diff --git a/.story_kit/work/1_upcoming/263_story_matrix_bot_self_signs_device_keys_at_startup_for_verified_encryption.md b/.story_kit/work/1_upcoming/263_story_matrix_bot_self_signs_device_keys_at_startup_for_verified_encryption.md
new file mode 100644
index 0000000..0f8d6f4
--- /dev/null
+++ b/.story_kit/work/1_upcoming/263_story_matrix_bot_self_signs_device_keys_at_startup_for_verified_encryption.md
@@ -0,0 +1,20 @@
+---
+name: "Matrix bot self-signs device keys at startup for verified encryption"
+---
+
+# Story 263: Matrix bot self-signs device keys at startup for verified encryption
+
+## User Story
+
+As a Matrix room participant, I want the bot's messages to not show "encrypted by a device not verified by its owner" warnings, so that I have confidence the bot's encryption is fully verified.
+
+## Acceptance Criteria
+
+- [ ] At startup the bot checks whether its own device keys have been self-signed (cross-signed by its own user identity)
+- [ ] If the device keys are not self-signed, the bot signs them automatically
+- [ ] After signing, the bot uploads the new signatures to the homeserver
+- [ ] After a clean start (fresh matrix_store / device_id) the bot's messages no longer show the 'encrypted by a device not verified by its owner' warning
+
+## Out of Scope
+
+- TBD