From b5d825356ecae876b8ad5d7c0686bd0ec164c0d2 Mon Sep 17 00:00:00 2001
From: dave <futurechimp@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:40:40 +0000
Subject: [PATCH] storkit: create
 456_bug_matrix_bot_ignores_in_room_verification_requests_from_element

---
 ...room_verification_requests_from_element.md | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 .storkit/work/1_backlog/456_bug_matrix_bot_ignores_in_room_verification_requests_from_element.md

diff --git a/.storkit/work/1_backlog/456_bug_matrix_bot_ignores_in_room_verification_requests_from_element.md b/.storkit/work/1_backlog/456_bug_matrix_bot_ignores_in_room_verification_requests_from_element.md
new file mode 100644
index 00000000..9bce55b5
--- /dev/null
+++ b/.storkit/work/1_backlog/456_bug_matrix_bot_ignores_in_room_verification_requests_from_element.md
@@ -0,0 +1,29 @@
+---
+name: "Matrix bot ignores in-room verification requests from Element"
+---
+
+# Bug 456: Matrix bot ignores in-room verification requests from Element
+
+## Description
+
+The Matrix bot (Sally) only registers a handler for to-device verification events (`ToDeviceKeyVerificationRequestEvent`). Modern Element clients use in-room verification (`m.key.verification.request` as a room message event) by default. When a user initiates "Start Verification" from Element, the request is sent as a room event and the bot never sees it — nothing appears in the bot logs and the verification flow hangs indefinitely. As a result, Sally's device remains unverified (Big Red Dot), and if Element has "never send to unverified sessions" enabled, it will not share Megolm room keys with Sally's device, making her deaf to all encrypted room messages.
+
+## How to Reproduce
+
+1. Run the storkit Matrix bot (Sally) in a room with E2EE enabled. 2. In Element, open the room member list, click Sally's device, and press "Start Verification". 3. Watch the bot logs: grep for "verif\|Incoming".
+
+## Actual Result
+
+Nothing appears in the bot logs. The verification flow hangs in Element and eventually times out. Sally's device remains unverified. If Element is set to encrypt only to verified sessions, Sally cannot decrypt any messages in the room.
+
+## Expected Result
+
+The bot receives the in-room verification request, accepts it, drives the SAS emoji flow to completion, and logs "Verification with @user completed successfully!". Sally's device shows as verified in Element.
+
+## Acceptance Criteria
+
+- [ ] Bot registers an in-room verification event handler for m.key.verification.request room events (in addition to the existing to-device handler)
+- [ ] When Element initiates 'Start Verification' from the device list, the bot logs 'Incoming verification request from ...'
+- [ ] The SAS emoji flow completes: bot logs the emoji string, confirms, and logs 'Verification ... completed successfully!'
+- [ ] Sally's device shows as verified (no Big Red Dot) in Element after the flow completes
+- [ ] Existing to-device verification handler is preserved for clients that use the older flow