fix(matrix): fix E2EE SSSS bootstrap for passwordless token-auth bots (#66228)

Merged via squash. Prepared head SHA: c62cebf7c3 Co-authored-by: SARAMALI15792 <140950904+SARAMALI15792@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-05-06 16:20:43 +00:00 · 2026-04-15 20:48:29 +05:00
parent 568df95736
commit b2753fd0de
6 changed files with 114 additions and 19 deletions
--- a/docs/channels/matrix.md
+++ b/docs/channels/matrix.md
@@ -613,7 +613,8 @@ if you want a shorter or longer retry window.
 Startup also performs a conservative crypto bootstrap pass automatically.
 That pass tries to reuse the current secret storage and cross-signing identity first, and avoids resetting cross-signing unless you run an explicit bootstrap repair flow.

-If startup finds broken bootstrap state and `channels.matrix.password` is configured, OpenClaw can attempt a stricter repair path.
+If startup still finds broken bootstrap state, OpenClaw can attempt a guarded repair path even when `channels.matrix.password` is not configured.
+If the homeserver requires password-based UIA for that repair, OpenClaw logs a warning and keeps startup non-fatal instead of aborting the bot.
 If the current device is already owner-signed, OpenClaw preserves that identity instead of resetting it automatically.

 See [Matrix migration](/install/migrating-matrix) for the full upgrade flow, limits, recovery commands, and common migration messages.