From 2bfd808a83116bd888e3e2633a61473fa2ed81b6 Mon Sep 17 00:00:00 2001 From: Gustavo Madeira Santana Date: Wed, 15 Apr 2026 14:08:43 -0400 Subject: [PATCH] fix(matrix): skip pairing-store reads for room auth (#67325) Merged via squash. Prepared head SHA: 121ff3b38c6121838450e55cb48061b06527c6bf Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras --- CHANGELOG.md | 1 + extensions/matrix/src/matrix/monitor/handler.test.ts | 4 +++- extensions/matrix/src/matrix/monitor/handler.ts | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 120e1df27d1..35fde7c2477 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ Docs: https://docs.openclaw.ai - Plugins/bundled channels: partition bundled channel lazy caches by active bundled root so `OPENCLAW_BUNDLED_PLUGINS_DIR` flips stop reusing stale plugin, setup, secrets, and runtime state. (#67200) Thanks @gumadeiras. - Packaging/plugins: prune common test/spec cargo from bundled plugin runtime dependencies and fail npm release validation if packaged test cargo reappears, keeping published tarballs leaner without plugin-specific special cases. (#67275) thanks @gumadeiras. - Agents/context + Memory: trim default startup/skills prompt budgets, cap `memory_get` excerpts by default with explicit continuation metadata, and keep QMD reads aligned with the same bounded excerpt contract so long sessions pull less context by default without losing deterministic follow-up reads. +- Matrix/commands: skip DM pairing-store reads on room traffic now that room control-command authorization ignores pairing-store entries, keeping the room path narrower without changing room auth behavior. (#67325) Thanks @gumadeiras. ## 2026.4.15-beta.1 diff --git a/extensions/matrix/src/matrix/monitor/handler.test.ts b/extensions/matrix/src/matrix/monitor/handler.test.ts index 9599c87008d..2cc1da533b5 100644 --- a/extensions/matrix/src/matrix/monitor/handler.test.ts +++ b/extensions/matrix/src/matrix/monitor/handler.test.ts @@ -446,10 +446,11 @@ describe("matrix monitor handler pairing account scope", () => { }); it("blocks room control commands from DM-only paired senders", async () => { + const readAllowFromStore = vi.fn(async () => ["@user:example.org"]); const { handler, finalizeInboundContext, recordInboundSession } = createMatrixHandlerTestHarness({ isDirectMessage: false, - readAllowFromStore: vi.fn(async () => ["@user:example.org"]), + readAllowFromStore, roomsConfig: { "!room:example.org": { requireMention: false }, }, @@ -473,6 +474,7 @@ describe("matrix monitor handler pairing account scope", () => { expect(recordInboundSession).not.toHaveBeenCalled(); expect(finalizeInboundContext).not.toHaveBeenCalled(); + expect(readAllowFromStore).not.toHaveBeenCalled(); }); it("processes room messages mentioned via displayName in formatted_body", async () => { diff --git a/extensions/matrix/src/matrix/monitor/handler.ts b/extensions/matrix/src/matrix/monitor/handler.ts index c711aa7b1b9..68b13e4d069 100644 --- a/extensions/matrix/src/matrix/monitor/handler.ts +++ b/extensions/matrix/src/matrix/monitor/handler.ts @@ -586,7 +586,7 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam senderNamePromise ??= getMemberDisplayName(roomId, senderId).catch(() => senderId); return await senderNamePromise; }; - const storeAllowFrom = await readStoreAllowFrom(); + const storeAllowFrom = isDirectMessage ? await readStoreAllowFrom() : []; const roomUsers = roomConfig?.users ?? []; const accessState = resolveMatrixMonitorAccessState({ allowFrom,