Releases: the-draupnir-project/Draupnir
[v2.0.0-beta.9] 2024-12-14
[v2.0.0-beta.9] 2024-12-14
Fixed
-
The
!draupnir protections config <protection> <set/add/remove> <value>
commands are now working again. A tutorial has been written explaining how to
use these commands
https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections.
Reviewed by @FSG-Cat. -
The
BanPropagationProtection
now shows a prompt for all unbans, even when
there is no matching rule. This is to make it easier to unban a user from all
the rooms draupnir is protecting, and not just when removing policy rules.
Reported by @mahdi1234 in
#622. -
The
JoinWaveShortCircuitProtection
has been improved:- The
JoinWaveShortCircuitProtection
now uses a leaky bucket token
algorithm, prior to this the entire bucket got dumped after a preconfigured
time. - The status command for the protection has returned and will show how full
each bucket is.
- The
-
A bug where providing a bad or missing argument could render the help hint
poorly or crash draupnir has been fixed.
#642.
Added
-
A new
!draupnir protections show <protection>
command that can display all
of the settings and capability providers for a protection. -
A new command
!draupnir protections capability <capability name> <provider name>
to
configure a protection's active capabilitity providers. This is experimental
and is intended to be used in conjunction with the
!draupnir protections show <protection>
command. It's not clear whether we
will demonstrate protection capabilities before or after the upcoming2.0.0
release.
Special thanks
Special thanks to @TheArcaneBrony, @ll-SKY-ll, @MTRNord, and @daedric7 for
providing support to myself and others in
#draupnir:matrix.org.
v2.0.0-beta.8
[v2.0.0-beta.8] - 2024-10-22
Changed
-
Breaking: The Node version required to run Draupnir has been updated from Node 18 to Node 20. If you are using Debian, please follow our documentation for using Debian and node source here, kindly contributed by @ll-SKY-ll. This is due to of the release policy of one of our major dependencies, matrix-appservice-bridge, by @MTRNord in #609. We did this as part of larger work to attempt to fix issues with Element's "invisible crypto" documented in #608.
-
The Dockerfile now uses a multi-stage build, so
docker build
will just work again. Thanks to @ShadowJonathan for reporting. We also optimized the image size just slightly. Long term we've been blocked on for years on matrix-org/matrix-rust-sdk-crypto-nodejs#19 which would allow us to use the alpine image and take the size down to under 200MB again. So if anyone can help out there it'll make a massive difference and be greatly appreciated. -
Dockerfile
: entry-point was renamed frommjolnir-entrypoint.sh
todraupnir-entrypoint.sh
. If you have built a Dockerfile based on ours, you may need to make some changes. -
Dockerfile
: source code was moved from/mjolnir
to/draupnir
. If you have built a custom docker image based on our Dockerfile based on ours, you may need to make some changes. -
The appservice registration file generator no longer emits
mjolnir-registration.yaml
as it has been renamed todraupnir-registration.yaml
. This is only a concern if you have automated tooling that generates a registration file. -
The safe mode recovery command now prompts for confirmation.
-
Some references to
Mjolnir
have been changed toDraupnir
thanks to @FSG-Cat in #591.
Development
-
Enable
proseWrap
in prettier, by @Mikaela in #605. We thought that this was enabled already but turns out we missed it. -
The
no-confirm
keyword argument now has special meaning, see the safe mode recover command and renderer description for an example.
Added
-
Safe mode now shows a preview of the persistent configs, including the property or item that is causing Draupnir to fail to start. Special thanks for the feedback from @jimmackenzie and @TheArcaneBrony. Thanks to @julianfoad for documenting the use case for safe mode.
-
Draupnir now logs at startup the path used to load its configuration file, and which options are used for loading secrets. We also show any non-default configuration values if Draupnir crashes. This is to to try make it very clear to system administrators which configuration options are being used by Draupnir and help them diagnose startup issues.
Deprecated
- Starting Draupnir without the
--draupnir-config
option will cause a deprecation warning.
Removed
-
The spurious warnings about not being able to find a config file when the
--draupnir-config
option was used have been been removed. -
The documentation for the
WordListProtection
in the configuration file claimed that regexes where supported when this wasn't the case. Removed by @FSG-Cat in #600. We will rewrite this protection entirely at a later date.
Fixed
- Fixed a bug where sometimes the help command wouldn't show if
--keyword
or options were used in an unrecognized command.
Screenshots
v2.0.0-beta.7
Added
- Draupnir will now enter "safe mode" by default when Draupnir fails to start up and the failure mode is recoverable.
What this means is that you will get a prompt in the safe mode status message that gives you simple options for recovery.
A screenshot is provided at the end to show what this currently looks like. Feedback is welcome.- Currently we can recover when one of the protected rooms or watched lists becomes un-joinable, or the account data
becomes corrupted. - If you have a monitoring or a pager system you may wish to review the configuration here. As it is possible to disable this feature.
- Currently we can recover when one of the protected rooms or watched lists becomes un-joinable, or the account data
- Add a welcome flow to appservice mode by @MTRNord in #568
Changed
- Skip calling
/join
for rooms we already know we are joined to, thanks to @TheArcaneBrony for reporting. - Start draupnir bots in batches when running in appservice mode by @MTRNord in #569
Fixed
!draupnir protections
command has now been added back, thanks to @ll-SKY-ll for reporting.- This sort of bug shouldn't happen again as we added some code to detect when commands get forgotten.
- Typos and broken links in the readme thanks to @ll-SKY-ll for reporting.
- Harden
MentionLimitProtection
after Mjolnir's introduction of the protection by @Gnuxie in #574 - Update the README with the status of the project. by @Gnuxie in #575
Screenshot
Full Changelog: v2.0.0-beta.6...v2.0.0-beta.7
v2.0.0-beta.6
Please see the notes for v2.0.0-beta.0 for a full list of changes.
What's Changed
- Draupnir now depends on a new library @the-draupnir-project/interface-manager for command parsing and rendering.
- The kick command is fully functional again.
- All other commands that were modified as a part of
v2.0.0-beta.*
should be a lot less buggy, please keep reporting bugs. We are in a much better position to be able to fix and unit test commands now.- The ban, unban, kick, watch and unwatch all have unit tests now in addition to existing integration tests.
- The ban command will prompt for the ban reason again, reported by @FSG-Cat in #441.
Development changes
- Replace dependabot with renovate by @Mikaela in #526
- Enable
strictPropertyInitialization
in tsconfig.json. by @Gnuxie in #541 - Update dependency express to v4.20.0 [SECURITY] by @renovatebot in #546
- Update dependency body-parser to v1.20.3 [SECURITY] by @renovatebot in #543
- Use
@gnuxie/typescript-result
'sexpect
where applicable instead of throwing garbage. by @Gnuxie in #552
Full Changelog: v2.0.0-beta.5...v2.0.0-beta.6
v2.0.0-beta.5
Please see the notes for v2.0.0-beta.0 for a full list of changes.
What's Changed
- Added a new experimental
NewJoinerProtection
, find the documentation here. - Added a new experimental
MentionLimitProtection
, find the documentation here. - Fix a bug in
experimentalRustCrypto
where sometimes Draupnir would crash sending an encrypted message before the bot had fully started. by @MTRNord in #512 - Fix a bug where you couldn't create policy lists while signed in as the same user as the bot by @morguldir in #471.
- Fix a bug where any protection using the
StandardEventConsequences
capability, such as theBasicFloodingProtection
, would crash when being enabled. by @Gnuxie in #517 - Add SBOM and Attestation to the Docker release process by @MTRNord in #477
Development changes
- Add eslint to pre-commit by @Mikaela in #87
- TypeCheck JSX expressions, children, and attributes ^-^ by @Gnuxie in #454
- [Yarn Classic] Enable corepack & fix pre-commit run --all-files by @Mikaela in #472
- Migrate to eslint-9 flat config, typescript 5, typescript-eslint strictTypeChecked by @Gnuxie in #476
- Add prettier by @Gnuxie in #484
- Update all headers to be reuse.software compliant by @Gnuxie in #486
- Move to @the-draupnir-project/basic-matrix-types. by @Gnuxie in #508
New Contributors
- @morguldir made their first contribution in #471
Full Changelog: v2.0.0-beta.4...v2.0.0-beta.5
v2.0.0-beta.4
What's Changed
We have revised the setup documentation for moderators, introducing the moderator's guide. The new documentation website is now linked from both !draupnir status
and !draupnir help
. The website isn't complete yet and we're still working on it.
While creating the moderator's guide it was clear that a lot of users setting up Draupnir would much rather invite the bot through their client interface than use the !rooms add
command.
So Draupnir will now prompt to protect rooms as it is invited to them
Full Changelog: v2.0.0-beta.3...v2.0.0-beta.4
v2.0.0-beta.3
What's Changed
- Send a notice when protections have missing permissions in protected rooms.
- Reapply
MemberBanSynchronisationProtection
andServerBanSynchronisationProtection
once permission requirements have been met in newly protected rooms. - Fixed typo in README.md by @avdb13 in #368
- documentation has been moved to https://the-draupnir-project.github.io/draupnir-documentation/docs/intro & https://github.com/the-draupnir-project/draupnir-documentation by @FSG-Cat.
Please see the notes for v2.0.0-beta.0 for a full list of changes.
Fixes for bugs introduced since v2.0.0-beta.0
- Fixed an issue with the unban command, reported by @guillaumechauvat & @Kladki.
- Fixed an issue with prompt-for-accept in all commands, reported by @FSG-Cat.
- Fixed an issue where policies removed by @jjj333-p's spam police stopped Draupnir from being able to watch the list, reported by @daedric7.
New Contributors
Full Changelog: v2.0.0-beta.2...v2.0.0-beta.3
v2.0.0-beta.2
What's Changed
- Make Draupnir refer to it self in help output by @FSG-Cat in #358
- Stop
MemberBanSynchronisationProtection
reacting twice to some joins, reported by @mahdi1234 - Stop capability renderers from showing consequences as failed when they were really OK, reported by @mahdi1234
Full Changelog: v2.0.0-beta.1...v2.0.0-beta.2
v2.0.0-beta.1
This is just a simple patch update on the previous prerelease with a couple of changes:
- The startup complete message has returned and Draupnir will show the status command after starting.
- It's now clearer if protections have failed to apply a consequence without drilling down into the
<details>
elements.
Please see the notes for v2.0.0-beta.0 for a full list of changes.
v2.0.0-beta.0
Process
We've now merged our changes to depend on the MPS (matrix-protection-suite). We're in the process of beta
testing v2.0.0
and this is the first of those pre-releases.
This release notes page is likely incomplete and will be updated
as more changes are uncovered or summarised.
What's Changed
- Draupnir now uses MPS (matrix-protection-suite) to provide its core functionality.
- Draupnir no longer requests components of room state when applying various actions, which should lead to a huge noticeable difference to Draupnir's responsiveness.
- An optional
RoomStateBackingStore
has been added to improve startup time for instances that run against slow servers
(e.g. matrix.org). Checkout the config description for it here. - New protections
MemberBanSynchronisationProtection
,ServerBanSynchronisationProtection
,RedactionSynchronisationProtection
, andPolicyChangeNotification
.- These replace the core functionality for applying policies related to users, servers and redactions.
- They will be enabled by default when you upgrade.
config.disableServerACL
will disable theServerBanSynchronisationProtection
.- The
joins
,since
,default
,sync
,protections status
commands have all been removed for now. - The
DetectFederationLag
protection has been removed. - We have new contributing documentation.
Upgrade steps
There are no manual upgrade steps, the new protections are automatically enabled.
The only thing you should note is that if you notice that Draupnir is slow to startup, then you should enable the room state backing store
⚠️ Some configuration options may no longer be functioning (alternatives are pending)
config.noop
will do nothing.config.protectedRooms
will also do nothing, and protected rooms need to be configured using!draupnir rooms add/remove
.
Development Changes Summary
- MPS now parses events sourced from
/sync
, appservice push, and
other APIs for us, so no moreany
orunknown
. - MPS provides us with string types for
StringRoomID
,StringEventID
,
andStringUserID
. So no more mixing those up. - MPS provides us with an interface to immutable room state snapshots
with theRoomStateRevisionIssuer
andRoomStateRevision
. - MPS provides
PolicyRoomRevisionIssuer
,PolicyRoomRevision
,
RoomMembershipRevisionIssuer
, andRoomMembershipRevision
to
provide a convenient interface for listening to changes to
room membership and policy rules. - MPS provides protections with new hooks:
handleTimelineEvent
handlePolicyChange
handleMembershipChange
handleStateChange
handleEventReport
handleProtectionDisable
- Capability providers are introduced:
- Each capability has an interface.
- A
CapabilityProvider
constructs an instance, aCapability
,
that matches the matching capability interface.
- Protections now carry out their effects through instances of
Capability
:- Each
ProtectionDescription
describes a capability set with
their interfaces. - Each
ProtectionDescription
describes a default capability
provider to use to fulfill the prior interface. - When a
Protection
is instantiated, capability providers can be
swapped and replaced provided they match the same interface. - This means that you can extend or change the functionality
of protections without changing the code of the protections.
- Each
Internal Changes
- moved
MatrixEmitter
tomatrix-protection-suite-for-matrix-bot-sdk
and replaced with theSafeMatrixEmitter
- moved
ProtectedRoomsConfig
tomatrix-protection-suite
and has been interfaced away from Mjolnir's account data. - moved
ProtectedRoomsSet
has been moved tomatrix-protection-suite
and now provides the fundamental event source for protections. - deleted
RoomMembers
and has not been completely replaced. Inmatrix-protection-suite
there exists an alternative ofSetMembership
andRoomMembershipRevision
s.RoomMembers
would only load members that had joined since Mjolnir had started, membership revisions have all members.- There is no API for finding when a member first joined the room, since this is a lot more complicated to do and I don't know yet if that
is the right metric protections should use for finding if a user is new or not or participating.
- moved
AccessControlUnit
tomatrix-protection-suite
, it no longer acts as a cache for rules though,PolicyRoomRevision
s handle that instead. - moved
ListRule
tomatrix-protections-suite
asPolicyRule
. - deleted
PolicyList
. Has been replaced by distinct componentsPolicyRoomRevision
: An immutable snapshot of policies in a room.PolicyRoomRevisionIssuer
: CreatesPolicyRoomRevision
s as room state changes and emits events to notify listeners.PolicyRoomEditor
: Edits policies in a policy room.PolicyRoomManager
: Provides and builds the issuers and editors.
- deleted
PolicyListManager
. Has been replaced withPolicyListConfig
in thematrix-protection-suite
. - moved
ServerACL
tomatrix-protection-suite
, now called theServerACLBuilder
. - renamed
Mjolnir
toDraupnir
.- Draupnir has far fewer responsibilities than Mjolnir, we have and are continuing to move as much functionality as possible to protections.
- deleted
RuleServer
this was never used in production and we do not have access to the Synapse module it was written for, so it is impossible to maintain. - moved
RoomUpdateError
to thematrix-protection-suite
. - moved several interface manager components to MPS:
CommandError
andCommandException
are nowActionError
andActionException
.MatrixRoomReference
types are now sourced from thematrix-protection-suite
.- There are new string types for
StringUserID
,StringRoomID
andStringEventID
.
- deleted room directory commands
- 76a58b6
- It didn't seem like these ever worked with a Synapse admin API?
- deleted
joins
andsince
commands:joins
depended on the APIRoomMembers
provided and we do not have a replacement for finding the join time.- They did not work as intended because they could only provide information for joins that happened while Draupnir
was running. - If necessary, we could bring back an equivalent API that shows anyone with a top level membership of join
as a recent joiner.
- deleted
default
banlist command, as there is no place where we have a default list.- The implementation from Mjolnir stored this list as a "default shortcode" to find a list with, which is not great either.
- deleted
sync
command- As all functionality that the
sync
command effected has now been moved to protections,
the concept doesn't move across very well. There might be a replacement in future if it makes sense.
- As all functionality that the
- deleted
DetectFederationLag
this is a pretty huge protection 4b41541- It can be brought back in the future, there is not time to make it work and it never did work as intended.
- It is a shame because it was a bold piece of work.
- deleted
protections status <protection>
command. - ?
verify
permissions command may or may not be working? - moved all remaining commands to use the interface manager introduced in
v1.80.0
. - deleted Mjolnir's
ProtectionManager
as it has been made redundant in MPS. - replaced
consequences
. The same functionality is now provided byCapabilityProvider
s. - deleted
AppServiceBotEmitter
. No code uses emitters anymore. - added
DraupnirFactory
:- This uses
matrix-protetion-suite
'sClientsInRoomsMap
andRoomStateManagerFactory
to create Draupnir.
- This uses
- delted
MjolnirManager
:- Now depends on a
DraupnirManager
andAppserviceDraupnirManager
which have smaller and cleaner implementations.
- Now depends on a
- added
<span
> toDeadDocument
- enabled
Member/ServerBanSynchronisation
protections by default - added
RoomStateBackingStore
. - pass
config.disableServerACL
toServerBanSynchronisationProtection
- added
PolicyChangeNotificationProtection
Full Changelog: v1.87.0...v2.0.0-beta.0