fix(matrix): per-room send queue and immediate read receipts#25841
Closed
joshjhall wants to merge 2 commits intoopenclaw:mainfrom
Closed
fix(matrix): per-room send queue and immediate read receipts#25841joshjhall wants to merge 2 commits intoopenclaw:mainfrom
joshjhall wants to merge 2 commits intoopenclaw:mainfrom
Conversation
Two fixes for the Matrix channel plugin: 1. Per-room send queue (fixes openclaw#11614): Introduce send-queue.ts that serializes all sends to the same Matrix room through enqueueSend(), with a 150ms inter-send gap to ensure distinct origin_server_ts values. This prevents message ordering races when auto-reply and message tool sends fire concurrently. 2. Immediate read receipts (fixes openclaw#25840): Move sendReadReceiptMatrix from handler.ts (deep in the processing pipeline) to events.ts (on message arrival from SDK). Read receipts now fire before any processing, so Element shows 'read' immediately even when the agent is busy. Self-messages are filtered via lazy getUserId resolution. Both changes are contained within the Matrix extension and have no effect on other channels. AI-assisted: This PR was developed with AI assistance (Claude/OpenClaw). Tested against a live Matrix homeserver (Tuwunel/Conduit fork) with both fixes running in production for ~2 weeks via a local plugin fork.
Comment on lines
+54
to
+65
| function isSettled(p: Promise<unknown>): boolean { | ||
| let settled = false; | ||
| p.then( | ||
| () => { | ||
| settled = true; | ||
| }, | ||
| () => { | ||
| settled = true; | ||
| }, | ||
| ); | ||
| return settled; | ||
| } |
Contributor
There was a problem hiding this comment.
isSettled always returns false
.then() callbacks are microtasks and always run asynchronously — even if the promise is already resolved, the settled = true assignment won't execute until after isSettled returns. This means the cleanup setTimeout at line 41 will never delete entries from the queues map, causing a slow memory leak (one settled Promise<void> per room that was ever messaged).
A simple fix is to use Promise.race:
Suggested change
| function isSettled(p: Promise<unknown>): boolean { | |
| let settled = false; | |
| p.then( | |
| () => { | |
| settled = true; | |
| }, | |
| () => { | |
| settled = true; | |
| }, | |
| ); | |
| return settled; | |
| } | |
| function isSettled(p: Promise<unknown>): boolean { | |
| const pending = Symbol(); | |
| let result: unknown = pending; | |
| Promise.race([p, Promise.resolve(pending)]).then( | |
| (v) => { | |
| result = v; | |
| }, | |
| () => { | |
| result = undefined; | |
| }, | |
| ); | |
| // microtask from an already-settled promise resolves synchronously in race | |
| return result !== pending; | |
| } |
Alternatively, since the cleanup fires 1 second after next.finally(), the simplest approach is to just always delete the entry (the queue will be recreated on next enqueueSend call):
next.finally(() => {
setTimeout(() => {
const current = queues.get(roomId);
if (current === next.then(() => {}, () => {})) {
queues.delete(roomId);
}
}, 1000);
});
Or store a reference to compare against instead of checking settledness.
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/matrix/src/matrix/send-queue.ts
Line: 54-65
Comment:
**`isSettled` always returns `false`**
`.then()` callbacks are microtasks and always run asynchronously — even if the promise is already resolved, the `settled = true` assignment won't execute until after `isSettled` returns. This means the cleanup `setTimeout` at line 41 will never delete entries from the `queues` map, causing a slow memory leak (one settled `Promise<void>` per room that was ever messaged).
A simple fix is to use `Promise.race`:
```suggestion
function isSettled(p: Promise<unknown>): boolean {
const pending = Symbol();
let result: unknown = pending;
Promise.race([p, Promise.resolve(pending)]).then(
(v) => {
result = v;
},
() => {
result = undefined;
},
);
// microtask from an already-settled promise resolves synchronously in race
return result !== pending;
}
```
Alternatively, since the cleanup fires 1 second after `next.finally()`, the simplest approach is to just always delete the entry (the queue will be recreated on next `enqueueSend` call):
```
next.finally(() => {
setTimeout(() => {
const current = queues.get(roomId);
if (current === next.then(() => {}, () => {})) {
queues.delete(roomId);
}
}, 1000);
});
```
Or store a reference to compare against instead of checking settledness.
How can I resolve this? If you propose a fix, please make it concise.
extensions/matrix/src/matrix/send.ts
Outdated
Comment on lines
53
to
54
| return await enqueueSend(roomId, async () => { | ||
| const cfg = getCore().config.loadConfig(); |
Contributor
There was a problem hiding this comment.
Callback body not indented
The code inside the enqueueSend callback is at the same indentation level as the return await enqueueSend(...) line. The body should be indented one level deeper for readability. This likely won't pass pnpm check (oxfmt).
Suggested change
| return await enqueueSend(roomId, async () => { | |
| const cfg = getCore().config.loadConfig(); | |
| return await enqueueSend(roomId, async () => { | |
| const cfg = getCore().config.loadConfig(); |
(and similarly for all lines through the closing }); at line 151)
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/matrix/src/matrix/send.ts
Line: 53-54
Comment:
**Callback body not indented**
The code inside the `enqueueSend` callback is at the same indentation level as the `return await enqueueSend(...)` line. The body should be indented one level deeper for readability. This likely won't pass `pnpm check` (oxfmt).
```suggestion
return await enqueueSend(roomId, async () => {
const cfg = getCore().config.loadConfig();
```
(and similarly for all lines through the closing `});` at line 151)
How can I resolve this? If you propose a fix, please make it concise.
steipete
added a commit
that referenced
this pull request
Feb 24, 2026
Lands reviewed fixes based on #25839 (@pewallin), #25841 (@joshjhall), and #25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes #25836 Fixes #25840 Fixes #25824 Fixes #25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com>
Contributor
|
Superseded by main commit What landed from this PR:
Deep-review fixup applied before landing:
Test coverage added/kept in landed commit:
Linked issue status:
Thanks for the solid base PR. |
gavinwxx-vybers
added a commit
to Vybers-AI/openclaw
that referenced
this pull request
Feb 25, 2026
* ui: block svg data image opens and harden tests * changelog: credit both chat-image fix contributors * test(ui): reject base64 SVG data URLs * changelog: include openclaw#25847 in chat image safety entry (openclaw#25847) (thanks @shakkernerd) * refactor(ios): drop legacy talk payload and keychain fallbacks * chore: sync plugin versions to 2026.2.24 * chore: refresh lockfile after plugin devDependency cleanup * fix(config): soften antigravity removal fallout (openclaw#25538) Land openclaw#25538 by @chilu18 to keep legacy google-antigravity-auth config entries non-fatal after removal (see openclaw#25862). Co-authored-by: chilu18 <chilu.machona@icloud.com> * fix(security): lock sandbox tmp media paths to openclaw roots * docs(security): document openclaw temp-folder boundary * fix(security): restrict default safe-bin trusted dirs * fix: enforce local media root checks for attachment hydration * fix(synology-chat): fail closed empty allowlist * docs(changelog): add synology-chat allowlist fail-closed note * fix: harden routing/session isolation for followups and heartbeat * feat(sandbox): block container namespace joins by default * refactor(sandbox): centralize network mode policy helpers * fix(channels,sandbox): land hard breakage cluster from reviewed PR bases Lands reviewed fixes based on openclaw#25839 (@pewallin), openclaw#25841 (@joshjhall), and openclaw#25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes openclaw#25836 Fixes openclaw#25840 Fixes openclaw#25824 Fixes openclaw#25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com> * refactor(synology-chat): centralize DM auth and fail fast startup * test: add routing/session isolation edge-case regressions * refactor: centralize followup origin routing helpers * refactor(outbound): centralize attachment media policy * refactor: harden safe-bin trusted dir diagnostics * fix(zalo): enforce group sender policy in groups * docs: update changelog for safe-bin hardening * test(line): align tmp-root expectation after sandbox hardening * fix(web-search): reduce provider auto-detect log noise * test(matrix,discord,sandbox): expand breakage regression coverage * refactor(matrix,tests): extract helpers and inject send-queue timing * refactor(zalo): split monitor access and webhook logic * Gateway/Security: protect /api/channels plugin root * fix(telegram): block unauthorized DM media downloads * Security: sanitize inherited host exec env * Changelog: add entry for exec env sanitization * fix(security): classify hook sessions case-insensitively * refactor(outbound): unify attachment hydration flow * refactor(telegram): simplify DM media auth precheck flow * fix(automation): harden announce delivery + cron coding profile (openclaw#25813 openclaw#25821 openclaw#25822) Co-authored-by: Shawn <shenghuikevin@shenghuideMac-mini.local> Co-authored-by: 不做了睡大觉 <user@example.com> Co-authored-by: Marcus Widing <widing.marcus@gmail.com> * security(voice-call): detect Telnyx webhook replay * Auto-reply: add exact stop trigger for do not do that * Auto-reply tests: assert exact do not do that behavior * Gateway tests: cover exact do not do that stop matching * Telegram tests: route exact do not do that to control lane * Changelog: note exact do not do that stop trigger * refactor(tmp): harden temp boundary guardrails * fix(whatsapp): stop retry loop on non-retryable 440 close * test(types): fix ts narrowing regressions in followup and matrix queue tests * fix(onboard): avoid false 'telegram plugin not available' block * fix: normalize "bedrock" provider ID to "amazon-bedrock" Add "bedrock" and "aws-bedrock" as aliases for the canonical "amazon-bedrock" provider ID in normalizeProviderId(). Without this mapping, configuring a model as "bedrock/..." causes the auth resolution fallback to miss the Bedrock-specific AWS SDK path, since the fallback check requires normalized === "amazon-bedrock". This primarily affects the main agent when the explicit auth override is not preserved through config merging. Fixes openclaw#15716 * docs(changelog): backfill landed fix PR entries * fix(security): harden system.run companion command binding * fix(discord): land proxy/media/reaction/model-picker regressions Reimplements core Discord fixes from openclaw#25277 openclaw#25523 openclaw#25575 openclaw#25588 openclaw#25731 with expanded tests. - thread proxy-aware fetch into inbound attachment/sticker downloads - fetch /gateway/bot via proxy dispatcher before ws connect - wire statusReactions emojis/timing overrides into controller - compact model-picker custom_id keys with backward-compatible parsing Co-authored-by: openperf <openperf@users.noreply.github.com> Co-authored-by: chilu18 <chilu18@users.noreply.github.com> Co-authored-by: Yipsh <Yipsh@users.noreply.github.com> Co-authored-by: lbo728 <lbo728@users.noreply.github.com> Co-authored-by: s1korrrr <s1korrrr@users.noreply.github.com> * docs(changelog): add reporter credit for exec companion hardening * fix(macos): guard voice audio paths with no input device (openclaw#25817) Co-authored-by: Stefan Förster <103369858+sfo2001@users.noreply.github.com> * fix(macos): prefer openclaw binary while keeping pnpm fallback (openclaw#25512) Co-authored-by: Peter Machona <7957943+chilu18@users.noreply.github.com> * Auth: bypass cooldown tracking for OpenRouter * Auth: use cooldown helper in explicit profile order * Tests: cover OpenRouter cooldown display bypass * Tests: skip OpenRouter failure cooldown persistence * Tests: keep OpenRouter runnable with legacy cooldown markers * Tests: preserve OpenRouter explicit auth order under cooldown fields * Changelog: note OpenRouter cooldown bypass * Changelog: remove unrelated session entries from PR * Update CHANGELOG.md * fix(macos): default voice wake forwarding to webchat (openclaw#25440) Co-authored-by: Peter Machona <7957943+chilu18@users.noreply.github.com> * fix(macos): keep Return for IME marked text commit (openclaw#25178) Co-authored-by: jft0m <9837901+bottotl@users.noreply.github.com> * fix(security): block env depth-overflow approval bypass * fix(macos): resolve webchat panel corner clipping (openclaw#22458) Co-authored-by: apethree <3081182+apethree@users.noreply.github.com> Co-authored-by: agisilaos <3073709+agisilaos@users.noreply.github.com> * Agents: trust explicit allowlist refs beyond catalog * Tests: cover allowlist refs missing from catalog * Gateway tests: accept allowlisted refs absent from catalog * Gateway tests: include synthetic allowlist models in models.list * Changelog: note allowlist stale-catalog model selection fix * fix(discord): harden voice DAVE receive reliability (openclaw#25861) Reimplements and consolidates related work: - openclaw#24339 stale disconnect/destroyed session guards - openclaw#25312 voice listener cleanup on stop - openclaw#23036 restore @snazzah/davey runtime dependency Adds Discord voice DAVE config passthrough, repeated decrypt failure rejoin recovery, regression tests, docs, and changelog updates. Co-authored-by: Frank Yang <frank.ekn@gmail.com> Co-authored-by: Do Cao Hieu <admin@docaohieu.com> * fix(macos): clean warnings and harden gateway/talk config parsing * docs(discord): document DAVE defaults and decrypt recovery * test: bridge discord voice private casts via unknown * docs(changelog): remove next-release shipping sentence * refactor(exec): split system.run phases and align ts/swift validator contracts * fix(windows): skip unreliable dev comparison in fs-safe openVerifiedLocalFile On Windows, device IDs (dev) returned by handle.stat() and fs.lstat() may differ even for the same file, causing false-positive 'path-mismatch' errors when reading local media files. This fix introduces a statsMatch() helper that: - Always compares inode (ino) values - Skips device ID (dev) comparison on Windows where it's unreliable - Maintains full comparison on Unix platforms Fixes openclaw#25699 * fix: align windows safe-open file identity checks * refactor: dedupe exec wrapper denial plan and test setup * fix: harden iMessage echo dedupe and reasoning suppression (openclaw#25897) * test(media): add win32 dev=0 local media regression * refactor: extract iMessage echo cache and unify suppression guards * test: normalize tmp media path assertion for windows * fix(render): seed Control UI origin config on first boot The gateway requires controlUi.allowedOrigins when binding to LAN. On Render, the persistent disk starts empty with no openclaw.json. Seed a minimal config with dangerouslyAllowHostHeaderOriginFallback on first boot (safe behind Render's HTTPS reverse proxy). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(deps): update dependencies except carbon * fix(agents): normalize SiliconFlow Pro thinking=off payload (openclaw#25435) Land PR openclaw#25435 from @Zjianru. Changelog: add 2026.2.24 fix entry with contributor credit. Co-authored-by: codez <codezhujr@gmail.com> * fix(telegram): refresh global undici dispatcher for autoSelectFamily (openclaw#25682) Land PR openclaw#25682 from @lairtonlelis after maintainer rework: track dispatcher updates when network decision changes to avoid stale global fetch behavior. Co-authored-by: Ailton <lairton@telnyx.com> * fix(synology-chat): land @bmendonca3 fail-closed allowlist follow-up (openclaw#25827) Carry fail-closed empty-allowlist guard clarity and changelog attribution for PR openclaw#25827. Co-authored-by: Brian Mendonca <brianmendonca@Brians-MacBook-Air.local> * fix(agents): reduce billing false positives on long text (openclaw#25680) Land PR openclaw#25680 from @lairtonlelis. Retain explicit status/code/http 402 detection for oversized structured payloads. Co-authored-by: Ailton <lairton@telnyx.com> * fix(render): add docker entrypoint script for config seeding The inline shell command in render.yaml's dockerCommand wasn't reliably creating the seed config. Replace with a proper entrypoint script that creates a minimal openclaw.json with dangerouslyAllowHostHeaderOriginFallback on first boot, then starts the gateway bound to LAN on the PORT env var. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(ui): inherit default model fallbacks in agents overview (openclaw#25729) Land PR openclaw#25729 from @Suko. Use shared fallback-resolution helper and add regression coverage for default, override, and explicit-empty cases. Co-authored-by: suko <miha.sukic@gmail.com> * fix(heartbeat): default target none and internalize relay prompts * test(windows): normalize risky-path assertions --------- Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: chilu18 <chilu.machona@icloud.com> Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com> Co-authored-by: Brian Mendonca <brianmendonca@Brians-MacBook-Air.local> Co-authored-by: Shawn <shenghuikevin@shenghuideMac-mini.local> Co-authored-by: 不做了睡大觉 <user@example.com> Co-authored-by: Marcus Widing <widing.marcus@gmail.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> Co-authored-by: Mark Musson <mark@musson.co.za> Co-authored-by: suko <miha.sukic@gmail.com> Co-authored-by: Fred White <fwhite13@users.noreply.github.com> Co-authored-by: openperf <openperf@users.noreply.github.com> Co-authored-by: chilu18 <chilu18@users.noreply.github.com> Co-authored-by: Yipsh <Yipsh@users.noreply.github.com> Co-authored-by: lbo728 <lbo728@users.noreply.github.com> Co-authored-by: s1korrrr <s1korrrr@users.noreply.github.com> Co-authored-by: Stefan Förster <103369858+sfo2001@users.noreply.github.com> Co-authored-by: Peter Machona <7957943+chilu18@users.noreply.github.com> Co-authored-by: jft0m <9837901+bottotl@users.noreply.github.com> Co-authored-by: apethree <3081182+apethree@users.noreply.github.com> Co-authored-by: agisilaos <3073709+agisilaos@users.noreply.github.com> Co-authored-by: Frank Yang <frank.ekn@gmail.com> Co-authored-by: Do Cao Hieu <admin@docaohieu.com> Co-authored-by: Gavin X. Wang <gavinvybers@Gavins-MacBook-Pro.local> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: codez <codezhujr@gmail.com> Co-authored-by: Ailton <lairton@telnyx.com>
joshavant
pushed a commit
that referenced
this pull request
Feb 25, 2026
Lands reviewed fixes based on #25839 (@pewallin), #25841 (@joshjhall), and #25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes #25836 Fixes #25840 Fixes #25824 Fixes #25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com>
margulans
pushed a commit
to margulans/Neiron-AI-assistant
that referenced
this pull request
Feb 25, 2026
Lands reviewed fixes based on openclaw#25839 (@pewallin), openclaw#25841 (@joshjhall), and openclaw#25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes openclaw#25836 Fixes openclaw#25840 Fixes openclaw#25824 Fixes openclaw#25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com>
Jackson3195
pushed a commit
to Jackson3195/openclaw-with-a-personal-touch
that referenced
this pull request
Feb 25, 2026
Lands reviewed fixes based on openclaw#25839 (@pewallin), openclaw#25841 (@joshjhall), and openclaw#25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes openclaw#25836 Fixes openclaw#25840 Fixes openclaw#25824 Fixes openclaw#25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com>
brianleach
pushed a commit
to brianleach/openclaw
that referenced
this pull request
Feb 26, 2026
Lands reviewed fixes based on openclaw#25839 (@pewallin), openclaw#25841 (@joshjhall), and openclaw#25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes openclaw#25836 Fixes openclaw#25840 Fixes openclaw#25824 Fixes openclaw#25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com>
execute008
pushed a commit
to execute008/openclaw
that referenced
this pull request
Feb 27, 2026
Lands reviewed fixes based on openclaw#25839 (@pewallin), openclaw#25841 (@joshjhall), and openclaw#25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes openclaw#25836 Fixes openclaw#25840 Fixes openclaw#25824 Fixes openclaw#25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com>
r4jiv007
pushed a commit
to r4jiv007/openclaw
that referenced
this pull request
Feb 28, 2026
Lands reviewed fixes based on openclaw#25839 (@pewallin), openclaw#25841 (@joshjhall), and openclaw#25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes openclaw#25836 Fixes openclaw#25840 Fixes openclaw#25824 Fixes openclaw#25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com>
zooqueen
pushed a commit
to hanzoai/bot
that referenced
this pull request
Mar 6, 2026
Lands reviewed fixes based on openclaw#25839 (@pewallin), openclaw#25841 (@joshjhall), and openclaw#25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes openclaw#25836 Fixes openclaw#25840 Fixes openclaw#25824 Fixes openclaw#25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com>
thebenjaminlee
pushed a commit
to escape-velocity-ventures/openclaw
that referenced
this pull request
Mar 7, 2026
Lands reviewed fixes based on openclaw#25839 (@pewallin), openclaw#25841 (@joshjhall), and openclaw#25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety. Fixes openclaw#25836 Fixes openclaw#25840 Fixes openclaw#25824 Fixes openclaw#25868 Co-authored-by: Peter Wallin <pwallin@gmail.com> Co-authored-by: Joshua Hall <josh@yaplabs.com> Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com> Co-authored-by: peteragility <peteragility@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two contained fixes for the Matrix channel plugin addressing message ordering and read receipt UX.
1. Per-room send queue — fixes #11614
Matrix orders messages by
origin_server_ts. When multiple code paths (auto-reply,messagetool, media sends) fire concurrently, they race and messages appear out of order.Fix: New
send-queue.tsmodule that serializes all sends per room throughenqueueSend(). Each send waits for the previous one to complete, with a 150ms inter-send gap to ensure distinct server timestamps.Changed files:
extensions/matrix/src/matrix/send-queue.ts(new) — the queue implementationextensions/matrix/src/matrix/send.ts— wraps the send body inenqueueSend()2. Immediate read receipts — fixes #25840
Read receipts were sent deep inside the handler pipeline (
handler.tsline ~606), after access control, room config resolution, and auto-reply generation. This meant messages appeared "unread" in Element while the agent was processing.Fix: Move
sendReadReceiptMatrixto fire immediately on message arrival inevents.ts, before any processing. Self-messages are filtered via lazygetUserId()resolution.Changed files:
extensions/matrix/src/matrix/monitor/events.ts— fires receipt on SDK message eventextensions/matrix/src/matrix/monitor/handler.ts— removes redundant receipt call (replaced with comment)Testing
messagetool + auto-reply sendspnpm build && pnpm check && pnpm testrun against the monorepo — changes are plugin-scoped and don't touch core)AI Disclosure
Notes
Both changes are fully contained within
extensions/matrix/and have no effect on other channels or core behavior. The send queue could potentially be generalized to the core outbound layer to benefit other timestamp-ordered channels (as noted in #11614), but this PR keeps the scope minimal.Greptile Summary
Two targeted fixes for the Matrix channel plugin: (1) a per-room send queue that serializes outbound messages through promise chaining with a 150ms inter-send gap to ensure distinct
origin_server_tsordering, and (2) moving read receipt emission to fire immediately on message arrival rather than after the full handler pipeline.send-queue.tscorrectly serializessendMessageMatrixcalls, but itsisSettledcleanup helper has a bug —.then()callbacks are microtasks that never execute synchronously, so the function always returnsfalseand queue entries are never cleaned up (slow memory leak).sendMessageMatrixis wrapped inenqueueSend;sendPollMatrixandreactMatrixMessagebypass the queue, which is a minor coverage gap if polls/reactions need to be ordered relative to text messages.events.tsis clean — fire-and-forget with lazy self-user filtering, and the redundant call inhandler.tsis properly removed.extensions/matrix/with no impact on other channels or core.Confidence Score: 3/5
isSettled) that should be fixed before mergeisSettledfunction insend-queue.tshas a logic bug that prevents queue cleanup, causing a slow memory leak. The indentation insend.tsis also inconsistent. Neither issue causes incorrect message ordering or delivery failures, but the memory leak should be addressed.extensions/matrix/src/matrix/send-queue.ts— theisSettledfunction needs to be fixed to actually detect settled promisesLast reviewed commit: 4b29e19
(2/5) Greptile learns from your feedback when you react with thumbs up/down!