Skylar-Tech/node-red-contrib-matrix-chat v1.0.0-beta.2 on GitHub

⚠️ This is a beta release of v1.0.0, published for testing ahead of the stable release.
Install it with:
npm install node-red-contrib-matrix-chat@beta
This will not affect anyone on the current stable release (npm install node-red-contrib-matrix-chat still installs the latest stable).
Please test it and report any problems. Full pull request and discussion: #142

This is a huge release — the one we have been holding the 1.0.0 milestone
for. node-red-contrib-matrix-chat can now do device verification, cross-signing,
secure backup, and session management, all from the server config node. With
those finally in place, the module graduates to v1.0.0.

Encryption, Verification & Sessions

End-to-end encryption now runs on the Rust crypto stack. matrix-js-sdk
removed the legacy libolm crypto upstream, so the module migrates to Rust
crypto; existing crypto state is migrated automatically the first time a bot
starts after upgrading. #122
Cross-signing & secure backup — a new Set up secure backup &
cross-signing button on the server config node. Unlock an existing secure
backup with its recovery key, or create a fresh one; afterwards the bot's own
device is cross-signed and shows as verified to others.
Device verification — verify devices two ways: #124 #87
- the new Pending verification requests button on the server config node
  lists incoming requests and walks you through the SAS (emoji) check, no flow
  required;
- or build your own flow with the new matrix-verification /
  matrix-verification-action nodes.
Session management — a new Manage sessions button on the server config
node, modelled on Element's session manager: list the account's sessions with
verified/unverified shields, verify them, rename them, or remove ones you
don't recognize.

New Nodes

Verification (matrix-verification) — emits incoming device verification
requests and phase changes, with on-node filters for phase, initiated-by,
type, self-verification, a user allowlist, and room. #87
Verification Action (matrix-verification-action) — request, accept,
start SAS, confirm, reject, or cancel a verification.
Send Location (matrix-send-location) — publishes an m.location
event using matrix-js-sdk's makeLocationContent helper, so the wire
format matches Element's "Share my location" (legacy geo_uri+body
plus the MSC3488 / MSC1767 extensible-events fields). Per-message inputs
are typed inputs (msg / flow / global / num / str) defaulting to the
obvious msg.* names; matrix-receive was extended to surface the same
fields on m.location events, so a Receive node wired straight into
Send Location resends a byte-equivalent event with no Change nodes in
between. #91

Improvements

Homeserver URLs are resolved via .well-known, so a delegating domain
(e.g. example.org) works as the configured server URL.
Media is fetched from the authenticated media endpoints, with an automatic
fallback between the v3 and v1 media endpoints.
Connection and auth errors are now surfaced in the Node-RED log instead of
being silently swallowed.
The server config setup tools open as proper modal dialogs.
Added a device verification example flow and refreshed the README and node
documentation.
Native Markdown support on the Send Message node — pick Markdown as
the message format (or set msg.format = 'markdown') and the payload is
converted to HTML the same way Element does, using a JS port of
matrix-react-sdk's Markdown class (now in element-web at
apps/web/src/Markdown.ts). Plain-text payloads are sent as plain text;
payloads containing markdown send the original source as body and the
rendered HTML as formatted_body. #53

Bug Fixes

Get User node now awaits the profile/presence lookups, so the server-side
fallback works.
Invite Room node passes the invite reason correctly.
Upload File node now sets content.filename (and uses the resolved filename
for body), so files sent with a node-configured filename display correctly
in Element. #139

Breaking Changes

Node.js 22 or newer is now required — a requirement of the upgraded
matrix-js-sdk.
E2EE moved to Rust crypto; legacy libolm crypto state is migrated
automatically on first start.

Security & Dependency Updates

Upgraded matrix-js-sdk from 34.13.0 to 41.5.0.
Removed the olm dependency (legacy crypto only); added fake-indexeddb.

All Changes

Upgrade matrix-js-sdk 34.13.0 -> 41.5.0 and migrate E2EE to the Rust crypto stack
Require Node.js 22+; remove the olm dependency and add fake-indexeddb
Persist the Rust crypto store to disk so encryption state survives restarts
Migrate existing libolm crypto state to the Rust store on first run
Detect device ID changes and discard a stale crypto store
Resolve homeservers via .well-known discovery
New matrix-verification and matrix-verification-action nodes
Add cross-signing & secure backup setup (unlock or reset) on the server config node
Add a pending verification request list on the server config node
Add a session manager on the server config node (list / verify / rename / remove sessions)
Use the authenticated media endpoints with a v3/v1 fallback
Surface connection and auth errors in the log instead of suppressing them
Get User node: await getProfileInfo() / getPresence()
Invite Room node: pass the reason argument correctly
Upload File node: set content.filename and use the resolved filename in body
Add a device verification example flow; update the READMEs and node help
Add a Markdown option to the Send Message node format dropdown — ports
element-web's Markdown.ts (commonmark + linkifyjs + lodash.escape) so the
generated HTML matches Element's
New matrix-send-location node that publishes m.location events via
matrix-js-sdk's makeLocationContent helper
Expand matrix-receive's m.location handler to surface latitude,
longitude, altitude, description, assetType, and timestamp at
the top level (additive; geo_uri / payload outputs unchanged), so a
Receive node wired straight into Send Location resends a byte-equivalent
event

Closes #46, closes #53, closes #79, closes #87, closes #91, closes #93, closes #118, closes #122, closes #124, closes #137, closes #139, closes #140