From ea52236880cd877d7a7c9e980a0676aadb58611a Mon Sep 17 00:00:00 2001
From: Christian Gick <service@agiliton.eu>
Date: Sun, 22 Feb 2026 20:14:06 +0200
Subject: [PATCH] feat(e2ee): make E2EE configurable via E2EE_ENABLED env var

Allows disabling E2EE for diagnostic purposes. When disabled, bot
connects to LiveKit without frame encryption.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 voice.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/voice.py b/voice.py
index 97736cd..83f6b7c 100644
--- a/voice.py
+++ b/voice.py
@@ -421,13 +421,17 @@ class VoiceSession:
                         break
                     await asyncio.sleep(0.1)
 
-            # E2EE: re-enabled after diagnostic confirmed EC encrypts audio.
-            # Root cause found: set_key() only applies HKDF if the frame cryptor for that
-            # participant already exists. Must call set_key() in on_track_subscribed, not at connect time.
-            # Parameters MUST match Element Call JS SDK: ratchetWindowSize=10, keyringSize=256,
-            # failureTolerance=10, ratchetSalt="LKFrameEncryptionKey".
-            e2ee_opts = _build_e2ee_options()
-            room_opts = rtc.RoomOptions(e2ee=e2ee_opts)
+            # E2EE: configurable via E2EE_ENABLED env var (default true).
+            # When enabled, parameters MUST match Element Call JS SDK.
+            e2ee_enabled = os.environ.get("E2EE_ENABLED", "true").lower() in ("true", "1", "yes")
+            if e2ee_enabled:
+                e2ee_opts = _build_e2ee_options()
+                room_opts = rtc.RoomOptions(e2ee=e2ee_opts)
+                logger.info("E2EE enabled (HKDF mode)")
+            else:
+                e2ee_opts = None
+                room_opts = rtc.RoomOptions()
+                logger.warning("E2EE DISABLED — audio is unencrypted")
             self.lk_room = rtc.Room()
 
             @self.lk_room.on("participant_connected")