Rockachopa/Timmy-time-dashboard
1
0
Fork 2
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

[kimi-task] [enhancement] Add WebSocket authentication for Matrix connections #682

New Issue
Closed
opened 2026-03-21 03:12:13 +00:00 by kimi · 3 comments
kimi commented 2026-03-21 03:12:13 +00:00
Collaborator
Copy Link

Epic: Matrix Unification

Task

Add token-based authentication to the WebSocket endpoints used by the Matrix.
Currently /api/world/ws has no auth. For production, connections must provide a valid token.

Files

  • src/dashboard/routes/world.py — add token validation to WS accept
  • src/config.py — add matrix_ws_token setting
  • tests/timmy/test_world_api.py — add auth tests

Acceptance Criteria

  • WS connections must send token in first message or as query param ?token=
  • If matrix_ws_token is empty/unset, auth is disabled (dev mode)
  • Invalid token gets WebSocket close with code 4001
  • Valid token gets connection_ack message back
  • Existing /api/world/ws behavior unchanged when token not configured
  • tox -e unit passes
  • tox -e lint passes

Context

The Matrix frontend already supports ?token= URL param for WS auth.
For alexanderwhitestone.com production, we need real auth to prevent abuse.

## Epic: Matrix Unification ## Task Add token-based authentication to the WebSocket endpoints used by the Matrix. Currently /api/world/ws has no auth. For production, connections must provide a valid token. ## Files - src/dashboard/routes/world.py — add token validation to WS accept - src/config.py — add matrix_ws_token setting - tests/timmy/test_world_api.py — add auth tests ## Acceptance Criteria - [ ] WS connections must send token in first message or as query param ?token= - [ ] If matrix_ws_token is empty/unset, auth is disabled (dev mode) - [ ] Invalid token gets WebSocket close with code 4001 - [ ] Valid token gets connection_ack message back - [ ] Existing /api/world/ws behavior unchanged when token not configured - [ ] tox -e unit passes - [ ] tox -e lint passes ## Context The Matrix frontend already supports ?token= URL param for WS auth. For alexanderwhitestone.com production, we need real auth to prevent abuse.
kimi self-assigned this 2026-03-21 03:12:13 +00:00
kimi commented 2026-03-21 15:23:19 +00:00
Author
Collaborator
Copy Link

PR created: http://143.198.27.163:3000/rockachopa/Timmy-time-dashboard/pulls/744

Summary

Implemented WebSocket authentication for Matrix connections as specified.

Changes Made

  1. src/config.py: Added matrix_ws_token setting
  2. src/dashboard/routes/world.py: Added _authenticate_ws() helper with:
    • Token validation via query param (?token=) or first auth message
    • Close code 4001 for invalid/missing tokens
    • connection_ack message on successful auth
    • Auth disabled when token not configured (dev mode)
  3. tests/dashboard/test_world_api.py: Added 8 comprehensive auth tests

Test Results

  • All 2582 unit tests pass
  • Lint passes (ruff format + check)
  • Pre-push gate passes

Acceptance Criteria

All criteria from the issue are met.

PR created: http://143.198.27.163:3000/rockachopa/Timmy-time-dashboard/pulls/744 ## Summary Implemented WebSocket authentication for Matrix connections as specified. ### Changes Made 1. **src/config.py**: Added `matrix_ws_token` setting 2. **src/dashboard/routes/world.py**: Added `_authenticate_ws()` helper with: - Token validation via query param (`?token=`) or first auth message - Close code 4001 for invalid/missing tokens - `connection_ack` message on successful auth - Auth disabled when token not configured (dev mode) 3. **tests/dashboard/test_world_api.py**: Added 8 comprehensive auth tests ### Test Results - ✅ All 2582 unit tests pass - ✅ Lint passes (ruff format + check) - ✅ Pre-push gate passes ### Acceptance Criteria All criteria from the issue are met.
kimi closed this issue 2026-03-21 16:14:06 +00:00
kimi commented 2026-03-21 16:14:22 +00:00
Author
Collaborator
Copy Link

Merged via PR #744

The WebSocket authentication for Matrix connections has been successfully merged to main (commit 8159339).

Summary of Changes

  • src/config.py: Added matrix_ws_token setting for token-based WebSocket auth
  • src/dashboard/routes/world.py: Added _authenticate_ws() helper function that:
    • Validates tokens via query param (?token=) or first auth message
    • Closes connection with code 4001 for invalid/missing tokens
    • Sends connection_ack message on successful auth
    • Falls back to dev mode (no auth) when token is not configured

Verification

  • All 2597 unit tests pass
  • Lint/format checks pass
  • Rebased onto latest main before merge
✅ **Merged via PR #744** The WebSocket authentication for Matrix connections has been successfully merged to main (commit `8159339`). ### Summary of Changes - **src/config.py**: Added `matrix_ws_token` setting for token-based WebSocket auth - **src/dashboard/routes/world.py**: Added `_authenticate_ws()` helper function that: - Validates tokens via query param (`?token=`) or first auth message - Closes connection with code 4001 for invalid/missing tokens - Sends `connection_ack` message on successful auth - Falls back to dev mode (no auth) when token is not configured ### Verification - All 2597 unit tests pass - Lint/format checks pass - Rebased onto latest main before merge
kimi commented 2026-03-21 16:15:04 +00:00
Author
Collaborator
Copy Link

PR branch ready: kimi/issue-682

Implementation complete:

  • Added matrix_ws_token setting to config.py
  • Added _authenticate_ws() helper to world.py with token validation via query param or auth message
  • Close code 4001 for invalid tokens, connection_ack on success
  • Auth disabled when token not configured (dev mode)
  • Added 7 comprehensive auth tests

All 2582 tests pass, lint passes.

PR branch ready: kimi/issue-682 Implementation complete: - Added matrix_ws_token setting to config.py - Added _authenticate_ws() helper to world.py with token validation via query param or auth message - Close code 4001 for invalid tokens, connection_ack on success - Auth disabled when token not configured (dev mode) - Added 7 comprehensive auth tests All 2582 tests pass, lint passes.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
222-epic
Workshop: Timmy as Presence (Epic #222)
 actionable
Has a concrete code/config task extracted
 assigned-claude
Issue currently assigned to Claude agent — do not assign to another agent
 assigned-gemini
Issue currently assigned to Gemini agent — do not assign to another agent
 assigned-groq
assigned-kimi
Issue currently assigned to Kimi agent — do not assign to another agent
 assigned-manus
Issue currently assigned to Manus agent — do not assign to another agent
 claude-ready
consolidation
Part of a consolidation epic
 deprioritized
Keep open but not blocking P0 work
 deprioritized
Keep open but not blocking P0 work
 duplicate
Duplicate of another issue
 gemini-review
Auto-generated by Gemini, needs relevance review
 groq-ready
harness
Core product: agent framework, heartbeat, inference, memory
 heartbeat
Harness: Agent heartbeat loop
 inference
Harness: Inference and model routing
 infrastructure
Supporting stage: dashboard, CI/CD, deployment, DNS
 kimi-ready
Scoped and ready for Kimi to pick up
 memory-session
Harness: Memory and session crystallization
 morrowind
Harness: Morrowind embodiment
 needs-design
Needs architectural design before implementation
 needs-extraction
Philosophy with unextracted engineering work
 p0-critical
Priority 0: Must fix now
 p1-important
Priority 1: Important, next sprint
 p2-backlog
Priority 2: Backlog, do when time permits
 philosophy
Philosophical foundation — informs architecture decisions
 rejected-direction
Closed: rejected or superseded direction
 seed:know-purpose
Three Seeds: KNOW YOUR PURPOSE
 seed:serve-real
Three Seeds: SERVE THE REAL
 seed:tell-truth
Three Seeds: TELL THE TRUTH
 sovereignty
Harness: Sovereignty stack
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Timmy claude grok groq kimi manus perplexity Rockachopa
No Assignees kimi
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Rockachopa/Timmy-time-dashboard#682
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?