Skip to content

MSC4311: Ensuring the create event is available on invites#4311

Merged
turt2live merged 17 commits into
mainfrom
travis/msc/create-invite-pdu
Sep 5, 2025
Merged

MSC4311: Ensuring the create event is available on invites#4311
turt2live merged 17 commits into
mainfrom
travis/msc/create-invite-pdu

Conversation

@turt2live

@turt2live turt2live commented Jul 11, 2025

Copy link
Copy Markdown
Member

Rendered

Disclosure: I am Director of Standards Development at The Matrix.org Foundation C.I.C., Matrix Spec Core Team (SCT) member, employed by Element, and operate the t2bot.io service. This proposal is written and published with my role as a member of the SCT.

Dependencies:


SCT Stuff:

FCP tickyboxes

MSC checklist

@turt2live turt2live changed the title MSC: Ensuring the create event is available on invites and knocks MSC4311: Ensuring the create event is available on invites and knocks Jul 11, 2025
@turt2live turt2live added proposal A matrix spec change proposal. Process state. A-Federation Server-to-Server API (federation) A-Client Server Client-Server API kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Jul 11, 2025
@github-project-automation github-project-automation Bot moved this to Tracking for review in Spec Core Team Workflow Jul 11, 2025
@turt2live turt2live moved this from Tracking for review to Ready for general review in Spec Core Team Workflow Jul 11, 2025
@turt2live turt2live marked this pull request as ready for review July 11, 2025 22:58

@turt2live turt2live Jul 11, 2025

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation requirements:

  • Server (returning stripped state)
  • Server (receiving stripped state) - See comment below
  • Client (receiving stripped state)

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Meowlnir (client/bot replacing room ID parsing with creator parsing in invite antispam): maunium/meowlnir@eeccd4a

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though servers haven't actually added the validation on the stripped state yet, per the migration section of the MSC, no one has indicated that it's a nightmare to do so. I'm inclined to consider that "implementation" for the purposes of starting FCP, but welcome (particularly SCT) opinions on whether that's valid.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This MSC now requires all stripped state events to be PDUs over federation. I believe element-hq/synapse#18822 and matrix-org/complement#796 demonstrate it's not impossible, even if the code itself is bad.

Comment thread proposals/4311-stripped-state-create-event.md
Comment thread proposals/4311-stripped-state-create-event.md Outdated
Comment thread proposals/4311-stripped-state-create-event.md Outdated
Comment thread proposals/4311-stripped-state-create-event.md Outdated
@turt2live

turt2live commented Aug 8, 2025

Copy link
Copy Markdown
Member Author

MSCs proposed for Final Comment Period (FCP) should meet the requirements outlined in the checklist prior to being accepted into the spec. This checklist is a bit long, but aims to reduce the number of follow-on MSCs after a feature lands.

SCT members: please check off things you check for, and raise a concern against FCP if the checklist is incomplete. If an item doesn't apply, prefer to check it rather than remove it. Unchecking items is encouraged where applicable.

Checklist:

  • Are appropriate implementation(s) specified in the MSC’s PR description?
  • Are all MSCs that this MSC depends on already accepted?
  • For each new endpoint that is introduced:
    • Have authentication requirements been specified?
    • Have rate-limiting requirements been specified?
    • Have guest access requirements been specified?
    • Are error responses specified?
      • Does each error case have a specified errcode (e.g. M_FORBIDDEN) and HTTP status code?
        • If a new errcode is introduced, is it clear that it is new?
  • Will the MSC require a new room version, and if so, has that been made clear?
    • Is the reason for a new room version clearly stated? For example, modifying the set of redacted fields changes how event IDs are calculated, thus requiring a new room version.
  • Are backwards-compatibility concerns appropriately addressed?
  • Are the endpoint conventions honoured?
    • Do HTTP endpoints use_underscores_like_this?
    • Will the endpoint return unbounded data? If so, has pagination been considered?
    • If the endpoint utilises pagination, is it consistent with the appendices?
  • An introduction exists and clearly outlines the problem being solved. Ideally, the first paragraph should be understandable by a non-technical audience.
  • All outstanding threads are resolved
    • All feedback is incorporated into the proposal text itself, either as a fix or noted as an alternative
  • While the exact sections do not need to be present, the details implied by the proposal template are covered. Namely:
    • Introduction
    • Proposal text
    • Potential issues
    • Alternatives
    • Dependencies
  • Stable identifiers are used throughout the proposal, except for the unstable prefix section
    • Unstable prefixes consider the awkward accepted-but-not-merged state
    • Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).
  • Changes have applicable Sign Off from all authors/editors/contributors
  • There is a dedicated "Security Considerations" section which detail any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.". See RFC3552 for things to think about, but in particular pay attention to the OWASP Top Ten.

@turt2live

Copy link
Copy Markdown
Member Author

Though I've just pushed a refactor of this MSC, the vast majority has had healthy discussion prior and appears to have settled and should therefore be ready for FCP. There's an open question on the implementation requirements, but I hope to at least collect tickyboxes until implementation can be drafted (possibly next week).

@mscbot fcp merge

@clokep

clokep commented Sep 5, 2025

Copy link
Copy Markdown
Member

@mscbot resolve This changes an API in a backwards incompatible manner

@mscbot mscbot removed the unresolved-concerns This proposal has at least one outstanding concern. Process state. label Sep 5, 2025
@turt2live

Copy link
Copy Markdown
Member Author

Concluding FCP now that it's unblocked. Given this MSC has hit a few edge cases in the process, if there are strong objections in the next few days we'll discuss and incorporate into the MSC as needed.

@turt2live turt2live added finished-final-comment-period FCP has finished. Process state. and removed final-comment-period Process state to accept, reject, or postpone an MSC. disposition-merge Process state. labels Sep 5, 2025
@turt2live turt2live merged commit 71cb0bd into main Sep 5, 2025
1 check passed
@turt2live turt2live added spec-pr-missing MSC is accepted, but missing spec PR. Process state. and removed finished-final-comment-period FCP has finished. Process state. labels Sep 5, 2025
@turt2live turt2live moved this from In FCP to Requires spec writing in Spec Core Team Workflow Sep 5, 2025
@turt2live turt2live self-assigned this Sep 5, 2025
@turt2live turt2live deleted the travis/msc/create-invite-pdu branch September 5, 2025 18:02
@turt2live

Copy link
Copy Markdown
Member Author

Spec PR: matrix-org/matrix-spec#2207

@turt2live turt2live added spec-pr-in-review A proposal which has been PR'd against the spec and is in review and removed spec-pr-missing MSC is accepted, but missing spec PR. Process state. labels Sep 8, 2025
@turt2live turt2live moved this from Requires spec writing to Requires spec PR review in Spec Core Team Workflow Sep 8, 2025
@turt2live

Copy link
Copy Markdown
Member Author

Merged 🎉

@turt2live turt2live added merged A proposal whose PR has merged into the spec! Process state. and removed spec-pr-in-review A proposal which has been PR'd against the spec and is in review labels Sep 12, 2025
@turt2live turt2live moved this from Requires spec PR review to Merged in Spec Core Team Workflow Sep 12, 2025
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jul 7, 2026
Tested on NetBSD 10 amd64 with 2026Q2 environment.

# Synapse 1.156.0 (2026-07-07)

## Features

- Expose [MSC4354 Sticky Events](matrix-org/matrix-spec-proposals#4354) over [MSC4186 (Simplified) Sliding Sync](matrix-org/matrix-spec-proposals#4186). ([\#19591](element-hq/synapse#19591))
- Stabilize support for sending ephemeral events to application services, as per [MSC2409](matrix-org/matrix-spec-proposals#2409). Contributed by @jason-famedly @ Famedly. ([\#19758](element-hq/synapse#19758))
- Include `allowed_room_ids` in the `/summary` client-server API response for rooms with restricted join rules, as required by Matrix 1.15.
  Contributed by @FrenchGithubUser @famedly. ([\#19762](element-hq/synapse#19762))
- [MSC4140: Cancellable delayed events](matrix-org/matrix-spec-proposals#4140): Allow authentication on delayed event management endpoints (such as `/restart`) to bypass ratelimits for unauthenticated requests based on the client IP address. ([\#19794](element-hq/synapse#19794))
- Add new metric `synapse_non_deactivated_user_count` which tracks the number of non-deactivated users in the database, split by `app_service`. ([\#19848](element-hq/synapse#19848))
- The `GET /_matrix/client/unstable/org.matrix.msc1763/retention/configuration` endpoint is now provided when retention
  is enabled and `experimental_features.msc1763_enabled` is enabled, based on
  [MSC1763](matrix-org/matrix-spec-proposals#1763). ([\#19853](element-hq/synapse#19853))
- Add experimental support for [MSC4491: Invite reasons in room creation](matrix-org/matrix-spec-proposals#4491). ([\#19874](element-hq/synapse#19874))


# Synapse 1.155.0 (2026-06-16)


# Synapse 1.154.0 (2026-06-04)

## Features

- Add support for [MSC4452: Preview URL capabilities API](matrix-org/matrix-spec-proposals#4452) which exposes a `io.element.msc4452.preview_url` capability.
  If `experimental_features.msc4452_enabled` is `true`, the `/_matrix/(client/v1/media|media/v3)/preview_url` endpoint
  now responds with a 403 status code when the capability is disabled. ([\#19715](element-hq/synapse#19715))


# Synapse 1.153.0 (2026-05-19)

## Features

- Make ACLs apply to EDUs per [MSC4163](matrix-org/matrix-spec-proposals#4163). ([\#18475](element-hq/synapse#18475))
- Stabilize [MSC3266: Room summary API](matrix-org/matrix-spec-proposals#3266), removing the experimental config flag `msc3266_enabled`. Contributed by @dasha-uwu. ([\#19720](element-hq/synapse#19720))
- Partial [MSC4311](matrix-org/matrix-spec-proposals#4311) implementation: `m.room.create` is now a required part of stripped `invite_state`/`knock_state` . Contributed by @FrenchGithubUser @famedly. ([\#19722](element-hq/synapse#19722))
- Expose `tombstoned` and `replacement_room` in room details on admin API endpoint `GET /_synapse/admin/v1/rooms/<room_id>`. Contributed by Noah Markert. ([\#19737](element-hq/synapse#19737))


# Synapse 1.152.1 (2026-05-07)


# Synapse 1.152.0 (2026-04-28)

## Features

- Add a ["Listing quarantined media changes" Admin API](https://element-hq.github.io/synapse/latest/admin_api/media_admin_api.html#listing-quarantined-media-changes) for retrieving a paginated record of when media became (un)quarantined. ([\#19558](element-hq/synapse#19558), [\#19677](element-hq/synapse#19677), [\#19694](element-hq/synapse#19694))
- Advertise [MSC4445](matrix-org/matrix-spec-proposals#4445) sync timeline order in `unstable_features`. ([\#19642](element-hq/synapse#19642))
- Report the Rust compiler version used in the Prometheus metrics. Contributed by Noah Markert. ([\#19643](element-hq/synapse#19643))
- Passthrough 'article' and 'profile' OpenGraph metadata on URL preview requests. ([\#19659](element-hq/synapse#19659))
- Add a way to re-sign local events with a new signing key. ([\#19668](element-hq/synapse#19668))
- Support [MSC4450: Identity Provider selection for User-Interactive Authentication with Legacy Single Sign-On](matrix-org/matrix-spec-proposals#4450). ([\#19693](element-hq/synapse#19693))
- Add experimental support for [MSC4242](matrix-org/matrix-spec-proposals#4242): State DAGs. Excludes federation support. ([\#19424](element-hq/synapse#19424))
- Adds [Admin API](https://element-hq.github.io/synapse/latest/usage/administration/admin_api/index.html) endpoints to
  list, fetch and delete user reports. ([\#19657](element-hq/synapse#19657))
- Reduce database disk space usage by pruning old rows from `device_lists_changes_in_room`. ([\#19473](element-hq/synapse#19473), [\#19709](element-hq/synapse#19709))


# Synapse 1.151.0 (2026-04-07)

## Features

- Add stable support for [MSC4284](matrix-org/matrix-spec-proposals#4284) Policy Servers. ([\#19503](element-hq/synapse#19503))
- Update and stabilize support for [MSC2666](matrix-org/matrix-spec-proposals#2666): Get rooms in common with another user. Contributed by @tulir @ Beeper. ([\#19511](element-hq/synapse#19511))
- Updated experimental support for [MSC4388: Secure out-of-band channel for sign in with QR](matrix-org/matrix-spec-proposals#4388). ([\#19573](element-hq/synapse#19573))
- Stabilize `room_version` and `encryption` fields in the space/room `/hierarchy` API (part of [MSC3266](matrix-org/matrix-spec-proposals#3266)). ([\#19576](element-hq/synapse#19576))
- Introduce a [configuration option](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#matrix_authentication_service) to allow using HTTP/2 over plaintext when Synapse connects to Matrix Authentication Service. ([\#19586](element-hq/synapse#19586))

## Deprecations and Removals

- Remove support for [MSC3852: Expose user agent information on Device](matrix-org/matrix-spec-proposals#3852) as the MSC was closed. ([\#19430](element-hq/synapse#19430))


# Synapse 1.150.0 (2026-03-24)

## Features

- Add experimental support for the [MSC4370](matrix-org/matrix-spec-proposals#4370) Federation API `GET /extremities` endpoint. ([\#19314](element-hq/synapse#19314))
- [MSC4140: Cancellable delayed events](matrix-org/matrix-spec-proposals#4140): When persisting a delayed event to the timeline, include its `delay_id` in the event's `unsigned` section in `/sync` responses to the event sender. ([\#19479](element-hq/synapse#19479))
- Expose [MSC4354 Sticky Events](matrix-org/matrix-spec-proposals#4354) over the legacy (v3) /sync API. ([\#19487](element-hq/synapse#19487))
- When Matrix Authentication Service (MAS) integration is enabled, allow MAS to set the user locked status in Synapse. ([\#19554](element-hq/synapse#19554))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

A-Client Server Client-Server API A-Federation Server-to-Server API (federation) kind:core MSC which is critical to the protocol's success merged A proposal whose PR has merged into the spec! Process state. proposal A matrix spec change proposal. Process state.

Projects

Status: Merged/Done

Development

Successfully merging this pull request may close these issues.

10 participants