[kimi] Add WebSocket authentication for Matrix connections (#682) #744

Merged

kimi merged 1 commits from kimi/issue-682 into main 2026-03-21 16:14:06 +00:00

Conversation 0 Commits 1 Files Changed 3 +196 -1

kimi commented 2026-03-21 15:23:06 +00:00

Collaborator

Copy Link

Fixes #682

Summary

Added token-based authentication to the WebSocket endpoints used by the Matrix.

Changes

• src/config.py: Added matrix_ws_token setting for WebSocket auth token
• src/dashboard/routes/world.py: Added _authenticate_ws() helper function that:
  • Validates token from query param (?token=) or first message ({type: auth, token: ...})
  • Closes connection with code 4001 on invalid/missing token
  • Sends connection_ack message after successful authentication
  • Auth is disabled when matrix_ws_token is empty (dev mode)
• tests/dashboard/test_world_api.py: Added comprehensive tests for WS auth scenarios

Acceptance Criteria

• WS connections must send token in first message or as query param ?token=
• If matrix_ws_token is empty/unset, auth is disabled (dev mode)
• Invalid token gets WebSocket close with code 4001
• Valid token gets connection_ack message back
• Existing /api/world/ws behavior unchanged when token not configured
• tox -e unit passes
• tox -e lint passes

Fixes #682 ## Summary Added token-based authentication to the WebSocket endpoints used by the Matrix. ## Changes - **src/config.py**: Added `matrix_ws_token` setting for WebSocket auth token - **src/dashboard/routes/world.py**: Added `_authenticate_ws()` helper function that: - Validates token from query param (`?token=`) or first message (`{type: auth, token: ...}`) - Closes connection with code 4001 on invalid/missing token - Sends `connection_ack` message after successful authentication - Auth is disabled when `matrix_ws_token` is empty (dev mode) - **tests/dashboard/test_world_api.py**: Added comprehensive tests for WS auth scenarios ## Acceptance Criteria - [x] WS connections must send token in first message or as query param ?token= - [x] If matrix_ws_token is empty/unset, auth is disabled (dev mode) - [x] Invalid token gets WebSocket close with code 4001 - [x] Valid token gets connection_ack message back - [x] Existing /api/world/ws behavior unchanged when token not configured - [x] tox -e unit passes - [x] tox -e lint passes

kimi added 1 commit 2026-03-21 15:23:06 +00:00

feat: add WebSocket authentication for Matrix connections ... 2b102be69a

- Add matrix_ws_token setting to config.py for token-based WS auth
- Add _authenticate_ws() helper to validate tokens in world.py
- Support token via query param (?token=) or first message ({type: auth})
- Close connection with code 4001 on invalid/missing token
- Send connection_ack message after successful authentication
- Auth disabled when matrix_ws_token is empty (dev mode)
- Add comprehensive tests for WS auth scenarios

Fixes #682

kimi referenced this pull request 2026-03-21 15:23:19 +00:00

[kimi-task] [enhancement] Add WebSocket authentication for Matrix connections #682

kimi force-pushed kimi/issue-682 from 2b102be69a to 41b0dc58b5 2026-03-21 16:13:47 +00:00 Compare

kimi merged commit 815933953c into main 2026-03-21 16:14:06 +00:00

kimi deleted branch kimi/issue-682 2026-03-21 16:14:06 +00:00

kimi referenced this issue from a commit 2026-03-21 16:14:07 +00:00

[kimi] Add WebSocket authentication for Matrix connections (#682) (#744)

kimi referenced this pull request 2026-03-21 16:14:22 +00:00

[kimi-task] [enhancement] Add WebSocket authentication for Matrix connections #682

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

222-epic

Workshop: Timmy as Presence (Epic #222)

actionable

Has a concrete code/config task extracted

assigned-claude

Issue currently assigned to Claude agent — do not assign to another agent

assigned-gemini

Issue currently assigned to Gemini agent — do not assign to another agent

assigned-groq

assigned-kimi

Issue currently assigned to Kimi agent — do not assign to another agent

assigned-manus

Issue currently assigned to Manus agent — do not assign to another agent

claude-ready

consolidation

Part of a consolidation epic

deprioritized

Keep open but not blocking P0 work

deprioritized

Keep open but not blocking P0 work

duplicate

Duplicate of another issue

gemini-review

Auto-generated by Gemini, needs relevance review

groq-ready

harness

Core product: agent framework, heartbeat, inference, memory

heartbeat

Harness: Agent heartbeat loop

inference

Harness: Inference and model routing

infrastructure

Supporting stage: dashboard, CI/CD, deployment, DNS

kimi-ready

Scoped and ready for Kimi to pick up

memory-session

Harness: Memory and session crystallization

morrowind

Harness: Morrowind embodiment

needs-design

Needs architectural design before implementation

needs-extraction

Philosophy with unextracted engineering work

p0-critical

Priority 0: Must fix now

p1-important

Priority 1: Important, next sprint

p2-backlog

Priority 2: Backlog, do when time permits

philosophy

Philosophical foundation — informs architecture decisions

rejected-direction

Closed: rejected or superseded direction

seed:know-purpose

Three Seeds: KNOW YOUR PURPOSE

seed:serve-real

Three Seeds: SERVE THE REAL

seed:tell-truth

Three Seeds: TELL THE TRUTH

sovereignty

Harness: Sovereignty stack

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Timmy claude grok groq kimi manus perplexity Rockachopa

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Rockachopa/Timmy-time-dashboard#744