] Update event type to support both stable and unstable types - [x] Drop legacy check endpoint - [x] Verify policy server signatures when checking - [x] Fall back to fetching a fresh signature if one is not attached to an event ~~Will also add:~~ - ~~Support for advertising `/.well-known/matrix/policy_server`~~ - ~~Support for the stable and unstable endpoints, hopefully with some built-in checks (for example to enforce DAG "correctness") and/or the option to pass through to another service~~ **Pull request checklist:** <!-- You need to complete these before your PR can be considered. If you aren't sure about some, feel free to ask for clarification in #dev:continuwuity.org. --> - [x] This pull request targets the `main` branch, and the branch is named something other than `main`. - [x] I have written an appropriate pull request title and my description is clear. - [x] I understand I am responsible for the contents of this pull request. - I have followed the [contributing guidelines][c1]: - [x] My contribution follows the [code style][c2], if applicable. - [x] I ran [pre-commit checks][c1pc] before opening/drafting this pull request. - [x] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes) myself, if applicable. This includes ensuring code compiles. - [x] My commit messages follow the [commit message format][c1cm] and are descriptive. - [x] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->. <!-- Notes on these requirements: - While not required, we encourage you to sign your commits with GPG or SSH to attest the authenticity of your changes. - While we allow LLM-assisted contributions, we do not appreciate contributions that are low quality, which is typical of machine-generated contributions that have not had a lot of love and care from a human. Please do not open a PR if all you have done is asked ChatGPT to tidy up the codebase with a +-100,000 diff. - In the case of code style violations, reviewers may leave review comments/change requests indicating what the ideal change would look like. For example, a reviewer may suggest you lower a log level, or use `match` instead of `if/else` etc. - In the case of code style violations, pre-commit check failures, minor things like typos/spelling errors, and in some cases commit format violations, reviewers may modify your branch directly, typically by making changes and adding a commit. Particularly in the latter case, a reviewer may rebase your commits to squash "spammy" ones (like "fix", "fix", "actually fix"), and reword commit messages that don't satisfy the format. - Pull requests MUST pass the `Checks` CI workflows to be capable of being merged. This can only be bypassed in exceptional circumstances. If your CI flakes, let us know in matrix:r/dev:continuwuity.org. - Pull requests have to be based on the latest `main` commit before being merged. If the main branch changes while you're making your changes, you should make sure you rebase on main before opening a PR. Your branch will be rebased on main before it is merged if it has fallen behind. - We typically only do fast-forward merges, so your entire commit log will be included. Once in main, it's difficult to get out cleanly, so put on your best dress, smile for the cameras! --> [c1]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md [c2]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/docs/development/code_style.mdx [c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks [c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally [c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages [n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments

nex added the

Enhancement

Matrix/Federation

Matrix/MSC

Matrix/T&S

labels 2026-03-04 05:39:46 +00:00

nex self-assigned this 2026-03-04 05:39:46 +00:00

nex added 2 commits 2026-03-04 05:39:46 +00:00

chore: Bump ruwuma to update PS definitions b133955582

feat: Update policy server implementation to be closer to stable MSC4284 ... 6f103939df

Untested

nex added a new dependency 2026-03-04 05:40:42 +00:00

continuwuation/ruwuma#49 - WIP: Update room policy server definitions

nex added 1 commit 2026-03-04 05:42:22 +00:00

chore: Add news fragment 6c96945b0a

nex changed title from feat: Update policy server implementation to be closer to stable MSC4284 to WIP: feat: Update policy server implementation to be closer to stable MSC4284 2026-03-04 05:43:47 +00:00

nex added the due date 2026-06-01 2026-03-04 05:47:21 +00:00

nex force-pushed nex/feat/policy-servers-2-electric-boogaloo from 6c96945b0a to 02ab2daa57 2026-03-21 17:15:26 +00:00 Compare

nex added 1 commit 2026-03-21 18:27:24 +00:00

feat: Support stable policy servers 9ebafaaabc

nex commented 2026-04-02 15:08:28 +00:00

Author

Owner

Copy link

Gonna drop the well-known and inline support from this PR to reduce the scope and get it merged sooner. Will probably add later.

Gonna drop the well-known and inline support from this PR to reduce the scope and get it merged sooner. Will probably add later.

nex force-pushed nex/feat/policy-servers-2-electric-boogaloo from 9ebafaaabc to 77e769d3e1 2026-04-02 15:11:19 +00:00 Compare

nex added 1 commit 2026-04-02 15:21:14 +00:00

chore: Remove config options related to policy servers ... 6d0f8fc4e2

Since they are signature based now they can't really be ignored

nex added 2 commits 2026-04-02 15:34:00 +00:00

style: Resolve clippy lints f8ccaefe9a

style: Use ok() instead of map_or() fc21b0bab2

nex commented 2026-04-02 15:35:02 +00:00

Author

Owner

Copy link

Now we get to see if I did signature verification correctly! :D

Now we get to see if I did signature verification correctly! :D

nex added 1 commit 2026-04-02 15:40:23 +00:00

style: How is the formatter indecisive af3fbc5562

nex added 3 commits 2026-04-02 16:17:44 +00:00

fix: Pass through returned errors correctly 6589a4e922

fix: Bump ruwuma to fix policy server deserialisation 2eae993717

style: Adjust log levels 4623119282

nex changed title from WIP: feat: Update policy server implementation to be closer to stable MSC4284 to feat: Update policy server implementation to be closer to stable MSC4284 2026-04-02 16:19:36 +00:00

nex requested review from Owners 2026-04-02 16:19:42 +00:00

nex added 1 commit 2026-04-02 17:01:50 +00:00

style: Make verify_policy_signature less verbose b4128b5813

nex commented 2026-04-02 17:02:28 +00:00

Author

Owner

Copy link

I have no idea why the incoming event PS signatures won't validate

2026-04-02T17:00:25.245820Z DEBUG process_inbound_transaction{id="1775063909736" origin="starstruck.systems"}:policy_server_allows_event{room_id="!1jgDwjy7xL5JvjnaDkeZVfzW-RNHa5PausrxYBckJ90" room_version=V12 incoming=true}: conduwuit_service::rooms::event_handler::policy_server: Policy server signature verification failed error=Verification error: Could not verify signature: signature error: Verification equation was not satisfied
2026-04-02T17:00:25.245840Z DEBUG process_inbound_transaction{id="1775063909736" origin="starstruck.systems"}:policy_server_allows_event{room_id="!1jgDwjy7xL5JvjnaDkeZVfzW-RNHa5PausrxYBckJ90" room_version=V12 incoming=true}: conduwuit_service::rooms::event_handler::policy_server: Event is incoming but does not have a valid policy server signature; asking policy server to sign it now via=corellia.timedout.uk

This is using practically the same routine as regular events are verified with

I have no idea why the incoming event PS signatures won't validate ``` 2026-04-02T17:00:25.245820Z DEBUG process_inbound_transaction{id="1775063909736" origin="starstruck.systems"}:policy_server_allows_event{room_id="!1jgDwjy7xL5JvjnaDkeZVfzW-RNHa5PausrxYBckJ90" room_version=V12 incoming=true}: conduwuit_service::rooms::event_handler::policy_server: Policy server signature verification failed error=Verification error: Could not verify signature: signature error: Verification equation was not satisfied 2026-04-02T17:00:25.245840Z DEBUG process_inbound_transaction{id="1775063909736" origin="starstruck.systems"}:policy_server_allows_event{room_id="!1jgDwjy7xL5JvjnaDkeZVfzW-RNHa5PausrxYBckJ90" room_version=V12 incoming=true}: conduwuit_service::rooms::event_handler::policy_server: Event is incoming but does not have a valid policy server signature; asking policy server to sign it now via=corellia.timedout.uk ``` This is using practically the same routine as regular events are verified with

nex commented 2026-04-02 17:09:43 +00:00

Author

Owner

Copy link

2026-04-02T17:09:27.395036Z TRACE process_inbound_transaction{id="1775063910144" origin="starstruck.systems"}:policy_server_allows_event{room_id="!1jgDwjy7xL5JvjnaDkeZVfzW-RNHa5PausrxYBckJ90" room_version=V12 incoming=true}: conduwuit_service::rooms::event_handler::policy_server: Verifying policy server signature signature=rV7GL02dqbVvC6reX5jQmomJoHEASzWB6rvzh6Myu5rjaV6zClwbHH4r00+2ybpXkO0H7iqAd3dsT9U1f28ZBA
2026-04-02T17:09:27.395148Z DEBUG process_inbound_transaction{id="1775063910144" origin="starstruck.systems"}:policy_server_allows_event{room_id="!1jgDwjy7xL5JvjnaDkeZVfzW-RNHa5PausrxYBckJ90" room_version=V12 incoming=true}: conduwuit_service::rooms::event_handler::policy_server: Policy server signature verification failed error=Verification error: Could not verify signature: signature error: Verification equation was not satisfied

whatever, problem for later

``` 2026-04-02T17:09:27.395036Z TRACE process_inbound_transaction{id="1775063910144" origin="starstruck.systems"}:policy_server_allows_event{room_id="!1jgDwjy7xL5JvjnaDkeZVfzW-RNHa5PausrxYBckJ90" room_version=V12 incoming=true}: conduwuit_service::rooms::event_handler::policy_server: Verifying policy server signature signature=rV7GL02dqbVvC6reX5jQmomJoHEASzWB6rvzh6Myu5rjaV6zClwbHH4r00+2ybpXkO0H7iqAd3dsT9U1f28ZBA 2026-04-02T17:09:27.395148Z DEBUG process_inbound_transaction{id="1775063910144" origin="starstruck.systems"}:policy_server_allows_event{room_id="!1jgDwjy7xL5JvjnaDkeZVfzW-RNHa5PausrxYBckJ90" room_version=V12 incoming=true}: conduwuit_service::rooms::event_handler::policy_server: Policy server signature verification failed error=Verification error: Could not verify signature: signature error: Verification equation was not satisfied ``` whatever, problem for later

nex referenced this pull request 2026-04-19 18:07:28 +00:00

WIP: refactor: Switch to upstream Ruma #1656

Some checks failed

Hide all checks

Check Changelog / Check for changelog (pull_request_target) Successful in 10s

Details

Documentation / Build and Deploy Documentation (pull_request) Successful in 1m22s

Details

Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 3m1s

Required

Details

Update flake hashes / update-flake-hashes (pull_request) Successful in 56s

Details

Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 25m4s

Required

Details

This pull request has changes conflicting with the target branch.

• Cargo.lock
• Cargo.toml
• src/service/Cargo.toml

View command line instructions

Manual merge helper

Use this merge commit message when completing the merge manually.

Merge commit title Merge pull request 'feat: Update policy server implementation to be closer to stable MSC4284' (#1487) from nex/feat/policy-servers-2-electric-boogaloo into main

Merge commit body Reviewed-on: https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1487

Merge pull request 'feat: Update policy server implementation to be closer to stable MSC4284' (#1487) from nex/feat/policy-servers-2-electric-boogaloo into main Reviewed-on: https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1487 Copy merge commit message

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin nex/feat/policy-servers-2-electric-boogaloo:nex/feat/policy-servers-2-electric-boogaloo

git switch nex/feat/policy-servers-2-electric-boogaloo

Sign in to join this conversation.

Reviewers

No reviewers

continuwuation/Owners

Labels

Clear labels   

Blocked

This pull request or issue is currently blocked from being merged/closed

  

Bug

Something isn't working as intended

  

Changelog

Added

Changelog entry added

  

Changelog

Missing

No changelog when one is needed

  

Changelog

None

Changelog is unnecesary for this change

  

Cherry-picking

Commits picked from other conduit projects

  

Database

This requires or includes changes to the database

  

Dependencies

Something dependency related

  

Dependencies/Renovate

Automatic dependency upgrades by Renovate

  

Difficulty

Easy

Low difficulty to implement - touches few parts of the codebase, low complexity

  

Difficulty

Hard

High difficulty to implement - touches many parts of the codebase, high complexity

  

Difficulty

Medium

Medium difficulty to implement - touches more parts of the codebase, higher complexity

  

Documentation

Improvements or additions to documentation

  

Enhancement

New feature or request

  

Good first issue

Good for newcomers

  

Help wanted

Additional eyes and keyboards are required for this one

  

Inherited

Issues that have been inhereted from the project pre-fork

  

Matrix/Administration

Features pertaining to homeserver administration

  

Matrix/Appservices

Features pertaining to the appservice API

  

Matrix/Auth

Features pertaining to authentication

  

Matrix/Client

Features pertaining to client-to-server interactions

  

Matrix/Core

Issues relating to core matrix functionality, such as state resolution and PDU formats

  

Matrix/E2EE

Issues related to end to end encryption

  

Matrix/Federation

Features pertaining to server-to-server interactions

  

Matrix/Hydra

Issues related to room version 12 and related changes (temporary label)

  

Matrix/MSC

Features pertaining to unstable matrix features

  

Matrix/Media

Features pertaining to media interactions

  

Matrix/T&S

Changes or issues related to trust & safety tooling

  

Merge

This PR is ready to be merged

  

Merge/Manual

This PR should be manually merged

  

Merge/Squash

This PR should be squashed when it is merged

  

Meta

Related to housekeeping, maintenance, or other repo-meta.

  

Meta/CI

Issues related to CI changes

  

Meta/Packaging

Packaging

  

Priority

Blocking

This issue is blocking the next release

  

Priority

High

This issue is very important

  

Priority

Low

This issue is of a rather low priority

  

Security

This item is related to general security

  

Status

Confirmed

This issue has enough information and is confirmed

  

Status

Duplicate

This issue or pull request already exists

  

Status

Invalid

This issue doesn't seem right

  

Status

Needs Investigation

This issue needs further investigation

  

Support

Questions or support requests

  

Wont fix

This will not be worked on

  

old/ci/cd

Ci/CD

Archived

  

old/rust

Pull requests that update Rust code

Archived

No labels

Blocked

Bug

Changelog

Added

Changelog

Missing

Changelog

None

Cherry-picking

Database

Dependencies

Dependencies/Renovate

Difficulty

Easy

Difficulty

Hard

Difficulty

Medium

Documentation

Enhancement

Good first issue

Help wanted

Inherited

Matrix/Administration

Matrix/Appservices

Matrix/Auth

Matrix/Client

Matrix/Core

Matrix/E2EE

Matrix/Federation

Matrix/Hydra

Matrix/MSC

Matrix/Media

Matrix/T&S

Merge

Merge/Manual

Merge/Squash

Meta

Meta/CI

Meta/Packaging

Priority

Blocking

Priority

High

Priority

Low

Security

Status

Confirmed

Status

Duplicate

Status

Invalid

Status

Needs Investigation

Support

Wont fix

old/ci/cd

old/rust

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

nex

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

2026-06-01

Depends on

#49 WIP: Update room policy server definitions

continuwuation/ruwuma

Reference

continuwuation/continuwuity!1487

No description provided.