mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-17 04:31:55 +00:00
d497387cec
Without this, every Matrix bot started under hermes-agent shows the "Encrypted by a device not verified by its owner" badge in Element indefinitely, because the cross-signing chain (master → SSK → device) was never published. Operators currently have to write their own bootstrap script and remember to run it once per bot — and it's easy to get wrong (the obvious base64.b64encode().decode() produces padded keyids that matrix-rust-sdk silently rejects in /keys/query, so even correctly-signed keys fail to load identity in Element). mautrix already has the right primitive: generate_recovery_key() does the full flow — generate seeds, upload privates to SSSS, publish publics to the homeserver, sign the current device with the new SSK, and return the human-readable recovery key. We invoke it once on startup if the bot has no existing cross-signing identity, and log the recovery key with a clear instruction to save it for future restarts via MATRIX_RECOVERY_KEY (which the existing recovery-key path already consumes). Skipped when MATRIX_RECOVERY_KEY is set (existing path takes over) or when the bot already has cross-signing keys on the homeserver (get_own_cross_signing_public_keys returns non-None). Bootstrap failure is non-fatal — logged with hint about UIA; the bot continues without cross-signing and Element will show the warning that prompted this PR. That matches the existing soft-fail pattern for verify_with_recovery_key. Tested against Continuwuity 0.5.7 (no UIA required). Synapse with UIA enabled will need a follow-up PR to thread MATRIX_PASSWORD through to /keys/device_signing/upload. |
||
|---|---|---|
| .. | ||
| qqbot | ||
| __init__.py | ||
| ADDING_A_PLATFORM.md | ||
| api_server.py | ||
| base.py | ||
| bluebubbles.py | ||
| dingtalk.py | ||
| discord.py | ||
| email.py | ||
| feishu.py | ||
| feishu_comment.py | ||
| feishu_comment_rules.py | ||
| helpers.py | ||
| homeassistant.py | ||
| matrix.py | ||
| mattermost.py | ||
| signal.py | ||
| slack.py | ||
| sms.py | ||
| telegram.py | ||
| telegram_network.py | ||
| webhook.py | ||
| wecom.py | ||
| wecom_callback.py | ||
| wecom_crypto.py | ||
| weixin.py | ||
| whatsapp.py | ||
| yuanbao.py | ||
| yuanbao_media.py | ||
| yuanbao_proto.py | ||
| yuanbao_sticker.py | ||