story-kit: start 194_story_enable_matrix_e2ee_with_cross_signing_verification_on_bot
This commit is contained in:
Dave
@@ -0,0 +1,23 @@
|
||||
---
|
||||
name: "Enable Matrix E2EE with cross-signing verification on bot"
|
||||
---
|
||||
|
||||
# Story 194: Enable Matrix E2EE with cross-signing verification on bot
|
||||
|
||||
## User Story
|
||||
|
||||
As a project operator, I want the Matrix bot to verify message senders cryptographically via E2EE cross-signing, so that a compromised Conduit server cannot spoof allowed users and execute commands through the bot.
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
- [ ] Enable `e2e-encryption` feature on `matrix-sdk` in workspace Cargo.toml
|
||||
- [ ] Bot persists crypto state (device keys, cross-signing keys) in the existing SQLite store at `.story_kit/matrix_store/`
|
||||
- [ ] Bot rejects messages from unverified devices in encrypted rooms
|
||||
- [ ] Bot logs a clear warning when it receives a message from an unverified device
|
||||
- [ ] One-time cross-signing verification flow works between an Element client and the bot (e.g. emoji SAS)
|
||||
- [ ] Add `require_verified_devices` boolean to `bot.toml` config (default: false) so E2EE verification can be opted into without breaking existing setups
|
||||
- [ ] Existing plaintext-room behavior is preserved when `require_verified_devices = false`
|
||||
|
||||
## Out of Scope
|
||||
|
||||
- TBD
|
||||
Reference in New Issue
Block a user