Expose Synapse's `msc4306_enabled` experimental flag as a first-class MDAD
variable and wire it into `homeserver.yaml` alongside the other experimental
feature toggles.
This makes thread-subscriptions support explicit in playbook configuration,
rather than requiring operators to inject the upstream flag via raw
`matrix_synapse_configuration_extension_yaml`.
The variable intentionally controls only the Synapse feature flag. It does not
change the default `thread_subscriptions` worker count, which remains `0` in the
standard presets. Keeping those as separate choices avoids auto-starting an
experimental worker just because the upstream feature toggle is enabled.
Refs:
- b99a58719b/synapse/config/experimental.py (L600-L602)
- b99a58719b/synapse/rest/client/versions.py (L183-L184)
Add `thread_subscriptions` as a supported web-facing stream writer in MDAD and
route its unstable client endpoints via the same explicit writer-or-main model
used for the other web-facing stream-backed APIs.
This is not just another generic worker route. Current Synapse gives thread
subscriptions their own `writers.thread_subscriptions` configuration, backs them
with a multi-writer stream, and asserts on store writes that the current
instance is an allowed thread-subscriptions writer.
Explicit early routing is also required here because the subscription endpoint is
room-scoped. In MDAD's specialized-worker model, the existing room-worker regex
would otherwise match `/_matrix/client/unstable/io.element.msc4306/rooms/...`
and steal the request before it reached the correct writer-or-main fallback.
Unlike `device_lists`, support is added without enabling a thread-subscriptions
worker by default in the standard presets. The underlying MSC4306/4308 feature
remains unstable and disabled by default upstream, so the conservative default
is to keep the worker count at `0` and let the new explicit routes fall back to
`main` unless an operator opts in.
Refs:
- b99a58719b/synapse/config/workers.py (L175-L182)
- b99a58719b/synapse/rest/client/thread_subscriptions.py (L38-L247)
- b99a58719b/synapse/storage/databases/main/thread_subscriptions.py (L66-L83)
- b99a58719b/synapse/storage/databases/main/thread_subscriptions.py (L192-L322)
MDAD keeps `/_synapse/client/*` out of the broad worker-routing model.
Those paths are mounted by current Synapse on client-serving workers, but MDAD's
worker route buckets only match `/_matrix/client/*`, so `/_synapse/client/*`
requests already fall through to the main-process default.
That made the `/_synapse/client/*` branches in the dedicated SSO override regex
redundant. Remove those branches and leave the explicit SSO override focused on
the real `/_matrix/client/.../login/sso/redirect` path family, which would
otherwise be caught by the broad `/login` client-reader routing.
This also removes duplicated ownership of `login/sso/redirect` from the generic
main-override regex so the dedicated SSO override is the single place that
models that path.
Refs:
- b99a58719b/synapse/app/generic_worker.py (L197-L203)
- b99a58719b/synapse/rest/synapse/client/__init__.py (L39-L90)
- b99a58719b/synapse/rest/client/login.py (L636-L643)
The client_reader route bucket had collapsed into one long alternation,
which made small worker-audit edits hard to review. Any endpoint change
rewrote the whole regex and obscured whether we were changing routing
policy or just maintaining the route list.
Refactor the variable into grouped regex entries with comments instead.
This keeps the current specialized-worker policy intact: nginx still
renders the client_reader locations in the same block, and the routes
still target the same upstream bucket. The goal here is to make future
doc/code audits, additions, and removals mechanical and reviewable.
This also matches MDAD's current worker model, where generic workers are
not mixed with the specialized room/sync/client/federation reader
routing buckets, so there is no need to derive this from the generic
worker map.
Refs:
- b99a58719b/docs/workers.md (historical-apps)
- b99a58719b/docs/workers.md (synapseappgeneric_worker)
Current Synapse registers the MatrixRTC transport discovery endpoint on
client-serving workers when MSC4143 is enabled, but MDAD does not model
that path in either its client-reader bucket or its broader generic-
worker endpoint list.
Add the unstable MatrixRTC transport discovery route so MDAD's worker
routing matches the current upstream worker surface for this endpoint.
This is a small, isolated routing addition for a simple authenticated
GET endpoint.
Refs:
- b99a58719b/synapse/rest/client/matrixrtc.py (L30-L52)
- b99a58719b/synapse/rest/__init__.py (L81-L129)
- b99a58719b/synapse/rest/__init__.py (L179-L197)
Current Synapse still documents and registers
`/_matrix/client/.../account/deactivate` on client-serving workers when
auth is not delegated. MDAD already routes neighboring account endpoints
such as `account/3pid` and `account/whoami`, but it omitted
`account/deactivate` from both its client-reader bucket and its broader
generic-worker endpoint list.
Add the missing route patterns so MDAD's worker routing matches the
current upstream worker surface in non-delegated-auth deployments. In
MAS / MSC3861 mode the endpoint is not registered upstream anyway, so
this does not expand the effective delegated-auth surface.
Refs:
- b99a58719b/docs/workers.md (synapseappgeneric_worker)
- b99a58719b/synapse/rest/client/account.py (L284-L324)
- b99a58719b/synapse/rest/client/account.py (L913-L920)
Synapse currently supports both the deprecated
`/_matrix/client/unstable/im.nheko.summary/rooms/<room>/summary`
route and the recommended
`/_matrix/client/unstable/im.nheko.summary/summary/<room>`
form. MDAD only matched the deprecated shape.
Add the recommended pattern alongside the old one so worker routing
matches the current upstream API surface while preserving backward
compatibility for the deprecated path.
Refs:
- b99a58719b/docs/workers.md (synapseappgeneric_worker)
- b99a58719b/synapse/rest/client/room.py (L1716-L1728)
Current Synapse no longer exposes device management under
`/_matrix/client/.../account/devices`. The live client API shape is
`/devices`, `/devices/{device_id}`, and `/delete_devices`, and
MDAD already routes those real device-list-sensitive endpoints through
explicit device-list handling.
Keeping `account/devices` in the old client-reader regex therefore only
preserves stale route-model residue. While touching the same area,
refresh the `/_synapse/client/*` comment to reflect current Synapse:
client-serving generic workers now mount a meaningful Synapse-specific
client tree there, but MDAD still intentionally keeps those paths out of
its broad worker regexes because they are deployment-sensitive and
auth-sensitive.
Refs:
- b99a58719b/docs/workers.md (historical-apps)
- b99a58719b/synapse/rest/client/devices.py (L49-L150)
- b99a58719b/synapse/rest/synapse/client/__init__.py (L39-L88)
Some client API endpoints (e.g. keys/upload) are backed by Synapse stream writers and
should not rely on broad worker regexes or route-order fallthrough for correctness.
When explicit per-stream routing is missing, requests may be captured by generic, room, or client_reader workers, instead of:
- going to the configured stream writer
- or to `main` when that stream writer is not enabled
This refactors synapse-reverse-proxy-companion's routing so that web-facing stream-backed endpoint families
are handled explicitly and early, with deterministic writer-or-main fallback.
Add first-class support for the missing `device_lists` stream writer,
generalize the same routing model to `push_rules`,
and remove stale broad-route ownership for device-list-sensitive endpoints.
Slavi Pantaleev
dependabot[bot]
Suguru Hirahara
renovate[bot]
Jakob S.
Aine
Benjamin Blacher