From d7044b613cb46b527d292bbd4d0dcc5a05d90ccf Mon Sep 17 00:00:00 2001
From: Christian Gick <service@agiliton.eu>
Date: Sun, 15 Feb 2026 08:01:14 +0200
Subject: [PATCH] fix: Auto-trust all devices for E2E decryption

Bot now trusts all room member devices on each sync, enabling
Megolm key exchange. Logs undecryptable events for debugging.

CF-1147

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 bot.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/bot.py b/bot.py
index 065bc0c..d1a0d57 100644
--- a/bot.py
+++ b/bot.py
@@ -7,6 +7,8 @@ from nio import (
     AsyncClientConfig,
     LoginResponse,
     InviteMemberEvent,
+    MegolmEvent,
+    SyncResponse,
     KeyVerificationStart,
     KeyVerificationCancel,
     KeyVerificationKey,
@@ -57,6 +59,8 @@ class Bot:
 
         self.lkapi = api.LiveKitAPI(LK_URL, LK_KEY, LK_SECRET)
         self.client.add_event_callback(self.on_invite, InviteMemberEvent)
+        self.client.add_event_callback(self.on_megolm, MegolmEvent)
+        self.client.add_response_callback(self.on_sync, SyncResponse)
         self.client.add_to_device_callback(self.on_key_verification, KeyVerificationStart)
         self.client.add_to_device_callback(self.on_key_verification, KeyVerificationKey)
         self.client.add_to_device_callback(self.on_key_verification, KeyVerificationMac)
@@ -84,6 +88,21 @@ class Bot:
         except Exception:
             logger.exception("Dispatch failed for %s", room.room_id)
 
+    async def on_sync(self, response: SyncResponse):
+        """After each sync, trust all devices in our rooms."""
+        for user_id in self.client.device_store.users:
+            for device in self.client.device_store.active_user_devices(user_id):
+                if not device.verified:
+                    self.client.verify_device(device)
+                    logger.info("Auto-trusted device %s of %s", device.device_id, user_id)
+
+    async def on_megolm(self, room, event: MegolmEvent):
+        """Handle undecryptable messages by requesting keys."""
+        logger.warning(
+            "Can't decrypt event %s in %s from %s (session %s)",
+            event.event_id, room.room_id, event.sender, event.session_id,
+        )
+
     async def on_key_verification(self, event):
         """Auto-accept key verification requests."""
         if isinstance(event, KeyVerificationStart):