Skip to content

F.12: Cross-app bridging — matrix-bridges + crow-native crosspost#19

Open
kh0pper wants to merge 1 commit intof11-identity-attestationfrom
f12-cross-app-bridging
Open

F.12: Cross-app bridging — matrix-bridges + crow-native crosspost#19
kh0pper wants to merge 1 commit intof11-identity-attestationfrom
f12-cross-app-bridging

Conversation

@kh0pper
Copy link
Copy Markdown
Owner

@kh0pper kh0pper commented Apr 12, 2026

Summary

Final PR in the Phase 2 rollout. Stacked on F.11 (identity attestation). Two mechanisms land together:

F.12.1 — matrix-bridges meta-bundle

Opt-in Matrix appservice bridges (mautrix-signal / telegram / whatsapp) as compose-profiles-gated sidecars. Each bridge has its own legal profile in the consent text:

  • Signal ToS prohibits bot relays — terminate risk on the linked number.
  • Telegram tolerates but throttles; requires API ID + hash.
  • WhatsApp may be banned by Meta (actively detects and blocks multi-device relays).

scripts/post-install.sh orchestrates: start enabled profiles → wait for registration YAMLs → docker cp into crow-dendrite:/etc/dendrite/appservices/ → patch dendrite.yaml's app_service_api.config_files (idempotent, in-container) → restart crow-dendrite (registrations read only at startup; hot reload no-ops) → print per-bridge pairing instructions.

F.12.2 — Crow-native cross-posting

  • 6 pure-function transforms in servers/gateway/crossposting/transforms.js: writefreely→mastodon, gotosocial→mastodon, pixelfed→mastodon, funkwhale→mastodon, peertube→mastodon, blog→gotosocial. Each respects target char limits, emits via <source_url> attribution footer, strips HTML → plaintext.
  • 2 new tables (scripts/init-db.js): crosspost_rules + crosspost_log with UNIQUE (idempotency_key, source_app, target_app), 7-day idempotency window.
  • 5 MCP tools on crow-sharing: crow_crosspost (with required idempotency_key, 60s delay on on_publish/on_tag, immediate on manual), crow_crosspost_cancel, crow_crosspost_mark_published, crow_list_crossposts, crow_list_crosspost_transforms.

Publish-time safety is the 60s delay + notification + operator cancel. NOT a fake post-publish undo — delete-propagation across the fediverse is unreliable.

crow_crosspost is the first MCP tool that doesn't execute its action directly — it produces the transformed payload + audit log; publishing requires the target bundle's own <app>_post tool. This keeps transforms pure and the idempotency + delay + cancel layer above the publish layer.

Integration with F.11

When source + target handles are attested via crow_identity_attest, cross-posts inherit the identity claim.

Test plan

  • node --check on all files
  • bash -n on post-install.sh
  • node scripts/init-db.js creates both new tables
  • createSharingServer() boots with all 5 new tools
  • Transform round-trip exercised: 6 pairs + unknown-pair error
  • docker compose config parses with required env set
  • npm run check passes
  • End-to-end bridge install against live matrix-dendrite (deferred — needs real Signal/Telegram/WhatsApp accounts)
  • Queued-crosspost scheduler dispatch (deferred — scheduler lands in F.12.3)

Outstanding follow-ups (separate PRs)

  • Scheduler dispatcher for queued crossposts
  • GC sweeper for crosspost_log (>30 days)
  • Nest panel for moderation_actions + crosspost queue
  • Mastodon-API helper hoist (trigger: 4th Mastodon-compat bundle)

Phase 2 COMPLETE

All 11 PRs shipped:

  • F.0 Caddy + hardware gate + rate limiter + storage-translators
  • F.1 GoToSocial, F.2 WriteFreely, F.3 Matrix-Dendrite, F.4 Funkwhale, F.5 Pixelfed, F.6 Lemmy, F.7 Mastodon, F.8 PeerTube
  • F.11 identity attestation
  • F.12 cross-app bridging (this PR)

🤖 Generated with Claude Code

F.12: Cross-app bridging — matrix-bridges + crow-native crosspost
d61e61b 
Final PR in the Phase 2 rollout. Stacked on F.11 (identity attestation).
Two mechanisms land together:

**F.12.1 — matrix-bridges meta-bundle** (bundles/matrix-bridges/)

Opt-in Matrix appservice bridges (mautrix-signal / telegram / whatsapp)
as compose-profile-gated sidecars on the shared crow-federation network.
Each bridge has its own legal profile called out in the consent text:
Signal ToS prohibits bot relays (terminate risk), Telegram tolerates but
throttles, WhatsApp may ban the linked phone (Meta actively detects and
blocks multi-device relays).

- manifest.json + docker-compose.yml — three profiles-gated services,
  scaled mem_limits (signal 512m, telegram 768m, whatsapp 2g), each
  generates /data/registration.yaml on first boot.
- scripts/post-install.sh — orchestration pipeline: start enabled
  profiles → wait for registration YAMLs → docker cp into
  crow-dendrite:/etc/dendrite/appservices/ → patch dendrite.yaml's
  app_service_api.config_files (idempotent in-container grep+awk) →
  restart crow-dendrite (registrations read ONLY at startup; hot reload
  no-ops) → wait for health → print per-bridge pairing instructions.
- skills/matrix-bridges.md — per-bridge legal + privacy caveats,
  hardware table, enable/disable workflow, pairing instructions, F.11
  attestation integration, troubleshooting.
- No MCP server; bridge state lives in Dendrite + the bridge bots.

**F.12.2 — Crow-native cross-posting** (transforms + tools)

- servers/gateway/crossposting/transforms.js — 6 pure-function pairs:
  writefreely→mastodon, gotosocial→mastodon, pixelfed→mastodon,
  funkwhale→mastodon, peertube→mastodon, blog→gotosocial. Each respects
  target char limits, emits 'via <source_url>' attribution footer,
  strips HTML → plaintext.
- scripts/init-db.js — two tables: crosspost_rules (operator-visible
  opt-in) + crosspost_log (idempotency + audit, UNIQUE(idempotency_key,
  source_app, target_app), 7-day idempotency window).
- servers/sharing/server.js — five new MCP tools:
    crow_list_crosspost_transforms — enumerate pairs
    crow_crosspost(source_app, source_post_id, source_post, target_app,
      idempotency_key, trigger?, delay_seconds?, confirm) — idempotency
      required. Queues with 60s delay on on_publish/on_tag; fires
      immediately on manual. Raises Crow notification with cancel link
      when delayed. Returns transformed_preview + log_id but does NOT
      publish directly — caller invokes target's <app>_post tool.
    crow_crosspost_cancel(log_id) — idempotent.
    crow_crosspost_mark_published(log_id, target_post_id) — closes
      audit trail after target publish succeeds.
    crow_list_crossposts(status?, limit?) — recent entries.
- skills/crow-crosspost.md — manual + rule-driven workflows, safety
  notes (no fake undo, DMs caveat, attribution), F.11 integration.

Publish-time safety is the 60s delay + notification + operator cancel
per the plan. Explicitly NOT a fake post-publish undo — delete-
propagation across the fediverse is unreliable; every publish is
permanent. Idempotency scope is per-Crow-instance by design.

**Design notes**

- crow_crosspost is the first MCP tool that doesn't execute its action
  directly — it produces the transformed payload + audit log, and
  publishing requires calling the target bundle's own post tool. This
  keeps transforms pure and the idempotency + delay + cancel layer
  above the publish layer.
- Scheduler dispatcher that fires queued entries at scheduled_at is NOT
  shipped here — until F.12.3, tool callers check the log. Manual
  (trigger="manual", delay_seconds=0) cross-posts work today.

**Integration with F.11**

When source + target handles are attested via crow_identity_attest,
cross-posts inherit the identity claim: a verifier fetching
/.well-known/crow-identity.json sees both handles bound to the same
crow_id.

**Registry / discovery**

- registry/add-ons.json — matrix-bridges entry before developer-kit.
- skills/superpowers.md — two trigger rows (matrix bridges + crosspost),
  EN+ES.
- CLAUDE.md — crosspost_rules + crosspost_log schema docs, Skills
  Reference entries for crow-crosspost.md + matrix-bridges.md.

**Verified**

- node --check on all new/modified JS files
- bash -n on bundles/matrix-bridges/scripts/post-install.sh
- node scripts/init-db.js runs cleanly; both new tables land
- createSharingServer() boots with all 5 new tools registered
- Transform round-trip exercised: 6 pairs + unknown-pair error
- docker compose config parses with required env set
- registry JSON validates
- npm run check passes

**Phase 2 complete — 11 PRs shipped:**

  F.0 Caddy helpers + hardware gate + rate limiter + storage-translators
  F.1 GoToSocial, F.2 WriteFreely, F.3 Matrix-Dendrite, F.4 Funkwhale,
  F.5 Pixelfed, F.6 Lemmy, F.7 Mastodon, F.8 PeerTube, F.11 identity
  attestation, F.12 cross-app bridging (this PR).

Outstanding follow-ups (separate PRs):
- Scheduler dispatcher for queued crossposts (fires at scheduled_at)
- GC sweeper for crosspost_log (>30 days)
- Nest panel for moderation_actions + crosspost queue
- Mastodon-API helper hoist (trigger: 4th Mastodon-compat bundle)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kh0pper