fix(matrix): make auto_accept_invites configurable, default to false#711
Open
Reaster0 wants to merge 1 commit intoRightNow-AI:mainfrom
Open
fix(matrix): make auto_accept_invites configurable, default to false#711Reaster0 wants to merge 1 commit intoRightNow-AI:mainfrom
Reaster0 wants to merge 1 commit intoRightNow-AI:mainfrom
Conversation
MatrixAdapter hardcoded `auto_accept_invites: true`, meaning any Matrix-connected instance would blindly join every room it was invited to. This is a security concern for public-facing homeservers — a malicious user could invite the bot into an arbitrary room and interact with the agent without the operator's consent. Changes: - Add `auto_accept_invites: bool` to `MatrixConfig` in openfang-types, with `#[serde(default)]` defaulting to `false`. - Thread the field through `MatrixAdapter::new()` instead of hardcoding. - Wire it in `channel_bridge.rs` from `mx_config.auto_accept_invites`. - Update tests to pass the new parameter. Operators who want the old behaviour can set: ```toml [channels.matrix] auto_accept_invites = true ``` Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
jaberjaber23
approved these changes
Mar 19, 2026
Member
jaberjaber23
left a comment
jaberjaber23
left a comment
There was a problem hiding this comment.
Clean, minimal, security-positive change. Threads auto_accept_invites from config through channel_bridge to MatrixAdapter correctly. Default false is the right secure-by-default posture. Call chain verified complete. Tests updated.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
MatrixAdapterhardcodedauto_accept_invites: true, meaning any Matrix-connected instance would blindly join every room it was invited toMatrixConfig, so operators had no way to disable itChanges
auto_accept_invites: booltoMatrixConfig(openfang-types), with#[serde(default)]defaulting tofalseMatrixAdapter::new()instead of hardcodingtruechannel_bridge.rsfrommx_config.auto_accept_invitesMigration
Breaking change in default behavior: existing setups that relied on auto-accept will need to explicitly opt in:
Test plan
cargo build --workspace --libcompilescargo test --workspacepasses (3 updated test call sites inmatrix.rs)auto_accept_invites = false(default) — invite the bot to a room, verify it does not joinauto_accept_invites = true— invite again, verify auto-join worksallowed_roomsfiltering still applies when auto-accept is enabled🤖 Generated with Claude Code